17 Oct GOVERNANCE ON FEDERAL PUBLIC ADMINISTRATION DATA SHARING AND CITIZEN DATABASE REGISTRY

On October 9, 2019, Decree No. 10,046 (“Decree No. 10,046/2019”), was enacted. The Decree regulates data sharing between municipal, independent, and direct federal public administration bodies and entities, as well as other Union Powers. Its publication took place the following day, in the Union Official Gazette, and revoked the June 29, 2016 Decree No. 8,789 which regulated data sharing of databases within the federal public administration.

The new legislative text aims to simplify the provision of public services; guide and optimize the procedures for implementation of public policies; improve the quality and accuracy of data stored by the federal public administration; and improve quality and efficiency of internal public administration services.

Such goals are attractive for society as a whole, since they follow the legislative trend to regulate and protect treatment of information, particularly personal data, in accordance with General Data Protection Regulation (“GDPR”) in the European Union and the Brazilian General Data Protection Law (“LGPD”), Law No. 13,709, from August 14, 2019.

Decree No. 10,046/2019 is divided into the following chapters: General Dispositions, Data Sharing Levels; General Rules on Data Sharing; Citizen Database Registry; Central Data Governance Committee; Final and Transitional Dispositions. We have highlighted 3 (three) particularly relevant provisions: classifications given to data sharing; the creation of a Citizen Database Registry; and the creation of a Data Governance General Committee. 

The chapter titled Data Sharing Levels, classifies the procedure for data sharing in 3 (three) levels, taking into account data confidentiality. Each level has specific regulations regarding care of the data, to be handled by the manager, as specified in Decree No. 10,046/2019. The levels are:

(i)              Full sharing: for public data, without any access restrictions (does not require prior authorization);

(ii)             Restricted sharing: for confidential data with access granted to all bodies and entities to which Decree No. 10,046/2019 refers, for execution of public policies (depends on authorization from the Central Data Governance Committee);

(iii)           Specific sharing: for confidential data with access granted to specific bodies and entities for specific situations (depends on permission for access granted by the manager and fulfillment of requisites defined by him).

Additionally, the data receiver shall implement and follow the same safety rules applicable to the manager, depending on the sharing level one is dealing with. Each case may include its own particularities.

It is also worth noting that the mechanism adopted by Decree No. 10,046/2019 no longer requires technical cooperation or similar agreements for data sharing between entities covered by the new text, but it requires interoperability platforms to comply with  necessary confidentiality and information security requirements, in accordance with the rules established by the Central Data Governance Committee.

Another innovation brought by Decree No. 10,046/2019 is the creation of a Citizen Database Registry (“Registry”).

The Registry shall be formed by an integrative database, composed of biographic data, which initially are from Individual Taxpayers’ Register’s thematic base, and operational components which are necessary for the data exchange from this base to other thematic bases. A thematic base is defined as the database for a public policy composed of biographic or biometric data, with potential to be added to the integrative base.

The purpose of the Registry is to facilitate the sharing of citizen data sharing among participating public administration agencies.

The Digital Government Secretariat of the Ministry of Economy Simplifying of Bureaucratic Procedures, Management and Digital Government Special Secretariat is responsible for ensuring the implementation, operation and monitoring of the Registry; proposing data governance policies, and guiding the bodies responsible for the thematic bases with the potential to be added to the Registry; and bearing the costs of implementation. However, each entity or public body shall bear the costs of adapting its own thematic base to the new system.

Finally, Decree No. 10,046/2019 creates a Data Governance General Committee, formed by representatives of the three powers of the nation, but strongly connected to the Ministry of Economy. Its various functions can be summarized as regulating data sharing according to the levels presented above; aligning information safety policies and public communications referring to data sharing; and, most importantly, managing the Registry, especially when a conflict between the areas involved and information collected arises.

As it is a presidential decree, and, therefore, not submitted for discussion and approval by Congress, some argue that the initiative lacks explanations and reasons for its purpose, as well as public participation, which may give rise to possible questions mainly related to privacy rights.

This article is intended exclusively to provide information and does not contain any opinion, recommendation or legal advice from KGV Advogados in relation to the matters herein addressed. Copyrights are reserved to Kestener, Granja & Vieira Advogados.