Algorithmic Governance and Governance of Algorithms: An Introduction

Abstract

Brazilian organizations must comply with the Brazilian General Data Protection Law (LGPD) and this need must be carried out in harmony with legacy systems and in the new systems developed and used by organizations. In this article we present an overview of the LGPD implementation process by public and private organizations in Brazil. We conducted a literature review and a survey with Information and Communication Technology (ICT) professionals to investigate and understand how organizations are adapting to LGPD. The results show that more than 46% of the organizations have a Data Protection Officer (DPO) and only 54% of the data holders have free access to the duration and form that their data is being treated, being able to consult this information for free and facilitated. However, 59% of the participants stated that the sharing of personal data stored by the organization is carried out only with partners of the organization, in accordance with the LGPD and when strictly necessary and 51% stated that the organization performs the logging of all accesses to the personal data. In addition, 96.7% of organizations have already suffered some sanction / notification from the National Data Protection Agency (ANPD). According to our findings, we can conclude that Brazilian organizations are not yet in full compliance with the LGPD.