Protection of personal data in the globalized society

Whatsapp
Facebook
Twitter
Instagram
Telegram

By Renato Afonso Goncalves*

The technological advancement experienced by humanity from the second half of the twentieth century has made personal data circulate freely, especially with the advent of the internet. In this new scenario, time and space barriers ceased to exist, configuring a new communication paradigm.

On a daily basis, people provide or expose personal data such as name, nationality, marital status, gender, credit and economic status, religion, education, health status, political expression and social habits that are part of their modus vivendi.

In possession of this information, powerful economic conglomerates established in the global territory, through advanced technological tools, constitute a probable profile of the individual. Personal data constitute true active for private companies in a booming digital economy market, and research elements for public authorities, especially in the fight against crime and terrorism.

The virtual space quickly evolved into what is now called internet of things – IoT, where the personal exposure generated by new technologies is almost always voluntary, especially through social networks. But this exposure also occurs involuntarily, in the citizen's interface with the State and in the establishment of commercial and consumer relations that require the provision of personal data as a condition for the acquisition of products and services, from the most essential to human survival to more superfluous. the so-called algorithms allow for gigantic storage of information (bigdata) that are related, grouped and contextualized for social and economic control (data mining). With this, the definition of profiles allows the holders of new technologies not only to better understand the reality in which they are inserted, but, above all, to stimulate desired behaviors according to their economic or political interests.

The World Economic Forum, through a detailed report on the subject, classifies the massive collection of personal data into three aspects, namely, those offered voluntarily through social networks; those ones observed, as in cases of geolocation on cell phones; and those inferred, provided for the establishment of contracts[I]

It is, therefore, a industry billionaire and very powerful whose precious raw material consists of our personal data. An example of this scenario is the one referring to the Facebook platform. In November 2016 the portal BBC Brazil published an article pointing out that Facebook had 1,79 billion users (1/4 of the world's population), earning 7 billion dollars. About 90% of these revenues derive from advertisements, as Facebook “makes it possible to reach very specific audiences, segmented by age, gender, education, profession and even hobbies. By opening an account on Zuckerberg's network, the user gives permission for his personal information to be used by the network. Everything that is posted allows the social network to know our habits and tastes. This is exactly what advertisers are offered. That's why, if you like to travel, you'll certainly see a lot of airline advertisements on the page. If you're a student, you might see more ads from computer manufacturers.”.[ii]

Well, technological advances have allowed countless and undeniable scientific advances. The connected world promised the sharing of experiences between people, the establishment of a space opposed to loneliness, the storage of our memories and a source of entertainment. All of this is true. But it is also true that free connectivity has turned us into a commodity. The dissemination of adhesion contracts at an increasingly intense speed does not allow the reading of their terms and conditions, greatly compromising the free expression of will essential to the establishment of legal transactions. Every day there is a veritable cascade of cases in which exposed privacy is violated.

Thus, the essential task of Law is envisioned: understanding the new reality of human relations and reconciling the necessary harmony between technological advancement and the protection of basic human rights, a true civilizing standard conquered the hard way throughout history.

In this context, the legal protection of personal data is inserted, and our objective in this space will be to address some of its historical aspects and the general lines of regulation of the matter in Europe and Brazil. In this first article we will take care of andlegal framework and evolution of personal data protection.

Aspects related to the handling of personal data are directly related to the legal protection given to the individuality of the human person, especially honor, privacy and intimacy. This protection won status constitutional from 1988, with the promulgation of the Magna Carta that marks the definitive break with the authoritarian system installed in the country in 1964.

A dignity of human person integrates the foundations of the Republic (Article 1, III), consisting of a guiding value of the entire legal system. The large dimension of dignity of human person as a guiding principle of Law is explained by the great jurist of Brazil and Portugal, Marco Antonio Marques da Silva, when teaching that “human dignity is linked to three essential premises: the first refers to man, individually considered, his personality and the rights inherent to it, called personality rights; the second, related to the insertion of man in society, attributing him the condition of citizen and its consequences; the third, linked to the economic question, recognizing the need to promote the means for the subsistence of individuals”.[iii]

In this vein, the Federal Constitution, as a corollary of human dignity, confers protection to the rights of the personality, prescribing that the person has the right to the inviolability of “intimacy, private life, honor and image, ensuring the right to compensation for material or moral damage resulting from its violation” (Art. 5, X ). It should be noted that this precept is in perfect harmony with Art. XII of the Universal Declaration of Human Rights, Articles 16 and 17 of the International Covenant on Civil and Political Rights, and Articles 11 and 18 of the American Convention on Human Rights. In other provisions, the Constitution extends this protection by providing for the prohibition of interception of telephone, telegraphic and data communications (Art.5º, XII); on the prohibition of home invasion (Art.5º, XI), the prohibition of the violation of correspondence (Art.5º, XII), as well as the guarantee of the Habeas Data for the knowledge of information from public records or databases and their rectification. (Art.5, LXXII).

Law 10406/2002 – Civil Code, dedicates Articles 11 to 21 to the protection of personality rights, such as the rights to identity, body, name, image, honor and private life. However, as Gilberto Haddad Jabur warns, “personality rights are, given their special nature, lacking exhaustive and indefectible taxation. They are all indispensable for the healthy and full unfolding of the psychophysical virtues that adorn the person”.[iv]

The jurist Maria Helena Diniz teaches us that “personality consists of the set of characteristics of the person. Personality is not a right, so it would be wrong to say that human beings have a right to personality. The personality is what supports the rights and duties that radiate from it, it is the object of rights, it is the first good of the person, which belongs to him as a first utility, so that he can be what he is, to survive and adapt to the conditions of the environment in which it finds itself, serving as a criterion for gauging, acquiring and ordering other assets”.[v] She goes on to assert that personality rights are “absolute, non-transferable, unavailable, non-waivable, unlimited, imprescriptible, unseizable, inexpropriable and off-balance sheet”.[vi]

Privacy thus constitutes the broadest expression of the spectrum of human life and personality. Derived from the English expression privacy and from Latin privus. It means, therefore, everything that is reserved for the public or exclusive for the private, conforming as a negative aspect of freedom, in the sense of being a “right to be alone”[vii], a “right to an anonymous life”[viii], or even, an “impenetrable refuge for the community”[ix].Intimacy – intimate – it is the core of privacy, the most secluded space of human life.

It is from these assumptions, human dignity and personality rights, that the imperative protection of personal data, or one right to protection of personal data. It is about recognizing that personal data express the spectrum of privacy, intimacy and dignity of the person.

In this wake, the doctrine built the right to “informative self-determination”[X], a right derived from privacy and intimacy in the face of new times, which is born from the dialectical tension between legal norms and social reality, from the combination of sociopolitical, economic and cultural factors, which give rise to the wide range of subjective legal situations, arising from the expansion of the spheres of action of the individual in society.

The weakening of privacy in the face of new technologies is what gave rise to this new reality with the production of constitutional, legal provisions or jurisprudential precedents in numerous countries, including Brazil, from the second half of the last century.

Report produced by the Organization for Economic Co-operation and Development (OECD)[xi], in 2015, identified similarity in the basic standards of personal data protection in several countries, also a result of the constant cooperation between professionals and scientists from different areas of knowledge, concerned with the growing power of States and large economic groups, holders of tools able to process the data of billions of people. These similarities are also due to the fact that with globalization, economic relations have intensified in such a way that discrepancies in standardization could create obstacles to commercial relations on the international scene.

In the field of constitutional regulation, the Portuguese Constitution of 1976 (Art. 35) and the Spanish Constitution of 1978 (Art. 18) are pointed out as texts that pioneered expressly incorporated the protection of personal data.

In the legislative field, the inside highlight on Germany with the enactment of the Federal Data Protection Act (Bundesdatenschuzgesetz – BDSG) in 1977, expressing, as Gustavo Gil Gasiola explains, a reaction to “state projects to implement centralized databases on the population , in the midst of the technological euphoria that marked the post-war period. The clash between the recent memory (or presence) of authoritarian governments and the imminence of such projects led to the express recognition of data protection in the face of public pretensions to increase its informational power”.[xii]

Gasiola clarifies that, in 1983, there was recognition of the fundamental right to informational self-determination (informationelles Selbstbestimung) by the German Constitutional Court (Bundesverfassungsgericht – TCA), when judging the Census Law (Volkszählungsurteil – 1 BvR 209/83, of 15.02.1983) . The Court discussed the constitutionality of a federal law that allowed the collection and processing of data for statistical purposes, as well as the anonymized transmission of this data for the execution of public activities. He clarifies the researcher that “the general permission given by the law for the comparison and exchange of personal data between public bodies, as well as the establishment of competence, was considered unconstitutional, for violating the principle of informative self-determination. The recognition of this new fundamental right resulted from an interpretation of the right of personality and the dignity of the human person”.[xiii]

Reference should also be made to French Law No. 78-17, of January 6, 1978, on the processing of data, files and freedoms.[xiv] Following these examples, Great Britain creates the Data Protection Act in 1984. In 1992, it was Spain's turn to enact Organic Law No. 5 for the Regulation of Automated Processing of Personal Data – LORTAD, with emphasis also on LOPD – Organic Law on Data Protection 15/1999 and LOPDGDD – Law Organic Law 3/2018, on Personal Data Protection and guarantee of digital rights (GDPR enforcer) . In Portugal, we have Law 67/98, Law 41/2004 and Law 33/2008. In the USA, the subject was the subject of Fair Information Practice Principles, developed by Department of Health, Education and Welfare in 1973, by Privacy Act in 1974, and by Privacy Protection Act in 1980.

In Brazil, in addition to the constitutional treatment already described, we have Law No. 13.709, of August 14, 2018, General Data Protection Law - LGPD[xv], which deals with the protection of personal data and which will be the object of our reflections in a later article. At this time, we must highlight that until the edition of the LGPD, the subject was regulated by Articles 43 and 44 of Law 8078/90, Consumer Defense Code - CDC[xvi]; by Law 9507, of November 12, 1997 – habeas data; by Decree No. 7.962/2013 – Electronic Commerce; and by Law No. 12.965, of April 23, 2014 – Marco Civil da Internet.

But the great reference for the current personal data protection models is produced by the European Union, which has been working on the subject for a long time, as can be seen in the Strasbourg Convention of 1981, which dealt with the right to privacy in the face of automated processing of personal data.[xvii]

European regulation appears in 1995 with the edition of Directive 95/46/EC/1995, aiming that its Member States ensure the protection of freedoms and fundamental rights of natural persons, notably the right to privacy, with regard to the processing of personal data[xviii], being complemented by Directive 97/66, aimed at the telecommunications sector, and by Directives 2002/58 and 2006/24[xx], dedicated to electronic communications.

Another relevant aspect is that the Lisbon Treaty of 2007[xx] gave binding effect to the Charter of Fundamental Rights of the European Union, which in Articles 7 and 8 enshrine respect for private and family life and the protection of personal data.[xxx]

In this vein, recognizing the need for uniformity in the processing of personal data and the development of a Single Digital Market[xxiii], the European Union issued Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, called the General Data Protection Regulation – RGPG, revoking Directive 95/46/EC. It should be noted that on the same day Directive (EU) 2016/680 was published, to protect natural persons regarding the processing of personal data in the context of judicial cooperation in criminal matters and police cooperation, and Directive (EU) 2016/681 , concerning the use of personal data for the identification of passengers in the fight against terrorism and serious crime.

In the next article, we will continue the reflection on this important and very current topic, paying attention to the European RGPD and the Brazilian LGPD, in a comparative analysis between these two diplomas and pointing out what, in our view, are the obstacles and challenges of Brazil in data protection. personal.

*Renato Afonso Goncalves, lawyer, is a doctoral student in Historical-Legal Sciences at the Faculty of Law of the University of Lisbon


[I] WORLD ECONOMIC FORUM – WEF. Personal data: the emergence of a new asset class. World Economic Forum, May 2011. Available at: http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf.

[ii] How much money Facebook makes from you (and how it happens). BBC News Brazil, 10 Nov. 2016. Available at: https://www.bbc.com/portuguese/internacional-37898626.

[iii] SILVA, Marco Antonio Marques da. Citizenship and democracy: instruments for the realization of human dignity. In: MIRANDA, Jorge; SILVA, Marco Antonio Marques da (Coords.). Luso-Brazilian Treaty on Human Dignity. 2nd ed. São Paulo: Quartier Latin, 2009. p. 224.

[iv] JABUR, Gilberto Haddad. Freedom of thought and right to privacy. São Paulo: Revista dos Tribunais, 2000. p. 28.

[v] DINIZ, Maria Helena. Course of Brazilian civil law. 22. ed. rev. and current. São Paulo: Saraiva, 2005. v. 1, p. 121.

[vi] ID Ibid., p. 122-123.

[vii] An expression coined by the American judge Cooley, in 1873, and which is analyzed in a reference work on the subject called The right to privacy, by Samuel Warren and Louis Brandeis, 1890. Spanish version: WARREN, Samuel; BRANDEIS, Louis. The right to intimacy. Madrid: Civitas, 1995.

[viii] Notion by Adriano De Cupis. DE CUPIS, Adriano. Personality rights. Translated by Adriano Vera Jardim and Antonio MiguelCaeiro. Lisbon: Morais Bookstore, 1961.

[ix] Lesson from Gilberto Haddad Jabur, Freedom of thought and right to privacy, cit., p. 225.

[X] A central work on the subject was produced by Professor Doctor Pablo Lucas Murilo, when analyzing Article 18 of the Spanish Constitution. MURILLO DE LA CUEVA, Pablo Lucas. The right to informative self-determination. Madrid: Tecnos, 1990.

[xi] ORGANIZATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT – OECD. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Paris: 2015. Available at: https://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm.

[xii] In GASIOLA, Gustavo Gil. Creation and development of data protection in Germany: the tension between state demand for information and imposed legal limits. Jot, 29 May 2019. Available at: https://www.jota.info/opiniao-e-analise/artigos/criacao-e-desenvolvimento-da-protecao-de-dados-na-alemanha-29052019.

[xiii] ID Ibid.

[xiv] Text available on the website of the Commission nationale de l'informatique et des libertés. LA LOI «Informatique et Libertés». Loi n° 78-17 of 6 January 1978 relative to l'informatique, aux fichiers et aux libertés. Commission Nationale de l'Informatique et des Libertés (CNIL). CNIL. Protéger les données personnelles, accompagner l'innovation, préserver les libertés individuelles, 17 June 2019. Available at: https://www.cnil.fr/fr/la-loi-informatique-et-libertes.

[xv] Law 13.853, of July 8, 2019, made changes to Law 13709/2018. BRAZIL. Presidency of the Republic. Law No. 13.853, of July 8, 2019. Amends Law No. 13.709, of August 14, 2018, to provide for the protection of personal data and to create the National Data Protection Authority; and takes other measures. Available at: http://www.planalto.gov.br/ccivil_03/_ato2019-2022/2019/lei/L13853.htm.

[xvi] In 2002 we published the work Consumer Relations Databases. In it, we draw an overview of the matter in the international scenario, we take care of the analysis of databases in Brazil and in consumer relations, studying, still, the constitutional guarantee of the habeas data and its law. On the subject, see: GONÇALVES, Renato Afonso. Databases in consumer relations. São Paulo: Max Limonad, 2002 EFING, Antonio Carlos. Consumer databases and registers.São Paulo: Revista dos Tribunais, 2002; BESSA, Leonardo Roscoe. The consumer and credit protection databases.São Paulo: Revista dos Tribunais, 2003.

[xvii] Full text in Portuguese accessible at website of the Portuguese National Data Protection Commission: PORTUGAL. National Data Protection Commission. Convention for the Protection of Individuals with regard to Automated Processing of Personal Data. Available at: https://www.cnpd.pt/bin/legis/internacional/Convencao108.htm.

[xviii] EUROPEAN PARLIAMENT. COUNCIL OF THE EUROPEAN UNION. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of natural persons with regard to the processing of personal data and the free movement of such data. Official Journal, L 281 of 23/11/1995 p. 0031–0050. Available at: https://eur-lex.europa.eu/legal-content/PT/ALL/?uri=CELEX%3A31995L0046; Directive 97/66/EC of the European Parliament and of the Council of December 15, 1997 on the processing of personal data and the protection of privacy in the telecommunications sector. Official Journal, L 24, 30.1.1998, p. 1–8. Available at: https://eur-lex.europa.eu/legal-content/PT/TXT/?uri=CELEX%3A31997L0066.

[xx] Said Directive arises after the terrorist attacks that took place in Madrid in 2004, at which point the European Council began to prioritize the debate on the use of data collected by electronic communications providers as a tool in criminal investigations and international cooperation. EUROPEAN PARLIAMENT. COUNCIL OF THE EUROPEAN UNION. Directive 2002/58/EC of the European Parliament and of the Council, of 12 July 2002, on the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal, L 201, 31.7.2002, p. 37–47. Available at: https://eur-lex.europa.eu/legal-content/PT/TXT/?uri=uriserv:OJ.L_.2002.201.01.0037.01.POR; Directive 2006/24/EC of the European Parliament and of the Council, of March 15, 2006, on the retention of data generated or processed in the context of the provision of publicly available electronic communications services or public communications networks, and which amends the Directive 2002/58/CE. Official Journal, L 105, 13.4.2006, p. 54-63. Available at: https://eur-lex.europa.eu/legal-content/PT/TXT/?uri=CELEX%3A32006L0024.

[xx] EUROPEAN UNION. Treaty of Lisbon. Consolidated version. Lisbon: Division of Publications of the Assembly of the Republic, 2008. Available at: https://www.parlamento.pt/europa/Documents/Tratado_Versao_Consolidada.pdf.

[xxx] EUROPEAN PARLIAMENT. COUNCIL OF THE EUROPEAN UNION. Charter of Fundamental Rights of the European Union. (2000/C 364/01). Official Journal of the European Communities, 18.12.2000. Available at: http://www.europarl.europa.eu/charter/pdf/text_en.pdf.

[xxiii] EUROPEAN COUNCIL. COUNCIL OF THE EUROPEAN UNION. Digital single market in Europe. Available at: https://www.consilium.europa.eu/pt/policies/digital-single-market/.

Bibliographic references

BESSA, Leonardo Roscoe. The consumer and credit protection databases.São Paulo: Revista dos Tribunais, 2003.

BRAZIL. Presidency of the Republic. Law No. 13.853, of July 8, 2019. Amends Law No. 13.709, of August 14, 2018, to provide for the protection of personal data and to create the National Data Protection Authority; and takes other measures. Available at: http://www.planalto.gov.br/ccivil_03/_ato2019-2022/2019/lei/L13853.htm.

EUROPEAN COUNCIL. COUNCIL OF THE EUROPEAN UNION. Digital single market in Europe. Available at: https://www.consilium.europa.eu/pt/policies/digital-single-market/.

DE CUPIS, Adriano. Personality rights. Translated by Adriano Vera Jardim and Antonio MiguelCaeiro. Lisbon: Morais Bookstore, 1961.

DINIZ, Maria Helena. Course of Brazilian civil law. 22. ed. rev. and current. São Paulo: Saraiva, 2005. v. 1.

EFING, Antonio Carlos. Consumer databases and registers.São Paulo: Revista dos Tribunais, 2002.

GASIOLA, Gustavo Gil. Creation and development of data protection in Germany: the tension between state demand for information and imposed legal limits. Jot, 29 May 2019. Available at: https://www.jota.info/opiniao-e-analise/artigos/criacao-e-desenvolvimento-da-protecao-de-dados-na-alemanha-29052019.

GONÇALVES, Renato Afonso. Databases in consumer relations. São Paulo: Max Limonad, 2002.

JABUR, Gilberto Haddad. Freedom of thought and right to privacy. São Paulo: Revista dos Tribunais, 2000.

LA LOI «Informatique et Libertés». Loi n° 78-17 of 6 January 1978 relative to l'informatique, aux fichiers et aux libertés. Commission Nationale de l'Informatique et des Libertés (CNIL). CNIL. Protéger les données personnelles, accompagner l'innovation, préserver les libertés individuelles, 17 June 2019. Available at: https://www.cnil.fr/fr/la-loi-informatique-et-libertes.

MURILLO DE LA CUEVA, Pablo Lucas. The right to informative self-determination. Madrid: Tecnos, 1990.

ORGANIZATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT – OECD. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Paris: 2015. Available at: https://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm.

EUROPEAN PARLIAMENT. COUNCIL OF THE EUROPEAN UNION. Charter of Fundamental Rights of the European Union. (2000/C 364/01). Official Journal of the European Communities, 18.12.2000. Available at: http://www.europarl.europa.eu/charter/pdf/text_en.pdf.

______. ______. Directive 2002/58/EC of the European Parliament and of the Council, of 12 July 2002, on the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal, L 201, 31.7.2002, p. 37–47. Available at: https://eur-lex.europa.eu/legal-content/PT/TXT/?uri=uriserv:OJ.L_.2002.201.01.0037.01.ENG.

______. ______. Directive 2006/24/EC of the European Parliament and of the Council, of March 15, 2006, on the retention of data generated or processed in the context of the provision of publicly available electronic communications services or public communications networks, and which amends the Directive 2002/58/CE. Official Journal, L 105, 13.4.2006, p. 54-63. Available at: https://eur-lex.europa.eu/legal-content/PT/TXT/?uri=CELEX%3A32006L0024.

______. ______. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of natural persons with regard to the processing of personal data and the free movement of such data. Official Journal, L 281 of 23/11/1995 p. 0031–0050. Available at: https://eur-lex.europa.eu/legal-content/PT/ALL/?uri=CELEX%3A31995L0046.

______. ______. Directive 97/66/EC of the European Parliament and of the Council of December 15, 1997 on the processing of personal data and the protection of privacy in the telecommunications sector. Official Journal, L 24, 30.1.1998, p. 1–8. Available at: https://eur-lex.europa.eu/legal-content/PT/TXT/?uri=CELEX%3A31997L0066.

PORTUGAL. National Data Protection Commission. Convention for the Protection of Individuals with regard to Automated Processing of Personal Data. Available at: https://www.cnpd.pt/bin/legis/internacional/Convencao108.htm.

______. National Data Protection Commission. General Data Protection Regulation (GDPR). May 25, 2018. Available at: https://www.cnpd.pt/.

HOW MUCH money Facebook makes from you (and how it happens). BBC News Brazil, 10 Nov. 2016. Available at: https://www.bbc.com/portuguese/internacional-37898626.

SILVA, Marco Antonio Marques da. Citizenship and democracy: instruments for the realization of human dignity. In: MIRANDA, Jorge; SILVA, Marco Antonio Marques da (Coords.). Luso-Brazilian Treaty on Human Dignity. 2nd ed. São Paulo: Quartier Latin, 2009.

COURT OF JUSTICE OF THE EUROPEAN UNION. Available at: https://curia.europa.eu/jcms/jcms/j_6/pt/.

EUROPEAN UNION. Treaty of Lisbon. Consolidated version. Lisbon: Division of Publications of the Assembly of the Republic, 2008. Available at: https://www.parlamento.pt/europa/Documents/Tratado_Versao_Consolidada.pdf.

WARREN, Samuel; BRANDEIS, Louis. The right to intimacy. Madrid: Civitas, 1995.

WORLD ECONOMIC FORUM – WEF. Personal data: the emergence of a new asset class. World Economic Forum, May 2011. Available at: http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf.

See all articles by

10 MOST READ IN THE LAST 7 DAYS

See all articles by

SEARCH

Search

TOPICS

NEW PUBLICATIONS