backNewsletter (#008/2025) on Privacy and Data Protection by Campos Thomaz Advogados
Alerts, materials, and updates on Privacy, Data Protection, and Cybersecurity.
To subscribe, click here.
Find out more about our DPO as a Service
We have prepared specific material to explain how the external DPO as a Service works. Contact our partners
Government Launches Public Consultation on Data Governance and Sharing Policy
The federal government has opened a public consultation, running until August 22, to establish the Data Governance and Sharing Policy. The proposal aims to promote the strategic use of data in public policy development and service delivery, introducing the role of Data Executive (Chief Data Officer) in federal agencies without creating new positions. This professional will oversee strategic data management, working alongside data curators, IT managers, and data protection officers to ensure quality, security, and compliance with the General Data Protection Law (LGPD). Learn more.
National Cybersecurity Strategy (E-Ciber)
The President enacted Decree No. 12,573, published in the Official Gazette on August 5, 2025, which establishes the new National Cybersecurity Strategy (E-Ciber), replacing the 2020 version. E-Ciber advances digital governance, centralizes coordination, enhances regulatory frameworks, fosters national technological development, addresses vulnerable groups, and modernizes the protection of essential services and critical infrastructures within a framework of digital sovereignty. Learn more.
Rio de Janeiro City Hall orders relocation of over 400 cameras from public areas
Rio de Janeiro’s City Hall has ordered the relocation of more than 400 cameras belonging to a private security company, installed in public areas of the city. Authorities cite “excessive interference” in public roads and the lack of specific authorization for private entities to operate such equipment in these locations. The decision, discussed during a hearing of the Legislative Assembly’s CPI on Cameras, follows irregularities identified since 2023 that have already led to fines and penalties. Learn more.
CNJ announces leak of 47 million Pix keys
The National Justice Council (CNJ) and the Central Bank reported that a security incident in the Judiciary’s Asset Search System (Sisbajud) caused the leak of 47 million Pix keys linked to around 11 million Brazilian taxpayer IDs (CPF) between July 20 and 21. Sisbajud is an electronic tool used by the Judiciary to request information and block financial assets. Learn more.
Decree No. 12,564/2025 — Biometric collection in payroll-deductible loans
Decree No. 12,564 regulates Article 2-I of Law No. 10,820/2003, setting forth procedures and technical requirements for biometric verification of a worker’s identity, collection and processing of biometric data, as well as the use of electronic and digital signatures in payroll-deductible loan operations. The rule mandates free, informed, and unambiguous consent, with electronic records subject to audit. Digital contracting may be carried out through qualified electronic signatures, advanced electronic signatures with biometric authentication and liveness detection, or digital signatures with multi-factor authentication, ensuring the act’s authorship and integrity. Learn more.
LGPD Infographic
Access the LGPD infographic prepared by our firm. Access here
Explore our series of content on privacy, data protection, and cybersecurity.
Discover our series of content on privacy, data protection, and cybersecurity. Access the full series here.
Produced by Alan Campos Thomaz and João Marcelo de Oliveira
share
