It’s the first question every manager asks before starting to watch the competition: “is this legal?” The short answer is yes — observing what a competitor publishes to the market is not only legal, it’s one of the oldest practices in commerce. But there is a line, and crossing it changes the name of the activity from competitive intelligence to espionage — with civil and criminal consequences.
This guide separates, based on Brazilian law, what you can do, what requires caution and what you cannot do when monitoring the competition. It’s not an abstract legal debate: it’s what determines whether your CI program is an asset or a liability.
The golden rule: observing is not colluding
The entire legal distinction fits in one sentence: unilaterally observing data that the competitor has made public is legal; obtaining information through illicit means — or coordinating conduct with the competitor — is not. Everything that follows is a consequence of that boundary across three laws that intersect: the LGPD (personal data), the Competition Defense Law (CADE) and the Industrial Property Law (trade secrets).
1. LGPD: public data still has an owner
The General Data Protection Law (Lei nº 13.709/2018) does not prohibit monitoring competitors — it regulates the processing of personal data. The price of a product, a Black Friday offer or the copy of an ad are not personal data; they are commercial information. The caution appears when, in the middle of collection, you capture data about people: names, emails, follower profiles, identifiable comments.
In practice, this draws a wide safe zone. Tracking a competitor’s public posts, ads and prices falls within manifestly public data and your legitimate purpose (understanding the market). What you should avoid is processing third parties’ personal data without purpose — building lists of the rival’s customer emails, for example, mixes competitive intelligence with an activity that the LGPD scrutinizes closely.
2. CADE: the boundary between observing and coordinating
Here is the most misunderstood point. The Competition Defense Law (Lei nº 12.529/2011) does not prohibit — on the contrary, it values — companies collecting market information: this reduces asymmetry and stimulates competition. What it punishes is coordination between competitors.
The difference is the direction of the flow. Competitive intelligence is unilateral: you observe what the market shows, without the competitor knowing or taking part. Collusion is bilateral: there is contact, exchange or signaling between rivals. CADE has already condemned shared systems that served as a channel for data exchange between competitors, and in 2026 it intensified its scrutiny of algorithmic pricing — algorithms that, without human contact, end up aligning prices between companies. The lesson: the tool you use should inform you about the market, never serve as a bridge to the competitor.
3. Trade secrets: the limit of “how”
The third law targets the method of obtaining. The Industrial Property Law (Lei nº 9.279/1996) defines, in art. 195, incisos XI and XII, the act of disclosing, exploiting or using confidential information obtained through illicit means, fraud, or breach of a contractual or employment relationship as the crime of unfair competition.
A person commits unfair competition when they obtain confidential information or data, without authorization, through fraud — or from someone who had legitimate access to it by virtue of a contract or employment.
That’s why creating a fake profile to enter a restricted area, lying about who you are to extract a confidential quote, or paying a former employee for the competitor’s cost spreadsheet are acts that move from intelligence into the illicit. The data may even be “useful”, but the path used to obtain it is what defines the crime.
What about automation? Scraping, ToS and bots
Monitoring competitors at scale usually involves automated collection. Here the terrain is more contractual than criminal: collecting public data is legal, but ignoring a platform’s terms of use, disregarding robots.txt or overloading a site with requests can amount to breach of contract or abuse. The good practice is simple: prefer official and open sources — such as the Meta Ad Library, which exists because of a legal transparency requirement — respect rate limits and never impersonate someone else to access restricted content.
| Practice | Status | Basis / reason |
|---|---|---|
| Checking public prices and offers (website, marketplace, storefront) | OK | Public commercial information; pro-competition (CADE) |
| Saving ads from the Meta Ad Library, TikTok or Google Ads | OK | Public libraries mandated by transparency requirements |
| Tracking public posts and stories on the competitor’s profile | OK | Manifestly public data (LGPD, art. 7º, §4º) |
| Subscribing to the competitor’s public newsletter with a work email | OK | Content open to any interested party |
| Collecting personal data of the rival’s customers/followers | Caution | LGPD principles apply even to public data |
| Automating collection ignoring ToS, robots.txt or rate limits | Caution | May breach terms of use / overload the service |
| Creating a fake profile or lying to access a restricted area | No | Fraudulent means (LPI, art. 195) |
| Bribing an employee to hand over confidential data | No | Crime of unfair competition (LPI, art. 195, XI–XII) |
| Aligning prices or exchanging sensitive data with the competitor | No | Cartel (Lei nº 12.529/2011, art. 36) |
Fonte: Summary of Laws nº 13.709/2018, 12.529/2011 and 9.279/1996 — guidance, not legal advice.
Espionage / coordination (illegal)
- Obtaining confidential data through fraud, intrusion or bribery
- Exchanging prices and plans directly with the competitor
- Fake profile to access what is restricted
- Reselling personal data collected from third parties
Competitive intelligence (legal)
- Observing public prices, ads and posts
- Structuring what any customer can already see
- Using official libraries and open sources
- Deciding your own price alone, based on the market
The conclusion is reassuring for anyone doing CI the right way: almost all useful competitive monitoring happens in the green zone — prices, ads, launches and campaigns that the competitor chose to show the market. Structuring that public signal into decisions is exactly what sets a mature operation apart. What you never need to do is cross the line; the relevant data is almost always already in plain sight for those who know how to look.
Referências e leitura complementar
- Brasil (2018). Lei nº 13.709 (Brazilian General Data Protection Law — LGPD), art. 7º. Presidência da República link .
- Brasil (2011). Lei nº 12.529 (Structures the Brazilian Competition Defense System), art. 36. Presidência da República link .
- Brasil (1996). Lei nº 9.279 (Industrial Property Law), art. 195, incisos XI e XII. Presidência da República link .
- ANPD (2024). National Data Protection Authority — guidance and materials. Governo Federal link .
- CADE (2026). Compliance algorítmico: as lições da jurisprudência recente do Cade. Conjur link .
- Migalhas (2019). A exceção dos dados pessoais tornados manifestamente públicos pelo titular na LGPD. Migalhas link .
