FEDERAL REVENUE ORDINANCE PUBLISHED WITH DATA SHARING STANDARDS
Ordinance No. 4,255 of the Special Secretariat of Federal Revenue (RFB) was published, with changes to Ordinance / RFB No. 2,189 / 2017.
In the Federal Official Gazette of September 1, 2020, Ordinance No. 4,255 of the Special Secretariat of Federal Revenue (RFB) was published, with changes in Ordinance / RFB No. 2,189 / 2017. The latter concerns authorization to the Federal Data Processing Service (Serpro) to provide third parties with access to data and information under the management of the RFB, specifically those contained in the Single Annex, without a “process” being indispensable at that time. identification of risks ”.
This provision is intended to complement public policies by presenting the query argument (eg CPF number, CNPJ, ITR, manifest, among others) for each set of data and response information (eg identification of partners, federal debts, number of the bill of lading, cargo category, freight charge, container data, among others). The change brought recently consists in the revocation as of December 1, 2020 of the authorization to provide access to the set of data and information related to the Electronic Invoice (NF-e) by third parties.
The normative change was driven by the approval of the immediate validity of the LGPD, after the presidential sanction, by the Federal Senate. In this sense, Ordinance No. 4,255 / 2020, in compliance with the requirement that the processing of personal data by the public administration only be carried out for the implementation of public policies (Article 7, III, Law No. 13,709 / 2018), specifies that the treatment of data and information, object of the Ordinance, “occurs for the faithful fulfillment of public policies”.
In addition, it attests to the implementation of “the process of identifying institutional risk or the risk of individual confidentiality of the natural or legal person to which the data and information refer”, which is the object of the Ordinance. This is explained as one of the conditions for the provision of data access to third parties by Serpro, established in Ordinance No. 457/2016 of the then Ministry of Finance. The intention was also to meet the mandatory publicity regarding the waiver of consent of the holder of sensitive personal data in the case of shared processing of data necessary for the public administration to implement public policies (art. 11, § 2, Law nº 13.709 / 2018) .
Thus, as of December 1, 2020, Serpro should analyze the set of data and information related to the NF-e, in order to examine the existence of institutional risk or risk of individual confidentiality of the individual or legal entity in the with respect to the information in that document, before eventual availability to third parties.
By: Wilson Sales Belchior