In July, we attended the Latin America edition of the most important conference in the field of data protection after being kindly offered a complimentary ticket by the organisers. It was an amazing opportunity to meet up with colleagues I had not seen since the pandemic and honour Danilo Doneda, who, on top of being the first to engage with data protection discussions in Brazil, was also my first boss in the field. And, as any good paulistana, make fun of cariocas’ accent.
At the opening ceremony, Waldemar Gonçalves, one of the directors at the Brazilian Data Protection Authority, defended that the Authority should be the one responsible for supervising AI systems in Brazil. Interestingly enough, he did it by mentioning the Dutch Data Protection Authority and its work around AI as a leading case, without much of a critical analysis or acknowledging the disastrous attempt to use an algorithm to spot suspected benefits fraud by the Dutch tax authority.
Nina Daora, from FGV, challenged the audience, mainly composed of people with a legal background, to reflect on the technical aspects of AI systems and how some solutions proposed in the public debate seem to illustrate knowledge gaps and lack of communication between technologists, regulators, and civil society. For example, asking companies to release their code, an always-referenced policy solution, would entail analysing millions of lines of code, a task humanly impossible. She continues to advocate for more inclusive and diverse development teams while also indicating the importance of ongoing collective governance: “The rules defined by human hands are different from the rules defined in data associations and analysis, and the latter are opaque even to developers.”
During the panel “Big data, grandes problemas: Como priorizar engajamento cívico e direitos digitais nas cidades latinoamericanas?”, we reflected on the need to reimagine forms of participation that are more inclusive and scalable, while taking account of the specificities of the region. Cases such as Smart Sampa and ViaQuatro show the adoption of technology by governments in scale without transparency or public dialogue. But they also exemplify the incredible work of Brazilian civil society in keeping them accountable.
This conversation around privacy and data protection advocacy was later furthered in the panel “The collective approach to privacy - anonymity sets, mixes and reversing the surveillance business incentive.” After hearing about the multifront advocacy strategy being carried out by Derechos Digitales through education, research, and training of activists and journalists, Rafael Zanatta, from Data Privacy Brasil, referenced Collin Bennet’s work. Bennet argues that privacy governance and advocacy efforts must take place in four fora: privacy through codes and engineering; international soft law, such as funds and standards of conduct; national regulation; and ethics in entrepreneurship.
At a global level, the panel “Data Protection and Generative AI: Current Legal Obligations and What Should We Expect from the Upcoming AI Regulation Initiatives Worldwide” focused on disputing the narratives of universalism coming from the Global North around AI systems and the compliance restraints that power imbalances and unequal resources offer.
Throughout the whole conference, it was particularly interesting to notice how most of the panellists would start their interventions with storytelling and personal experiences with data. There seems to be a need to ground abstract reflections around data in everyday life experiences for both panellists and audiences.
But my favourite part of the conference, with all due respect to all the amazing panellists and organisers, was the fringe event that CONNECTED BY DATA hosted to play-test our game! We managed to put together the coolest and most fun group of people to play it (1). It was fascinating to see how differences in background and geographical location can shift conversations in a whole new direction. When we first started to develop the game, we were focusing on fostering collective data governance conversations amongst practitioners. Nevertheless, considering Rio’s strong history of community leaders and Brazil’s active civil society and long legal tradition in collective rights, the more agreed comment in this group was how useful our game could be to start conversations about and illustrate data harms and citizens’ rights with the general public.
Context also played a huge part in discussions regarding our hypothetical scenario as well as possible social and economic restraints to specific participatory methods. One example really stuck with me. While we were discussing the use of surveys to inform the design of a project aiming to use geo data, one participant posed the question: what if there is a police raid around the time the survey is scheduled to take place, changing the role routine of the people living in that community? Haven’t experienced anything like that in my personal reality, I was speechless.
(1) A huge thanks to everyone who joined us and the incredible work they do fighting for collective rights in Brazil: Camila Leite Contri (Idec); Bárbara Simão (InternetLab); Pedro Gueiros (ITS Rio); Hannah Draper (World Vision International); Maria Isabel Couto (Fogo Cruzado); Erica Bakonyi (MyDataBrasil); Larissa Chen (FGV); Raphael Santana (TikTok); Kayo Moura (LabJaca); Horrara Moreira (AqualtuneLab); Smriti Parsheera (FGV Direito Rio) and Nicolo Zingales (CTS FGV).