The first Seminar on Protection of Privacy and Personal Data took place at the end of September 2010, in São Paulo, being the first event totally dedicated to addressing such themes as central objects of study and discussion in Brazil.
The Brazilian scenario at the time already gave evidence of debates related to the “Cadastro Positivo” – a database on individuals and companies on credit contractions; as well as the release of the draft law on personal data protection by the Ministry of Justice in December of the same year.
Therefore, the first edition of the Seminar focused on presenting fundamental concepts and promoting comparisons with the international scenario, debating topics such as electronic commerce, protection of children and youth, and electronic government. The identification of threats to privacy in the Information Society and the potential challenges for Brazil were also highlighted.
In March 2011, after the first edition of the Seminar, CGI.br and the Ministry of Justice organized a Workshop on the Personal Data Protection Draft, in order to promote a public consultation about the text, as it would be the first law on the matter in Brazil. The event had a broad participation and resulted in contributions that were incorporated into the draft.
In October of the same year, the second edition of the Seminar on Privacy and Personal Data Protection brought speeches about the scenario of Brazilian regulation and international perspectives on privacy issues. In the United States, debate was taking place about a possible federal law on Internet users’ rights, while the European Commission also carried out public consultations to review the telecommunications legislation, with a focus on Internet service providers and operators.
In the Brazilian context, the year 2012 saw progress in the bill for the protection of personal data, with reference to the creation of a specific Authority for the subject. Not only had the Access to Information Law entered into force, but we were also following bills to update the Consumer Defense Code at the same time.
On the international scene, the update of privacy terms for the unification of user accounts stood out. At the time, CGI.br proposed to discuss the topic of privacy for a survey of potential violations in Brazil.
Considering the panorama on the themes in the country, the debates of the third edition of the Seminar presented speeches focused on consumer rights, the digital economy, access to information and new technologies. Hot topics from that moment were also brought up, such as social networks and discussions about the “Marco Civil da Internet” project – a Civil Rights Framework of the Internet.
The 2013 Seminar was inevitably influenced by the Snowden case on US National Security Agency (NSA) spying practices, bringing issues related to data security and privacy as a fundamental right.
Within the Brazilian context, CGI.br issued a resolution condemning the actions of the NSA, also aligning itself with the speech of the then Presidency of the Republic in search of a democratic, multilateral and open governance for the Internet, exercised with transparency, stimulating collective and the participation of society, governments and the private sector.
These discussions were the catalyst for the fourth edition of the Seminar, highlighting both the protection of personal data in criminal investigations and the preservation of public and private databases.
The year 2014 was marked by the approval of the “Marco Civil da Internet” – the Brazilian Civil Rights Framework of the Internet -, a development in the context of the Snowden case in the previous year, followed by the Global Multistakeholder Meeting on the Future of Internet Governance (NETMundial), also promoted by CGI.br and held in Brazil.
At the time, “scoring” was discussed in the Superior Court of Justice, as a kind of “score” of consumption that would imply the crossing of personal data, highlighting the regulatory vacuum for the protection of such data in the country, and also the removal of personal data from applications that have not received express consent for their use.
The fifth edition’s discussions brought to light the perspectives and challenges of the right to be forgotten, a topic that raised controversies involving freedom of expression and access to information, as well as more in-depth debates about the personal data protection draft bill.
The sixth Seminar took place in September 2015 and included the celebration of the 20th anniversary of CGI.br, as part of the conference cycle “CGI.br 20 years – principles for the governance and use of the Internet”.
Within the cycle of conferences, the theme “Freedom, Privacy and Human Rights” was discussed, presented by Frank La Rue, lawyer and former UN Special Rapporteur for the right to freedom of expression and opinion, and journalist and writer James Bamford, known for his investigative work on US intelligence agencies, especially the National Security Agency (NSA).
The discussions of the sixth edition of the Seminar were greatly influenced by the second public consultation of the Preliminary Draft of the Brazilian General Data Protection Law (LGPD), together with the Brazilian Civil Rights Framework of the Internet, within the scope of the discussions by the Ministry of Justice. Fundamental concepts of what would come to be incorporated into the “ LGPD” were also debated, such as the concept of personal data, anonymous data, consent, as well as topics related to Internet of Things and cryptography.
The seventh edition of the Seminar took place at the end of August 2016, in São Paulo. At the time, the Chamber of Deputies installed a special commission to analyze bill 4.060/2012, to which the General Data Protection Bill (PL 5.276/2016) was appended. Another important issue this year was the amendment to Law 12.414/2011, which now automatically includes consumers in the “Cadastro Positivo” – a database on individuals and companies on credit contractions.
Also in 2016, the Rio de Janeiro Court ordered the blocking of a messaging application due to non-disclosure of data for police investigation. In the international scenario, the United States and the European Union announced the Privacy Shield agreement, which allowed the flow of data between companies in the bloc and the North American country, replacing the Safe Harbor agreement.
Among the subjects of this edition, multistakeholder perspectives on the sharing economy, automated decisions, the functioning of algorithms, cryptography, the right to be forgotten, the Regulatory Decree of the Brazilian Civil Framework of the Internet, and other legislative proposals on the protection of personal data stood out.
The eighth edition of the Seminar was held in September 2017, in São Paulo. That year, the discussion on biochips raised concerns about privacy, as well as other debates such as the sale of personal data obtained by the public sector to privatization projects, in the case of the “Bilhete Único” – a payment system for public transportation in São Paulo.
Also within the national scope, the National Civil Identification project was announced – a single citizen identification document, which raised fears about the centralization of data. At the time, the then Ministry of Science, Technology, Innovation and Communications (MCTIC) was working on the National Plan for the Internet of Things, facing a series of obstacles such as the approval of the data protection law.
In 2017, the topics debated were about guaranteeing citizens’ rights and encouraging innovation and the promotion of efficient public management. For the first time, there was an international multistakeholder debate on models for inspection and enforcement of personal data protection laws based on the Mexican, Chilean and French experiences.
The ninth edition of the Seminar was held in August 2018, in São Paulo. In the national context, Brazil approved its Brazilian General Data Protection Law (LGPD), sanctioned on August 14 of the same year, only days after the seminar.
The main subject of the year 2018 was the entry into force of the General Data Protection Regulation of the European Union (GDPR), bringing speakers from the European continent to the event. In the international context, revelations by Cambridge Analytica consultancy and a possible entry of Brazil into the Organization for Economic Cooperation and Development (OECD) were mentioned as some of the motivational factors that had an impact on the approval of the Brazilian law.
Other thematic discussions addressed the role of the private sector in protecting privacy and personal data, the Brazilian situation of pre-approval of the General Data Protection Law (LGPD), as well as topics on Artificial Intelligence, behavioral profiles, and the concepts of privacy by design and privacy by default.
Celebrating 10 years of discussions on privacy and personal data, the tenth edition of the Seminar promoted discussions on the application of the LGPD in different sectors, and the emergence of figures such as the Person Responsible for the Processing of Personal Data (or DPO – Data Protection Officer).
At the time, even though it was not yet in effect, the public sector commented on the possible effects of the law in cases involving Courts of Justice and technology companies, mainly questioning the consent and transparency to data subjects on international transfers. In July of the same year, the Presidency of the Republic sanctioned the text that created the National Data Protection Authority (ANPD).
Internationally, we were tracking the first million dollar fines based on the GDPR, over allegations of lack of transparency in the collection of personal data from European citizens and its use for targeted content advertising.
The tenth edition of the Seminar debated the processes for adapting the law and its importance for society. Algorithms and the digital economy also remained in the debate as relevant issues, opening space for debates on new technologies such as facial recognition, in addition to bringing the issue of cryptography as one of the possibilities for the security of personal data.
Considering the worldwide repercussions related to the COVID-19 pandemic, the 11th edition of the Seminar was held for the first time in a fully online format.
With a record attendance of more than 1,600 people registered for the event, the Seminar’s multistakeholder discussions focused on the issues of privacy and personal data protection, specifically relating them to: the entry into force of the Brazilian General Data Protection Law (LGPD); the micro-targeting of data in electoral campaigns; the impacts of the COVID-19 pandemic on privacy, misinformation and potential damage from its repercussions; discussions on the draft use of personal data for public safety purposes; open banking and the challenges ahead for the National Data Protection Authority (ANPD).
In the second year of the COVID-19 pandemic, the Seminar on Privacy and Personal Data Protection remained in an online format and surpassed the previous edition in terms of audience, with more than 2,600 participants.
Bringing foreign experiences that can be absorbed into the Brazilian context, Bertrand de La Chapelle spoke about data sovereignty and cross-border flows, a discussion that may underpin the National Data Protection Authority (ANPD)’s regulatory agenda in 2022; while Judith Rauhoffer spoke about digital rights as human rights, around the emerging consensus on data protection as a fundamental right. On a national level, Miriam Wimmer commented on the perceptions of the ANPD in the development of a data protection culture in Brazil, while Danilo Doneda approached data protection beyond the Data Protection Law (LGPD), discussing the perspectives of new technologies within the international scenario.
Also, taking into account the LGPD’s one year effective date anniversary, the 2021 edition was marked by topics of a more practical nature, amonsgt them: anonymization techniques for compliance with the law; regulation and practice in privacy and cryptography; Data Protection Impact Assessment and other risk analysis methodologies.
All discussions of previous editions are available on this Seminar website, under the tab “previous events”. Follow the 2022 discussions! We hope to see you soon!
This in-person edition had the participation of national and international experts, such as government officials, private sector representatives, third sector, and members of the scientific and technological community. In a multistakeholder approach, each sector will take part in public debates and technical discussions about Artificial Intelligence, Information Security and the Brazilian General Data Protection Law, among other topics.