Access to public information, in compliance with the constitutional principle of publicity (art. 37 of the Federal Constitution/88) is reinforced by the Access to Information Law (LAI), enshrining transparency as a republican rule. However, in 2018, the Brazilian legal system adopted the LGPD in relation to personal data and privacy, with its normative apex in the enactment of Constitutional Amendment 215, which expressly inserted the fundamental right to the protection of personal data in item LXXIX of art. 5.
In the same period
The STF in five Direct Actions of Unconstitutionality proposed by the Federal Council of the Brazilian Bar Association – OAB (ADI 6387), by the Brazilian Social Democracy Party – PSDB (ADI 6388), by the Brazilian Socialist Party – PSB (ADI 6389), by the Socialism and Liberty Party – PSOL (ADI 6390) and by the overseas data Party of Brazil (ADI 6393) recognized both the fundamental right to the protection of personal data and the right to informational self-determination, precisely in the face of the State, circumstances in which limits were imposed on State action.
In this context, combined with several statements
By Courts of Auditors, such as the TCE of Rio Grande do Sul, the protection of personal data seems, at first glance, to clash with the content of the LAI. This happens because it allegedly moves in the opposite direction, since the transparency of the LAI seeks to reveal information to allow social increase your sales with sales analytics and oversight of public authorities, while the LGPD and other personal data protection and privacy standards impose limits on the disclosure of citizens’ personal data. However, it is important that the LGPD and the LAI find themselves at the balance point of fundamental rights, from a constitutional perspective.
The Access to Information Act
In force since 2011, establishes the basis for more transparent public management, allowing access, as a rule, to government information of collective interest, including that related to legal entities. Section LXXIX of art. 5 of the Federal Constitution and the LGPD also regulate the legal obligation of the controller, even if a public authority, to only process personal data in accordance with such standards. Thus, the LGPD, in addition to being subsequent, has a special character when it comes to the protection of personal data (LIDB, as amended by Law 12,376/2010).
This apparent conflict between
Transparency and privacy is, in fact, a dialogue between the rules. Article 5, item LXXIX, of the Federal Constitution ensures. The protection of personal data as a fundamental right. Reinforcing that any b2c fax processing, especially by the public authorities, must espect for the principles of necessity, purpose and adequacy (art. 23 of the LGPD), as both rights must coexist harmoniously, without one excluding the other, as, in fact, the CGU has already stated, despite the partial disagreement regarding the grounds, at the end of statement 04/2022 according to which “the LAI, Law No. 14,129/2021 (Digital Government Law) and Law No. 13,709/2018 (General Personal Data Protection Law – LGPD) are systematically compatible with each other and harmonize the fundamental rights of access to information, privacy and protection of personal data, with no antinomy between their provisions”.
This balance between transparency
Privacy arises from proportionality, in the sense that any limitation of a right must be justified, necessary and appropriate. The disclosure of public information, therefore, must responsibly. Under penalty of violating the maximum effectiveness of fundamental rights. Since both transparency and the protection of personal data must. Without one becoming an unjustified obstacle to the other.
So much so that the LAI itself already provides, in its article 31, restrictions on access to information that may compromise privacy. The LGPD, and especially item LXXIX of art. 5 of the CF/88, reinforces this protection, ensuring that data subjects have, whenever possible, control over their data. The balance between transparency and privacy is manifested in the need for control measures that guarantee data security without compromising access to information of public interest.