Welcome to CGI.br’s and NIC.br’s Privacy and Personal Data Protection Seminar!

It is with great enthusiasm that we host the legal community, representatives from the government, business sector, civil society, and scientific community in São Paulo for another edition of enriching discussions. Over three days of extensive learning, we will address crucial topics shaping the current landscape of Personal Data Protection and Privacy in Brazil.

On the first day, our focus will be on the National Data Protection Authority and its enforcement process. Renowned experts will lead panels that provide insights and experiences on the challenges faced by data controllers, and with a special emphasis on oversight and data sharing by the public sector.

The second day will highlight the protection of sensitive data. We will explore the qualification, discrimination, and associated harms of this special data, with panels addressing topics such as the protection of children and adolescents, highlighting the challenges faced by data-driven business models and persuasive technologies. Additionally, we will delve into the digitization of healthcare services and policies from the perspective of the Brazilian General Data Protection Law (LGPD), also offering valuable insights on regulations and best practices for handling financial data in the context of Open Finance.

On the third day, we will venture into the fascinating world of global privacy and emerging technologies. We will uncover strategies and challenges faced in privacy programs within large corporations, along with panels discussing risk approaches and impact assessments, the intersection between the LGPD and the use of artificial intelligence in public security, and how the personal data protection agenda is related to the regulation of digital platforms.

We have prepared an event filled with knowledge, networking, and stimulating debates. Take advantage of this unique opportunity to connect with leading experts and professionals in the field, expanding your skills in data protection.

This event is free and will be held in person, with online streaming of all discussions on the NIC.br YouTube channel.

Your participation is crucial to building a safer and more conscious digital future. Register now and see you there!

History Timeline

  1. 2010

    The first Seminar on Protection of Privacy and Personal Data took place at the end of September 2010, in São Paulo, being the first event totally dedicated to addressing such themes as central objects of study and discussion in Brazil.


    The Brazilian scenario at the time already gave evidence of debates related to the “Cadastro Positivo” – a database on individuals and companies on credit contractions; as well as the release of the draft law on personal data protection by the Ministry of Justice in December of the same year.


    Therefore, the first edition of the Seminar focused on presenting fundamental concepts and promoting comparisons with the international scenario, debating topics such as electronic commerce, protection of children and youth, and electronic government. The identification of threats to privacy in the Information Society and the potential challenges for Brazil were also highlighted.

  2. 2011

    In March 2011, after the first edition of the Seminar, CGI.br and the Ministry of Justice organized a Workshop on the Personal Data Protection Draft, in order to promote a public consultation about the text, as it would be the first law on the matter in Brazil. The event had a broad participation and resulted in contributions that were incorporated into the draft.


    In October of the same year, the second edition of the Seminar on Privacy and Personal Data Protection brought speeches about the scenario of Brazilian regulation and international perspectives on privacy issues. In the United States, debate was taking place about a possible federal law on Internet users’ rights, while the European Commission also carried out public consultations to review the telecommunications legislation, with a focus on Internet service providers and operators.

  3. 2012

    In the Brazilian context, the year 2012 saw progress in the bill for the protection of personal data, with reference to the creation of a specific Authority for the subject. Not only had the Access to Information Law entered into force, but we were also following bills to update the Consumer Defense Code at the same time.


    On the international scene, the update of privacy terms for the unification of user accounts stood out. At the time, CGI.br proposed to discuss the topic of privacy for a survey of potential violations in Brazil.


    Considering the panorama on the themes in the country, the debates of the third edition of the Seminar presented speeches focused on consumer rights, the digital economy, access to information and new technologies. Hot topics from that moment were also brought up, such as social networks and discussions about the “Marco Civil da Internet” project – a Civil Rights Framework of the Internet.

  4. 2013

    The 2013 Seminar was inevitably influenced by the Snowden case on US National Security Agency (NSA) spying practices, bringing issues related to data security and privacy as a fundamental right.


    Within the Brazilian context, CGI.br issued a resolution condemning the actions of the NSA, also aligning itself with the speech of the then Presidency of the Republic in search of a democratic, multilateral and open governance for the Internet, exercised with transparency, stimulating collective and the participation of society, governments and the private sector.


    These discussions were the catalyst for the fourth edition of the Seminar, highlighting both the protection of personal data in criminal investigations and the preservation of public and private databases.

  5. 2014

    The year 2014 was marked by the approval of the “Marco Civil da Internet” – the Brazilian Civil Rights Framework of the Internet -, a development in the context of the Snowden case in the previous year, followed by the Global Multistakeholder Meeting on the Future of Internet Governance (NETMundial), also promoted by CGI.br and held in Brazil.


    At the time, “scoring” was discussed in the Superior Court of Justice, as a kind of “score” of consumption that would imply the crossing of personal data, highlighting the regulatory vacuum for the protection of such data in the country, and also the removal of personal data from applications that have not received express consent for their use.


    The fifth edition’s discussions brought to light the perspectives and challenges of the right to be forgotten, a topic that raised controversies involving freedom of expression and access to information, as well as more in-depth debates about the personal data protection draft bill.

  6. 2015

    The sixth Seminar took place in September 2015 and included the celebration of the 20th anniversary of CGI.br, as part of the conference cycle “CGI.br 20 years – principles for the governance and use of the Internet”.


    Within the cycle of conferences, the theme “Freedom, Privacy and Human Rights” was discussed, presented by Frank La Rue, lawyer and former UN Special Rapporteur for the right to freedom of expression and opinion, and journalist and writer James Bamford, known for his investigative work on US intelligence agencies, especially the National Security Agency (NSA).


    The discussions of the sixth edition of the Seminar were greatly influenced by the second public consultation of the Preliminary Draft of the Brazilian General Data Protection Law (LGPD), together with the Brazilian Civil Rights Framework of the Internet, within the scope of the discussions by the Ministry of Justice. Fundamental concepts of what would come to be incorporated into the “ LGPD” were also debated, such as the concept of personal data, anonymous data, consent, as well as topics related to Internet of Things and cryptography.

  7. 2016

    The seventh edition of the Seminar took place at the end of August 2016, in São Paulo. At the time, the Chamber of Deputies installed a special commission to analyze bill 4.060/2012, to which the General Data Protection Bill (PL 5.276/2016) was appended. Another important issue this year was the amendment to Law 12.414/2011, which now automatically includes consumers in the “Cadastro Positivo” – a database on individuals and companies on credit contractions.


    Also in 2016, the Rio de Janeiro Court ordered the blocking of a messaging application due to non-disclosure of data for police investigation. In the international scenario, the United States and the European Union announced the Privacy Shield agreement, which allowed the flow of data between companies in the bloc and the North American country, replacing the Safe Harbor agreement.


    Among the subjects of this edition, multistakeholder perspectives on the sharing economy, automated decisions, the functioning of algorithms, cryptography, the right to be forgotten, the Regulatory Decree of the Brazilian Civil Framework of the Internet, and other legislative proposals on the protection of personal data stood out.

  8. 2017

    The eighth edition of the Seminar was held in September 2017, in São Paulo. That year, the discussion on biochips raised concerns about privacy, as well as other debates such as the sale of personal data obtained by the public sector to privatization projects, in the case of the “Bilhete Único” – a payment system for public transportation in São Paulo.


    Also within the national scope, the National Civil Identification project was announced – a single citizen identification document, which raised fears about the centralization of data. At the time, the then Ministry of Science, Technology, Innovation and Communications (MCTIC) was working on the National Plan for the Internet of Things, facing a series of obstacles such as the approval of the data protection law.


    In 2017, the topics debated were about guaranteeing citizens’ rights and encouraging innovation and the promotion of efficient public management. For the first time, there was an international multistakeholder debate on models for inspection and enforcement of personal data protection laws based on the Mexican, Chilean and French experiences.

  9. 2018

    The ninth edition of the Seminar was held in August 2018, in São Paulo. In the national context, Brazil approved its Brazilian General Data Protection Law (LGPD), sanctioned on August 14 of the same year, only days after the seminar.


    The main subject of the year 2018 was the entry into force of the General Data Protection Regulation of the European Union (GDPR), bringing speakers from the European continent to the event. In the international context, revelations by Cambridge Analytica consultancy and a possible entry of Brazil into the Organization for Economic Cooperation and Development (OECD) were mentioned as some of the motivational factors that had an impact on the approval of the Brazilian law.


    Other thematic discussions addressed the role of the private sector in protecting privacy and personal data, the Brazilian situation of pre-approval of the General Data Protection Law (LGPD), as well as topics on Artificial Intelligence, behavioral profiles, and the concepts of privacy by design and privacy by default.

  10. 2019

    Celebrating 10 years of discussions on privacy and personal data, the tenth edition of the Seminar promoted discussions on the application of the LGPD in different sectors, and the emergence of figures such as the Person Responsible for the Processing of Personal Data (or DPO – Data Protection Officer).


    At the time, even though it was not yet in effect, the public sector commented on the possible effects of the law in cases involving Courts of Justice and technology companies, mainly questioning the consent and transparency to data subjects on international transfers. In July of the same year, the Presidency of the Republic sanctioned the text that created the National Data Protection Authority (ANPD).


    Internationally, we were tracking the first million dollar fines based on the GDPR, over allegations of lack of transparency in the collection of personal data from European citizens and its use for targeted content advertising.


    The tenth edition of the Seminar debated the processes for adapting the law and its importance for society. Algorithms and the digital economy also remained in the debate as relevant issues, opening space for debates on new technologies such as facial recognition, in addition to bringing the issue of cryptography as one of the possibilities for the security of personal data.

  11. 2020

    Considering the worldwide repercussions related to the COVID-19 pandemic, the 11th edition of the Seminar was held for the first time in a fully online format.


    With a record attendance of more than 1,600 people registered for the event, the Seminar’s multistakeholder discussions focused on the issues of privacy and personal data protection, specifically relating them to: the entry into force of the Brazilian General Data Protection Law (LGPD); the micro-targeting of data in electoral campaigns; the impacts of the COVID-19 pandemic on privacy, misinformation and potential damage from its repercussions; discussions on the draft use of personal data for public safety purposes; open banking and the challenges ahead for the National Data Protection Authority (ANPD).

  12. 2021

    In the second year of the COVID-19 pandemic, the Seminar on Privacy and Personal Data Protection remained in an online format and surpassed the previous edition in terms of audience, with more than 2,600 participants.


    Bringing foreign experiences that can be absorbed into the Brazilian context, Bertrand de La Chapelle spoke about data sovereignty and cross-border flows, a discussion that may underpin the National Data Protection Authority (ANPD)’s regulatory agenda in 2022; while Judith Rauhoffer spoke about digital rights as human rights, around the emerging consensus on data protection as a fundamental right. On a national level, Miriam Wimmer commented on the perceptions of the ANPD in the development of a data protection culture in Brazil, while Danilo Doneda approached data protection beyond the Data Protection Law (LGPD), discussing the perspectives of new technologies within the international scenario.


    Also, taking into account the LGPD’s one year effective date anniversary, the 2021 edition was marked by topics of a more practical nature, amonsgt them: anonymization techniques for compliance with the law; regulation and practice in privacy and cryptography; Data Protection Impact Assessment and other risk analysis methodologies.


    All discussions of previous editions are available on this Seminar website, under the tab “previous events”. Follow the 2022 discussions! We hope to see you soon!

  13. 2022

    This in-person edition had the participation of national and international experts, such as government officials, private sector representatives, third sector, and members of the scientific and technological community. In a multistakeholder approach, each sector will take part in public debates and technical discussions about Artificial Intelligence, Information Security and the Brazilian General Data Protection Law, among other topics.


Amcham Brasil
R. da Paz, 1431 - Chácara Santo Antônio (Zona Sul), São Paulo-SP/Brazil

How to get to the event venue: the train stations closest to the meeting venue are Morumbi and Granja Julieta, that’s part of Train Line 9 (Emerald). The Train Line 9 (Emerald) makes a connection with Subway Line Yellow in Pinheiros Station; with Train Line 8 (Diamond) in Osasco and Presidente Altino Stations, and also with Subway Line Lilac in Borba Gato Station.

Bus lines
SPTrans is responsible for the bus lines in the city (https://www.sptrans.com.br/). Their website is only in portuguese, but their bus lines schedule database is integrated into Google Maps, so you can easily query the best bus lines for a given route.

– Subway Official Website: https://www.metro.sp.gov.br/
– Train Official Website: https://www.cptm.sp.gov.br/
– Information about bus lines: https://www.sptrans.com.br/

Program Committee

The following experts are part of the 14th Seminar Program Committee:




– Bia Barbosa (CGI.br)
– Bianca Kremer (IDP)
– Caitlin Mulholland (PUC-Rio)
– Carlos Affonso Souza (ITS-Rio)
– Demi Getschko (NIC.br)
– Flávio Wagner (ISOC Brasil)
– Hartmut Glaser (CGI.br)
– Laura Tresca (CGI.br)
– Luiz Costa (MPF)
– Marina Feferbaum (FGV SP)
– Miriam Wimmer (IDP)


NIC.br/CGI.br advisor members:
Carlos Cecconi, Isadora Peixoto, Karen Borges, Mariana Venâncio, Ramon Costa, Raquel Gatto e Rodrigo Silva.


Check below where you can stay in São Paulo nearby the event venue:




Hotels without special rates


1. Hotel Intercity Nações Unidas
Address: Rua Fernandes Moreira, 1371 – Chácara Santo Antônio, São Paulo – Brazil.
Distance from event venue: 600 meters.
Telephone: +55 (11) 5189-6555
Site: https://www.intercityhoteis.com.br/hotel-sao-paulo/hotel-intercity-nacoes-unidas/50/#hotel
E-mail: reservas@intercityhoteis.com.br


Hotels with special rates


1. Blue Tree Premium
Address: Rua Verbo Divino, 1323 – Chácara Santo Antônio, São Paulo – Brazil.
Distance from event venue: 700 meters.
Telephone: +55 (11) 5683-4600
Site: https://www.bluetree.com.br/hotel/blue-tree-premium-verbo-divino/
E-mail: reservas.verbodivino@bluetree.com.br
Discount Rates: Inform about your participation in the event to get 20% discount on the public rate of the day. The discount will be available for the period between the 15th and 17th of august (15/08/2023 – 17/08/2023) and the deadline to confirm the reservations will be up to three days before the event.
General conditions:
– Add 5% of Service Tax (ISS);
– Free Wi-Fi;
– Check-in at 2pm and check-oOut at 12pm;
– Breakfast included (when served in the hotel restaurant);
– Parking: R$ 40,00 per day.


2. Mercure Sao Paulo Nacoes Unidas Hotel
Address: Rua Prof. Manoelito de Ornellas 104, Chácara Santo Antônio, São Paulo – Brazil.
Distance from event venue: 1,1 km.
Telephone: +55 (11) 5188-3857
Site: https://all.accor.com/hotel/3135/index.en.shtml
E-mail: H3135-re@accor.com
Discount Rates: inform about your participation in the event to get 12% discount on the public rate of the day.
General conditions:
– Check-in from 12pm – Check-out up to 12pm;
– Breakfast not included (R$ 46,00);
– Free Wi-Fi;
– Accommodation free of charge for children under 12 years when with a parent;
– Parking not included: R$ 30,00 per day.


3. Estanplaza International
Address: Rua Fernandes Moreira, 1293 – Chácara Santo Antônio, São Paulo – Brazil
Distance from event venue: 600 meters
Telephone: +55 (11) 3059-3277
Site: https://estanplaza.com.br/hoteis/estanplaza-international
E-mail: reservas@estanplaza.com.br
Discount Code: NICBR2023
Discount Rates:
Standard Room – Single R$ 668,00
Standard Room – Double R$ 712,00
General conditions:
– Free Wi-Fi;
– Breakfast included (when served in the hotel restaurant);
– Parking not included;
– Add 5% of Service Tax (ISS) and R$ 5,30 of tourism fee (it’s optional);
– Check-in at 2pm and check-out at 12pm.

Previous events (in portuguese)

2022       2021       2020       2019       2018       2017       2016       2015       2014       2013       2012       2011       2010

Watch the latest edition!

The 13th Seminar on Privacy and Personal Data Protection was held on August 17th and 18th 2022.

Access the playlist!