'Most Innovative Startup 2020' by RSA - Watch the video

Learn More
DSAR Blog image

 

As disruptive technologies and increasing data traffic have created new forms of relationship in the context of information society services, the concept of privacy has also been redefined from an individual’s right to be left alone, not suffer any external interferences and retain some secrecy and confidentiality for the more intimate aspects of private life to necessarily encompassing the right to regulate and control the processing of personal data of individuals.

This is because, today, the availability of information about aspects, feelings and acts that within the classic conception of privacy would be considered of an intimate nature is becoming more and more frequent by the data subjects themselves. Thus, it is important that in the context of the modern concept of privacy, the fact that the data subject decides to expose some of his information does not characterize a renunciation, even if partial, of his right to privacy, as he has the right of control over his personal data and that is the at the heart of one of the fundamentals of the LGPD: informative self-determination.

The right to informative self-determination does not only aim to guarantee that data subjects can  access information relevant to the processing of their personal data, but that they can also  establish, in certain situations, limitations or even complete objections to the processing of their personal data as a means of protecting their privacy rights .However, in order for data subjects to be able to exercise this right as effectively as possible, it is essential that personal data processing agents, especially data controllers, adhere to  a series of positive (duty to do) and  negative (duty to abstain from doing) duties  provided for in the LGPD.

For example, It will not be possible for a data subject to be able to effectively exercise informative self-determination if there is no transparency on the personal data processing activities on part of the processing agents. If a data subject does not know what personal data is being collected about him/her and what processing is performed on that personal data and for what purposes, he will be limited in making decisions on the best way to protect his privacy.

Transparency on the processing of personal data of data subjects is only one of the duties that data controllers and processing agents must adhere to for the promotion, realization and exercise of the right of the data subject to be informed about his/her personal data. The LGPD provides for several mechanisms which, when observed by the processing agents, ensure that the data subjects have the fullest possible capacity to exercise the right to make informed decisions about the processing of their personal data. We can mention as examples of these mechanisms, the duty of data controllers and processing agents to collect consent from data subjects before collection of their personal data, when the law so requires, as well as to delete the data when this consent is revoked; the duty to maintain the quality of personal data and the duty to create a portable version of the personal data  at the request of the data subject.

Given that the effective exercise of the right to informational self-determination by the data subject depends on the fulfillment of the duties imposed on  data controllers and processing agents by the LGPD, it is possible to note the importance that the  data controllers and processing agents know and have full management of the personal data processed within the scope of their  activities, because otherwise it will not be possible to meet any of the mechanisms provided for in the LGPD, hindering the exercise of rights and, consequently, directly hurting the fundamental rights of protected by the LGPD, namely: freedom, privacy and free development of the personality of the natural person (human dignity).

Although the full exercise of informative self-determination still has some challenges that, possibly, will be subject to regulation by the ANPD, it is possible for data controllers and processing agents to work towards  better adherence to the mechanisms and duties established by the LGPD, which necessarily involves first, knowing and mapping transactions involving personal data within their organization; choosing ways and solutions for managing these activities; and to plan ways of implementing and sustaining the necessary protection measures as a way of giving data subjects the greatest possible control over their personal data.

Bibliography

CRAVO, D.C.; Kessler D.S.; Dresch R. F.; Direito à Portabilidade na Lei Geral de Proteção de Dados (Portabilidade de dados, definições preliminares), 1a edição, Editora Foco; Indaiatuba/SP; 2020.

EBERLIN, F. B.; Direitos da criança e na sociedade da informação; 1a edição; Ed. Revista dos Tribunais; São Paulo/SP; 2020.

MARTINI, R.; Sociedade da Informação; 1a edição, Editora Trevisan; São Paulo/SP; 2017.

Share this

Our Videos

cookie_video View More
01:49

Cookie Consent Management

Automate and manage the entire consent life cycle with efficiency for various cookie compliance regulations around the world.

Learn More
View More
3:00

Sensitive Data Intelligence

Discover granular insights into all aspects of your privacy and security functions while reducing security risks and lowering the overall costs

Learn More
data mapping video thumbnail View More
3:00

Data Mapping Automation

Simplify gathering information, dynamically update your data catalog, and automate assessments and reports

Learn More
View More
02:40

An IT Leader’s Perspective on CCPA

Meet Brian Lillie, Former CPO at Equinix as he discusses the potential challenges of CCPA and how the PrivacyOps framework can be the key to unlocking compliance.

Learn More
Most Innovative Startup 2020 SECURITI.ai View More
03:42

RSA Innovation Sandbox 2020: Securiti

Watch the 3-minute pitch presented by Rehan Jalil on SECURITI.ai in the RSAC Sandbox Competition

Learn More
CCPA View More
07:10

CCPA Compliance

CCPA protects consumers from mismanagement of their personal data and gives the consumer control over what data is collected, processed, shared or sold.

Learn More