The handling of personal data of voters and candidates themselves in political campaigns is essential for electoral success, even more so in the current technological landscape where tools greatly assist in electoral marketing. However, Brazilian legislation provides for strict rules to guarantee the integrity of the electoral process, and the proper handling of personal data is part of these rules.

Documents such as Resolution 23.732/2024 of the Superior Electoral Court (TSE), the Guidance Guide from the National Data Protection Authority (ANPD) and the TSE, as well as the General Data Protection Law (LGPD), impose clear obligations on all candidates, including those running for proportional representation positions, such as city councilor, a process that is even more rigorous in cities with more than 200 voters. Failure to comply with these regulations may result in severe sanctions, compromising the legality of the campaign and exposing candidates to investigations and electoral lawsuits.

Resolution 23.732/2024 of the TSE (Superior Electoral Court), in accordance with the guidelines of the National Data Protection Authority (ANPD), mandates that all candidates strictly adhere to data protection regulations. This includes obtaining explicit consent from voters, implementing robust security measures, and respecting the rights of data subjects, such as access, rectification, and deletion of personal information.

These requirements follow the trend of international authorities, such as the AEPD in Spain, the CNIL in France, and the ICO in the United Kingdom, which establish strict standards to prevent abuses like the Cambridge Analytica scandal. Failure to comply with these standards can result in significant penalties, including fines and the loss of registration or electoral mandate, applicable to all candidates, both majoritarian and proportional, and may lead to complaints from voters, action by the Electoral Public Prosecutor's Office, and the entire electoral justice system.

One of the most relevant aspects of these regulations is the requirement that each candidate, whether for city councilor or mayor, in municipalities with more than 200 voters, appoint a Data Protection Officer (DPO). This professional is responsible for ensuring compliance with the LGPD (Brazilian General Data Protection Law) and TSE (Superior Electoral Court) resolutions, as well as acting as a point of contact with regulatory authorities, such as the ANPD (National Data Protection Authority) and the Electoral Court.

TSE Resolution 23.732/2024 also reinforces the need for transparency and security in the processing of personal data during election campaigns. Therefore, all operations involving personal data, such as collection, storage, and use of information, must be conducted in a way that ensures the electoral process is fair and transparent, complying with the principles established by the LGPD (Brazilian General Data Protection Law).

Strict compliance with the rules established by the TSE Resolution, the ANPD guidelines, and the LGPD precepts is essential to guarantee the integrity of the democratic process and the trust of voters. In addition to ensuring legal compliance, these measures preserve voters' rights, preventing undue manipulation and promoting a fair and transparent electoral environment. Therefore, all campaigns must treat personal data ethically and responsibly, contributing to the legitimacy of elections and the strengthening of democracy.

Read more about other topics on our blog. Click here. here Learn more about what happened at the 1st ANPD Data Protection Officers Meeting.

The handling of personal data of voters and candidates themselves in political campaigns is essential for electoral success, even more so in the current technological landscape where tools greatly assist in electoral marketing. However, Brazilian legislation provides for strict rules to guarantee the integrity of the electoral process, and the proper handling of personal data is part of these rules.

Documents such as Resolution 23.732/2024 of the Superior Electoral Court (TSE), the Guidance Guide from the National Data Protection Authority (ANPD) and the TSE, as well as the General Data Protection Law (LGPD), impose clear obligations on all candidates, including those running for proportional representation positions, such as city councilor, a process that is even more rigorous in cities with more than 200 voters. Failure to comply with these regulations may result in severe sanctions, compromising the legality of the campaign and exposing candidates to investigations and electoral lawsuits.

Resolution 23.732/2024 of the TSE (Superior Electoral Court), in accordance with the guidelines of the National Data Protection Authority (ANPD), mandates that all candidates strictly adhere to data protection regulations. This includes obtaining explicit consent from voters, implementing robust security measures, and respecting the rights of data subjects, such as access, rectification, and deletion of personal information.

These requirements follow the trend of international authorities, such as the AEPD in Spain, the CNIL in France, and the ICO in the United Kingdom, which establish strict standards to prevent abuses like the Cambridge Analytica scandal. Failure to comply with these standards can result in significant penalties, including fines and the loss of registration or electoral mandate, applicable to all candidates, both majoritarian and proportional, and may lead to complaints from voters, action by the Electoral Public Prosecutor's Office, and the entire electoral justice system.

One of the most relevant aspects of these regulations is the requirement that each candidate, whether for city councilor or mayor, in municipalities with more than 200 voters, appoint a Data Protection Officer (DPO). This professional is responsible for ensuring compliance with the LGPD (Brazilian General Data Protection Law) and TSE (Superior Electoral Court) resolutions, as well as acting as a point of contact with regulatory authorities, such as the ANPD (National Data Protection Authority) and the Electoral Court.

TSE Resolution 23.732/2024 also reinforces the need for transparency and security in the processing of personal data during election campaigns. Therefore, all operations involving personal data, such as collection, storage, and use of information, must be conducted in a way that ensures the electoral process is fair and transparent, complying with the principles established by the LGPD (Brazilian General Data Protection Law).

Strict compliance with the rules established by the TSE Resolution, the ANPD guidelines, and the LGPD precepts is essential to guarantee the integrity of the democratic process and the trust of voters. In addition to ensuring legal compliance, these measures preserve voters' rights, preventing undue manipulation and promoting a fair and transparent electoral environment. Therefore, all campaigns must treat personal data ethically and responsibly, contributing to the legitimacy of elections and the strengthening of democracy.

Read more about other topics on our blog. Click here. here Learn more about what happened at the 1st ANPD Data Protection Officers Meeting.