Title Image

What we do

Enforcement and Institutions

We seek to better understand the enforcement structures of data protection (how rules are applied in reality and how rights are protected), highlighting how Data Protection Authorities (DPAs) are formed, what their institutional variations are, their legal instruments and the real challenges (both human or resource-related) for the structuring of such enforcement apparatus. This approach shall allow for insights on research about these institutions’ performances, considering the Brazilian challenge of its National Data Protection Authority’s constitution and the cooperation mechanisms, both nationally and internationally. 

Public Sector and Public Security/Safety

2019 was the year where the employment of facial recognition systems appeared in the pages of newspapers in Brazil, generating broad debates about the limits of the use of these technologies by the government under the justification of the improvement of the “public security”. In the same period, the federal government’s initiative to create the Citizens’ National Register, as a way of centralizing Brazilians’ personal data in a single base, was disclosed, which caused controversy due to its potential of massive surveillance and disrespect of principles such as lawful purpose and necessity. It is noticed, more and more, that the public sector is a central stakeholder in the discussion about the treatment and protection of personal data, although it is not always given its due attention.

 

In 2020, a Congress-appointed Commission of Jurists will make recommendations in order to create a system of balancing under the LGPD exception of processing activities for public security and national security purposes. This topic covers comparative researches on how other democracies have dealt with this problem and what are the possible options for the Brazilian legislator. Besides, it intends to encompass broader researches on data protection and the Brazilian public sector, beyond public safety.

Automation and Injustices

It is known that the automation of processes and the employment of Artificial Intelligence, especially when it is based on the processing of massive amounts of personal data, generates distortions and increases the possibilities of discrimination, bias and injustice. In the Brazilian Judiciary, there are noteworthy cases on the Higher Labor Court and Higher Court of Justice on the abusive use of algorithms and automated decisions, which fosters a discussion of what the concrete cases of abusive discrimination and non-abusive discrimination are.

 

When is the line crossed? This topic is focused on investigations about the boundaries between abusive and non-abusive discrimination in the use of these technologies, managing concepts and principles such as necessity, minimization, quality and non-discrimination, provided for in the LGPD.

Collective Data Protection

Brazil has a fascinating system of consumer protection and defense of diffuse rights (constitutionally assured) which favors the exercise and protection of rights in a collective approach. It is not without reason that nonprofits, Public Defender’s Offices and Prosecutor’s Offices bet on the use of Public Civil Actions to protect personal data in Brazil. With LGPD, an increase in collective demands for privacy and data protection is expected. This topic focuses on researches to systematize judicial theses in proceedings that involve collective actions and investigations about the work of privacy advocates in litigation.

Impact Assessment Methodologies

One of the most remarkable phenomena of new data protection legislation (e.g. Brazilian, European, Indian and Californian) is the adoption of a mechanism for risk measurement and prevention, which is instrumentalized by the ‘’impact assessments’’. We intend to research and discuss the methodological problems of this assessment (what is assessed? how? by whom? with whom? for whom?) and, more importantly, the methodological disputes between different methods employed by authorities, private companies and consulting companies.  It will seek to point out, from the particularities of each sector, guidelines and methods for the formulation of such reports and evaluations provided for in laws, regulations and concrete cases.