Coexistence of laws on data leakage can bring legal uncertainty to companies and citizens

The inclusion of civil liability for data leakage is something very well regulated by the General Data Protection Law (LGPD). However, the subject also happens to be treated in the Civil Code, with the changes that are being made in it and the creation of Digital Law.

Treating the same subject in two different laws or regulations, even if at different levels, may lead to confusion and interpretative difficulties. It is the role of jurists are they lawyers, judges, prosecutors or prosecutors (ODA appease doubts, and the Courts should standardize the understanding of the issues brought to the attention.

The concomitance of laws usually brings legal uncertainty and greater complexity to the lives of citizens and legal entities. However, there is still much to mature, both in Brazil and in other countries, with regard to data leakage. Although the cases that occurred draw a lot of attention, the amount of them is still considered small compared to the flow of data in the world.

The amendments to the Civil Code introduce concepts and rules on the provision of digital services (art. 609), digital assets of the deceased (art. 1791-A), legacy digital assets (art. 1918-A) and some concepts, principles and rules of Digital Law. They deal with the subject of data in several points, such as in Art. 1791-A § 3°, which provides that “ are null and void any contractual clauses aimed at restricting the person's powers to dispose of the data itself, except those that, by their nature, structure and function have limits of use, or disposition.

Criteria are also pointed out to define the legality and regularity of the acts and activities that are developed in the digital environment. This is characterized as the virtual “ interconnected through the internet, comprising worldwide networks of computers, mobile devices, digital platforms, online communication systems and any other interactive technologies that allow the creation, storage, transmission and reception of data and information.

By listing the fundamentals of the discipline called Digital Law, the amended Civil Code indicates “o respect for privacy, protection of personal and property data, as well as informational self-determination”. Already the LGPD is not restricted to regulating the data circulating on the internet, also addressing data processed in internal and external environments of controllers and operators, whether in written, physical or even verbal form.

The modified Civil Code and the LGPD coexist. They are not contradictory. In this way, the Civil Code will serve as a basis for interpreting any gaps in the LGPD. For example, it analyzes the doubt that has arisen about whether the deceased person has the right to data protection. Likewise for the hereditary transmission of data. The LGPD does not address this specific issue, but the changes in the Civil Code make it clear that the deceased has this right.

Otherwise, one can analyze the issue of data leakage. The LGPD is clear when establishing penalties for leakage. The changes of the Civil Code, in turn, establish conceptual definitions for the topic. This happens, for example, when it introduces the guarantee of security of the digital environment, revealed by data protection systems, as a fundamental parameter for the interpretation of the facts that occurred in the digital environment.

The changes in the Civil Code even repeat some predictions of the LGPD, such as the one that talks about data protection being the right of natural persons. It can not be lost sight of that they add to the LGPD the protection of data for legal entities if the facts occur in the digital environment: “They are the rights of people, natural or legal, in the digital environment, in addition to others provided for by law or in documents and international treaties to which Brazil is a signatory: I ' the recognition of their identity, presence and freedom in the digital environment; II ' the protection of data and personal information, in line with the legislation on the protection of personal data;”

 The amended Civil Code also adds predictions concerning brain data, such as: “(...)VI 3 entitled to protection against discriminatory practices, biased from brain data. § 3 Neurorights and the use or access to brain data may be regulated by specific rules, provided that the protections and guarantees conferred on personality rights are preserved

Specifically on the data leak, the new Art. 609-E brought the prediction that “ digital service providers will take measures to safeguard the expected and necessary security for the digital environment and the nature of the contract, in particular against fraud, against malicious computer programs, against data breaches or against the creation of other cybersecurity risks. Sole paragraph. Digital service providers are civilly responsible, in the manner provided for in this Code and by the Consumer Protection Code, for the leaks of information and data of users or third parties.”

In summary, the amendments to the Civil Code repeat or add protections in relation to those established by the LGPD, but always with regard to existing data in the digital environment. The Superior Court of Justice (STF) is the best parameter that can be had when analyzing the case law on data leakage, since all the cases that have appeal will be decided by it, ultimately.

Currently, the STF has decided that the holder of the leaked data must prove the actual damage when seeking compensation. Therefore, the damage is not considered as presumed. If there is no damage, there will be no compensation, although the person responsible may be fined by the ANPD (National Data Protection Authority).

Over the years, it will be possible to observe the practical occurrences so that it can be legislated more efficiently on the subject, without removing the necessary freedom of action of companies in this regard. It should reach a point of balance between prohibitions, penalties and permissions, so that everyone can better enjoy the circulation of data. The understandings on the subject will become uniform as the volume of legal issues are increasing and being put under consideration.