Put Leonardo Neri and Barbara Oliveira  – 13/07/2020

In times of tireless struggles to ensure respect for diversity, it is essential that new legislation of any nature be based on the defense of minority rights, providing legal support for combating discrimination. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) brought this issue to the fore with considerable emphasis.

It was no different with the General Data Protection Law (LGPD). Fortunately, the legislator was concerned with preventing and punishing discrimination that may be practiced through the processing of personal data. Thus, the LGPD classifies as sensitive personal data any information that deals with the racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, health or sexual life, genetics or biometrics of the data subject.

This classification was made with the intention of giving special treatment to sensitive data, preventing said personal information from being used as a form of discrimination against the data subject by those who have access to their data. Therefore, in order to process sensitive personal data, it is necessary for the processing agent to obtain specific consent from the data subject, in a prominent manner, indicating the purpose of the processing of that data, ensuring that the data subject is fully aware of and agrees or not with the provision of their sensitive data.

The LGPD also provides for some situations in which the data controller will be exempt from obtaining the consent of the data subject, such as, for example, to protect the life of the data subject or third parties, to comply with legal obligations, to implement public policies by the public administration, etc.

In this sense, in a practical situation, private health care plan operators are prohibited from using the processing of sensitive data to select risks when contracting, or to exclude or even refuse beneficiaries.

Data controllers who fail to observe the specific procedure imposed on the processing of sensitive data will be subject to the heavy penalties of the LGPD, which may range from a warning to adopt corrective measures to a ban on carrying out data processing activities, or even a fine of 2% of the company's annual revenue, which may reach the ceiling of R$$ 50,000,000.00 (fifty million reais).

The implementation of special legal guarantees aimed at abolishing discriminatory practices plays a fundamental role in changing habits that violate fundamental rights. However, combating discrimination must be a practice that everyone undertakes on a daily basis, regardless of legal provisions.

Mazzucco&Mello highlights its absolute support for the fight against discriminatory practices and, as legal professionals, we reinforce our commitment to the pursuit of justice.