By Fabio Alonso Vieira and Jhonata Candido   On November 25, 2022, President Jair Bolsonaro published a Decree No. 11.266/2022, which changed Decree No. 10.046/2019, which deals the governance of data sharing under the federal public administration and establishes the Citizen’s Base Register and the Center Data Governance Committee. The decree was published due to the determination of the Supreme Court, through judgement of ADI No. 6.649 and ADPF No. 695, through which it was decided that Article 22 of decree 10.046/2019, on the composition of the Central Committee for Data Governance is unconstitutional and that the sharing of data between public agencies,

By Eduarda Mourad Baldavira and Fabio Alonso Vieira   In October 2022, Senator Alessandro Vieira (PSDB), presented Bill No. 2.628 ("Bill"), whose main premise is to guarantee protection for children and adolescents in digital environments. To reach its purpose, the Bill points out that the use of informational technology products or services by children and adolescents should respect the following principles: a) the guarantee of integral protection; b) the absolute prevalence of their interests; c) the peculiar condition of a person in biopsychic development; d) safety from intimidation, exploitation, abuse, threats and other forms of violence; e) respect for the autonomy and progressive development of the individual; f) protection

By Fabio Vieira and Jhonata Candido   Recently, through Artificial Intelligence, the French government discovered thousands of hidden private pools that were not taxed by the government, a fact that unexpectedly boosted French tax revenues. The Artificial Intelligence used by the French government was a software developed by Google together and the French company Capgemini, in October 2021, that mapped pools with aerial images of nine regions of the country. The experiment resulted in a revenue of around 10 million Euros for the government, as more than 20,000 undeclared pools were detected, considering that to own an average swimming pool of 30 square meters

By Fabio Vieira and Jhonata Candido   Early in October, the European Data Protection Board (“Board”) published Guideline nº 09/2022 (“Guideline”) regarding personal data violation notifications based on the General Data Protection Regulation (“GDPR”). According to the Guideline, a personal data violation is identified whenever the personal data security is compromised or when there is accidental or unauthorized destruction, loss, alteration, unlawful disclosure of personal data that has been transmitted or stored. In that sense, Opinion No. 3/2014 issued by the "Working Party for the Protection of Individuals regarding the Processing of Personal Data in Europe," better known as "WP29," defined that breaches can

By Fabio Vieira and Eduarda Mourad   Last week, the National Data Protection Authority ("ANPD") released the Orientative Guide entitled "Cookies and Personal Data Protection" ("Guide"), in order to provide an overview of the topic, to guide processing agents about good practices on this matter and to keep data subjects informed of their rights To achieve these goals, the Guide introduced some important definitions: (i) What are Cookies? Cookies are files placed in a user's device that allow the collection of certain information, including, in some situations, personal data, in order to fulfill a number of purposes such as the proper and safe functioning of

By Fabio Vieira, Eduarda Mourad, and Jhonata Candido   Since January 28, 2022, the date on which it was published on the Union Official Gazette, Resolution CD/ANPD No. 2, which approves the Regulations for the application of the Brazilian General Data Protection Law ("LGPD") for small sized data processing agents (“Regulation”), is into force. The Regulation applies to micro-enterprises, small businesses, startups, private legal entities, including non-profit legal entities as set forth by the applicable laws, natural persons, and impersonalized private entities that perform personal data processing, assuming typical controller or operator obligations. For a legal entity to be classified as micro-enterprises or small

By Gabriela Tchalian and Daniel Salgado   In 2021, the Plenary of the National Consumer Protection Council approved the provisional text of the new Customer Service Decree ("SAC"). The reformulation of the legislation regulating the service comes, mainly, due to the high number of consumer complaints, the growing digital transformation, and the consequent needs of the current consumer. In the current scenario, the main needs of the consumers consist of practicality, agility, and autonomy to solve their problems, which, in most cases, does not occur and the service ends up being, in fact, ineffective and tiring. Therefore, the new Decree seeks the resolution and digitization

By Fabio Vieira and Gabriela Tchalian   Although still in formation, caselaw on privacy and data protection has just received a new precedent, Civil Appeal No. 1010253-75.2020.8.26.0019, decided on February 1, 2022, in the District of Americana, São Paulo. The plaintiff ("Plaintiff") is a natural person, whose name will not be revealed for identity preservation as well as due to the case running in secret of justice. It refers to a consumer relationship, with Claro S.A. ("Claro") as the defendant in the lawsuit. The Plaintiff has stated that, on September 16, 2020, she pleaded to Claro for the confidentiality of her information and application

By Fabio Vieira and Gabriela Tchalian   On June 2 and 3, 2022, Superior Electoral Court ("TSE") promoted a public hearing in hybrid format, aiming to receive suggestions on the application of the General Data Protection Law ("LGPD") on disclosure of candidates’ data for the 2022 elections. The hearing was convened by TSE’s president, Minister Edson Fachin, and conducted and moderated by ombudsman judge, Judge Larissa Nascimento. The list of debaters included experts and entities in both electoral law and right to information fields. Examples of participants are Brazilian Academy of Electoral and Political Law, National Data Protection Council, Data Privacy Brazil, Forum of

By Fabio Vieira and Gabriela Tchalian   On March 8, 2022, Deputies Thiago Mitraud and Adriana Ventura, both from the New Party, presented in the House of Representatives Bill No. 454/2022 ("PL No. 454/2022"), which now awaits consideration by the Federal Senate. PL No. 454/2022 intends to amend Law No. 9,394/1996 ("Law of Guidelines and Baseline for Education") and Law No. 13,709/2018 ("General Data Protection Law - LGPD"). Regarding Law of Guidelines and Baselines for Education, PL No. 454/2022 intended to amend article 5th, which establishes compulsory basic education as a subjective demandable public right, in order to include paragraphs 6th and 7th, with