Table of Contents
Privacy for the State: The State as the Main Controller of Personal Data
The Challenge of Protecting Personal Data Subjects by Public Authorities.
Privacy for the State: The State, at all three levels—Federal, State, and Municipal—is the largest controller of personal data.
This information identifies or makes identifiable political agents (yes, presidents, governors, and mayors, as well as parliamentarians, remain holders of personal data), public servants, users of public health systems, social assistance programs, taxpayers, offenders, students, and guardians who attend the public education system.
Privacy for the State: The Sensitive Nature of Data Collected by the Government
Such data are, to a large extent, sensitive because they relate to health, racial or ethnic origin, political opinion (yes, the list of party members is controlled by the electoral judiciary), collected at all times to serve public purposes, stored, shared, disseminated and interoperable between public bodies, private individuals and international organizations, generally for the fulfillment of legal obligations (principle of legality), the elaboration and implementation of public policies.
There are (rare) cases in which there is a legitimate interest or even one conditioned on consent, and which, therefore, should only be dealt with in accordance with the LGPD (Brazilian General Data Protection Law) and other relevant regulations, especially the fundamental right enshrined in item LXXIX of article 5 of the Federal Constitution.
So much so that the topic is covered by provisions in the LGPD (articles 23 and 41) and valuable documents from the ANPD such as... Guidance on the Processing of Personal Data by Public AuthoritiesGiven the complexity of handling the enormous volume of personal data, there is generally no option to choose not to process it, as the law itself dictates otherwise.
This increases the risk for the controller and, therefore, for public agents, since the processing of personal data is unavoidable for the delivery and provision of services owed to society, even for the formulation of public policies and the drafting of laws, because efficient management (efficiency is also a constitutional mandate) will only be achieved if based on data, including personal data.
There are also issues such as the use of artificial intelligence, which should also be subject to regulation, otherwise the principle of legality (article 37 of the Federal Constitution) will be violated, generating risks that must be assessed.
Practical Cases: The Example of Porto Alegre
In Porto Alegre, in just over a year, more than 280 guidelines have been issued to both the Mayor's Office (regarding the approval, veto, or silence on draft laws) and more than 20 bodies such as Secretariats, public companies, and autonomous agencies, all involving the processing of personal data.
Some highlights include the exclusive delivery of electronic property tax (IPTU) payment slips, the handling of personal data during the state of public calamity resulting from the 2024 flood, and the ongoing dialogue with Parliament and citizens to ensure compliance with the Access to Information Law, which guarantees public transparency, obviously within the limits of harmony with the fundamental right to the protection of personal data.
Processing personal data in accordance with the Federal Constitution, the LGPD (Brazilian General Data Protection Law), and other regulations is unavoidable for public administration precisely because of the legality that, on the one hand, obliges the processing of personal data, and, on the other hand, imposes respect for regulations such as the LGPD, always paying attention to active and passive transparency, imposing on managers and employees the daily challenge of regulatory compatibility.
This action maximizes the efficiency of deliveries in education, health, social assistance, environment, economic development, culture, etc., despite the scarcity of resources, with the appropriate internal and external controls, maximizing privacy, transparency and efficiency, because protecting personal data is caring for people.
Did you enjoy this content? Check out other articles from this initiative. Privacy Week That might interest you:
Privacy for Businesses: Responsibilities and benefits of protectinggsee the data
