Privacy CNJ Regulates the Use of Artificial Intelligence in the Brazilian Judiciary
The National Council of Justice (CNJ) has approved a new resolution regulating the use of artificial intelligence in the Brazilian Judiciary. The measure updates CNJ Resolution No. 332/2020, establishing rules for the use and auditing of AI systems in the courts.
Among the main guidelines, the following stand out:
- Human supervision at all stages of the development and use cycles of AI solutions;
- Risk classification of systems into low or high levels;
- Periodic audits to ensure compliance and security.
Furthermore, corrections or updates will still be permitted until the rule comes into effect, in 120 days. This means that the courts will have time to adapt to the new guidelines.
This regulation is important because it aims to ensure transparency and security in the use of AI. The Judiciary will then be able to use the technology in an ethical and responsible manner.
Source: CNJ
TST Rejects Clause that Required Transfer of Personal Data
The Superior Labor Court (TST) rejected a collective agreement clause that included the transfer of personal data of employees of the Young Men’s telemarketing data Christian Association (YMCA) to a discount card company.
This decision was made because the requirement violated the LGPD, which requires explicit consent for the processing of personal data. In addition, the TST emphasized that the right to privacy cannot be negotiated in collective agreements, which protects workers against the misuse of their data.
This stance by the TST is an important milestone, as it reaffirms the need for transparency and consent in the processing of personal information. Therefore, companies must review their data collection policies to avoid violations of the LGPD.
Source: Digital Convergence
Scammers in Lages use Fake Donations to Steal Personal Data
The City of Lages issued a warning about a scam involving donations of basic food baskets and job offers, where criminals use the name of CRAS to optimized mobile-friendly content steal personal data and make fraudulent loans.
The scammers go to the homes of families in a situation of socioeconomic vulnerability with a “pre-registration” with CRAS and ask for updated data. Then, they collect additional information and photos to make loans in the victims’ name .
This incident is worrying because it highlights the fragility of personal data protection in vulnerable situations. It also highlights the need for digital education and personal data protection to prevent fraud and scams.
Therefore, it is essential that authorities expand awareness campaigns about digital scams, and that victims are advised to report them so that legal measures can be taken.
Microsoft Copilot Flaw Exposing Large Enterprise Data
A security flaw in Microsoft Copilot exposed thousands of private GitHub repositories, affecting more than 16,000 companies, including IBM, Google, PayPal and even Microsoft itself.
The vulnerability was identified by betting email list Israeli security firm Lasso, revealing the exposure of:
- Access credentials in corporate environments;
- Entire confidential files containing intellectual property;
- Access keys and security tokens .
This issue occurred because the caching mechanisms in Copilot and Bing had flaws that allowed unauthorized access, so Microsoft had to act quickly.
Lasso reported the flaw to Microsoft in November 2024. And in January 2025, Microsoft updated its security policies to restrict public access to the Bing cache. The risk was mitigated.
This data exposure is an important warning because it shows how vulnerable even large companies are to cyberattacks. Therefore, it is crucial to continually invest in digital security and constant auditing of AI solutions.
Source: Cybersecurity News
The Importance of DPO as a Service in Data Protection
These cases highlight the need for solid privacy and information security policies . To mitigate risks and ensure compliance with the LGPD and other regulations, companies and institutions must invest in specialized solutions.
DPO as a Service emerges as an effective alternative for organizations that want to strengthen their digital security. It enables the implementation of good data protection practices , reducing risks and avoiding penalties.
Furthermore, having a specialized DPO not only prevents attacks and leaks, but also ensures the reliability of systems and the security of customer information.
