backNewsletter (#002/2025) on Privacy and Data Protection by Campos Thomaz Advogados
Alerts, materials, and updates on Privacy, Data Protection, and Cybersecurity.
To subscribe, click here.
Find out more about our DPO as a Service
We have prepared specific material to explain how the external DPO as a Service works. Contact our partners
DeepSeek’s Meteoric Rise Marked by Massive Data Leaks: Is Your Privacy at Risk?
Recent revelations have highlighted significant privacy concerns associated with DeepSeek, a Chinese artificial intelligence company. Wiz Research discovered an exposed ClickHouse database belonging to DeepSeek, which was publicly accessible and without authentication. This failure reflects a growing concern about DeepSeek’s data management practices, as well as other generative artificial intelligence services, which is the control of the information inserted into the platform. Learn More.
On January 28th, we celebrate International Data Protection Day, a date that has become even more significant in Brazil since the General Data Protection Law (LGPD) came into effect in September 2020. The topic has gained prominence in the legal framework, especially after the recognition of personal data protection as a fundamental right by the Federal Constitution.
The Brazilian landscape continues to evolve in this field, driven both by the actions of the National Data Protection Authority (ANPD) and by important judicial decisions shaping the application of the legislation.
The Brazilian Data Protection Authority (ANPD) has ordered the suspension of iris scanning conducted by Tools for Humanity (TFH), the company behind World ID. The decision stems from preventive measures implemented by the General Coordination of Supervision (CGF) after identifying potential violations of Brazil’s General Data Protection Law (LGPD). Issues include offering cryptocurrency as compensation, which compromises the free and informed consent of data subjects. The CGF also highlighted the severity of biometric data processing, emphasizing the impossibility of deleting collected data and the irreversible nature of consent revocation. Learn more
ANPD’s Technological Radar: Generative Artificial Intelligence
The Brazilian Data Protection Authority (ANPD) released the third volume of its Technological Radar series, focusing on generative artificial intelligence (AI) models. This study, conducted by the General Coordination of Technology and Research (CGTP), delves into the risks to privacy and data protection, analyzing these aspects under the framework of the Brazilian General Data Protection Law (LGPD). The document highlights technical issues related to web scraping, the creation of synthetic content, and the sharing of personal data, while also exploring the LGPD principles of transparency and necessity, along with the regulatory challenges tied to this emerging technology. Learn more
Pseudonymisation Guideline from the European Data Protection Board (EDPB)
Access here: https://www.dataguidance.com/opinion/brazil-top-10-facts-privacy-and-data-protection-2024
Access here: Brazil: Data transfers – A new regulation in Brazil with SCCs | Opinion | DataGuidance
Acess here: International: Comparison of international data transfer mechanisms – GDPR and LGPD | Opinion | DataGuidance
LGPD Infographic
Access the LGPD infographic prepared by our firm. Access here
Explore our series of content on privacy, data protection, and cybersecurity.
Discover our series of content on privacy, data protection and cybersecurity. Access the full series here.
Produced by Alan Campos Thomaz and João Marcelo de Oliveira
share
