How Treatment Agents Impact Data Subjects’ Right to Informative Self-Determination

As disruptive technologies and increasing data traffic have created new forms of relationship in the context of information society services, the concept of privacy has also been redefined from an individual’s right to be left alone, not suffer any external interferences and retain some secrecy and confidentiality for the more intimate aspects of private life to necessarily encompassing the right to regulate and control the processing of personal data of individuals.

This is because, today, the availability of information about aspects, feelings and acts that within the classic conception of privacy would be considered of an intimate nature is becoming more and more frequent by the data subjects themselves. Thus, it is important that in the context of the modern concept of privacy, the fact that the data subject decides to expose some of his information does not characterize a renunciation, even if partial, of his right to privacy, as he has the right of control over his personal data and that is the at the heart of one of the fundamentals of the LGPD: informative self-determination.

The right to informative self-determination does not only aim to guarantee that data subjects can  access information relevant to the processing of their personal data, but that they can also  establish, in certain situations, limitations or even complete objections to the processing of their personal data as a means of protecting their privacy rights .However, in order for data subjects to be able to exercise this right as effectively as possible, it is essential that personal data processing agents, especially data controllers, adhere to  a series of positive (duty to do) and  negative (duty to abstain from doing) duties  provided for in the LGPD.

For example, It will not be possible for a data subject to be able to effectively exercise informative self-determination if there is no transparency on the personal data processing activities on part of the processing agents. If a data subject does not know what personal data is being collected about him/her and what processing is performed on that personal data and for what purposes, he will be limited in making decisions on the best way to protect his privacy.

Transparency on the processing of personal data of data subjects is only one of the duties that data controllers and processing agents must adhere to for the promotion, realization and exercise of the right of the data subject to be informed about his/her personal data. The LGPD provides for several mechanisms which, when observed by the processing agents, ensure that the data subjects have the fullest possible capacity to exercise the right to make informed decisions about the processing of their personal data. We can mention as examples of these mechanisms, the duty of data controllers and processing agents to collect consent from data subjects before collection of their personal data, when the law so requires, as well as to delete the data when this consent is revoked; the duty to maintain the quality of personal data and the duty to create a portable version of the personal data  at the request of the data subject.

Given that the effective exercise of the right to informational self-determination by the data subject depends on the fulfillment of the duties imposed on  data controllers and processing agents by the LGPD, it is possible to note the importance that the  data controllers and processing agents know and have full management of the personal data processed within the scope of their  activities, because otherwise it will not be possible to meet any of the mechanisms provided for in the LGPD, hindering the exercise of rights and, consequently, directly hurting the fundamental rights of protected by the LGPD, namely: freedom, privacy and free development of the personality of the natural person (human dignity).

Although the full exercise of informative self-determination still has some challenges that, possibly, will be subject to regulation by the ANPD, it is possible for data controllers and processing agents to work towards  better adherence to the mechanisms and duties established by the LGPD, which necessarily involves first, knowing and mapping transactions involving personal data within their organization; choosing ways and solutions for managing these activities; and to plan ways of implementing and sustaining the necessary protection measures as a way of giving data subjects the greatest possible control over their personal data.

Bibliography

CRAVO, D.C.; Kessler D.S.; Dresch R. F.; Direito à Portabilidade na Lei Geral de Proteção de Dados (Portabilidade de dados, definições preliminares), 1a edição, Editora Foco; Indaiatuba/SP; 2020.

EBERLIN, F. B.; Direitos da criança e na sociedade da informação; 1a edição; Ed. Revista dos Tribunais; São Paulo/SP; 2020.

MARTINI, R.; Sociedade da Informação; 1a edição, Editora Trevisan; São Paulo/SP; 2017.