Decree No. 11,266/2022 brought new rules about governance in data sharing within the federal public administration and established the Citizen’s Base Register.

The Decree aims to comply with the Federal Supreme Court (STF) decisions in ADI 6649 and ADPF 695, according to which the sharing of personal data with public agencies presupposes legitimate purposes and must respect limits, complying with the principle of the minimum necessary for the purpose requested.

Among the main changes, the following stand out:

  • the alterations on the composition rules of the Data Governance Committee, which will have representatives of the central body of the Administration System of Information Technology Resources – SISP, of the Solicitor General of the Union, of the Civil House, of the Comptroller General of the Union, of organizations of society with proven performance in the theme, among others; may also integrate the Committee, as invited members, representatives of the National Council of Justice, of the House of Representatives, and the Federal Senate, all with voting rights;
  • the provision for civil liability of the State if the treatment of data by agencies and entities does not meet the legal and constitutional parameters resulting in damage to individuals;
  • the prohibition to the use of the Citizen’s Base Register to process data that aims to map or explore individual or collective behavior of citizens without express, prior, and specific consent; and
  • the inclusion of new parameters for data sharing by public agencies and entities.

To read the Decree in its entirety, click HERE.

❮ Back to the newsletter LGDP Express 01/23