Can I track the employee's vehicle 24/7?

No. Off-hours collection is disproportionate and breaks the necessity principle. Configure auto-pause.

Do I need written consent?

Best basis is performance of contract + employment clause, not consent. Consent is rarely 'free' in an employment relationship.

Can I track the employee's vehicle 24/7?

No. Off-hours collection is disproportionate and breaks the necessity principle. Configure auto-pause.

Best basis is performance of contract + employment clause, not consent. Consent is rarely 'free' in an employment relationship.

Brazil's LGPD and driver GPS data: what employers can and cannot do

Marina Costa — Brazilian Tax & Compliance Specialist

Published: 4/30/2026 • Last reviewed: 4/30/2026 • 8 min read

Mileage tracked by GPS in Brazil falls under LGPD. How to configure collection without exposing the company.

What LGPD considers location data

Brazil's LGPD (Law 13,709/2018) classifies geolocation data as ordinary personal data when tied to an identified individual — which is always the case when an employer tracks an employee's vehicle. Combined with timing and pattern, location may reveal health, religion, or sexual orientation, escalating it to sensitive data and a stricter legal basis.

Legal bases for mileage tracking

The ANPD recognizes three workable bases for GPS-based mileage:

1. **Performance of contract** (Art. 7-V) — strongest when tracking is necessary to compute reimbursement. 2. **Legitimate interest** (Art. 7-IX) — requires a Data Protection Impact Assessment (RIPD). 3. **Consent** (Art. 7-I) — fragile in employment relationships and discouraged as the primary basis.

The safe pattern is performance of contract + legitimate interest with a documented RIPD.

Principles to respect

Purpose (mileage only — not personal-life surveillance), necessity (only during work hours), adequacy (precision sufficient for route calculation, not 5-second polling), transparency (employee knows what, when, for how long), and security (TLS 1.2+ in transit, AES-256 at rest, role-based access).

Collection window: work hours only

Good apps offer a 'personal mode' that pauses GPS. Document when collection starts (shift start), when it stops (shift end), and when the driver can pause it (lunch, personal errands, on-call breaks). Off-hours collection — even accidental — is misuse under LGPD.

Retention

Keep location data tied to reimbursed trips for 5 years (federal tax statute of limitations). After that, anonymize or delete. Location data tied to rejected or personal trips: delete within 30 days.

Data subject rights

The employee can request access, correction, deletion (after the tax window), portability (CSV/JSON), and consent revocation. Respond within 15 days.

When a RIPD is required

Whenever tracking covers more than ~100 drivers, involves systematic monitoring, or feeds automated reimbursement decisions. In practice, any business tracking more than 50 drivers should produce and maintain a RIPD for the mileage purpose.

Incident reporting

Security incidents involving location data must be reported to ANPD per Resolução CD/ANPD 15/2024 — within 3 business days when the incident could cause material harm.

Practical checklist

1. Contract clause covering GPS tracking for reimbursement. 2. Internal privacy policy specific to location data. 3. Documented RIPD reviewed annually. 4. Technical config limiting collection to work hours. 5. Subject-rights process under 15 days. 6. Incident-response plan aligned to Resolução CD/ANPD 15/2024.