Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
Published on February 22, 2021 AUTHOR - Karim Kramel, Lawyer, PG Advogados
As disruptive technologies and increasing data traffic have created new forms of relationship in the context of information society services, the concept of privacy has also been redefined from an individual’s right to be left alone, not suffer any external interferences and retain some secrecy and confidentiality for the more intimate aspects of private life to necessarily encompassing the right to regulate and control the processing of personal data of individuals.
This is because, today, the availability of information about aspects, feelings and acts that within the classic conception of privacy would be considered of an intimate nature is becoming more and more frequent by the data subjects themselves. Thus, it is important that in the context of the modern concept of privacy, the fact that the data subject decides to expose some of his information does not characterize a renunciation, even if partial, of his right to privacy, as he has the right of control over his personal data and that is the at the heart of one of the fundamentals of the LGPD: informative self-determination.
The right to informative self-determination does not only aim to guarantee that data subjects can access information relevant to the processing of their personal data, but that they can also establish, in certain situations, limitations or even complete objections to the processing of their personal data as a means of protecting their privacy rights .However, in order for data subjects to be able to exercise this right as effectively as possible, it is essential that personal data processing agents, especially data controllers, adhere to a series of positive (duty to do) and negative (duty to abstain from doing) duties provided for in the LGPD.
For example, It will not be possible for a data subject to be able to effectively exercise informative self-determination if there is no transparency on the personal data processing activities on part of the processing agents. If a data subject does not know what personal data is being collected about him/her and what processing is performed on that personal data and for what purposes, he will be limited in making decisions on the best way to protect his privacy.
Transparency on the processing of personal data of data subjects is only one of the duties that data controllers and processing agents must adhere to for the promotion, realization and exercise of the right of the data subject to be informed about his/her personal data. The LGPD provides for several mechanisms which, when observed by the processing agents, ensure that the data subjects have the fullest possible capacity to exercise the right to make informed decisions about the processing of their personal data. We can mention as examples of these mechanisms, the duty of data controllers and processing agents to collect consent from data subjects before collection of their personal data, when the law so requires, as well as to delete the data when this consent is revoked; the duty to maintain the quality of personal data and the duty to create a portable version of the personal data at the request of the data subject.
Given that the effective exercise of the right to informational self-determination by the data subject depends on the fulfillment of the duties imposed on data controllers and processing agents by the LGPD, it is possible to note the importance that the data controllers and processing agents know and have full management of the personal data processed within the scope of their activities, because otherwise it will not be possible to meet any of the mechanisms provided for in the LGPD, hindering the exercise of rights and, consequently, directly hurting the fundamental rights of protected by the LGPD, namely: freedom, privacy and free development of the personality of the natural person (human dignity).
Although the full exercise of informative self-determination still has some challenges that, possibly, will be subject to regulation by the ANPD, it is possible for data controllers and processing agents to work towards better adherence to the mechanisms and duties established by the LGPD, which necessarily involves first, knowing and mapping transactions involving personal data within their organization; choosing ways and solutions for managing these activities; and to plan ways of implementing and sustaining the necessary protection measures as a way of giving data subjects the greatest possible control over their personal data.
CRAVO, D.C.; Kessler D.S.; Dresch R. F.; Direito à Portabilidade na Lei Geral de Proteção de Dados (Portabilidade de dados, definições preliminares), 1a edição, Editora Foco; Indaiatuba/SP; 2020.
EBERLIN, F. B.; Direitos da criança e na sociedade da informação; 1a edição; Ed. Revista dos Tribunais; São Paulo/SP; 2020.
MARTINI, R.; Sociedade da Informação; 1a edição, Editora Trevisan; São Paulo/SP; 2017.
June 21, 2022
When the California Privacy Rights Act (CPRA) comes into effect, replacing the existing California Consumer Privacy Act (CCPA), organizations will have to change their current business practices around personal information handling. One significant change will be Regular Risk...
June 20, 2022
Privacy laws and regulations are enacted to bring transparency and accountability to an organization’s behavior when it comes to collecting and processing users’ personal data. Before the introduction of the GDPR article 30, accountability and transparency associated with...
PO Box 13039,
Coyote CA 95013