The future of artificial intelligence in Brazil

At the beginning of May, and in the midst of various news published about artificial intelligence, mainly with the emergence of ChatGPT – chatbox based on artificial intelligence -, a bill was presented that provides the use of Artificial Intelligence in Brazil – PL 2338/2023, by the Senate President, Rodrigo Pacheco, who heard the opinion of more than 60 specialists in the field.

 

In accordance with its article 1, the bill aims to establish general national rules for the development, implementation, and responsible use of artificial intelligence (AI) systems in Brazil, with the objective of protecting fundamental rights and guaranteeing the implementation of safe and reliable systems, for the benefit of the human person, the democratic regime and scientific and technological development.

 

 

The Brazilian bill, in turn, contains nine chapters, to provide: rights; risk categorization; governance of artificial intelligence systems; civil liability; codes of good practice and governance; communication of serious incidents; supervision and inspection. Regarding supervision and inspection, if violations of the established rules are committed, administrative sanctions may be applied by the competent authority, including a fine of up to 50 million reais.

 

It is important to highlight the concern of several countries regarding the processing of personal data through artificial intelligence. Proof of this was Italy’s temporary ban on ChatGPT, which was only reinstated after OpenAI, responsible for the technology, clarified the issues raised by the country’s data protection authority. It should also be noted that the European Union is also moving forward in this direction, in view of a bill in progress, which deals with artificial intelligence. It is, therefore, a matter of extreme importance to be regulated. In Brazil, the project will be analyzed by Senate’s thematic committees.

 

 

Author: Caroline Muniz and Cesar Peduti Filho, Peduti Advogados.

Source: Pacheco apresenta projeto de regulação da Inteligência Artificial sugerido por comissão de especialistas (https://www12.senado.leg.br/radio/1/noticia/2023/05/08/pacheco-apresenta-projeto-de-regulacao-da-inteligencia-artificial-sugerido-por-comissao-de-especialistas); União Europeia avança em lei que rege uso de inteligência artificial (https://veja.abril.com.br/mundo/uniao-europeia-avanca-em-lei-que-rege-uso-de-inteligencia-artificial).

 

“If you want to learn more about this topic, contact the author or the managing partner, Dr. Cesar Peduti Filho.”

“Se quiser saber mais sobre este tema, contate o autor ou o Dr. Cesar Peduti Filho.”

Public transportation system in the city of São Paulo suffers a hacker attack which exposes personal data of its users

The SPTrans’s system, responsible for public transportation in the city of São Paulo, Brazil, was invaded by hackers. The knowledge of this security incident took place on December 15th of 2022, and the communication to its data subjects was made from December 23rd of the same year.

 

13 million of users had the following personal data exposed, from the April 2020 data base: name, social name, date of birth, CPF number, RG number, address, telephone number, filiation, PIS number, student registration number, marital status, place of birth, gender, e-mail, as well as login and password for the service portal on the internet.

 

 

Faced with situations like this, the Brazilian General Personal Data Protection Law – Law No. 13.709/2018 (“LGPD”) provides that the controller (responsible for the decisions referring to the personal data processing) must notify the Brazilian National Data Protection Authority (“ANPD”) and the data subjects about the occurrence of an incident that may entail risk or relevant damage to the data subjects (article 48, LGPD), which was fulfilled by SPTrans, that communicated the ANPD, the data subjects affected and the Police, to investigate the attack.

 

As a recommendation, SPTrans asked its users to change the password used to access the service portal on the internet.

 

 

Author: Caroline Muniz, Associate Lawyer at Peduti Advogados.

Source: Hacker invade sistema da SPTrans e 13 milhões de usuários do Bilhete Único têm dados expostos

 

 

“If you want to learn more about this topic, contact the author or the managing partner, Dr. Cesar Peduti Filho.”

“Se quiser saber mais sobre este tema, contate o autor ou o Dr. Cesar Peduti Filho.”

The use of social media as a dangerous tool for collecting personal data

In the world we live in today, it seems practically impossible to keep up to date and relate to the people around you without providing personal data on online platforms such as social media. This becomes a major alert, especially for the way data is exposed, daily, on worldwide known and used platforms.

 

Given this scenario, a research called “Hacker Hotspots: The Apps Most Vulnerable to Cybercrime” carried out by TechShielder showed that 80% of the most popular apps collect data from messages of their users. The research also exposed the apps most likely to be hacked, so Facebook occupied the first position, followed by Instagram, and WhatsApp in third.

 

The way in which the data is exposed is a reflection, above all, of the speed of response that everyday situations require, as well as the way in which certain companies make it difficult to understand how they deal with their users’ personal data.

 

 

According to the research above, basic user information such as phone numbers and email addresses is accumulated, as well as confidential information through the use of cookies, technology that allows the installation of files on a user’s device, collecting certain information, including personal data.

 

The most important thing, however, is to understand that the culture of personal data protection is spreading, albeit slowly, helping everyone to be aware of their rights as citizens who own their personal data. In that regard, the Brazilian National Data Protection Authority (“ANPD”) recently launched, in accordance with the Brazilian General Personal Data Protection Law (“LGPD”), an orientation guide on the use of cookies and personal data protection. The document’s primary objective is to guide on good practices in the use of cookies, thus providing greater transparency for the website and/or application user.

 

For more information on how to keep your company in compliance with the LGPD, contact Peduti Advogados.

 

Author: Caroline Muniz, Junior Associate at Peduti Advogados

Source: Report: 80% of popular mobile apps collect data on your messages; Hacker Hotspots: The Apps Most Vulnerable to Cybercrime; ANPD lança guia orientativo “Cookies e Proteção de Dados Pessoais”.

 

“If you want to learn more about this topic, contact the author or the managing partner, Dr. Cesar Peduti Filho.”

“Se quiser saber mais sobre este tema, contate o autor ou o Dr. Cesar Peduti Filho.”