In this edition of the Cybernews Bulletin, we highlight the main news that permeated the digital and data protection landscape in August and September 2024.
As far as the Judiciary Branch is concerned, the Federal Supreme Court (STF in Portuguese) ruled that financial institutions must provide customer data to tax authorities, affirming the constitutionality of the Confaz-ICMS Agreement No. 134.
Meanwhile, the Specialized Electoral Justice (Regional Electoral Court in Paraná) issued a relevant decision on data protection, determining the disclosure of records of personal data processing operations to investigate irregularities in the use of the database for mass messaging by a candidate.
On the other hand, the Superior Electoral Court (TSE) faced a serious data breach incident by improperly disclosing personal information of candidates, violating guidelines established by the Brazilian General Data Protection Law (LGPD). This breach, which affected the privacy of at least 70 candidates, underscores the urgent need to strengthen data protection measures in electoral processes.
Additionally, the recent suspension of social network X in Brazil triggered a series of cyberattacks on institutions such as the STF, Anatel (Brazilian National Telecommunications Agency), and the Federal Police. These attacks not only expose the vulnerability of digital infrastructures but also reflect social tensions in the current political environment.
As regards salary transparency, recent court decisions exempted companies from publishing equal pay reports, sparking off debates about the adequacy of regulations.
Furthermore, the Federal Accounting Court (TCU) identified flaws in the Integrated Financial Administration System (Siafi) and highlighted the urgent need to enhance cybersecurity following a breach that resulted in the misapplication of government revenue.
These events reflect significant challenges in data protection and transparency in both the public and private sectors.
Finally, in the administrative scenario, Procon-SP (Consumer Protection Office) initiated an investigation into Netshoes following a leak of customers’ personal data, raising concerns about compliance with the General Data Protection Law (LGPD) and the security of its users.
