CPDP LatAm 2023

Data Governance School LatAm

The Data Governance School LatAm (DGSL) aims at developing a learning platform, facilitating the exchange of best practices regarding the governance of personal data at the Latin American level. The DGSL is an international course developed by the Center for Technology and Society (CTS) at Fundação Getulio Vargas (FGV) Law School, Rio de Janeiro. The DGSL acts as an academic branch of the Computers, Privacy and Data Protection in Latin America (CPDP LatAm) conference, continuously facilitating an exchange of knowledge and ideas between DGSL and CPDP LatAm participants.

The DGSL will take place from 26 to 28 April 2023 at Fundação Getulio Vargas (FGV) Law School, on the picturesque Botafogo bay, in Rio de Janeiro. (Address: Praia de Botafogo, 190)

The goal of the DGSL is to bring together data protection regulators and other stakeholders for an intensive three-day-long course, where each participant will have a dual role, being both a student and a lecturer. DGSL stakeholders encompass public servants from Latin American Data Protection Authorities, data governance practitioners, governmental and intergovernmental officials, start-up and business representatives, activists, and researchers.


  • Target audience and grants

The DGSL target audience are individuals who already have a good understanding of data governance issues and are interested in expanding and sharing their knowledge, studying global and Latin American issues related to data governance.

While the aim of this initiative is to discuss the global dimensions of data governance, the DGSL will target especially the Latin American region. Participants will come from Latin American countries and lectures will be taught in Spanish, Portuguese, and English. Simultaneous translation will be available to facilitate interactions between participants.

Each DGSL class will be composed of approximately 35 participants. The DGSL Direction will make its best effort to promote gender, geographical and stakeholder balance when selecting students, to ensure diversity and promote inclusion. To this end, up to fifteen grants will be available.

We encourage applications from black, indigenous and quilombola applicants, and transgender or transsexual applicants in situations of social vulnerability. Applicants who declare themselves as black, indigenous, quilombola, and transgender or transsexual applicants in situations of social vulnerability will have the opportunity to receive grants for the course. Applicants in situations of social vulnerability interested in obtaining scholarships must register through the FGV Direito Rio website and  submit the Self-Declaration Form filled out and signed to the e-mail direitopec@fgv.br.


The DGS will have a tripartite structure. The first module (Day 1) will explore the Latin American data governance frameworks to identify convergence and divergence. In this first module, students will be asked to deliver short presentations of their national frameworks to their fellow participants and will jointly analyse case studies, to foster a mutual understanding of shared issues. This first module will carefully blend theoretical and empirical analyses, to make sure that all participants continuously focus and actively engage in the discussions.

The second module (Day 2) will focus on the most recent data protection evolutions at the regional level, regarding policymaking and technology, and their impact. This module will feature renown experts from academia as well as from technical and business communities. This model will stimulate multidisciplinary and engaging discussions of the identified issues through the analysis of practical experiences. Instances of themes to be explored during lectures, case studies and practical exercises include issues as diverse as the functioning and regulation of Artificial Intelligence (AI) systems; how data transfers are regulated at the Latin American level; the ways in which Application Programming Interfaces (APIs) exchange data; the implementation of Privacy Enhancing Technologies (PETs) to comply with legal requirements of multiple jurisdictions, etc.

The third module (Day 3) will focus on the most recent governance and regulatory evolutions at the global level, and the impact they can have on Latin American countries. Issues will include the analysis of the intersection between data protection and competition law, the convergence between cybersecurity, data protection and cybercrime, the analysis of new data governance models in leading emerging economies (BRICS countries) including the new data governance framework of China and India.

To successfully complete the DGSL and obtain a certificate released by FGV Law School, each student will be required to draft a short paper presenting the national framework of choice utilising the metodology developed by the organisers to contribute to CPDP LatAm and CTS-FGV ongoing reseach on data governance in Latin America. A model structure for student papers will be provided to students to facilitate the draft of their final papers, indicating the required sections (e.g. introduction to the national legal framework, presentation of the national Data Protection Authority, regulation of international data transfers, etc.).

The best papers will be published in volume to be presented in the context of CPDP LatAm. A selection of the best DGSL students will be awarded a travel grant to participate to CPDP LatAm.

Dates and Format

The DSGL will take place in an in-person format and will last a total of three days, from 26 to 28 April. Each student will have one month to deliver the final paper according to the predefined guidelines. The deadline for paper delivery is 30 May 2023. Students will receive a certificate issued by FGV Law School upon completion of the course and approval of the paper.


Day 1 (26 April) Participatory overview of LatAm frameworks: understanding commonalities and differences

10:00 – 10:20 Presentation of the Data Governance School LatAm (DGSL)

    • Luca Belli (CTS-FGV)

10:20 – 11:00 Keynote speaker

    • Ana Brian (UN Special Rapporteur)

11:00 – 12:30 Presentations of regulatory frameworks of Brazil and Dominican Republic, discussing the normative and  institutional features (rights, obligations, structure of the regulator, etc) and analysing a key case study.

    • Miriam Wimmer (Directress, Brazilian Data Protection Authority – ANPD)
    • Armando Manzueta (Digital Government Technical Director, Oficina Gubernamental de Tecnologías de la Información y Comunicación de República Dominicana)

12:30 – 14:00 lunch and networking

14:00 – 15:30 Presentations of regulatory frameworks of Uruguay and Argentina, discussing the normative and  institutional features (rights, obligations, structure of the regulator, etc) and analysing a key case study.

    • Gonzalo Sosa (Data Protection Unit Coordinator, Uruguayan Data Protection Authority – AGESIG)
    • Maria Julia Giorgelli (Defensoría del Pueblo de la Ciudad Autónoma de Buenos Aires)

15:30 – 16:15 Presentations of regulatory frameworks of Mexico and Paraguay, discussing the normative and  institutional features (rights, obligations, structure of the regulator, etc) and analysing a key case study.

    • Jonathan Mendoza (Data Protection Secretary, Mexican Data Protection Authority – INAI)
    • Fátima Arzamendia (Comisión Nacional de Telecomunicaciones, Paraguay)

16:15 – 16:35: coffee break and networking

16:35 – 18:15 The right not to be subject to a decision based solely on automated processing of personal data in the Uruguayan system and the interest of a legal approach based on the precautionary principle

    • Bárbara Muracciole (Universidad de la República, Uruguay)

Day 2 (27 April) Emerging LatAm issues and case studies

10:00 – 11:00 AI Regulation

    • Laura Schertel Mendes (IDP)

11:00 –  11:45 Case study: Algoritmic bias and discrimination

    • Bianca Kremer (IDP and CTS-FGV)

11:45 – 12:30 Case study: How the Facebook API works

    • Erica Finkle (Meta)

12:45 – 14:00 lunch and networking 

14:00 – 15:30 Data transfers in Latin America

    • Pablo Palazzi (CeTyS)

15:30 – 16:30 Case study: Regulatory sandbox in Rio de Janeiro

    • Carina de Castro Quirino (Undersecretary for Regulation and Business Environment, Rio de Janeiro City Hall)

16:30 – 16:50: coffee break and networking

16:50 – 17:50 Case study: How does Mercado Livre deal with multiple-jurisdiction compliance

    • Samantha Oliveira (Mercado Livre)

Day 3 (28 April) Emerging global approaches and solutions

10:00 – 11:15 Data Protection and Competition Law

    • Nicolo Zingales (CTS-FGV)

11:15 – 12:30 Innovative Data Protection practices from the BRICS

    • Luca Belli (CTS-FGV)

12:30 – 14:00 lunch and networking 

14:00 – 15:15 The Indian Model and the Data Empowerment and Protection Architecture

    • Smriti Parsheera (CyberBRICS)

15:15 – 16:15 Data Protection and Cybercrime Convergence

    • Sizwe Snail (Nelson Mandela University & CTS-FGV, Former DPA of South Africa)

16:15 – 16:30: coffee break and networking

16:30 – 17:45: The Chinese Model

    • Wei Wang (CyberBRICS)

17:45 – 18:00: Conclusion: Building a Data and AI Governance Coalition 

18:00 – 19:30 Cocktail reception