The General Data Protection Law (LGPD) was created with the intention of guaranteeing the protection of personal data and seeks to ensure that data subjects have the right to know how this information is processed. For this reason, the law applies to both individuals and legal entities that handle the personal data of others.
The Access to Information Law (LAI) establishes that any person, whether an individual or a legal entity, may request access to public information from government agencies and entities. In the case of non-profit organizations, they are also required to provide information related to the receipt and allocation of public funds received by them.
But are these laws actually conflicting? Find out more in the text below.
Distinct and Complementary Purposes
Perhaps the most important issue in the relationship between the laws is that their objectives differ, especially in their spheres of application. Although the LGPD applies to both individuals and legal entities, the data it processes is specifically of a personal nature. Data and information involving legal entities are not included here.
The LAI (Law on Access to Information) focuses only on information that is of public interest and generally does not fall under the same scope as the LGPD (Brazilian General Data Protection Law). It is not possible to acquire data from private companies that have not received public funds, for example.
Differentiation in access to this data
One of the most important rights under the LGPD (Brazilian General Data Protection Law) is that the data subject has the full right to access their data, being able to rectify outdated information, request the deletion of inappropriate data, request information about the public and private institutions with which the controller shared this data, and even revoke previously given consent. This access can occur within 15 days, provided a request is made to the controller.
In the case of the LAI (Law on Access to Information), anyone wishing to obtain information that meets the specifications established by law may submit a request. In this case, the deadline for providing the requested information to the relevant bodies is up to 20 days, which may be extended by another 10 days.
Intersection points
However, there are indeed points of intersection between the two laws, where they don't necessarily conflict with each other, but come very close due to the nature of some data. Information about public officials, for example.
In the case of public servants, information such as names and salaries is usually disclosed on platforms like the Transparency Portal as part of the Access to Information Law. Generally, this does not usually violate the LGPD (Brazilian General Data Protection Law), since the disclosed data is public. However, information such as CPF (Brazilian taxpayer ID number) and other sensitive data may fall under the LGPD, and a request for anonymization can be made if they are being used in a way that does not comply with the regulation.
Although the LGPD (Brazilian General Data Protection Law) and the LAI (Brazilian Access to Information Law) have distinct purposes, their goals complement each other in terms of data transparency and protection. As long as their intersection is handled responsibly, a balance between access to information and privacy is guaranteed.
