See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/365903483

Personality Rights in Brazilian Data Protection Law: a historical perspective

Chapter · July 2022

CITATIONS READS

0 183

2 authors:

Rafael A. F. Zanatta Danilo Doneda

Data Privacy Brasil IDP
67 PUBLICATIONS 93 CITATIONS 54 PUBLICATIONS 895 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Rafael A. F. Zanatta on 01 December 2022.

The user has requested enhancement of the downloaded file.

Ius Gentium: Comparative Perspectives on Law and Justice 96

Marion Albers
Ingo Wolfgang Sarlet Editors

Personality and
Data Protection
Rights
on the Internet
Brazilian and German Approaches
Ius Gentium: Comparative Perspectives on Law
and Justice

Volume 96

Series Editors
Mortimer Sellers, University of Baltimore, Baltimore, MD, USA
James Maxeiner, University of Baltimore, Baltimore, MD, USA

Editorial Board
Myroslava Antonovych, Kyiv-Mohyla Academy, Kyiv, Ukraine
Nadia de Araújo, Pontifical Catholic University of Rio de Janeiro, Rio de Janeiro,
Brazil
Jasna Bakšic-Muftic, University of Sarajevo, Sarajevo, Bosnia and Herzegovina
David L. Carey Miller, University of Aberdeen, Aberdeen, UK
Loussia P. Musse Félix, University of Brasilia, Federal District, Brazil
Emanuel Gross, University of Haifa, Haifa, Israel
James E. Hickey Jr., Hofstra University, South Hempstead, NY, USA
Jan Klabbers, University of Helsinki, Helsinki, Finland
Cláudia Lima Marques, Federal University of Rio Grande do Sul, Porto Alegre,
Brazil
Aniceto Masferrer, University of Valencia, Valencia, Spain
Eric Millard, West Paris University, Nanterre Cedex, France
Gabriël A. Moens, Curtin University, Perth, Australia
Raul C. Pangalangan, University of the Philippines, Quezon City, Philippines
Ricardo Leite Pinto, Lusíada University of Lisbon, Lisboa, Portugal
Mizanur Rahman, University of Dhaka, Dhaka, Bangladesh
Keita Sato, Chuo University, Tokyo, Japan
Poonam Saxena, University of Delhi, New Delhi, India
Gerry Simpson, London School of Economics, London, UK
Eduard Somers, University of Ghent, Gent, Belgium
Xinqiang Sun, Shandong University, Shandong, China
Tadeusz Tomaszewski, Warsaw University, Warsaw, Poland
Jaap de Zwaan, Erasmus University Rotterdam, Rotterdam, The Netherlands
Ius Gentium is a book series which discusses the central questions of law and
justice from a comparative perspective. The books in this series collect the
contrasting and overlapping perspectives of lawyers, judges, philosophers and
scholars of law from the world’s many different jurisdictions for the purposes of
comparison, harmonisation, and the progressive development of law and legal
institutions. Each volume makes a new comparative study of an important area of
law. This book series continues the work of the well-known journal of the same
name and provides the basis for a better understanding of all areas of legal science.
The Ius Gentium series provides a valuable resource for lawyers, judges,
legislators, scholars, and both graduate students and researchers in globalisation,
comparative law, legal theory and legal practice. The series has a special focus on
the development of international legal standards and transnational legal
cooperation.

More information about this series at https://link.springer.com/bookseries/7888

Marion Albers · Ingo Wolfgang Sarlet
Editors

Personality and Data

Protection Rights
on the Internet
Brazilian and German Approaches
Editors
Marion Albers Ingo Wolfgang Sarlet
Faculty of Law Law School
University of Hamburg Pontifical Catholic University from Rio
Hamburg, Germany Grande do Sul
Porto Alegre, RS, Brazil

ISSN 1534-6781 ISSN 2214-9902 (electronic)

Ius Gentium: Comparative Perspectives on Law and Justice
ISBN 978-3-030-90330-5 ISBN 978-3-030-90331-2 (eBook)
https://doi.org/10.1007/978-3-030-90331-2

© Springer Nature Switzerland AG 2022

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of
the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology
now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book
are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or
the editors give a warranty, expressed or implied, with respect to the material contained herein or for any
errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional
claims in published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Personality Rights in Brazilian Data
Protection Law: A Historical Perspective

Danilo Doneda and Rafael A. F. Zanatta

Abstract This chapter traces the influence of personality rights and European legal
thought in the development of data protection law in Brazil. We argue that the
Brazilian Data Protection Law enacted in 2018 is grounded on a solid legal tradition
of civil law. In order to demonstrate this argument we trace how Brazilian lawyers
took advantage of European legal thought in the 20st century and how the concept
of personality rights was intellectually constructed. We also argue that personality
rights had an important role in legal struggles during the Brazilian civil-military
dictatorship (1964–1985). The chapter also presents new data about the history of
data protection in Brazil.

1 Introduction

The enactment of the first Brazilian data protection legislation in August 2018 was
the culmination of a process dating back to 2010, when earlier versions of its text were
submitted to public comments on the Internet. First conducted by the federal govern-
ment and later by the Brazilian parliament, the development of the text received
reasonable feedback from society following a path already taken by another piece
of legislation, the Internet Civil Rights Framework (known as the Marco Civil da
Internet 1 ). Both these statutes form the backbone of the Brazilian legal framework
for the information society, together with other legislation regarding issues ranging
from access to information to intellectual property.

D. Doneda
Public Law Institute of Brasília (IDP), Brasília, Brazil
R. A. F. Zanatta (B)
University of São Paulo, São Paulo, Brazil
1 Law 12.965 of 2014.

© Springer Nature Switzerland AG 2022 35

M. Albers and I. W. Sarlet (eds.), Personality and Data Protection Rights on the Internet,
Ius Gentium: Comparative Perspectives on Law and Justice 96,
https://doi.org/10.1007/978-3-030-90331-2_3
36 D. Doneda and R. A. F. Zanatta

The particular kind of collaborative process which resulted in the General Data
Protection Law (known as LGPD2 ) and the Marco Civil made both of them partic-
ularly sensitive to some demands from society, which contributed to their final text.
However, while the Marco Civil was a brand-new framework built almost from
scratch and from references to specific topics—there was no other law of this kind,
combining privacy, net neutrality, and intermediary liability—, LGPD had a previ-
ously existing set of legal frameworks to relate to. Data protection is currently a
well-established legal subject and field in several other legal systems—particularly
the continental European legal system, from which the Brazilian one derives—with
its own set of concepts and standards which are much easier and more rational to
adapt to than to contrast.
In this sense, the process that resulted in LGPD took into consideration not merely
the need to include data protection concepts and standards in Brazilian law but also
the dialogue with current Brazilian legislation and legal tradition. We argue that the
rationale of data protection, which is the protection of citizens regarding the possible
effects of the processing of their data, is coherent with the tradition of personality
rights, already well-established in Brazilian law.3 We therefore aim to identify the
significance of personality rights in the shaping of the new legislation, in histor-
ical perspective, and to stress the intersection points between LGPD provisions and
personality rights, recognizing that the strength of this relationship is very important
for a complete and necessary translation of the dogmatics of data protection (fairly
new to the country’s legal tradition) into the Brazilian legal framework.

2 Personality Rights and the Role of European Legal

Thinking in Brazilian Law

Personality rights play a key role in the structuring and shaping of the Brazilian data
protection framework. This section explores aspects of the history of Brazilian private
law, the influence of European legal thinking on Brazilian legal scholarship during
the nineteenth and twentieth centuries, and the challenges of protecting individuals
during the civil-military government (1964–1985). We argue that the constitution of
1988 was influenced by previous struggles for the right to privacy and the doctrine
of personality rights.

2 LGPD stands for Lei Geral de Proteção de Dados Pessoais in Portuguese.

3 Cf. also Sarlet (2022), in this volume; Molinaro and Ruaro (2022), in this volume.
Personality Rights in Brazilian Data Protection Law … 37

2.1 Legal Formants of Brazilian Private Law

It is difficult and tricky to compare legal systems.4 Despite their similarities, the task
of comparing the Brazilian and the European systems must also take into account that
there is no complete singularity and uniformity in European Union law. However, it
might be useful to bring back Rodolfo Sacco’s methodological approach of “legal
formants”5 to discuss “hidden similarities” and “metalegal formants” present in the
Brazilian legal system. As advocated by Sacco, comparative approaches to legal
studies should focus not only on written law and explicit legal rules, but should aim
at “highlighting structural regularities that would otherwise pass unobserved.”6
Instead of speaking of legal rules, according to Sacco, “we must talk instead
of the rules of constitutions, legislatures, courts, and, indeed, of the scholars who
formulate legal doctrine.”7 By applying this methodology to personality rights and
personal data protection, this means that we should move beyond a mere description
of rules and the topography of law. We must evaluate the consistency of what is in
the code compared to what the courts apply (law in books vs. law in action) and the
legal formants, that is the living law, which is, in a sense, underground and barely
seen, and consists of statutory rules, the formulations of scholars (and their main
intellectual inspirations), and the decisions of judges. As argued by Sacco, a merely
topographic analysis of law (e.g. the differences between Codes or positive law) does
not take into account the deep structures of legal thinking, like the role of scholarship
in decision-making and the interplay between the knowledge produced by Court in
the process of ruling a hard case and the positive law.
One important feature of the Brazilian legal system is the adoption of the civil
law tradition and the codification of private law that culminated in the first Brazilian
Civil Code of 1916, which was highly influenced by the European legal tradition and
the work conducted by French, German, and Italian legal elites. Nevertheless, the
role and meaning of civil codes changed substantially during the twentieth century.
Judith Martins-Costa, writing in 1998, claimed that the Civil Code does not have
as a paradigm the structure of a “perfect model designed by the wise” capable of
predicting all kinds of fattispecie (an ensemble of factual elements that are governed
by a certain legal norm) and following sets of beliefs of nineteenth-century jurists.
The inspiration for contemporary civil codes, according to Martins-Costa, is clearly
the “open models” of constitutions, with the adoption of open clauses (clausulas
gerais). In any case, if we consider the historical development of Brazilian private
law, the influence of the “codification movement” proves to be strong. Caio Mario da
Silva Pereira, one of the leading private-law jurists in the twentieth century, stresses
the importance of the open model and, after recognizing the importance of the codi-
fications in Prussia, France, and Austria in the late eighteenth and early nineteenth
centuries in his work “Instituições de Direito Civil,” observed that “the establishment

4 Cf. also Kotzur (2022), in this volume.

5 Sacco (1991), pp. 1–34.
6 Sacco (1991), p. 5.
7 Sacco (1991), p. 21.
38 D. Doneda and R. A. F. Zanatta

of codified principles”8 allows law to evolve through systematic reasoning and legal
interpretation.
The Brazilian legal system was strongly influenced by the colonial Portuguese
legal model and the regulation of public and private life through the Ordenações. Even
after the Declaration of Independence in 1822, legal and political elites sustained the
enforcement of the Ordenações Filipinas and began considering the enactment of a
Civil Code.9 However, according to Caio Mario da Silva Pereira, the turning point
was the decision of the imperial government in 1855 to consolidate Brazilian civil
law. Augusto Teixeira de Freitas worked on this project from 1859 to 1867 and
delivered his draft of the Civil Code, strongly influenced by concepts developed in
German legal theory.10 This Draft was divided into a general part and a special one.
Dogmatics began to play a new role with the theoretical work Consolidação das
Leis Civis written by Teixeira de Freitas. In this influential work of dogmatics and
private law, Teixeira de Freitas made a clear distinction between direitos reais (legal
relationships among a person and a thing) and direitos pessoais (legal relationships
among people). Even if his framework did not reach what we would later identify as
personality rights, whose conceptualization was still at a very early stage at that time,
the notion of an obligation of satisfaction or compensation if personal rights were
violated or offended was to become the general concept that would be associated
with several legal instruments aimed to protect the individual.
It is not our goal to provide a history of personality rights in Brazil. We would
like to stress, instead, that personality rights were influenced by this dual movement:
the codification that started with Teixeira de Freitas and culminated with the Civil
Code of 1916 and the role of “legal dogmatics”11 in civil law, highly influenced by
German legal theory in the beginning, and later by Italian and French civil law.12
These elements are part of the Brazilian “legal formants” and must be considered in
any comparative analysis.
According to Orlando Gomes, Brazilian jurists such as Rubens Limongi França,
author of Direitos da Personalidade, took up the concept of “personality rights” in
the form proposed by legal theorist Otto von Gierke, who firmly believed that the
Roman distinction between private and public law could not be sustained, considering
that “private law, though it cares foremost for individual interests, must serve the

8 Pereira (2011), p. 66.

9 Pereira (2011), pp. 66–69.
10 Reis (2015), pp. 181–222.
11 Legal dogmatics (Rechtsdogmatik or dogmatica giuridica) is used here as a synonym of legal

scholarship, a type of knowledge about concepts and structures of law aimed at decision-making
actors. “Legal dogmatics” is also explained by MacCormick: “What may be called normativist
approaches to jurisprudence, most notable among them the Pure Theory of Law of Hans Kelsen,
provide a theory of knowledge for legal dogmatics in this traditional style. Such theories seek
to expound the presuppositions behind the kind of descriptive statements of law, or descriptively
normative statements, which black letter lawyers expound. They also try to work out and account
for the internal logical and conceptual structures which give legal dogmatics a rational form.”
MacCormick and Weinberger (2013), p. 2.
12 Gomes (1966), pp. 39–48.
Personality Rights in Brazilian Data Protection Law … 39

common goal,” and that “public law, though it looks first to the whole, must be just
toward individuals.”13 Gierke defended the notion that private law should preserve
the “inviolable sphere of the individual” but also promote community. The idea about
“the social role that private law should play” strongly influenced Orlando Gomes. In
1889, Gierke defended the idea that “private law must use the means at its disposal
first and foremost to guarantee and protect the personalities of individual people,
to both acknowledge and limit the rights of personality (rights of the individual)
in their general and equal manifestation, in their condition as being members of a
community, with their unique eccentricities, and in their individually acquired or
otherwise attained development, to use civil obligations next to criminal sanctions to
vindicate rights where they are harmed, and to secure compensation and redress.”14
In his classic essay Direitos da Personalidade, Gomes agrees with Gierke and
claims that “personality rights are absolute, extrapatrimonial, non-transferable, non-
prescriptable, vital and necessary.”15 However, to Gomes, they are more than the
rights to life and freedom. They are “subjective private rights” aimed at the “develop-
ment and expansion of the physical and spiritual individuality of the human person.”16
In his essay, Gomes calls for an agenda of dogmatic studies on personality rights,
claiming that his peers “continue to live in the past century” and that it is the task of
the young generation to “demonstrate sensitivity for these issues.”
Personality rights were first introduced in Brazilian law as a concept associated
with “an ensemble of attributes particular to the human condition,” as professor San
Tiago Dantas said in his lectures in the 1940s,17 or special human manifestations
whose protection is necessary for the normal development of persons. Brazilian legal
tradition on personality rights turned out to reflect a strong influence from Italian
legal doctrine, mainly from Adriano De Cupis, who in 1950 formulated a concept
of personality rights as a set of rights whose absence would make legal personality
void of any concrete value; this concept is still widely mentioned and used. In other
words, its absence would make all other subjective rights practically useless for the
individual; in broad terms, for De Cupis, personality rights could mean a set of
essential rights.18 While these rights began to be observed in case law, basically due
to the development of cases regarding damages to image, honor, or other personality
rights,19 the debate continued in Brazilian private law.
In 1979, Fabio Maria de Mattia returned to the issue in his article Direitos
da personalidade and claimed that the Brazilian debate was highly influenced
by late nineteenth-century German legal theory—which created concepts such as
Personalitätsrechte and Persönlichkeitsrechte—and the experience of the Italian and
Portuguese civil codes. Mattia, clearly influenced by Orlando Gomes and Rubens

13 Gierke (2016), p. 6.
14 Gierke (2016), p. 7.
15 Gomes (1966), p. 42.
16 Gomes (1966), p. 43.
17 Santiago Dantas (2001).
18 De Cupis (1950).
19 Santos (1997).
40 D. Doneda and R. A. F. Zanatta

Limongi França, claimed that “personality rights are an autonomous category within
the subjective rights, considering that this autonomy comes from the essential char-
acter that they present because of the special character of their object and the
singularity of its content.”20 For Mattia, postwar constitutions such as the German
Grundgesetz, approved in May 1949, conceptualized dignity, stating that human
dignity must not be violated and that is the role of the state to protect it. Matta
mentions Article 2 of the German Constitution: “every person shall have the right to
free development of his personality insofar as he does not violate the rights of others
or offend against the constitutional order or the moral law.”
European law played a substantial role in the theoretical development of person-
ality rights in Brazil. It becomes easier to understand the influence of European legal
theory if one accepts the role of dogmatics and civil codes as part of the Brazilian
“legal formant.”

2.2 The “Social Turn” in Brazilian Law: Instrumentalism

and Authoritarianism

In order to fully understand the development of data protection law in Brazil, it is

important to observe two transformations in twentieth-century legal theory. The first
one was briefly described above, namely the emergence of “dignity” as a key concept
in post-World War II constitutions. The second one is the so-called “social turn” of
civil law and the relationship between constitutions and the generation of principles
that have profound effects on private law.
The “social turn” was proclaimed during the 1960s in Brazil by civil lawyers
such as Orlando Gomes, based on the contributions of European legal theory and
socialist approaches to the welfare state. Gomes was also influenced by Ripert (1880–
1958), author of Le régime démocratique et le droit civil moderne, who noticed
that democracy and private law emerged in a dialectic process in which civil law
merged with the “democratic spirit” based on solidarity, social progress, and the
socialization of private law. As noted by José Reinaldo de Lima Lopes and Paulo
Garcia Neto, the Brazilian critique of the liberal state and classic forms of legal
reasoning involved many pressing issues (e.g., the problem of poverty and labor
relations, the problems of the relation between government and business corporations,
the problem of development and using law as an instrument to foster economic
growth, and the problem of traditional property doctrine as an obstacle to agricultural
reform), in which the “social turn”21 of civil law was just one component.
During the 1960s and 1970s, many Brazilian jurists wrote about the “decay of legal
individualism” and the “role of the socialization of law”22 together with state inter-
ventionism. However, as noted by many legal scholars who studied the effects of legal

20 Matta (1979), p. 252.

21 Lopes et al. (2009).
22 Tácito (1959), pp. 1–28.
Personality Rights in Brazilian Data Protection Law … 41

instrumentalism in Brazil, such as John Henry Merryman,23 David Trubek,24 and

José Eduardo Faria,25 the civil-military coup of 1964 deeply transformed Brazilian
society and legal institutions. The “social turn” of law was also subverted. Instead
of advancing the idea of democracy and private law, the Brazilian “social turn” was
captured by an instrumental approach to law. State interventionism and develop-
mental industrial policies combined with authoritarianism, wiping out fundamental
rights. Indeed, the military used the constitution and the narratives of “protection
of democracy” to eliminate left-wing political groups and opponents of the military
regime created in 1964.
After the infamous Ato Institucional n. 5 of 1969, which eliminated fundamental
rights such as due process in criminal law and habeas corpus, activists and lawyers
began to organize the defense of civil rights especially through the Brazilian Bar
Association (Ordem dos Advogados do Brasil) and major political parties such as
the Movimento Democrático Brasileiro (MDB). Raymundo Faoro, the leader of the
Ordem dos Advogados do Brasil during the 1970s, began complex negotiations with
the military for the return of these civil and political rights. There was also a growing
movement of human rights activists working on a global scale to protect left-wing
citizens who were tortured and imprisoned.
The literature about this period of the Brazilian history is very rich, and it shows
that activists,26 lawyers,27 diplomats, and politicians were able to shape a new agenda
for the return of democracy and the creation of a new constitution.28 After the oil
crisis and the global economic instabilities in the 1970s, the Brazilian government
lost economic power. The “Brazilian economic miracle” was over, and this opened
up space for a process of “redemocratization” of the country. In this process, legal
elites were able to import European theories of “fundamental rights” and apply them
in Brazil, influencing the work of the Constituinte, the political group in charge of
drafting a new federal constitution for the Brazilian Republic. The resulting Brazilian
Constitution of 1988, among other characteristics, presented several provisions which
favoured the incorporation and enforcement of personality rights as well as advanced
towards their enforcement. The framework of a workable theory of personality rights
in Brazilian law have reached its maturity, as a milestone article by Gustavo Tepedino
demonstrates (Tepedino 1999).

23 Merryman (1977), pp. 457–491.

24 Trubek (1972), pp. 1–50.
25 Faria (1981).
26 Pilatti (2008).
27 Barroso (1998), pp. 1–25.
28 Faoro (1981).
42 D. Doneda and R. A. F. Zanatta

2.3 The First Attempts Toward a Brazilian Data Protection

Law and the Fight Against a National Identification
System

In 1975, the military government presented the project of a Unified Biometric Iden-
tification System (Registro Nacional de Pessoas Naturais—RENAPE) for the whole
country. This happened during the peak of Brazilian state interventionism when
industrial policy focused on technology and the rising “information economy.” The
military had created public firms such as Serpro (Serviço Federal de Processa-
mento de Dados) and wanted to invest in public policy projects that would generate
demand for these firms. The idea was to unify many different databases—Registro
Geral, Cadastro de Pessoa Física, and Inscrição no Instituto Nacional de Seguridade
Social29 —into one database with biometric information about all citizens. Providing
the data would be mandatory for all citizens, feeding the database of the public firm.
A group of sociologists, engineers, and computer scientists resisted and published
texts and manifestos against the biometric system in specialized magazines and jour-
nals. Professionals of other technology firms such as IBM also protested and claimed
that a Unified Biometric System was unsafe and potentially harmful. In 1977, these
activists turned to the French Data Protection Law as a model for Brazil. A few months
after the proposal of the French legislation, Brazilian Congressman José Faria Lima
(a liberal politician from a wealthy family based in São Paulo and from the govern-
ment’s political party, Arena), proposed a draft bill for a General Data Protection
Law.30 The draft bill stated that data collection processes required consent from citi-
zens. The draft bill also adopted a set of principles for the processing of personal
data both by the private and the public sector. It also proposed the creation of a Data
Protection Authority, following the model of the French Commission Nationale de
l’Informatique et des Libertés (CNIL). At almost the same time, Senator Nelson
Carneiro, from MPB, proposed a draft bill to the Senate on the “protection of
computer information.”31 Both draft bills were rejected by the National Congress.
In 1977, the liberal newspaper Estado de São Paulo published a series of articles
against the Registro Nacional de Pessoas Naturais (RENAPE). President Geisel and
the military defended the project and had the support of the Ministry of Justice.
Intellectuals and professionals from the tech sector criticized the project and used
specialized journals such as Revista Dados to mobilize against it. As argued by Estado
de São Paulo, the project “represented not only a threat to the citizen, in his privacy
and liberty, but also a threat to capitalism itself.”32 In the article “Threat to Privacy, the
Greatest Criticism of the Project,” sociologist Maria Tereza de Oliveira argued that

29 Registro Geral could be translated as General Identifier. It is a document provided by the Secre-
tariat of Security. Cadastro de Pessoa Física could be translated as Individual Registration and it
is used for fiscal purposes. INSS could be translated as Social Security Number and it is used for
labor law benefits and pension system.
30 Draft Bill PL 4.365, proposed in 1977.
31 Senate Draft Bill 96 of 1977.
32 ‘Em estudos, identidade única’, Estado de São Paulo, 09 September 1977, p. 18.
Personality Rights in Brazilian Data Protection Law … 43

the right to privacy was protected by Article 12 of the Universal Declaration of Human
Rights33 and that this international standard should be followed in Brazil.34 Oliveira
also argued that many European countries such as Belgium, Italy, and Germany
had opposed national registration similar to that proposed in Brazil. She argued
that huge databases about citizens conflicted with democratic values and generated
incentives for a less active society because of the chilling effects of control and
constant monitoring.
Writing in 1979 for Estado de São Paulo, Ethevaldo Siqueira also criticized the
military project and argued that “privacy involves all the forms of protection of
the individual, the person, his home, his family, his ideas, his lifestyle, his right to
isolate himself and escape from external interference.” For Siqueira, “there is no
public interest that can justify the systematic violation of human privacy.”35
The same year, René Ariel Dotti gave a speech about the right to privacy in Brazil at
the annual meeting of the Brazilian Bar Association. Based on the French legislation
and the work of Alan Westin in the United States, Dotti argued that “the atmosphere
of oppression was taking over the country, making use of advanced technology”.
For Dotti, RENAPE was to be prohibited just like a similar database was in Portugal
because it was, just like in Portugal, a national database that violated the fundamental
right of privacy of citizens. In his speech about the “normative treatment of private
life,” Dotti argued that Brazil was to use informatics to benefit citizens and that the
“right to privacy should be guaranteed by the constitution.”36 Also, Portugal and
Spain were to be inspirations for Brazil.
Despite the failed attempt of a General Data Protection Law in 1977, the discussion
about the right to privacy was strengthened and RENAPE was defeated. Nonetheless,
initiatives aiming to draw up a data protection framework in Brazil continued: Repre-
sentative Cristina Tavares (PMDB) presented Draft Bill 4646 in 1984 on the Right
to Privacy and Personal Databases, and representative José Jorge (PDS) presented
Draft Bill 4766, also in 1984, on the Right to Privacy and Access to Databases.
In the following years, after the military government had abandoned the RENAPE
project, the Constituinte began working on a new set of rights such as habeas data
(the right to know information about yourself held by a public official or department).
From 1986 to 1988, members of the Constituinte discussed the fundamental rights
of Brazilians and approved a new constitution, which stated that the “right to inti-
macy and private life” was a fundamental right. It also included an article about the
fundamental right of access to information, guaranteed by the writ of habeas data.

33 Article 12. No one shall be subjected to arbitrary interference with his privacy, family, home
or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the
protection of the law against such interference or attacks.
34 We thank Jacqueline Abreu (University of São Paulo Faculty of Law) for gathering data and

kindly sharing her research on the right to privacy in Brazil. She searched the archives of Estado
de São Paulo and found many articles and news items critical of the Registro Nacional de Pessoas
Naturais.
35 Siqueira (1979), p. 24.
36 Dotti (1980), pp. 145–155.
44 D. Doneda and R. A. F. Zanatta

These legal innovations formed the bedrock of the Brazilian system of data protec-
tion. During the 1990s and 2000s, this system evolved into a “patchwork model” of
different rules on data protection.37 In the 2010s, the Brazilian Congress finally
harmonized the normative system into a coherent General Data Protection Law. The
next section explores this transformation.

3 Personality and Data Protection Rights in a Fragmented

Set of Legislation

In the previous section, we explored the evolution of Brazilian private law and the
struggles to establish constitutional protections for data privacy. In this section, we
show that the normative system of personal data protection benefited from a complex
process of unifying a fragmented set of legislation that was created over 20 years.
We also argue that personality rights are clearly present in the Brazilian General
Protection Law.

3.1 The “Principle of Consent” in Fragmented Legislation

After the constitutional reform of 1988, Brazil initiated its economic opening to
international markets and the construction of a “regulatory state”38 based on the
experience of the United States of America and many European and Latin Amer-
ican countries.39 The governments of Fernando Collor (1990–1992), Itamar Franco
(1993), and Fernando Henrique Cardoso (1994–2002) were dedicated to the recon-
struction of the Brazilian state, the creation of a strong internal market with interna-
tional standards of consumer rights (guaranteed by the Code of Consumer Defense
of 1990), and the creation of regulatory agencies with normative power. These agen-
cies were designed to regulate specific markets, promote competition, correct market
failures, and protect consumers.
The first law that dealt with issues of personal data protection after the constitu-
tion of 1988 was the Code of Consumer Defense (Federal Law 8.078/1990), which
includes a specific chapter on databases and profiles of consumers. The law states
that private firms are free to create consumer reports, profiles, and methodologies to
assess risks. However, consumers have the basic right to access information about
themselves. There is a basic right to retrieve information about what kinds of data are

37 Brazilian legal scholarship since the mid-2000s has pointed to the limits of this patchwork,
defending a comprehensive approach to personal data protection. See Doneda (2006). See also
Limberger (2007).
38 Prado (2012), pp. 300–326.
39 Dubash and Morgan (2012), pp. 261–281.
Personality Rights in Brazilian Data Protection Law … 45

used in these profiles and databases. There is also a right to have incorrect information
corrected and to delete data about payments of bills after five years.
The Law of Bank Secrecy (Complementary Law 105/2001) also imposed a series
of obligations on banks and financial institutions that work with their clients’ personal
data.40 The law says that consumers must consent to data collection processes and
that private firms have the obligation not to reveal (or not to share with third parties)
the personal data they possess.
Sharing of financial data is also covered by the Code of Consumer Protection. An
important case involving HSBC bank and decided by the Superior Court of Justice
in 2017 addressed the relationship between consent and bank secrecy.41 According
to the court, when people sign a credit card services agreement, they have the right
to choose whether or not to authorize their personal data and financial information
being provided to other companies, even if they are partners of the company admin-
istrating the credit card services agreement. For this reason, the imposition of the
authorization in an adhesion contract is considered abusive and violates the principles
of transparency and trust in consumer relations. In deciding the case, Justice Luis
Felipe Salomão pointed out that, among basic consumer rights, protection against
unfair terms in the provision of products and services is one of the most important
provisions of the Consumer Protection Code (CDC).42 By breaching the principles
of transparency and trust in consumer relations, Luis Felipe Salomão considered
it abusive if the credit card service does not offer the customer the possibility of
rejecting the sharing of data. For the Justice, the transfer of information, in addition
to making the client vulnerable, is not essential for the execution of the contracted
service.
Sector-based regulatory norms also guaranteed the right of consent for personal
data collection and a series of obligations for those who process these data.43 The
Telecommunications Act (Law 9.476/1997), for example, stated that consumers of
telecommunication services must consent to data collection processes. Telecom-
munication operators must also handle their customers’ personal data with care.
There is a breach of law, enforced by the Agência Nacional de Telecomunicações
(Federal Agency of Telecommunications), if this information is shared with third
parties without the customers’ consent. The same rule applies to the sectors of
energy (Agência Nacional de Energia Elétrica—Federal Agency of Electricity) and
supplementary health (Agência Nacional de Saúde—Federal Agency of Health), for
example.
In 2010, the company Oi S.A. started to map Internet access habits of users of the
Velox service without their consent. Called a Navegador, the program used for data
collection traced consumer profiles, which were then marketed to conduct targeted

40 Roque (2001).
41 Superior Court of Justice, Recurso Especial 1,348,523, ruled in September 2017, Justice Luis
Felipe Salomão, accessible under http://www.stj.jus.br. Accessed 11 Jan. 2022.
42 Scocuglia (2017), accessible under https://www.jota.info/justica/bancos-nao-podem-compartil

har-dados-de-clientes-diz-stj-13102017. Accessed 11 Jan. 2022.

43 Alves (2001), pp. 219–230.
46 D. Doneda and R. A. F. Zanatta

advertising. In 2014, the Department of Consumer Protection and Defense (DPDC)

filed an administrative proceeding to determine the irregularities committed. After
its conclusion, the National Consumer Secretariat (Senacon/MJ) fined the company
Oi S.A. R $3.5 million (more than US $1 million), based on the Code of Consumer
Protection and the violation of the Telecommunications Act.44
In 2001, the Brazilian Congress finally enacted the new Civil Code (Código Civil)
after decades of discussions, based on the work of Miguel Reale and other private-law
jurists. This Code was inspired by late twentieth-century European legal thinking. It
developed an entire chapter on personality rights and protected the right of individuals
to fully develop their personhood (the idea that the State must guarantee the possibility
of developing capabilities and the individual’s personality). It also protected the right
to private life and provided legal remedies and means of redress in case of violation
of these rights (Articles 20 and 21). The right to one’s image, for instance, stated
that no one could profit from a person’s image without that person’s consent. If this
occurs, there is civil liability for a violation of the law.

3.2 The Freedom of Information Act and the Marco Civil

Da Internet

During Lula’s government (2003–2010), there was a turn in the national agenda.
Instead of focusing on market incentives, competition, and consumer welfare—tradi-
tional models of economic regulation—, the Brazilian government decided to focus
on the transformation of society caused by the Internet and a renewed agenda for
citizenship online.45
Backed by a partnership with the Open Government Partnership, coordinated by
the United States of America, Brazil discussed and enacted a Freedom of Information
Act (Law 12.527/2011). This law defines basic concepts of “personal data” and a set
of rights for citizens wanting to know about the performance of public officials or
to access information about the government. The Brazilian Freedom of Information
Act also defined a principle of consent for data sharing by public officials.
Finally, the “principle of consent” for the use of personal data on the Internet was
clearly established by the Internet Civil Rights Framework.46 This law, which was
legally constructed by a bottom-up procedure and considerable online participation,
defined basic rights for the use of the Internet in the country and has an entire
chapter on “basic rights of Internet users.” It says, in Article 7, that Internet users
have the right to clear information about how personal data are collected by Internet
Service Providers (ISPs) and Internet Application Providers (IAPs). It also says

44 Casemiro (2014), accessible under https://oglobo.globo.com/economia/defesa-do-consumidor/

oi-multada-em-35-milhoes-por-invasao-de-privacidade-feita-por-velox-13348505. Accessed 11
Jan. 2022.
45 Matheus et al. (2012), pp. 22–29.
46 Medeiros and Bygrave (2015), pp. 120–130.
Personality Rights in Brazilian Data Protection Law … 47

that data collection and data processing must be grounded in “free, expressed, and
informed consent.” In other words, Internet users must be autonomous and must
agree with data processing before it happens. As argued by Laura Schertel Mendes
and Danilo Doneda, Marco Civil da Internet clearly affirms a “fundamental right of
data protection”47 and establishes the principle of consent as a foundational principle
for the application of the legislation.
Up until now, together with the Code of Consumer Defense, Marco Civil da
Internet has provided the legal basis for class actions and administrative procedures
focused on the violation of personal data protection on the Internet. In 2016, for
instance, the Brazilian Institute of Consumer Defense published a report on the
violations of Marco Civil in the “WhatsApp case” (the new terms of use imposed
by Facebook Inc. and the collection of metadata without clear user consent). The
institute argued that there was a violation of Article 7, VII, of Law 12.965/2014
because personal data was shared with “third parties” without clear, informed, and
expressed consent.48
Another important case was the class action of the Ministério Público Federal
(Brazilian Federal Public Prosecutor) against Microsoft in 2018 because of opt-out
mechanisms for data collection set by default in the Windows 10 operating system.
According to the federal prosecutors, the product violated Brazilian law because “it
collected personal data without clear and expressed consent from users, sentencing
to death the constitutional principles of dignity of the human person, the inviolability
of intimacy and private life, honor and image.”49
Until the enactment of the General Data Protection Law (Law 13.709/2018), both
Marco Civil da Internet and the Code of Consumer Defense provided a strong legal
basis for injunctions and collective redress.

3.3 The Credit Reporting Law and “Rights of Control”

During the early period of Dilma Rousseff’s government (2011–2016), Brazil enacted
an important piece of legislation on credit reporting which was inspired by the Credit
Reporting Act of 1976 in the United States. Brazilian Law 12.414/2011 established
a legal framework for “positive credit reporting,” that is, a reporting system that
monitors the payment behavior of consumers, the use of financial products, and the
probability that a particular person will fulfill his or her financial obligations.50
The structure of this system, the Cadastro Positivo, rests on three pillars: (i)
the basic right of consent (credit bureaus can only open a positive credit report if
the consumer understands what is going on and agrees), (ii) the right of control

47 Doneda and Mendes (2014), pp. 3–20.

48 Zanatta (2016), accessible under https://www.idec.org.br/pdf/relatorio-whatsapp-termos-de-uso.
pdf. Accessed 11 Jan. 2022.
49 See http://www.mpf.mp.br/sp/sala-de-imprensa/docs/acp-microsoft. Accessed 11 Jan. 2022.
50 Bessa (2011).
48 D. Doneda and R. A. F. Zanatta

(the consumer must have control over his or her data, with a set of basic rights
of access, modification, deletion, etc.), and (iii) the right of transparency and non-
harmful discrimination (consumers who suffer the consequences of a purely auto-
mated decision must have the right to a human analysis in order to diminish harmful
discrimination).51
As argued by Danilo Doneda and Laura Schertel Mendes in 2014, the Brazilian
Credit Reporting Law advanced personal data protection, making it an “autonomous
field”52 and detaching it from consumer protection and constitutional law. With
this new set of rights—mostly designed to ensure control, transparency, and non-
harmful discrimination—the Brazilian legal system approximated the European one.
Indeed, European Directive 46/95 and the draft version of the General Data Protection
Regulation (GDPR) inspired the rights of access, control, and transparency in the
Brazilian Credit Reporting Law.
This set of rights created by Law 12.414/2011 inspired the Ministry of Justice
to work on a draft version of a General Data Protection Law during Dilma
Rousseff’s government. There were two public consultations in a period of five
years and hundreds of contributions from experts, industry representatives, and
non-governmental organizations (Boff and Fortes 2014).53
In the next section, we will explore how the General Data Protection Law used
the legal background of these diverse laws and built something new in normative
terms, taking advantage of an established tradition of personality rights within the
Brazilian legal community.

4 The General Data Protection Law of 2018

Brazil’s first General Data Protection Law (LGPD) was enacted on August 14, 2018.54
The approved text has its origins in a proposal prepared by the Ministry of Justice in
2010 that went through years of official Internet debates (promoted by the ministry
in 2010 and 2015) as well as discussions with the government and stakeholders.55
The dynamics and conditions of the process which gave birth to the LGPD differ
in some relevant ways from what happened in other Latin American countries when
approving their own data protection legislation. Indeed, none of the data protection
laws previously enacted in Latin America had a concrete impact on the timing and
mood of the debate on the matter in Brazil, which was basically internal. This was the
case even though countries as close to Brazil as Argentina or Uruguay, all of which

51 Bessa (2011), pp. 45–65.

52 Doneda and Mendes (2014).
53 Boff and Fortes (2014), pp. 109–127.
54 Monteiro (2018), accessible under https://iapp.org/news/a/the-new-brazilian-general-data-protec

tion-law-a-detailed-analysis/. Accessed 11 Jan. 2022.

55 Zanatta et al. (2018), accessible under https://www.accessnow.org/cms/assets/uploads/2018/06/

Idec_TechnicalNote_DataProtection_20181.pdf. Accessed 11 Jan. 2022.

Personality Rights in Brazilian Data Protection Law … 49

are members of the commercial block Mercosul, enacted their legislation and went
further in order to obtain adequacy status from the European Commission or, in the
case of Uruguay, become a signatory of Convention 108 of the Council of Europe.
One exception to this almost isolationist approach, however, was the participation
of Brazil in a working group in Mercosul (SGT13, the working sub-group on elec-
tronic commerce and digital certification). The group, after being encouraged by the
Republic of Argentina to elaborate a legal data protection framework for the coun-
tries of Mercosul (at that time Argentina, Brazil, Paraguay, and Uruguay), discussed
the proposal for five years until the four countries signed a data protection regula-
tion in 2010 which was meant to be evaluated by the executive branch of Mercosul
(Grupo Mercado Comum) at a later date. Even though the document ended up being
neither analyzed nor enacted as Mercosul legislation, this was the first (preparatory)
official document endorsed by Brazilian representatives pointing to the need to estab-
lish an internal data protection framework for Brazil (the Mercosul document would
ideally, if enacted, drive the member countries to approve their own data protection
regulations in compliance with the Mercosul standard).
In 2016, the Data Protection Bill prepared by the Ministry of Justice was sent by
the government to the National Congress, and in 2018, the final text of Law 13.709
was unanimously approved both by the Chamber of Deputies and the Federal Senate.
The President of Republic, however, vetoed some provisions, most importantly the
creation of an autonomous Data Protection Authority (DPA), on the basis of formal
objections to the way the DPA was created.
The veto of the DPA was followed by an intense debate about its desirable nature
and shape. In the last days of his term of office, and following his own statement that
the DPA would be created before he left office, President Michel Temer issued the
executive law Medida Provisoria MP 869 of 2019 creating the Autoridade Nacional
de Proteção de Dados, a DPA with no formal independence from the government
and linked to the Presidency of the Republic. However, Congress had to deliberate
its creation and several changes this executive law made to the LGPD.
The Brazilian data protection framework usually does not refer to a fundamental
right to data protection present in the Constitution, as the current jurisprudence of STF
(Brazilian highest Constitutional Court) does not yet recognize a constitutional right
referring to personal data. That differs from the GDPR, which is strongly grounded in
the conceptualization of data protection as a fundamental right as enshrined in Article
8 of the Charter of Fundamental Rights of the European Union56 and recognized by
Recital 1 of the GDPR.
The lack of a literal provision in the Brazilian Constitution, however, was followed
by several expressions of references to fundamental rights and personality rights in
the LGPD, both in the formal sense (as fundamental references) and in the structural
sense (the use of personality right techniques).
In this sense, the presence of personality rights as the driving force for the protec-
tion of citizens by means of a series of provisions on the use of their personal data is
made exceptionally clear in the first article of LGPD, which not only mentions the

56 Rodotà (2009), pp. 77–82.

50 D. Doneda and R. A. F. Zanatta

law’s aim to protect the fundamental rights of freedom and privacy, but also the free
development of the personality of natural persons. The notion of the free develop-
ment of personality is strictly linked to the theory of rights of personality in Brazilian
private law,57 and its mention stresses the fact that this model was the main LGPD
reference for translating the rationale of the tradition of data protection to Brazilian
law. Indeed, the “free development of personality”58 is mentioned twice in LGPD.
First, in Article 1,59 which defines the scope of the law. Second, in Article 2,60 when
mentioning the basis of data protection, together with human rights, dignity and the
exercise of citizenship.61
Article 2 is also a central article regarding the issue of personality rights in the
LGPD for another reason: it clearly mentions that most of grounds upon which the
disciplina of data protection is based are related to personality rights: the right to
privacy (Article 2, I), the inviolate intimacy, honor, and image (Article 2, IV), the
aforementioned Article 2, VII, but also expressions of fundamental rights strongly
related to personality rights such as freedom of expression, communication, and
opinion (Article 2, III), as well as the presence of the concept of informational self-
determination (Article 2, II), directly quoting the Recht auf informationelle Selbstbe-
stimmung from the 1983 ruling by the German Constitutional Court.62
In several places, the body of the LGPD demonstrates that some of its instruments
were shaped so that in situations where personality rights demand a major level of
protection, these rights should be particularly and inevitably considered. That is
the case, for example, for the general rule of verifying the feasibility of legitimate
interest as the basis for personal data processing, which may occur only if the rights
and freedoms of the data owner prevail—thus creating a concrete limit on the use
of legitimate interest grounded in the protection of the data owner (Article 7, IX).
Another clear example of protection of personality is the concept of sensitive data,
which demands a higher level of protection because there is a higher potential for
damage to the data owner. The LGPD went even further when it strictly forbade all
communications of health data for economic purposes (Article 11, § 4).
Some processual provisions in LGPD also strongly resonate with tools which are
commonly used to assure personality rights, and perhaps the most important of them
is the possibility given by Article 22 to use the available processual instruments,
whether individual or collective, broadly.

57 See part 2 of this contribution.

58 Martins-Costa (2011), pp. 813–840.
59 Article 1 reads: “This Law provides for the processing of personal data, including by digital

means, by a natural person or a legal entity of public or private law, with the purpose of protecting
the fundamental rights of freedom and privacy and the free development of the personality of the
natural person”.
60 Article 2 reads: “The discipline of personal data protection is grounded on the following: (…)

VII—human rights, free development of personality, dignity and exercise of citizenship by natural
persons”.
61 Rouvroy and Poullet (2009), pp. 45–76.
62 As to this right, cf. Albers (2005).
Personality Rights in Brazilian Data Protection Law … 51

5 Conclusion

Brazil lagged behind even multiple Latin American countries in introducing a General
Data Protection Law, doing so only in 2018. One of the reasons for the long duration
of this process was the novelty and even the complexity of some of the key tools and
concepts in the new legislation, many of them not yet present in Brazilian law, but
necessary to achieve harmonization with international and transnational standards
on data protection. One of the clear signs of it was, indeed, the vacatio legis period
established until the LGPD entered into force, which was originally 18 months, but
later expanded to 24 months, by Medida Provisória 869 of 2018—an uncommonly
long period by Brazilian legal standards.63
For the LGPD to fulfill its mission to provide Brazil with modern data protection
legislation in order to protect the individual, it will be important to recognize the
strong link between the new legislation and the doctrine and tradition of the rights
of personality, for at least three reasons.
First, as mentioned, the fact that the recognition of data protection as a fundamental
right is still a work in progress in Brazilian jurisprudence makes it essential to ensure
that data protection is strongly linked with the tradition of personality rights, assuring
that the protection of individuals in the face of the information society can use the
set of tools provided by private law to assure the data owners’ position regarding the
processing of their data.
Second, the bridging between personal data protection and personality rights
can avoid excessive “technicization” of the field of personal data protection within
the legal community. This process of “technicization” could transform personal
data protection into something similar to, for instance, telecommunication regu-
lation, making it a “small field” for a highly specialized group of lawyers basi-
cally concerned with compliance and economic regulation. That is not the case with
personal data protection, which is not only about economic regulation but essentially
about fundamental rights and personality rights.
Third, the Brazilian legal community was able to take advantage of its long tradi-
tion of personality rights, as explained in Part 2 of this chapter. By reshaping person-
ality rights into personal data protection—making it clear that personal data protec-
tion is about the free development of personality, informational self-determination,
and risk regulation—, Brazilian lawyers and scholars can think more clearly about this
new field of rights and obligations without abandoning a well-established tradition
and its humanistic character.
We do not need to abandon legal thinking from the past. We can use the best
that this legal thinking produced in private law to think about contemporary prob-
lems caused by information technology and the digitalization of society. This is the
challenge for the application of the General Data Protection Law.

63The LGPD, except articles 52–54, finally entered into force on September 18, 2020; the rules on
sanctions in articles 52–54 came into effect on August 1, 2021.
52 D. Doneda and R. A. F. Zanatta

References

Albers M (2005) Informationelle Selbstbestimmung. Nomos, Baden-Baden

Barroso LR (1998) Dez anos da Constituição de 1988. Rev de Direito Administrativo 214:1–25
Bessa LR (2011) Cadastro positivo: comentários à Lei 12,414, de 09 de junho de 2011. Editora
Revista dos Tribunais, São Paulo
Boff SO, Fortes VB (2014) A Privacidade e a Proteção dos Dados Pessoais no Ciberespaço como
um Direito Fundamental: perspectivas de construção de um marco regulatório para o Brasil.
Seqüência: estudos jurídicos e políticos 35(68):109–127
da Pereira CMS (2011) Instituições de Direito Civil, 24th edn. Editora Forense, Rio de Janeiro
De Cupis A (1950) I Diritti Della Personalità. Giuffrè, Milano
Doneda D (2006) Da privacidade à proteção de dados pessoais. Renovar, Rio de Janeiro
Doneda D, Mendes LS (2014) Data protection in Brazil: new developments and current challenges.
In: Gutwirth S, Leenes R, De Hert P (eds) Reloading data protection. Springer, Dordrecht, pp
3–20
Dotti RA (1980) Proteção da vida privada e liberdade de informação: possibilidades e limites.
Editora Revista dos Tribunais, São Paulo
Dubash NK, Morgan B (2012) Understanding the rise of the regulatory state of the south. Regul
Gov 6(3):261–281
Faria JE (1981) Direito, modernização e autoritarismo: mudança socioeconômica × liberalismo
jurídico. Edusp, São Paulo
Faoro R (1981) Assembléia Constituinte: a legitimidade recuperada. Brasiliense, Brasília
Gierke O von (2016) The social role of private law (trans: McGaughey E). German Law J 19(4)
Gomes O (1966) Direitos da personalidade. Rev de Informação Legislativa 3(11):39–48
Jeová Santos A (1997) Dano Moral Indenizável. Lejus, São Paulo
Kotzur M (2022) Privacy protection in the world wide web—legal perspectives on accomplishing
a mission impossible. In: Albers M, Sarlet IW (eds) Personality and data protection rights on the
internet. Springer, Dordrecht, Heidelberg, New York, London (in this volume)
Limberger T (2007) O direito à intimidade na era da informática: a necessidade de proteção de
dados pessoais. Livraria do Advogado, Porto Alegre
Lopes JR, Neto G, Macedo P (2009) Critical legal thought: (1920–1940): the case of Brazil.
Fundação Getulio Vargas working papers
Martins-Costa J (2011) O princípio do livre desenvolvimento da personalidade. In: Lobo Torres R
(ed) Dicionário de Princípios Jurídicos. Elsevier, Rio de Janeiro, pp 813–840
Mattia FM (1979) Direitos da personalidade: aspectos gerais. Rev de Informação Legislativa
14(56):245–262
Medeiros Alves OM (2001) Agências reguladoras e proteção do consumidor de serviços de
telecomunicações. Rev de Direito Administrativo 226:219–230
Merryman JH (1977) Comparative law and social change: on the origins, style, decline & revival
of the law and development movement. Am J Comp Law, 457–491
Molinaro CA, Ruaro RL (2022) Privacy protection with regard to (tele-)communications surveil-
lance and data retention. In: Albers M, Sarlet IW (eds) Personality and data protection rights on
the internet. Springer, Dordrecht, Heidelberg, New York, London (in this volume)
Pilatti A (2008) A Constituinte de 1987–1988: progressistas, conservadores, ordem econômica e
regras do jogo. Editora PUC-Rio, Rio de Janeiro
Prado MM (2012) Implementing independent regulatory agencies in Brazil: the contrasting
experiences in the electricity and telecommunications sectors. Regul Gov 6(3):300–326
Reis T (2015) Teixeira de Freitas, lector de Savigny. Rev de historia del derecho 49:181–222
Rodotà S (2009) Data protection as a fundamental right. In: Gutwirth S, Poullet Y, De Hert P (eds)
Reinventing data protection? Springer, Dordrecht, pp 77–82
Roque MJ (2001) Sigilo bancário e direito à intimidade. Juruá, Curitiba
 Personality Rights in Brazilian Data Protection Law … 53

Rouvroy A, Poullet Y (2009) The right to informational self-determination and the value of self-
development: reassessing the importance of privacy for democracy. In: Gutwirth S, Poullet Y, De
Hert P (eds) Reinventing data protection? Springer, Dordrecht, pp 45–76
Sacco R (1991) Legal formants: a dynamic approach to comparative law (Installment I of II). Am
J Comp Law 39(1):1–34
Santiago Dantas F (2001) Programa de Direito Civil: teoria geral. Forense, Rio de Janeiro
Sarlet IW (2022) The protection of personality in the digital environment. An analysis in the light
of the so-called right to be forgotten in Brazil. In: Albers M, Sarlet IW (eds) Personality and data
protection rights on the internet. Springer, Dordrecht, Heidelberg, New York, London (in this
volume)
Schertel Mendes L (2014) Privacidade, proteção de dados e defesa do consumidor - Linhas gerais
de um novo direito fundamental. Saraiva, São Paulo
Tácito C (1959) O Abuso do poder administrativo no Brasil: conceito e remédios. Rev De Direito
Administrativo 56:1–28
Tepedino G (1999) A tutela da personalidade no ordenamento civil-constitucional brasileiro. In:
Temas de direito civil. Forense, Rio de Janeiro, pp 23–54
Trubek DM (1972) Toward a social theory of law: an essay on the study of law and development.
Yale Law J 82(1):1–50
Zanatta R (2016) Consentimento Forçado: uma avaliação sobre os novos termos de uso do WhatsApp
e as colisões com o Marco Civil da Internet. Instituto Brasileiro de Defesa do Consumidor, São
Paulo

Danilo Doneda Ph.D. in Civil Law (UERJ). Professor at IDP. Director at CEDIS/IDP (Center
of Studies in Internet and Society). Member of the advisory board of the United Nations Global
Pulse Privacy Group, the Project Children and Consumption (Instituto Alana) and Open Knowl-
edge Brasil. Previously served as General Coordinator at the Department of Consumer Protection
and Defence in the Ministry of Justice (Brazil). Visiting researcher at the Italian Data Protection
Authority (Rome, Italy), University of Camerino (Camerino, Italy) and at the Max Planck Institute
for Comparative and International Private Law (Hamburg, Germany). Part of his work is available
at www.doneda.net/.

Rafael A. F. Zanatta Director of the Research Association Data Privacy Brasil. PhD Candi-
date at the University of São Paulo. Main areas of research: Data Protection Rights, Collective
Rights, Data Commons, Legal Theory and Sociology of Law. Selected Publications: A Proteção
de Dados entre Leis, Códigos e Programação: os limites do Marco Civil da Internet, in: Newton
de Lucca/Adalberto Simão Filho/Cíntia Rosa Pereira (eds.) Direito e Internet III: Marco Civil
da Internet. São Paulo: Quartier Latin, 2015, pp. 447–470; Economias do Compartilhamento e o
Direito, Curitiba: Juruá, 2017; Dados, Vícios e Concorrência: repensando o jogo das economias
digitais, Revista Estudos Avançados, v. 33, n. 96, 2019, pp. 421–446 (with Ricardo Abramovay);
Proteção de dados pessoais e direito concorrencial: razões de aproximação e potencialidades de
pesquisa, Revista Fórum de Direito da Economia Digital, Belo Horizonte, v. 3, 2019, pp. 141–
170 (with Bruno Renzetti); Dados pessoais abertos: pilares dos novos mercados digitais, Direito
Público, v. 16, n. 90, 2019, pp. 155–178 (with Ricardo Abramovay).

View publication stats