Blog

Today we celebrate the Data Protection Day, instituted in 2006 by the Council of Europe, on the same day that commemorates the opening of "Convention 108”, the first international legal instrument on the protection of natural persons in relation to the processing of their personal data, and in this January 28th celebrates 40 years of existence.

Since 1981, a long way has been taken by citizens, companies and government entities in terms of the protection of personal data. At the European level, and with national reproduction, we believe that it is fair to say that we have two legislative landmarks: Directive 95/46/CE and Regulation (EU) 2016/679, commonly referred as GDPR, which with a more imperative and incisive approach had the ability to raise awareness about this theme in the world.

We say in the "world plan” because today we know that the European approach to the protection of personal data has inspired the drafting of other laws of similar content, as is the case of the General Law for the Protection of Privacy in Brazil (Law 13.709, of August 14, 2018), it is anticipated that it may inspire a new regulation for the protection of personal data in the USA, and demand that European and non-European companies adapt their procedures and methodologies to guarantee the processing of personal data designed to serve people.

Today European citizens are more aware of their rights as data subjects, more aware of the value of this information - who never heard about a "right to data erasure?!” or who has not thought "why are they asking me for all this data?!” Companies placed privacy on the agenda of their corporate and budgetary priorities - privacy policies proliferated, emails with requests for authorization renewal multiplied, terms and conditions of service were revised at a stoic pace - and thus, they were able to respond to the wide range of duties they must fulfill in order to make good use of the "new gold” of the 21st century.

But the challenges are even more. International cooperation between the authorities responsible for applying data protection rules needs to be intensified, promoting a global culture of respect for privacy and convergence between different privacy systems; a harmonization of concepts and understandings on the rules applicable to data protection and the creation of compliance mechanisms that give greater confidence to controllers is required; and the new emerging technologies, such as artificial intelligence, profiling or the blockchain, have a potential impact on the fundamental rights and privacy of people, which requires strict compliance with the principle of privacy by design and close monitoring by national and European authorities.

At .PT we remain committed to ensuring the security, privacy and protection of the personal data of all natural persons with whom we interact, aware that this is, and will continue to be, a work in progress, which requires us a permanent attention on legislative and jurisprudential developments, new understandings and orientations on this theme, and confident that, even if the path is long, the journey is worthwhile.