Data Ecosystems and Infrastructures: The 1st Edition of the Data Governance School

Between November 10th and 14th, 2025, Data Privacy Brasil, with support from CEDIS-IDP, held the first edition of the Data Governance School at IDP in Brasília. With the support of CEDIS-IDP, the course offered a space for qualified discussion about viewing data and infrastructure in an integrated manner through the lens of data governance. See what happened in the course below!

From Data Protection to Data Governance

For a long time, a recurring slogan in Data Privacy Brasil’s courses and materials revolved around promoting a culture of data protection, one reflected both in raising citizens’ awareness of their rights as data subjects and in implementing data-protection guidelines so organizations could process data responsibly and innovatively.

This agenda stems from the promises of the General Data Protection Law (LGPD), such as ensuring individuals’ control over access to their personal data, defending privacy, and guaranteeing transparency and access to information about how anyone’s data is processed.

However, the LGPD’s broad scope already indicated multiple paths for regulation and structuring rights. The law contains chapters and provisions regulating the processing of children’s and adolescents’ data, risk analysis and Data Protection Impact Reports (DPIAs or RIPDs), information security measures, and even the use of personal data in automated decisions, such as the right to request a review of such decisions.

Over time, the LGPD’s application expanded to include new areas. These areas include labor relations, marketing and advertising, access to information, generative artificial intelligence, data processing in the public sector, and the pharmaceutical sector.

This development led to new research and training initiatives within Data Privacy Brasil. Yet even with the growing relevance of data protection, important issues remain in the field of digital rights. Examples include artificial intelligence regulation, the development and use of digital public goods and digital public infrastructures, the protection of children and adolescents, and freedom of expression on social networks. All these topics require an integrated approach.

Digital rights as a field often becomes segmented into isolated issues. Therefore, it is necessary to think beyond individual rights and adopt a holistic and ecological perspective that begins with the idea of a Fair Information Ecosystem.

When we understand data protection from this perspective, we recognize that laws like the LGPD are only one component of a much broader sociotechnical arrangement. While the culture of data protection focused on empowering individuals and organizations against risks associated with personal data use, a fair information ecosystem calls for the consideration of power structures, economic dynamics, environmental impacts, and social inequalities that shape the contemporary digital environment.

As a result, data protection becomes more than a list of rights and organizational duties. It becomes part of a deeper agenda that connects data and infrastructures across both public and private sectors.

Data Governance emerges as a way to act within this fragmented landscape, bringing together technical and regulatory discussions with multiple fields of knowledge, such as information security, personal data protection, public transparency, public management, and public-private partnerships in technological development.

This new horizon requires educational institutions, civil society organizations, governments, and companies to work in synchronization, producing knowledge, policies, and practices equipped to respond to the systemic challenges of an era mediated by data and artificial intelligence.

For Data Privacy Brasil, this shift represents not only thematic expansion but also methodological evolution. The goal is to train professionals and researchers capable of understanding and intervening in the ecosystem of technologies and sociopolitical interactions that shape contemporary life. The Data Governance School is an important step toward this goal.

The 1st Edition of the Data Governance School

The composition and selection of the cohort

The formation of the first cohort of the Data Governance School (EGD) was conceived as one of the central elements of its pedagogical design. Unlike the live online courses offered by Data Privacy Brasil in recent years, the EGD required a selection process capable of identifying not only technical knowledge but also critical maturity, diversity of backgrounds, and commitment to the public interest. The in-person nature of the course, combined with the cross-cutting character of data governance, demanded a cohort selection that reflected the plurality of Brazil’s data and technology ecosystem.

The selection process was structured to go beyond traditional résumés. The initial stage consisted of a brief profile analysis in which applicants presented their motivations, experiences, and perspectives on the challenges addressed in the EGD. More than academic titles or formal positions, the goal was to understand how each person viewed the field of data governance from a holistic standpoint.

The selection also incorporated diversity criteria. The aim was to build a plural cohort, valuing differences in gender, race, class, geographical region, and professional experience. This commitment was essential to ensuring that the EGD became a space representative of Brazil’s reality, connecting professionals from all regions of the country, including civil-society members, community leaders, researchers from different areas, and public servants directly responsible for implementing digital public policies.

In addition, Data Privacy Brasil created a scholarship program designed to expand access to the course and guarantee the participation of voices historically underrepresented in data governance debates. The scholarship call enabled full funding for civil-society participants, independent researchers, territorial activists, and members of community organizations, ensuring that the student body was not limited to those with stronger institutional or financial resources but rather included people representing the groups most affected by digital public policies.

The result of this process was a multisectoral and deeply interdisciplinary cohort. The group included public servants, professionals from the justice system, data scientists and engineers, academics and researchers, communicators, activists, representatives of community organizations, and private-sector professionals working with technology, innovation, and regulation.

This diversity was also evident in the participants’ direct involvement with sensitive and contemporary public policies. The cohort brought together public servants from ministries responsible for digital transformation, public health, education, social policies, and human rights; professionals developing digital public infrastructures; and analysts working on data interoperability.

Taken together, the student body of the first EGD embodies what data governance requires: a field that only exists fully when different sectors of the state, society, and market meet, debate, and learn from one another. This multisectoral nature, combined with interdisciplinarity and the commitment to expand access through scholarships, enriched the classroom discussions. The cohort thus became an essential part of the course’s pedagogical approach by demonstrating that governing data is, above all, governing relationships, infrastructures, and decisions that shape all aspects of social life.

What happened at the EGD

From November 10th to 14th, 2025, Data Privacy Brasil, in partnership with CEDIS-IDP, held the first edition of the Data Governance School (DGS) at IDP in Brasília. This five-day immersion gathered experts from the public sector, academia, civil society, and information technology to explore how data protection, digital public infrastructure, artificial intelligence, transparency, and informational justice intersect in the development of innovative technologies and digital public policies.

The School combined lectures, case studies, and practical exercises so participants could apply data governance concepts to real-world scenarios. The course concluded with a final activity inspired by the Integrated National Early Childhood Policy (PNIPI). Through a Problem-Based Learning approach, each group developed digital solutions, data-sharing regulations, and crisis-response strategies. Below is a summary of what happened each day.

• Day 1: Data Protection and Shared Use of Personal Data

The first day focused on the foundations of personal-data protection and its application in public policy, taught by Bruno Bioni (Co-Director of Data Privacy Brasil) and Laura Schertel (Coordinator of the Professional Master’s in Law at IDP and professor at the same institution). Adriana Marques, Data Protection Officer of the Ministry of Health, also participated.

In the morning, participants discussed the LGPD’s structural principles and their relationship with innovation, organizational governance, and policy-making. The session focused on core concepts such as informational self-determination and the expansion and intersection of the field.

Themes such as digital public infrastructure, Fair Information Ecosystems, and the newly approved Protection of Children and Adolescents in Digital Environment Act set the tone for the week and helped establish the starting point for subsequent sessions.

In the afternoon, Adriana Marques presented the digital transformation of the Brazilian Unified Health System (SUS). Participants applied risk-assessment methodologies to analyze real scenarios involving sensitive data use and sharing. The session addressed legal bases, benefits, risks, and mitigation measures in digital health.

The class also provided an overview of the history of the SUS and its digitalization, highlighting the importance of data governance for improving efficiency and security in public services.

One of the most memorable discussions of the day centered on access to public information and its connection to digital public services.

• Day 2: Digital Public Infrastructure and Fraud Prevention

Day 2 featured lectures by Fernanda Campagnucci, Executive Director of InternetLab, and Yasodara Córdova, a cybersecurity specialist.

In the morning, the group explored data sharing for fraud prevention. Participants analyzed operational, legal, and technical aspects that support information exchange in digital public services. Case studies guided reflections on balancing security, efficiency, and fundamental rights.

The session emphasized that fraud-prevention strategies must be broad and address attacker behavior. It also highlighted common Brazilian challenges in information security, such as limited digital literacy, population aging, and weak security measures in small and medium businesses.

According to Yaso, for better information security:

“There is only one way, protect or collect less data.”

In the afternoon, Campagnucci introduced the fundamentals of Digital Public Infrastructure (DPI/IPD), exploring components such as digital identity, interoperability, and payment systems, and their implications for public-interest-oriented policies. Cases such as gov.br and Pix grounded the discussion on sovereignty, inclusion, and transparency.

The highlight was the distinction between digital public goods and digital public infrastructures. Digital public goods are data or software accessible and usable by all; digital public infrastructures are state-owned systems whose architecture and datasets are not necessarily open, even if they can be.

• Day 3 – Foundations of Artificial Intelligence and Bias Mitigation

Day 3 was led by Virgílio Almeida (Member of the Brazilian Academy of Sciences and Full Professor at UFMG’s Computer Science Department) and Paolla Magalhães (Computer Engineer and Machine-Learning Specialist with 7 years of experience).

In the morning, Virgílio presented AI fundamentals through the lens of algorithmic institutionalism, discussing how automated systems shape social practices, decisions, and public policies. Topics such as opacity, algorithmic power, governance, and accountability were explored.

A key highlight was demonstrating that automated-system problems are epistemological, because these systems produce knowledge about society, and political, because that knowledge influences institutional and individual decisions.

In the afternoon, Paolla led a practical session on detecting and mitigating bias in automated systems. Through dataset analysis and simulations, participants learned how biases emerge throughout AI’s lifecycle and explored best practices connecting algorithmic fairness, data protection, and equity.

The activity illustrated the gap between notions of algorithmic justice held by regulators/digital-rights professionals and the concepts used by AI developers. Despite conceptual distance, bias mitigation depends on cooperation—shared language between ethics and engineering teams is the starting point.

• Day 4 – Data Governance

Day 4 featured lectures by Flávio Lopes (General Coordination of Data Governance at the Ministry of Management and Innovation in Public Services) and Carlos Sturm (General Coordinator for Environmental and Territorial Data Structuring at the Secretariat of Digital Government).

In the morning, Flávio introduced data-governance concepts, frameworks, and models, discussing national experiences such as the National Data Infrastructure. Participants analyzed data-governance maturity levels and reflected on institutional arrangements shaping public-policy information architecture.

In the afternoon, Carlos Sturm presented a case study of the Rural Environmental Registry (CAR), integrating data governance, DPI, and personal-data protection. The case enabled participants to evaluate benefits, risks, interoperability challenges, and accountability mechanisms in data-intensive environmental policies. Interestingly, during the same week as the DGS, at COP30, CAR was recognized as the world’s first climate-focused Digital Public Good.

The lecture showed how each data-governance element translated into specific actions essential to CAR’s success, bringing together nearly all key themes from the first four days: data protection, governance, public transparency, digital public infrastructure, and digital public goods.

• Day 5 – Citizen-Generated Data and Final Activity

The final day was led by Bruno Sousa (Co-Founder of Instituto Decodifica) and Manuela Oliveira (lawyer and member of the OAB-BA Special Committee on Artificial Intelligence). The final activity was coordinated by Pedro Martins and Pedro Henrique Santos from Data Privacy Brasil’s Training & Communities team.

In the morning, the class explored Citizen-Generated Data initiatives, in which citizens, communities, and civil-society organizations produce data relevant for monitoring rights, shaping public policy, and strengthening transparency.

Projects presented included

• Retratos das Enchentes: documenting impacts of extreme climate events in favelas.
• COVID-19 in the Favelas Panel : monitoring cases and consequences of the pandemic in underserved areas.
• InfoAmazonia: integrating community-generated data and satellite information to track socio-environmental issues in the Amazon.
• Cocozap: mapping the lack or precariousness of sanitation services through resident-submitted reports.

The discussion covered inclusion, representativity, informational sovereignty, and the articulation between governmental and community-generated data.

In the afternoon, participants carried out the Final Activity, based on a case study of the Integrated National Early Childhood Policy (PNIPI). The policy—presented as a work in progress—sought to connect data, services, and digital infrastructures across five pillars (“Living with Rights,” “Living with Education,” “Living with Health,” “Living with Dignity,” and “Information Integration and Family Communication”), each under a different ministry.

Participants assumed the role of ministries and designed digital public policies and solutions using course concepts. The exercise unfolded in phases:Phase 1: defining agenda and policy design. Phase 2: simulating implementation and drafting data-sharing regulations, outlining the basis for ministerial directives. Phase 3: responding to crisis scenarios involving institutional, social, or media-driven tensions.

Conclusion

The first edition of the Data Governance School was an environment where participants discussed how data and infrastructures form a complex ecosystem that can only be governed fairly when different fields of knowledge engage in dialogue with one another.

This was deeply felt by the students. Several participants highlighted the combination of technical rigor and openness to dialogue as one of the central elements of the experience. As one student summarized:

“It was an intense five days alongside a highly skilled technical team and a diverse, curious, and dialogue-oriented cohort. This plural environment gave every debate even more depth and meaning.”

This recognition is extremely important for understanding the EGD as a space that breaks with the typical fragmentation of digital-rights debates and offers an integrated perspective capable of responding to contemporary challenges. The course is still a first step in establishing a discussion capable of promoting a fair information ecosystem, and there is still much progress to be made.

Check out and download the full report of the first EGD here!

See you next time!