Privacy and data protection

The continuous development of computer processing power (Moore’s Law) and the increased use of the internet for various purposes, whether work or social life, among others, have created a greater flow of personal information susceptible to be used and stored by companies and governments in various ways. Reports such as the one that revealed the NSA scandal, with its mass espionage mechanisms, remind us of George Orwell’s “Big Brother” and provide a warning against other potential violations of privacy rights, which information technologies can enhance.

Thus, it is important to understand how legal science developed its conceptions about the idea of a right to privacy, in order to improve legal mechanisms to protect human person against new technologies and problems of information society.

From privacy to personal data protection

Currently, the right to privacy is understood as a fundamental right crucial to human dignity’s promotion, related to the theory of personality. For a better understanding of this complex concept, it is necessary a historical review of its emergence and transformation.

First, we note that the concept of privacy is not exclusive nowadays, emerging in other times and places with various guises. The doctrine that privacy should be safeguarded by the law arises in the late nineteenth century, with the paper The Right to Privacy, wrote by the Americans Samuel Warren and Louis Brandeis. In it, privacy is seen as a “right to be left alone” – expression polished by Thomas Cooley – with an individualistic nature and a liberal-bourgeoisie ideology.

The European case law on this right was related, mainly, to the protection of privacy of individuals from the highest social stratum, which demonstrates the strong individualistic and elitist character that the courts applied to such right. Since 1960, certain social changes promoted a larger opening of concept. The emergence of  welfare State and technological advances, which enabled the increase of information production, processing and storage, created new possibilities to privacy violation, was no longer restricted to the figures of great social importance.

Personal information, in addition to be useful for public administration, now have significant market value, lying scattered in numerous banks of governmental and private data around the world, with the advent of the Internet and other digital networks,immersed in the informational ocean of Big Data.

Moreover, considering that such data collection still occurs quite often without the knowledge of its owner – without informed consent -, what has proved to be more important nowadays is that the person holds the power to control its own information, especially information considered sensitive, and not just to ensure their secrecy or confidentiality.

As Stefano Rodotà states, the gravity center of privacy notion repositioned itself: the “person-information-flow-control” scheme has assumed greater significance than the “person-information-secret” first conceived .

In this context, in order to functionalize the right to privacy, there is the personal data protection discipline, which has “ontological postulates identical to the privacy protection: one can say that it is his ‘continuation by other means'”.

Privacy and personal data protection in Brazil

The protection of personal data in the Brazilian legal system performs fractional and sparsely, which goes against a necessarily integrated protection strategy to a right considered fundamental. They also emphasized the problems brought by the globalization of digital services, such as those relating to the jurisdiction when the offense comes from companies and servers located in different regions of the globe.

The 1988 Constitution established the right to privacy in art. 5, X and XI, and predicted habeas data remedies in order to guarantee citizens access to their personal data and their rectification, collected from government records and databases with a public interest. The legal infra-constitutional proceedings of habeas data were regulated by Law No. 9,507, from 1997.

In 1990, the Consumer Protection Code (Law No. 8078) sought to protect the consumer in the face of created databases, especially with the end of credit protection, as seen in arts. 43 and 44. Subsequently, in 2011, with Law No. 12,414, consumer databases’ regulation was supplemented with the treatment of positive entries.

The Civil Code of 2002, in turn, dedicated only art. 21 to discipline the right to privacy, ignoring the notion of personal data protection, which came to be, however, expressly upheld by Law No. 12,965 of 2014 in its article 3, II and III, and other legal provisions.

The Civil Rights Framework for the Internet, Law 12,965 / 2014 defines as one principle of the Internet the user’s right to privacy (art. 5, section II, and art. 8). But art. 11 states that “the collection, storage, custody and treatment of records, personal data or communications by connection or Internet application providers” can only be carried out according to national legislation.

Finally, it is important to mention the important Draft of Personal Data Protection General Law, prepared by the National Consumer Bureau, by the Office of Legislative Affairs from the Ministry of Justice, after  two public debates, conducted through the internet, first in 2010, and then in the first half of 2015.

About the authors:

Diego Carvalho Machado holds a Master degree in Civil Law by Universidade do Estado do Rio de Janeiro. Has a Bachelor degree in Law by Universidade Federal de Viçosa. Is an Associate Professor at FACHI-FUNCESI’s Law School.

Odélio Porto Júnior is an undergraduate law student at Universidade Federal de Minas Gerais, has a scholarship from Clínica de Direitos Humanos of UFMG and is a member of GNet Study Group (Grupo de Estudos Internacionais em Internet, Inovação e Propriedade Intelectual).