The Federal Revenue has officially authorized Serpro to make available and sell access to the Brazilian population’s database to third parties, including companies with which it already has commercial agreements, as a way of remunerating the services and costs of using machines. For the first time since 2016, the Ordinance 167 gives a clear view of what that data is. The novelty that includes a Single Annex was published this Tuesday (19) in the Official Gazette.
The state-owned company’s transfer list includes e-mail, telephone, CPF, individual address or CNPJ, company regime and the qualification of the person responsible for the company, in addition to many other data considered sensitive, that is, capable of precisely identifying a person .
Image: Marcelo Camargo/Agência Brasil
Sale of personal data violates LGPD and Federal Constitution
The authorization took effect immediately. A draft legislative decree in the Chamber (PDL) was proposed by deputy André Figueiredo (PDT/CE) and aims to interrupt the effects of the Ministry of Economy Ordinance, especially the Federal Revenue Service. “The terms of sharing personal information contained in the texts of the Ordinances lack transparency for the citizen”, highlighted the parliamentarian to the blog Digital Capitalunderstanding that a series of rules established under the LGPD should be observed by public bodies, even before giving the data to the private sector for mining.
Image: Valter Campanato/Agência Brasil
“The rules also violate both item X of article 5 of the Federal Constitution, which tried to protect the privacy of the individual, and the LGPD, by removing from the citizen the power over their own information. After the last act, data may be passed on by Serpro to companies that no one knows what they are, what they do with them, without any consent from the holders, even without any prior consent from the RFB”, adds Figueiredo.
On the official pages of the institutions involved, there is no information about contracts in progress for the transfer of data from citizens and companies. In addition to violating the General Data Protection Law with the practice, in the parliamentarian’s opinion, the transfer without a secrecy clause is also contrary to the National Tax Code.
Image: cottonbro / Pexels
Security is also a matter of concern. “We also emphasize that what the government puts into practice can make such data very vulnerable and cause, accidentally or illicitly, the destruction, loss, alteration, disclosure of personal data, or even unauthorized access. ”, he stated.
with information from Digital Capital and Digital Convergence
