Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

How Treatment Agents Impact Data Subjects’ Right to Informative Self-Determination

Published February 22, 2021
Author

Omer Imran Malik

Senior Data Privacy Consultant at Securiti

FIP, CIPT, CIPM, CIPP/US

Listen to the content

DSAR Blog image

 

As disruptive technologies and increasing data traffic have created new forms of relationship in the context of information society services, the concept of privacy has also been redefined from an individual’s right to be left alone, not suffer any external interferences and retain some secrecy and confidentiality for the more intimate aspects of private life to necessarily encompassing the right to regulate and control the processing of personal data of individuals.

This is because, today, the availability of information about aspects, feelings and acts that within the classic conception of privacy would be considered of an intimate nature is becoming more and more frequent by the data subjects themselves. Thus, it is important that in the context of the modern concept of privacy, the fact that the data subject decides to expose some of his information does not characterize a renunciation, even if partial, of his right to privacy, as he has the right of control over his personal data and that is the at the heart of one of the fundamentals of the LGPD: informative self-determination.

The right to informative self-determination does not only aim to guarantee that data subjects can  access information relevant to the processing of their personal data, but that they can also  establish, in certain situations, limitations or even complete objections to the processing of their personal data as a means of protecting their privacy rights .However, in order for data subjects to be able to exercise this right as effectively as possible, it is essential that personal data processing agents, especially data controllers, adhere to  a series of positive (duty to do) and  negative (duty to abstain from doing) duties  provided for in the LGPD.

For example, It will not be possible for a data subject to be able to effectively exercise informative self-determination if there is no transparency on the personal data processing activities on part of the processing agents. If a data subject does not know what personal data is being collected about him/her and what processing is performed on that personal data and for what purposes, he will be limited in making decisions on the best way to protect his privacy.

Transparency on the processing of personal data of data subjects is only one of the duties that data controllers and processing agents must adhere to for the promotion, realization and exercise of the right of the data subject to be informed about his/her personal data. The LGPD provides for several mechanisms which, when observed by the processing agents, ensure that the data subjects have the fullest possible capacity to exercise the right to make informed decisions about the processing of their personal data. We can mention as examples of these mechanisms, the duty of data controllers and processing agents to collect consent from data subjects before collection of their personal data, when the law so requires, as well as to delete the data when this consent is revoked; the duty to maintain the quality of personal data and the duty to create a portable version of the personal data  at the request of the data subject.

Given that the effective exercise of the right to informational self-determination by the data subject depends on the fulfillment of the duties imposed on  data controllers and processing agents by the LGPD, it is possible to note the importance that the  data controllers and processing agents know and have full management of the personal data processed within the scope of their  activities, because otherwise it will not be possible to meet any of the mechanisms provided for in the LGPD, hindering the exercise of rights and, consequently, directly hurting the fundamental rights of protected by the LGPD, namely: freedom, privacy and free development of the personality of the natural person (human dignity).

Although the full exercise of informative self-determination still has some challenges that, possibly, will be subject to regulation by the ANPD, it is possible for data controllers and processing agents to work towards  better adherence to the mechanisms and duties established by the LGPD, which necessarily involves first, knowing and mapping transactions involving personal data within their organization; choosing ways and solutions for managing these activities; and to plan ways of implementing and sustaining the necessary protection measures as a way of giving data subjects the greatest possible control over their personal data.

Bibliography

CRAVO, D.C.; Kessler D.S.; Dresch R. F.; Direito à Portabilidade na Lei Geral de Proteção de Dados (Portabilidade de dados, definições preliminares), 1a edição, Editora Foco; Indaiatuba/SP; 2020.

EBERLIN, F. B.; Direitos da criança e na sociedade da informação; 1a edição; Ed. Revista dos Tribunais; São Paulo/SP; 2020.

MARTINI, R.; Sociedade da Informação; 1a edição, Editora Trevisan; São Paulo/SP; 2017.

Your Data+AI Command Center

Enable Safe Use of Data and AI

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


Share


More Stories that May Interest You

Videos

View More

Mitigating OWASP Top 10 for LLM Applications 2025

Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...

View More

DSPM vs. CSPM – What’s the Difference?

While the cloud has offered the world immense growth opportunities, it has also introduced unprecedented challenges and risks. Solutions like Cloud Security Posture Management...

View More

Top 6 DSPM Use Cases

With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...

View More

Colorado Privacy Act (CPA)

What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...

View More

Securiti for Copilot in SaaS

Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...

View More

Top 10 Considerations for Safely Using Unstructured Data with GenAI

A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....

View More

Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes

As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...

View More

Navigating CPRA: Key Insights for Businesses

What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...

View More

Navigating the Shift: Transitioning to PCI DSS v4.0

What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...

View More

Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)

AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 14:21

AI Governance Is Much More than Technology Risk Mitigation

AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3

You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge

Watch Now View
Spotlight 47:42

Cybersecurity – Where Leaders are Buying, Building, and Partnering

Rehan Jalil
Watch Now View
Spotlight 27:29

Building Safe AI with Databricks and Gencore

Rehan Jalil
Watch Now View
Spotlight 46:02

Building Safe Enterprise AI: A Practical Roadmap

Watch Now View
Spotlight 13:32

Ensuring Solid Governance Is Like Squeezing Jello

Watch Now View
Spotlight 40:46

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

Watch Now View
Spotlight 10:05

Unstructured Data: Analytics Goldmine or a Governance Minefield?

Viral Kamdar
Watch Now View
Spotlight 21:30

Companies Cannot Grow If CISOs Don’t Allow Experimentation

Watch Now View
Spotlight 2:48

Unlocking Gen AI For Enterprise With Rehan Jalil

Rehan Jalil
Watch Now View

Latest

View More

From Trial to Trusted: Securely Scaling Microsoft Copilot in the Enterprise

AI copilots and agents embedded in SaaS are rapidly reshaping how enterprises work. Business leaders and IT teams see them as a gateway to...

The ROI of Safe Enterprise AI View More

The ROI of Safe Enterprise AI: A Business Leader’s Guide

The fundamental truth of today’s competitive landscape is that businesses harnessing data through AI will outperform those that don’t. Especially with 90% of enterprise...

Data Security Governance View More

Data Security Governance: Key Principles and Best Practices for Protection

Learn about Data Security Governance, its importance in protecting sensitive data, ensuring compliance, and managing risks. Best practices for securing data.

AI TRiSM View More

What is AI TRiSM and Why It’s Essential in the Era of GenAI

The launch of ChatGPT in late 2022 was a watershed moment for AI, introducing the world to the possibilities of GenAI. After OpenAI made...

Managing Privacy Risks in Large Language Models (LLMs) View More

Managing Privacy Risks in Large Language Models (LLMs)

Download the whitepaper to learn how to manage privacy risks in large language models (LLMs). Gain comprehensive insights to avoid violations.

View More

Top 10 Privacy Milestones That Defined 2024

Discover the top 10 privacy milestones that defined 2024. Learn how privacy evolved in 2024, including key legislations enacted, data breaches, and AI milestones.

Comparison of RoPA Field Requirements Across Jurisdictions View More

Comparison of RoPA Field Requirements Across Jurisdictions

Download the infographic to compare Records of Processing Activities (RoPA) field requirements across jurisdictions. Learn its importance, penalties, and how to navigate RoPA.

Navigating Kenya’s Data Protection Act View More

Navigating Kenya’s Data Protection Act: What Organizations Need To Know

Download the infographic to discover key details about navigating Kenya’s Data Protection Act and simplify your compliance journey.

Gencore AI and Amazon Bedrock View More

Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock

Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...

DSPM Vendor Due Diligence View More

DSPM Vendor Due Diligence

DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...

What's
New