Supply of biometric data worries 60% of Brazilian Internet users, survey by Cetic.br shows

Risk perception is more associated with fingerprint and facial recognition, reveals the 2nd edition of the study "Privacy and personal data protection: perspectives of individuals, companies, and public organizations in Brazil," launched this Monday (2/9)

Brazilians are more concerned about providing their biometric data than other types of sensitive personal data, such as sexual orientation and color or race. This is revealed by the 2nd edition of the survey "Privacy and personal data protection: perspectives of individuals, companies, and public organizations in Brazil", launched this Monday (2) by the Brazilian Internet Steering Committee (CGI.br). According to the study, 32% of Internet users aged 16 or over in the country reported being "very worried" and another 28% "worried" when faced with this type of situation – together, the proportions reach 60%. Among users who mentioned this concern about providing biometric data, the perception of risk is most frequently associated with fingerprint and facial recognition, with the percentage of "worried" and "very worried" individuals reaching 86% and 82%, respectively.

The study also shows that the organizations for which users are most apprehensive about providing biometric data are: financial institutions (37% "very worried" and 36% "worried"), government bodies (35% and 38%), and public transport (34% and 37%).

Presented at the 15th Seminar on Privacy and Personal Data Protection, an event organized by CGI.br and the Brazilian Network Information Center (NIC.br), the survey gathers unprecedented indicators extracted from surveys conducted by the Regional Center for Studies on the Development of the Information Society (Cetic.br/NIC.br).

"With the expansion of systems based on facial recognition and fingerprint, it is understandable that people are more concerned about providing their biometric data. In this context, it is essential that companies and the government seek to improve their personal data protection and information security strategies when adopting this type of technology," analyzes Alexandre Barbosa, manager of Cetic.br/NIC.br.

The survey also points out that in 2023, 58% of Internet users aged 16 or over always (26%) or almost always (32%) agree to privacy policies without reading what they say. Moreover, a quarter of Internet users (24%) sought a support channel to make requests, complaints, or reports related to their personal data – the proportion was higher among men (27%) compared to women (22%) and among those with higher education (29%) compared to those with less education (23% up to elementary school, 22% up to high school). Among those who resorted to this type of service, 77% accessed the controlling company or public body directly, while 69% opted for consumer complaint sites, 51% sought consumer protection agencies and 35% the National Data Protection Authority (ANPD).

Shopping on sites or apps is the online activity that causes the most apprehension due to data provision: 29% said they are "very worried" and 27% "worried". Accessing bank pages and apps followed, with 25% "very worried" and 24% "worried". "These results indicate the perception, by Internet users, of a high potential for harm related to financial transaction data," highlights Barbosa.

Private Companies

Most personal data held by companies, regardless of size, comes from clients and users (68%) and from partners and suppliers (60%), according to the survey results. Between 2021 and 2023, the proportion of companies that maintained biometrics data rose from 24% to 30%. The second most stored sensitive personal data was health, increasing from 24% to 26% in the period analyzed.

Another point identified by the survey was the increase in the proportion of organizations that made changes to existing contracts to comply with the General Data Protection Law (LGPD): from 2021 to 2023, there was an increase from 24% to 31% in small companies and from 61% to 67% in large companies. Meanwhile, economic sectors that, in the same period, most implemented changes in contracts due to the LGPD were construction (22% to 35%), transport (38% to 42%), accommodation and food services (23% to 31%), information and communication (57% to 66%), professional activities (38% to 59%), and services (26% to 46%).

Among the actions required by the LGPD, the appointment of a data officer remained stable between 2021 (17%) and 2023 (19%), with lower presence among small companies (16%). On the other hand, from 2021 to 2023, there was growth in the proportion of companies that appointed someone for this role in the information and communication sectors (from 22% to 39%) and professional activities (from 22% to 33%).

"The survey shows that there have been advances in LGPD compliance among medium and large companies, including in different economic sectors, but there is room for a greater presence of good personal data protection practices, especially among smaller businesses," says the Cetic.br manager.

Public Organizations

The study indicates that initiatives related to privacy and data protection occur unevenly among public organizations. The appointment of data officers, for instance, reached 83% of federal agencies in 2023 (stable compared to 2021, which was 81%) and 46% of state agencies (an increase of 13 percentage points compared to 2021). In the municipal scope, this action was even less cited, being present in only two out of ten Brazilian city halls (21%), with higher proportions in capitals (58%) and in cities with more than 500,000 inhabitants (63%).

In 2023, the availability of Internet service channels regarding the use of personal data was mentioned by less than half of the state agencies (47%) and city halls (42%), while this form of service was present in 73% of federal agencies. In municipal administrations, in 2023, disparities according to population size were expanded: the availability of service channels became more present in locations with a population of 500,000 people or more (66% in 2023 and 36% in 2021) than in those with up to 10,000 inhabitants (43% in 2023 and 30% in 2021).

Disparities concerning measures adopted for privacy and data protection are repeated in the health area when analyzing the realities of public and private establishments. In 2023, the main differences were in the implementation of awareness campaigns on the LGPD (57% of private health units and 28% of public ones); implementation of a data security incident response plan (44% of private and 17% of public ones); and availability of service channels for data subjects (38% private and 16% public).

This imbalance between public and private institutions is also seen in the Education area, such as in the case of Basic Education schools with documents defining data and information security policies. Between 2020 and 2023, the proportion of public schools with this document went from 37% to 51%. However, these proportions are still lower than those of private schools, where the presence of the document increased from 60% to 74%.

"Promoting a culture of personal data protection in the country can contribute to the dissemination of innovation and digital transformation, allowing greater user confidence in adopting new technologies and in data processing carried out by institutions. This is a particularly critical point in public organizations that offer digital services to the population, whose effectiveness depends on user adherence," evaluates Alexandre Barbosa.

To check the full indicators of the survey, visit https://cetic.br/pt/publicacao/privacidade-e-protecao-de-dados-2023/. Also, watch the launch panel of the study at https://www.youtube.com/watch?v=odQZ9ospfPQ.

About the Survey
The 2nd edition of the survey "Privacy and personal data protection" gathered unprecedented data collected by different studies conducted by the Regional Center for Studies on the Development of the Information Society (Cetic.br) with individuals, companies, and public organizations. The ICT Panel was conducted in December 2023 and interviewed 2,618 people aged 16 or over via an online questionnaire. The ICT Enterprises 2023 interviewed 2,075 companies with 10 or more employed people by phone between March and December 2023.

The ICT Electronic Government 2023 survey interviewed 677 federal and state agencies and 4,265 city halls by phone between July 2023 and February 2024. The ICT Health 2023 survey interviewed 4,117 managers of Brazilian health establishments by phone between February and July 2023. The ICT Education 2022 survey interviewed, in-person, 7,192 students from the 4th year of Elementary School to the 3rd year of High School, 1,424 teachers, 873 pedagogical coordinators, and 959 school managers between October 2022 and May 2023. The 2023 edition of ICT Education data was collected between August 2023 and April 2024, through telephone interviews, with 3,004 school managers.

About Cetic.br
The Regional Center for Studies on the Development of the Information Society (Cetic.br), part of NIC.br, is responsible for producing indicators and statistics about Internet access and use in Brazil, publishing periodic analyses and information on the network's development in the country. Cetic.br|NIC.br is also a Regional Center for Studies under the auspices of UNESCO, and will complete 19 years of operation in 2024. More information at https://cetic.br/.

About the Brazilian Network Information Center – NIC.br
NIC.br (https://nic.br/) is a civil, private, non-profit entity responsible for operating the .br domain, as well as distributing IP numbers and registering Autonomous Systems in the country. NIC.br implements the decisions and projects of the Brazilian Internet Steering Committee - CGI.br since 2005, and all collected resources come from its activities, which are of a private nature. It conducts actions and projects that benefit the Internet infrastructure in Brazil. NIC.br encompasses: Registration.br (https://registro.br/), CERT.br (https://cert.br/), Ceptro.br (https://ceptro.br/), Cetic.br (https://cetic.br/), IX.br (https://ix.br/) and Ceweb.br (https://ceweb.br/), in addition to projects like Internetsegura.br (https://internetsegura.br/) and the Good Internet Practices Portal in Brazil (https://bcp.nic.br/). It also hosts the W3C Chapter São Paulo office (https://w3c.br/).

About the Brazilian Internet Steering Committee – CGI.br
The Brazilian Internet Steering Committee is responsible for establishing strategic guidelines related to Internet use and development in Brazil, coordinating and integrating all Internet service initiatives in the country, promoting technical quality, innovation, and dissemination of offered services. Based on the principles of multistakeholderism and transparency, CGI.br represents a democratic Internet governance model, praised internationally, where all sectors of society equally participate in its decisions. One of its formulations is the 10 Principles for Internet Governance and Use (https://cgi.br/resolucoes/documento/2009/003). More information at https://cgi.br/.

Press Contacts – NIC.br:

Weber Shandwick
https://webershandwick.com.br/
PABX: (11) 3027-0200 / 3531-4950
Milena Oliveira - moliveira@webershandwick.com – (11) 98384-3500
Paula Boracini - pboracini@webershandwick.com – (11) 98123-5235

Communication Advisory – NIC.br
Carolina Carvalho - Communication Manager - carolcarvalho@nic.br
Ana Nascimento - Communication Coordinator – ananascimento@nic.br

Flickr: https://flickr.com/NICbr/
X: https://x.com/comuNICbr/
YouTube: https://youtube.com/nicbrvideos
Facebook: https://facebook.com/nic.br
Telegram: https://telegram.me/nicbr
LinkedIn: https://linkedin.com/company/nic-br/
Instagram: https://instagram.com/nicbr/

This content was automatically translated with the support of artificial intelligence.