For some time now, the topic of privacy has been the subject of debate worldwide. These debates have highlighted the need for specific laws to address this issue. First, the GDPR was created in Europe and came into effect on May 25, 2018. Subsequently, Brazil, inspired by the GDPR, created the LGPD, which began applying sanctions on August 1, 2021.
Since the creation of the two laws, several cases of data leakage These events were reported in the press, which helped generate concern among the population about the extent to which it would be acceptable to provide personal data to companies.
Among the various controversies involving data from last year, we highlight a few:
1) 223 million Brazilians had their data leaked.
In January 2021, the year had already begun controversially for Brazil, as it was reported that... 223 million Brazilians (including some who have already passed away) had their data leaked.
The leak was identified by the company PSafe, and the data included: CPF numbers (Brazilian individual taxpayer registration numbers), information such as name, gender, and date of birth, as well as a table with vehicle data and a list of CNPJs (Brazilian company taxpayer registration numbers). made available free of charge.
In addition to this data, the following information was found for sale: education level, INSS benefits and social programs (such as Bolsa Família), income, among other information.
The data was found on an online forum known for Commercialization of personal databases.
It was also discovered that the person who offered the list of CPF numbers for free is the same person who sells the other information.
2) WhatsApp and the controversy surrounding its privacy policy
One of the biggest controversies of 2021 was... announcement that WhatsApp would be making changes to its privacy policy. and would then share data with partner companies of Facebook, arguing that such action would aim to improve the user experience by delivering ads more effectively.
The announcement caused debates about privacy, Given that the implemented change would be mandatory for all users, their accounts would be deactivated if they did not give their consent.
3) Facebook Papers Case
In October, Facebook was the target of an investigation that began with accusations from former employee Frances Haugen, who presented internal company reports to members of the US Congress.
The reports aimed to show how Facebook deals with issues such as fake news and hate speech.Political interference, the mental health of teenagers and children, among other topics, have been discussed. It has even been said that its founder, Mark Zuckerberg, prioritizes profit over the safety of its users.
4) Hariexpress Case
In October, More than 1,7 billion sensitive data records of customers and merchants registered on e-commerce websites were leaked from the Hariexpress system. a platform that integrates e-commerce with different marketplaces such as Mercado LivreB2W Digital (Americanas(Submarine and others), Amazon, Shopee e Magazine Luiza.
O leakage It was discovered by the team of specialist Anurag Sem, from Safety Detectives, who explained a flaw in the platform's system.
One section of the report explained that:Hariexpress's ElasticSearch server was left unencrypted, without any password protection..
Among the leaked customer data were: full names and usernames on the platforms, email addresses, phone numbers, full delivery addresses, billing details, and images of delivered goods.
Among the leaked merchant data were: full names of sellers and usernames on the platform, email addresses, phone numbers, business and residential addresses, CNPJs (Brazilian company tax IDs), CPFs (Brazilian individual tax IDs), and billing details.
Although the Brazil was reported as the sixth most affected country by data breaches in 2021., in the last quarter of the year The country recorded an 84,1% decline in the total amount of leaked information. compared to the same result from the previous quarter, which was 9 million exposures versus 1,4 million in the last months of 2021.
And according to the report, Three out of five Brazilians are afraid of having their data leaked. when buying a product online, The main concern is that their bank details will be stolen.
Expectations for 2022
For this year there are some expectations in the LGPD context, the main one being the unfolding of the LGPD Penal (Brazilian General Data Protection Law)
Although there is still no defined perspective on this, it is already causing debate because it is a bill created by legal experts to regulate... Data processing in the criminal sphere.
Raphael Dutra, a partner at PDK Advogados, takes a position in favor, stating: “When we talk about the LGPD in Criminal Law, it aims to apply the parameters and criteria of the LGPD within the scope of public security and criminal investigations. I consider it a great remedy to guarantee this balance in the processing of data in police activities without violating the right to individual liberty.”, while the Public Prosecutor's Office opposed it, arguing that "It could hinder the investigation and fight against crime in Brazil, as well as compromise the country's efforts in cooperating to combat international crime."
The expectation is that for 2022, the following four points will be detailed in the regulations: The rights of data subjects, the Data Protection Officer (DPO), international transfer of personal data, and the legal bases for processing personal data.
"Technology will greatly speed things up for the user this year. Operators know that this is a dynamic issue, and that we will always need to have new tools.""That's all," concludes Waldemar Gonçalves, director of the ANPD.
