Create Alert The Senate approves the bill on the protection of personal data



[ad_1]

The Senate Plenary approved on Tuesday (10) the Chamber's Bill No. 53, which regulates the protection of personal data and defines the situations in which such data may be collected and processed by the public. was approved according to the content voted in the Chamber of Deputies at the end of May

. Brazil joins several countries in the world that already have legislation in this area. The text now regulates how information is collected and processed, especially in digital media such as personal registration data or even texts and photos posted on social networks. The proposal was last week maintained by the Committee on Economic Affairs (CAE), keeping the contents of the House and indicating the emergency system for the vote in the House. Senator Ricardo Ferraço (PSDB-ES), rapporteur of the bill at the Committee on Economic Affairs, stressed that the regulation of this issue is already a reality in the rest of the world.

. "More than 100 countries have already established laws and guidelines on data protection in the Internet environment." Internet can not be an environment without rules.

Senator Eduardo Braga (MDB-AM), appointed rapporteur for the plenary, defended the importance of the proposal. "In the digital age, data are considered as badets and major equity. The data must benefit from a minimum degree of legal protection. Data flows through the networks and without consent, they end up being marketed, contrary to the constitutional precepts, which guarantee the right to privacy, "he said

" All the entities were involved in the project construction. vote for something that is unanimous, "said Senator Vanessa Grazziotin (PCdoB-AM)." We are living the revolution of social networks. We will now have a regulatory framework that will allow citizens to take action against those who misuse their data, "said Senator Jorge Viana (PT-AC).

UNDERSTANDING THE PROJECT

personal information about an "identified" or "identifiable" person. That is to say that the bill also regulates only one, does not reveal to whom it would be bound (an address, for example) but that, treated with others, could indicate who he is (address combined with age, for example.)

A special category, called "sensitive" data, was created, covering race records, political opinions, beliefs, status health and genetic characteristics. The use of these registers is more restricted because it involves risks of discrimination and other damage to the person. There are also differentiated settings for the treatment of information from children, such as parental consent and prohibition to provide records for participation in applications (such as social networks and electronic games).

Treatment carried out in Brazil or from the collection of data in the country. The standard also applies to companies or entities that offer goods and services or process information from people who are here. So, for example, as much as Facebook collects Brazilian recordings and treats on servers in the United States, it should follow the rules. The international transfer of data (as in the above example) is also allowed provided that the country of destination has a level of protection compatible with the law or when the company responsible for the processing proves that 39: it guarantees the same conditions as contracts or

Treatment for personal, journalistic and artistic purposes has been excluded from the obligations. The processing of information is also not covered by national security, public safety and law enforcement activities. The text indicates that these subjects should be dealt with in a specific law. The public power has also gained the ability to process data without the consent of the people, in certain situations, such as in the execution of public policies. For this, the body must inform on its website in which hypothesis the data processing is carried out, its purpose and what are the adopted procedures.

To collect and process data, a company or entity must request the consent of the owner, who must be free and informed. This authorization must be clearly requested, in a specific clause, and not in a generic way. If a company collects a die for one thing and changes its purpose, it must obtain a new consent. The permission given by someone may however be revoked if the holder so wishes.

The project however provides some situations in which this is not necessary, such as the protection of life, the fulfillment of the legal obligation and health The most controversial exception is called "legitimate interest", which in practice allows one company to collect data for one purpose and to use it for another, from "legitimate purposes" to "from concrete situations". In this case, only "strictly necessary" data can be managed.

Another corporate obligation included in Orlando Silva's report (PCdoB-SP) is to ensure data security, prevent unauthorized access and any form of leakage.

The wording provides for a number of rights for the holder, who may request access to information that a company has – including the purpose, form and nature of the information. duration of treatment – and if there was shared use with another entity and for what purpose. It is also possible to request the correction of incomplete data, the elimination of unnecessary or excessive registrations and portability to another service provider. In other words, the user of an email account can have all his messages if he wants to open an account in another service of this type.

SURVEILLANCE AND REGULATORY BODIES

Silva's report proposes the creation of the National Data Protection Authority, which will be responsible for drawing up additional regulations and the control of obligations provided by law. This authority will have the power, for example, to require reports on the impact of a company's privacy, a document that should indicate how the processing is done, security measures and actions to reduce risks. In other words, if the agency suspects that there is a risk of data processing problems in an enterprise, the report gathers the necessary information for an initial determination. It can also perform an audit, when it is verified on the company's website if the data management is performed correctly.

If an irregularity is found in a processing activity, the authority may apply a series of penalties, including: a fine of up to 2% of the business turnover of the company concerned, with a limit of 50 million reais, blocking or disposal of data processed irregularly and suspension or prohibition of the database or processing activity. The substitute also establishes the National Data Protection Council, composed of 23 representatives of the public authorities, civil society, companies and scientific and technological institutions.

SUPPORTS

The LPC has the support of several entities, such as the Brazilian Association of Broadcasters (Abert)), the Brazilian Association of Broadband Technology Companies information and communication (Brbadcom) and the rights of the coalition in the network, which brings together advocacy organizations of Internet users. But financial organizations such as the Brazilian Federation of Banks (Febraban) and the National Confederation of Insurance Companies

resisted this project. "This project is fundamental to the development of the digital economy in Brazil because it balances the protection of the law." Said the legal director of the Brazilian Association of Information Technology Companies and of communication (Brbadcom).

"This discussion brought together dozens of civil society entities, but also countless Business sector entities, who understood that data protection is a principle that should be guaranteed in Brazilian law, "said Marcos Urupá, Collective Intervozes, a member of Coalition Rights in the Network, which brings together users. 19659024] (function (d, s, id) {
var js, fjs = d.getElementsByTagName (s) [0];
if (d.getElementById (id)) returns;
js = d.createElement (s); js.id = id;
js.src = & # 39; https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11&appId=833474150084573&#39 ;;
fjs.parentNode.insertBefore (js, fjs);
} (document, 'script', 'facebook-jssdk')); [ad_2]
Source link