Protection of Personal Data in Brazil


Article 5, Definitions of the Concepts used by this Law


Article 5 For the purposes of this law, the concepts shall be understand as follows:

I. - personal data: information related to a natural person identified or with potential to be identified;

II. - sensitive personal data: personal data on the racial or ethnic origin, religious conviction, political opinion or philosophy, as well as information related to the health or sexual life, genetic data or bio-metric data, always when concerning to a natural person;

III. - data that becomes anonymous concerning to the subject: data related to a data owner that can not be identified, considering the art of the technique at the moment of the fact;

IV. - data base: structured collection of personal data, based in one or more places, in material or electronic support;

V. - original data bearer (or data holder, or data owner, or data subject): natural person related with the data under treatment;

VI. - controller: natural or juridical person, of public or private law, that can decide, judge, about the treatment of personal data;

VII. - operator, processor: natural or juridical person, of public or private law, that performers the treatment of personal data in the name of the controller;

VIII. - commissioner, officer: person referred by the controller and the operator to act as communication channel between the controller, the data owner and the National Authority of Data Protection (ANPD);

IX. - treatment agents: the controller and the operator;

X. - treatment, processing: every operation performed with personal data, such as, but not limited to, the collection, production, reception, classifying, using, access, copy, transmission, distribution, processing, filling, exclusion, rating or the control of the information, transformation, communication, transfer, diffusion or extraction;

XI. - anonymization: uses of reasonable technical means, available in the time of the treatment, by which one data loses the possibility of association, direct or indirectly, with an individual;

XII. - consent: free expression, in a well informed and unambiguous way, by which the data owner agrees to the treatment of its personal data for a determined aim;

XIII. - blockade: temporary suspension of any operation of treatment, by the storing of the personal data or the data base without their uses;

XIV. - exclusion, deleting: exclusion of data or the collection of data stored in data bases, independently of the used processing;

XV. - international transfer of data: transfer of personal data to a foreigner country or international organism of which the country is a member;

XVI. - shared use of data: communication, propagation, international transfer, inter-connection of personal data or shared treatment of personal data bases by organisms and public entities in the fulfillment of its legal competencies, or among these and private entities, with reciprocity, and with specific authorization, for one or more types of treatment allowed by these public entities, or between private entities;

XVII. - impact report on the protection of personal data: documentation of the controller that has a description of the process of treatment of personal data that can generate risks to the civil freedoms and to fundamental rights, as well as instruments and mechanisms to mitigate risks;

XVIII. - organism of research: organism or entity of the public administration, direct or indirect, or juridical entity of private law, without economical aims, legally incorporated under the Brazilian Laws, with headquarters and jurisdiction in Brazil, that includes in their institutional mission, or in their entities purposes, the basic or applied research of historical, scientific, technological or statistical characters.

XIX. - national authority: organ of the public administration liable to take care, implement and supervise the fulfillment of this Law in all Brazilian territory. 


§13. The Definitions of the Concepts used by this Law are given this Article 5, and about them we can express, respectively:

I. - personal data: but what data is not personal if its origin is the private sphere? The data about a pet of a family is personal data? The data about habits of consumers exchanged between two juridical entities is personal data? The data of the Commercial Boards of Brazil, about the quota-holders and shareholders of juridical entities, are personal data?;

II. - sensitive personal data: sensitive data is the information that can be strategically used to control the person. If I know your political opinion I can guides you more easily trough specific contents. If I know about your health or sexual life I can easily sell you products that fits perfectly with your needs and desires. If I know your genetic data I can classified you in a group that can be directed to make more or less babies;

III. - data that becomes anonymous concerning to the subject: the only way to became an identified data in a not-identified one is to deleting the way that identifies the origin of the data. If the way is stored in some place, then the data can not be considered absolutely anonymous;

IV. - data base: is it possible a data base that is not structured? Is it possible do a data mining without a previous structuring?;

V. - data bearer (or data holder, or data owner): in the future robots also will have the status of data bearer?;

VI. - controller: can machines do decisions, instead of humans, about personal data treatment?;

VII. - operator: this separation among the controller and operator can be dangerous? Can the operator, in practice, control the controller?;

VIII. - commissioner: intermediates turns the relation more or less expensive in an economical perspective? Agents theory?;

IX. - treatment agents: persons with different knowledge is the key to divide the power?;

X. - treatment: what does data a very special good is how easy is today to copy and to reproduce the data. Add, change, delete, transfer all these operations, in the digital world, are made in an almost instantaneously way;

XI. - anonymization: notes that the true anonymization process only happens when the connection with the origin of the data is excluded. Then it is possible gives to a person a number of identity, but as next act, the original referrer to that person shall be deleted;

XII. - consent: observes that the degree of enlightenment is related with the background culture and knowledge of whom gives the consent. In the traditional juridical system this is related to the good faith as a base of agreements. How I can make good choices for me if I can not see and understand correctly the environment in where I am choosing?;

XIII. - blockade: who can ask to block?;

XIV. - exclusion: who can ask to delete? Only the owner of the data, or also the State?;

XV. - international transfer of data: Is the data a new element of the determination of jurisdiction?;

XVI. - shared use of data: The shared use implies in common liabilities?;

XVII. - impact report to the protection of personal data: Considering that civil freedoms and fundamental rights can be object of different moral perspectives, is it possible different reports on the same facts?;

XVIII. - organism of research: the results of the data processing did by an organism of research can be used for economical purposes without the incidence of this law on this last user of the data?; and

XIX. - national authority: what are the limits to a national authority not become a censorship organism? Can a national authority of data protection uses the data base of a company for purposes of national interest?


contents | previous | next

All rights reserved. Prohibited to copy and distribute, without permission of Rafael De Conti


CONTACT for legal advice


Rafael De Conti, Rafael Augusto De Conti, Brazilian Digital Lawyer, Cyber Lawyer, Lawyer in Brazil