LAST FEW DAYS
Start 50 Plan: From R$69 to R$59/month and Plus 50 Plan: From R$119 to R$99/month.
Accept the processing of children's personal data via WhatsApp

Accept the processing of children's personal data via WhatsApp

Publicado em:
28
/
06
/
2023

The approval of Brazil's General Personal Data Protection Law will be five years old in August 2023. Before it was approved, there were many debates on the subject, as other countries, especially members of the OECD, had been approving or updating legislation on the subject. An example is General Data Protection Regulation (GDPR) of the European Union 2014.

This international movement, in which Brazil is part, seeks to avoid problems caused by technological advances that increasingly allow the collection and processing of personal data with greater granularity and precision.

The purpose of the edition of the Brazilian law was to protect the fundamental rights of freedom, privacy, and free personal development. Thus, on the one hand, the law establishes a series of rights to the people who have their data processed, such as the right to obtain information about the treatment carried out or to access the personal data processed. While, on the other hand, it imposes obligations on those responsible for this treatment, such as defining the specific purposes and assigning an adequate legal basis for the processing of the data, as well as implementing technical and administrative security measures.

Frame 2-2

The myths surrounding consent

One of the main myths regarding law enforcement related to the extension of consent to the processing of personal data. It was believed that the holders of personal data would need to consent to any and all types of treatment.

However, law 13,709/2018 established, in its article 7, nine other hypotheses, in addition to consent, to allow the processing of personal data and another seven (art. 11 of the LGPD) for sensitive personal data. What was found is that there were legal alternatives that were much simpler to implement than the consent of the holder to process their data.

In the case of the processing of personal data of minors, there were also doubts about the possibility of using legal bases other than the consent of those responsible. In September 2022, the National Authority for the Protection of Personal Data (ANPD) published study preliminary on the topic, in order to provide inputs for interpretations of the legal hypotheses that may be used to process the personal data of children and adolescents.

Finally, in May of this year, the ANPD published the The following statement, to allow the application of the legal bases provided for in articles 7 and 11 also for the processing of personal data of minors, closing the discussion:

“The processing of personal data of children and adolescents may be carried out based on the legal hypotheses provided for in art. 7 or art. 11 of the General Personal Data Protection Law (LGPD), provided that their best interest is observed and prevails, to be evaluated in the specific case, in accordance with art. 14 of the Law”.

The requirements of consent

Although consent is not the only legal basis applicable to the processing of personal data of children and adolescents and not the most used, in some cases, consent represents the only appropriate factual hypothesis.

For example, when processing sensitive personal data, where no other legal hypothesis is appropriate. However, for consent to be valid, it must meet the following requirements:

  • Consent must be uncluttered: that is, given voluntarily, and there can be no coercion. Therefore, in relationships where there are large asymmetries of power or information, consent may not be appropriate or valid;
  • Consent must be reported: the owner must have easy, clear and transparent access to information about how their data will be treated - such as purpose, data controllers, duration, etc.;
  • Consent must be unequivocal: the option to consent must not be pre-selected, it is necessary for the person to make an explicit decision;
  • Consent must be taken in writing or other means demonstrating the owner's will: it is important Register consent, for the purpose of Accountability, since the data controller must prove that he obtained the authorization lawfully (otherwise, the treatment may be considered unlawful due to a defect in consent);
  • Consent must be singled: must be separated from other contractual clauses;
  • Consent must have specific purposes: generic authorizations are valid;
  • Consent must be revocable: the holder has the right to withdraw their consent at any time during treatment (Opt-out);

In the case of children and adolescents, there are even more specifications regarding the collection of consent:

  • The data controller must Perform all reasonable efforts, considering the available technologies, to ensure that consent is provided by the minor's guardians.

Acceptance via WhatsApp and consent - a success story

Collecting consent in an agile and secure manner can become a complex task, given the size of the audience involved and the sensitivity of the personal data processed.

That was one of the challenges brought to Clicksign's legal department. In Mother's Month, Clicksign's Personal Data Processor, the DPO, was approached by the company's internal communication team to discuss the possibility of announcing the birth of the daughters and sons of Clicksign employees in their newsletter monthly with the respective photos of the babies.

The DPO informed that it would be necessary to obtain the consent of a parent or guardian to use these images. The question was: how to carry out this process remotely, following the guidelines of the law, efficiently and safely?

In remote work, where employees are scattered across the country, obtaining consent to the processing of personal data would not be a simple task. After all, it wouldn't be possible to go to everyone's desk with paper forms asking for a signature.

That's when the idea of using Accepted via Whatsapp, provided by the Clicksign Platform, came up, which can make it easier (and a lot!) that process.

Accept is a tool offered by Clicksign that allows the recipient to accept terms or agreements directly through WhatsApp, without leaving the application. It is a simple and fast means of collecting consent and allows the user to prove that the consent complies with legal requirements.

No Aceite, in order to have records of compliance with the requirements, the sender only needs to enter the text to be accepted - stating the specific purposes of using the photo (or other data), the storage time of the data, the consequences of not consenting, and other relevant information.

Then, Accept made it possible to record, in this context:

  • The specific and determined purpose of the treatment - to participate in the internal newsletter, sent to the entire company;
  • The free, informed and unequivocal will of one of the parents or legal representative of the child, making it clear that the employee has the option of not sharing the baby's photo and that this will not have any negative consequences for him;
  • Evidence that consent was provided by the minor's legal guardian.

Since it is possible to save an Accept template to use again, the process is practical for the user. In this process, the tool saves the log of the Aceite, in which proof of the recipient's identity is recorded, which can be used to confirm the legal validity of the Accept, in addition to demonstrating the controller's commitment to ensure that consent was obtained from the parents or guardians.

Do you want to understand how Aceite can meet the needs of your company or organization? Click here to learn more about the functionality.

Artigos relacionados

Paula Abreu
9/27/24

Corporate Social Responsibility and Business Ethics

Acacio Junior
9/27/24

Customer Journey: What is it? What are the steps and how to structure?

Juliana Costa
9/27/24

The importance of a digital PJ account and the facilities for the company

Ver mais