top of page
  • Writer's pictureBrasil Fernandes Advogados

General Protection Data Act (Lgpd) In Brazil And Its Repercussion For Business Activity

We have no doubt that all our activities are based on ceaselessly produced data and that this has opened up a wide range of responsibilities, indicating the need for a proper standard to regulate and protect the fundamental rights and privacy of personal relationships and business.

The expansion of the use of personal data by private companies and public authorities has made Brazilian legislation inefficient to deal with the volume of information processing.

Law no. 13.709 / 2018, represented a landmark of technological advancement since it gave the citizen - the holder ("titular") - the management and empowerment with respect to the informative self-determination of his data.

The art. 18, V of the LGPD[1], provides that the holder of the personal data is entitled to obtain from the controller/company at any time by requesting the portability of their data to another service provider or product, thus preventing the Lock-in[2] effect from occurring, or in other words, that consumers are stuck with a particular offeror.

The conceptualization of personal data adopted by the legislation is broad and can be summarized as any information related to an identified or identifiable natural person. The protection of "sensitive data"[3] is also established³. The latter is related to racial or ethnic origin, religious conviction, political opinion, sexuality, and generic information that are termed "anonymized data"[4] which is usually used for advertising purposes, behavioral profiles and digital media (article 5, X of the LGPD).

This raises the idea that the right to portability in order to achieve the desired ends with the new legislation must be easy, free and secure in order to allow the usability of data efficiently and safely.

The right to portability implies also in competitive discussions, as it is based on the premise that this can facilitate the transfer of data

for the purpose of entering new start-ups in the market and also stimulates competition between existing rivals, which eliminates the old accumulation of data by one player only and opens the barriers for smaller agents.

It is still very recent to outline the effectiveness of the new law and the parameters that will be used for portability, because despite the noble purposes, public and private companies should adapt to this new reality and be fully open to adopting new technological management techniques and legal aspects so that they will not be hampered by the new technical and operational dimension brought in with the LGPD.

[1] Article 18. The holder of the personal data is entitled to obtain from the controller, in relation to the data of the holder treated by him, at any time and upon request: V - portability of the data to another service provider or product, upon express request and observing the commercial and industrial secrets, in accordance with the regulations of the controlling body;

[2] Lock-in is the result of particularities in products or services that make their users dependent on suppliers, preventing them from switching suppliers without substantial additional costs.

[3] Sensitive data: discriminatory potential, special protection.

[4] Anonymous data: Does not contain any identifier


bottom of page