On June 24th, Privacy Tools held the event “LGPD and Sensitive Data Processing,” part of the online experience series “Privacy Above All.” The discussion featured Aline Deparis (CEO of Privacy Tools), Bianca Kremer (Lawyer and consultant in Digital Law), Raquel Rinaldi (CEO and mentor of LGPD EXPERIENCE), and Dirceu Rosa (Lawyer and Regional Leader for Brazil of IAPP).
Here are some highlights of what the guests brought:
1 - Sensitive data is data that could lead to the stigmatization of a person. in society
These are data that, when linked to an individual, can end up leading to prejudice, for example. This is the case with information related to religion, sexual orientation, political views, health data, etc. Therefore, they must be protected in a reinforced way.
2 - Non-sensitive data can also lead to discrimination.
Dirceu Rosa pointed out during the event that great care must be taken in handling all information. He gave the example of the date of birth: it is not sensitive data under the law, but it can be used in a discriminatory way by a company that does not want to hire older or younger people due to prejudice.
3 - There are cases of affirmative action.
Professor Raquel Rinaldi spoke at the Privacy Tools event about the differentiation, using sensitive data, for positive purposes. This is the case with employment programs aimed at Black or LGBT people, for example. One company that recently carried out this type of action was Magazine Luiza, with its job program for Black professionals. "This purpose is neither illegal nor abusive," concludes Raquel. The Brazilian Labor Code (CLT) itself addresses affirmative action measures, so they are within the law.
4 - Physical documents are also covered by the LGPD (Brazilian General Data Protection Law).
Many healthcare clinics, such as medical and psychological practices, maintain paper files. These often contain sensitive data, primarily information related to people's health. There must be a way to protect this data against leaks and discriminatory use.
5 - There are legal bases beyond consent.
When a person gives consent for the processing of their data, this does not grant unlimited permission to the company or service provider. It was also pointed out during the event that there are other legal bases for data processing, such as the protection of health, for example. The latter is geared towards cases of public health, such as epidemics, etc. Dirceu reinforced that... consent It can be a useful legal framework for healthcare professionals, provided it is managed correctly and with the right tools.
Check out the full recorded event at Privacy Tools YouTube channel.
