Protection of Personal Data in Brazil


Article 6, Good Faith and Principles


Article 6º – The treatment, processing, of persona data shall observes the good faith and the following principles:

I. - aim, purpose: performer of the treatment for purposes that are rightful, specific, explicit and well informed to the data owner, without possibility of post treatment in a diverse way of the agreed purposes;

II. - proportionality: compatibility of the treatment with the informed purposes, observing the context of the treatment;

III. - necessity: limitation of the treatment to the minimum necessary for the performance of the purposes, including the related data, with proportion and not excess in relation to the aims of the data treatment;

IV. - free access: guarantee, to the data owners, of free and easy access about the form and term of the treatment, as well as the guarantee on the totality of the own personal data;

V. - data quality: guarantee, to the data owners, the precision, the evidence, the relevance and the data update, according to the necessity and the fulfillment of the purposes of treatment;

VI. - transparency: guarantee, to the data owners, evident and precise information about the performance of the treatment and the liable persons for it, as well as an easy access to this data, observing the industrial and commercial secrecy;

VII. - security: use of technical and administrative instruments that are able to protect the personal data from not authorized access and of accidental situations, or protect against criminal destruction, lost, modification, communication or propagation;

VIII. - prevention: implementation of instruments to prevent to against damages originated from the treatment of personal data;

IX. - not discrimination: it is not allowed the treatment of personal data to purposes of unlawful discrimination;

X. - responsibility and accountability: demonstration, by the agent, of the use of efficient instruments that shall be able to prove the compliance and fulfillment of the protection rules of personal data, observing the effectiveness of the adopted measures. 


§14. The last article of the Chapter I is the Article 6, that established as positive law the good faith principle and other – about them we can express:

I. - aim, purpose: “be clear”, asked the naive person to the experienced one. The fair essence of the agreements start with the possibility of all the parts can see all the propositions and facts. A decision take in a dark room can not be a consciousness decision. It is prohibited to lie. And a way of take advantage in a contractual relation is exactly creating a dark point – this is what the law aims to prevent, protecting the data owner, that is a consumer, a citizen. But the present scenario is: if you need an online service, and all the players of this market ask in abusive, and very clear way, your data and access to your device, then it is possible to understand that it is also an issue of antitrust law and consumer law. Is it really possible to protect consumers and citizens from the technocracy of the economical giants – like global tech companies, banks, pharmaceuticals, etc ?;

II. - proportionality: the proportionality is the fair direct connection among the objective and the means to acquirer the goal. So, “please do not use my data in social media to manipulate the political elections in my country“;

III. - necessity: the rule is: limited and strict use of the personal data. The means shall be only the minimum processing necessary to acquirer the purpose agreed;

IV. - free access: is it possible has “free access” in a system that the source code is not open? The Law accepts the creed, the belief, as a rational juridical argument?;

V. - data quality: if data quality is essential to the result of the processing, then data quality is essential to the aim, the purpose;

VI. - transparency: in other words, shall be a channel of communication with the data owner and access to all of the related data. But how the industrial and commercial secrecy can be protected if the only way to know what is happening with my data is when I have the possibility of see how the program works in detail? Open source is the preliminary base for the effectiveness of a data protection law?;

VII. - security: the point here is the “stage of the art”, “the stage of the technique”, that is a juridical concept used to specify in a determined period of time the possibilities of actions according the knowledge available at that moment. Other thing is: there is a security measure, e.g., a DNSSEC – technology that turn harder the subtraction of domains, and this technology instrument is not used by the bank that was target of a hacker attack that redirect the domain of the bank to a false site;

VIII. - prevention: if the damage fact occured, but there was no previous security measure according the available instruments at that time, then we have a different situation of a damage of a “zero day attack” in a system with a setup and design that previously considered security instruments. The person liable for the system, in the case, can be saw as an agent of malpractice;

IX. - not discrimination: if the social media uses information to put energy in a growing Nazism’s movement in some Brazilian city, is it discrimination? Or not?;

X. - responsibility and accountability: the only way to have responsibility and accountability is with transparency. Again I ask: open source is a base to a law on protection of personal data really works in society?


contents | previous | next

All rights reserved. Prohibited to copy and distribute, without permission of Rafael De Conti


CONTACT for legal advice


Rafael De Conti, Rafael Augusto De Conti, Brazilian Digital Lawyer, Cyber Lawyer, Lawyer in Brazil