The Brazilian public administration structure is based on the idea of maintaining a high-quality public service for its citizens. This role is primarily described in the constitution and by administrative law regulations. The execution of public interest has been enhanced through digitalization, which simplifies access to and the provision of public services. Initiatives such as Meu SUS Digital (digital public health services) and the Celular Seguro program (public security program for cellphones) already indicate the importance of using personal data to simplify public services in the areas of security and public health.
In an increasingly data-driven world, information about citizens is an opportunity to improve the efficiency of public services and enhance public policies. With the enactment of the Lei Geral de Proteção de Dados (LGPD) (General Data Protection Law) , there is now a greater opportunity to optimize and increase the efficiency of public resources. This is because the law describes the requirements and procedures through which the public sector can leverage personal data it collects.
For example, in 2022, the Instituto Nacional de Estudos e Pesquisas Educacionais Anísio Teixeira (INEP) (institution responsible for public educational research) determined that the publication of data from the Censo Escolar (data about schools) and ENEM (National College Exam) could endanger thousands of children and adolescents. As a result, it removed the data from public access. After a compliance procedure conducted in conjunction with the Autoridade Nacional de Proteção de Dados (ANPD), the information was made available again with several adjustments.
In addition to protecting students, the new form of data publication by INEP focuses on providing specific information for researchers in the field. This small change represents an important step in how personal information can improve public services without compromising citizens.
This is the kind of transformation that Data Privacy Brasil aims to promote. With its history of action and learning, Data is in a prime position to address the opportunities and challenges of implementing data protection in the public sector. All of this is done through technically qualified debates. Our achievements in recent years reflect this commitment.
In 2024 alone, we conducted a series of specialized courses, training over 150 students and providing more than 300 hours of education on topics such as data protection, information security, and artificial intelligence. This year, we had the privilege of collaborating with important institutions such as SERPRO (Serviço Federal de Processamento de Dados), Autoridade Nacional de Proteção de Dados (ANPD), and the Senate. Additionally, we have provided training for the Public Prosecutor’s Office and Public Defenders in all five regions of the country. Below, we highlight some of these initiatives:
- SERPRO – Serviço Federal de Processamento de Dados
SERPRO is the largest public IT services provider in Brazil, and a course tailored for them needed to meet both the requirements for data protection implementation and the type of services the institution provides. To this end, we offered the course “Contracts and Data Protection” for the institution. The course focused on assisting in the development of complex agreements involving technological transactions while respecting personal data protection laws. The course had a practical focus on drafting contracts with public entities.
- Association of the Public Prosecutor’s Office of the State of Rio de Janeiro
Similarly, the public prosecutor’s office, like public defenders, benefits from a proper understanding of the right to personal data protection. We previously provided data protection training for the Associação do Ministério Público do Estado do Rio de Janeiro ( Public Prosecutor’s Office from Rio de Janeiro), which included members of the Associação Paranaense do Ministério Público (APMP), employees of the MPRJ, and judges from Rio de Janeiro.
The course updated employees on the LGPD, creating a crucial space for promoting data protection through the work of the Public Prosecutor’s Office in defending public interests.
- Training for the Federal Senate
The Federal Senate plays an essential role in promoting legislative action and expanding public and democratic participation. In the training provided to the Senate, we offered a broad study of the data protection field and aimed to develop skills for implementing rights in the design of the institution’s applications, with specific training in Privacy by Design.
The teams we trained developed design solutions for existing Senate functionalities, such as the E-Cidadania platform. This collaboration demonstrated how data protection can facilitate technical decision-making in creating features and improving the interfaces already available to citizens. Below are some examples of data flow mapping and analysis conducted by the Senate:
| Image 1: Data flow of a Senate research and oversight functionality, produced by Senate employees |
 |
| Image 2: Description of the data flow for a transparency feature developed by Senate employees |
 |
Image 3: Prototype of improvements to the E-Cidadania portal based on Privacy-by-Design methodologies
- Training for the Autoridade Nacional de Proteção de Dados (ANPD)
The training for the Autoridade Nacional de Proteção de Dados (ANPD) took place in the first half of 2024 and aimed to provide comprehensive education on data protection.
The course included approximately 100 employees over two months, including ANPD directors, technical area coordinators, and technical-administrative staff. During the 70-hour course, we covered all key areas of data protection, including frontier discussions:
- Data Protection and its main concepts
- Data Protection and AI
- Data Protection and Marketing
- Introduction to Cybersecurity
- Data Protection and Platform Regulation
Beyond merely understanding the law, we focused on developing deep reasoning skills with the ANPD based on data protection.
- Expanding the Role of Public Defender’s Offices in Data Protection in Brazil
The Public Defenders and Data Protection project was born out of the recognition of the centrality of personal data protection as an aspect of justice, citizenship, and the realization of rights in the relationship between Defenders and citizens. Personal data protection is present in how public defenders handle personal information of their clients and they are also key agents in combating the abusive or unlawful use of personal data. Therefore, it is essential that public defenders engage and act according to the LGPD.
To address this challenge, we developed a series of training sessions. Initially, Data organized an extensive course involving members from 14 state public defender offices across Brazil, covering all five regions. We trained these institutions to address the new regulatory and legal challenges of an increasingly data-driven society. This effort led to the production of a “first steps” guide to assist defenders across the country in their compliance processes.
In 2022, as debates on the regulation of Artificial Intelligence systems began to intensify in Brazil, with the creation of a Senate Commission of Jurists to discuss the topic, we offered a free course to a qualified multi-sectoral audience.
From the public sector, we had students from the judicial and legislative power as: Federal Public Prosecutor’s Office, Court of Justice of Minas Gerais, Federal Senate, National Data Protection Authority, Chamber of Deputies, Federal Supreme Court, Ministry of Economy, Federal Regional Court, Superior Electoral Court, and Public Defenders.
From the private sector, we had lawyers from leading law firms and representative associations from the industrial sector, such as Brasscom, and technology companies like Jusbrasil.
From the scientific community, we had researchers and professors from institutions such as Universidade de São Paulo (USP), Universidade Federal do Rio de Janeiro (UFRJ), Universidade Federal do Oeste da Bahia (UFOB), and Universidade FEEVALE.
Finally, from civil society partners, we had representatives from ITS-Rio, Ip.rec, LAPIN, Open Knowledge Brasil, Intervozes, CESeC, LAVITS, Artigo 19 Brasil, Olabi, Instituto Vero, and Instituto Nupef.
The 18-hour course covered topics such as AI Governance and Regulation, technical introduction to AI system operations, analysis of regulatory initiatives in Latin America and Europe, and potential discriminatory biases in AI. The course concluded with a practical activity where students mapped risks in an AI initiative and provided recommendations for improving the system.
In 2022, Data Privacy Brasil held two editions of a specific course on data protection in the public sector, covering topics such as the rules on public sector data use under the LGPD, best practices in data sharing, the intersection between the Lei de Acesso à Informação and personal data protection, and best practices in the public sector’s use and contracting of technologies.
The course included students from various sectors, particularly public officials and employees from institutions such as the Ministério Público do Espírito Santo, Tribunal de Contas da União, Banco Nacional de Desenvolvimento Econômico e Social (BNDES), municipalities, and public defender offices.
- With Data Protection in mind, public services are modernizing responsibly!
In this recent journey with the public sector, important discussions such as implementing the LGPD in design and enhancing public transparency have been addressed many times.
In addition, we discussed how new technologies are being interpreted through the lens of data protection, showing how the law can be an ally in innovative solutions for the public sector while respecting fundamental citizen rights and strengthening democracy.
With a proper understanding of data protection, the public sector has the opportunity to modernize responsibly.
Sign up and receive our newsletter in your email