Key Takeaways from ANPD’s Technical Note 175/2023/CGF | Mayer Brown

In the final weeks of 2023, the ANPD published the Technical Note No 175/2023/CGF, regarding the disclosure and processing of personal data in the context of the Brazilian “Safe Stadium Project.” This project aims to make stadiums safer through actions to combat racism and violence, with the goal of promoting safety through technology, such as by verifying if a ticket buyer has a criminal record with open prison warranties, or if that person has used fake IDs.

In this Technical Note, the ANPD states that:

  • The Data Protection Impact Assessments (“DPIAs”) shall consider the Brazilian General Data Protection Law’s (“LGPD”) principles and how they affect each processing activity, indicating the corresponding mitigation measures needed. The ANPD’s stance on this has been posted to the ANPD’s DPIA page, and was previously discussed in an earlier update.
  • Companies should consider as best practices: (I) access control; and (II) the registration (logs) of usage, movement and access for audit and verification of who accessed files and information. In other words, the ANPD may consider the lack of such measures to pose a significant risk for organizations. These best practices were also factors in the three sanctions applied by the ANPD this year.
  • Data subjects must be informed when data is collected in a public space, especially video surveillance. According to the ANPD, the warnings must be available for everyone to see.
  • It is not reasonable to retain video surveillance footage for extended periods of time.

[View source.]

Leave a Comment

Your email address will not be published. Required fields are marked *