Luciana Magnolo Onofre
Lawyer at Marcos Martins Advogados
Legal departments and law firms are often asked about the scope of the protection of the confidentiality of personal data when entering into a Confidentiality Agreement, and whether this protection supersedes the need to comply with the LGPD Policies, i.e. whether entering into a Confidentiality Agreement would bring the parties into compliance with the legal provisions.
Faced with a scenario of possible overlapping obligations, which does not occur in this case, it is important to distinguish the intrinsic elements of the Confidentiality Agreement, which is linked to the will of the parties regarding the protection of a certain secret, from the protection afforded to personal data by the General Data Protection Law (“LGPD”) in the context of diffuse or collective rights.
Not every Confidentiality Agreement is specifically linked to the exchange of sensitive personal data, which is the object of protection regulated by the LGPD, and if this were the case, the consent of the data subjects would have to be obtained. Thus, although the Confidentiality Agreement deals with secrecy and restricting the disclosure of information, it is established by an obligatory relationship freely adjusted between the parties involved, which, in itself, does not cover all the provisions of the LGPD.
The Confidentiality Agreement, usually referred to by its English acronym NDA (Non Disclosure Agreement), is a contract that seeks to protect industrial or commercial secrets, as well as information that the parties understand to be confidential and that will eventually be transmitted as a result of the particular circumstances of the business to be contracted. The aim, in this case, is to protect circumstances relating to the legal transaction to be entered into.
The Confidentiality Agreement can be signed by means of a stand-alone contract, or it can be contained in a clause of a contract whose main purpose deals with a different obligation, in both situations by imposing penalties on the parties in the event of non-compliance.
It should also be noted that the Confidentiality Agreement does not have the power to impose any obligations related to the restriction or even the establishment of rules for the storage or disposal of data, and its terms and conditions can be freely agreed between the parties in line with the transaction. The LGPD, on the other hand, contains fundamentals related to the protection of personal data, which serve to underpin any and all actions involving its processing.
The LGPD establishes legal responsibility for protecting the data of natural persons, including rules on the collection, storage, handling and processing of data to which they have access, whether digital or physical, and has as one of its primary purposes the security of legal relations, by re-establishing the trust of the data subject with regard to the possibility of transferring and making their data available.
By laying down strict rules on the processing of personal data, the LGPD also brings with it responsibilities and obligations, non-compliance with which is punishable by administrative sanctions.
There is a need for companies to implement a new culture, since the LGPD is a general regulation and must be observed by everyone who has access to third parties’ personal data.
As such, the LGPD generates the necessary adaptation of processes, technologies and professionals that will support proper compliance with the law.
The Confidentiality Agreement, by virtue of its contractual and restricted nature, does not have a scope that would allow its provisions to modify the rights already guaranteed by law.
In short, the Confidentiality Agreement does not imply data protection under the LGPD and, even if the contracting parties do not establish that their personal data is confidential, the LGPD will set out the precepts of protection which, in turn, may not be the same as the data that will merit confidentiality in accordance with what the parties have agreed in the Confidentiality Agreement.
Marcos Martins Advogados reaffirms its commitment as a Business Partner, seeking strategic solutions, always attentive to the legal changes that impact its clients, meeting their needs.
