Public sector still seeks balance between LAI and LGPD – 06/23/2023 – Power

Recent cases of secrecy of public documents have shown challenges in the relationship between transparency and the protection of personal data. Experts say that laws guaranteeing privacy and access to information do not oppose each other, but complement each other as pillars of the democratic State.

Enacted in 2011, the LAI (Access to Information Act) establishes rules to ensure transparency. Any citizen can request information from public bodies and entities, which, as a rule, must grant as much access as possible.

Like the LGPD (General Data Protection Law), the LAI provides limits on sensitive personal data. But, depending on the context, details related to private life can be exposed if they are of public interest.

Marina Atoji, director of programs at the NGO Transparência Brasil, says that, in the case of the access to information law, problems arise when this aspect is not taken into account.

This is the second report in the Public Professional for Democracy series, which discusses themes linking the responsibilities of governments and their servants in protecting institutions, seeking to respond to social concerns. The special is part of the Vida Pública publishing group, a partnership between Sheet and Instituto República.org.

Published in December last year, a report by Transparência Brasil identified that, during the Bolsonaro government, there was an increase in the improper use of personal data protection to restrict requests via LAI.

The study analyzed the period between 2015 and 2022 and concluded that 80% of undue refusals occurred in the years of the former president’s term. This was the case with the confidentiality of his vaccination card and his children’s admission to the Planalto Palace, which were denied access on the grounds that they were private matters.

In May, President Lula (PT) signed changes to the LAI to reduce limitations on access to documents containing personal data. The new decree determines that the public body must hide or anonymize excerpts related to private life, but maintain access to the rest of the document, including those with data on third parties.

National Secretary for Access to Information, linked to the CGU (Comptroller General of the Union), Ana Túlia de Macedo reaffirms that the laws for the protection of personal data and transparency are compatible, and that the recent amendments aim to emphasize the principle of maximum disclosure.

“We seek to avoid misinterpretations regarding the application of LGPD rules in the public sector, which result in the imposition of undue secrecy on documents of public interest. The new text reinforced that the allegation of the existence of personal data in public documents cannot be used in a general and abstract way to deny access to information.”

She considers that the restriction of access to a document may vary according to the personal content contained in it and, therefore, should not be seen as an impediment to transparency.

Marina Atoji says that, before deciding on the disclosure of information, it is necessary to carry out a damage test to assess the consequences, both in terms of benefits to the population and harm to those involved.

“It is necessary to project, from senior management to career civil servants, that transparency is important, that the information produced and stored by the State is, in general, of public interest, and that secrecy is the exception. Thus, it is more defined what will hurt privacy or not”, he declares.

According to Atoji, transparency is a counterpoint to fake news as it promotes broad access to information directly from the source, in addition to being an important resource for professional journalism.

Rudinei Marques, president of Fonacate (Permanent National Forum for Typical State Careers), says that systems such as the transparency portal are also a tool to combat fake news. Citizens can consult, for example, the union transfers to cities directly on the website, which helps to mitigate misinformation related to the topic.

On the other hand, he says he believes that excessive transparency brings its own challenges. Marques says that this is the case with the disclosure of public servants’ salaries, determined as legitimate in 2015 by the STF (Federal Supreme Court) as it is considered information of public interest.

At Fonacate, the president claims to have already received complaints about how the disclosure of data was used to select victims among public officials and apply scams, especially to retirees. “In terms of transparency, we also have to be careful not to expose issues of the State or employees unnecessarily”, he says.

The ANPD (National Data Protection Authority), responsible for overseeing the LGPD, advises that the publication of this information should be done with caution, avoiding showing details such as the CPF and the server registration.

The LGPD determines security measures to reduce risks of information with open access. The Authority’s guide to public data processing provides guidance on law enforcement.

DATA AS FUNDAMENTALS OF PUBLIC POLICIES

According to Nairane Rabelo, director of the board of directors of ANPD, data is important to draw an overview of the population and, therefore, to develop public policies. But the collection can only be done if it is strictly necessary, with clarity on the purpose of use.

“It is important that the public database is up to date, because it is the basis for guaranteeing assistance policies, which serve the population in terms of the accuracy of their records. The proper treatment of personal data is a way of fostering citizenship.”

The director says that Brazil is still forming a culture of data protection. The public power encounters obstacles such as bureaucracy, lack of resources and structural disorganization to adapt to the law in a broad way.

This year, the ANPD released a list of sanctioning processes to investigate whether entities violated the data protection law. Of the eight listed by the Authority, seven were public bodies.

According to Rabelo, since the beginning of ANPD activities, a greater number of cases of attacks and leakage of personal data have been observed in the public sector, the largest holder of information of this type, in addition to high delay and difficulty in complying with the law.

She claims that, since then, the sector has been looking for ways to update and train servers, including increasing the number of data controllers.

Marina Atoji, from Transparência Brasil, says that, in addition to guaranteeing the right to privacy, the LGPD protects citizens against authoritarianism.

“With legislation that protects data on political preference or religious belief, there is a safeguard against possible persecution that may occur to certain groups, which promotes the exercise of freedom.”