I am very glad to start today a 4 posts serie with my fellow Gustavo Carneiro, a lawyer and mediator who holds a Public Policy degree, analyzing the new brazilian General Data Protection Law, which will come into force in August 2020 and its application for ODR.
Online Mediation and other ODR methods are getting more and more mainstream in Brazil. Even though the Judicial branch is still the first option for brazilians trying to solve their disputes, other mechanisms are getting more popular, especially in less complex disputes, which is the case for consumer disputes. Today, there are at least two large websites that are part of Brazilian consumers’ routine: government’s “consumidor.gov.br” and private “reclameaqui.com.br”. Besides those two, large national and international companies offer their consumers ODR mechanisms such as Mercado Livre and Uber, just to name a few. This is the result of the urge for cheaper and more effective ways for solving disputes.There is a shift in the understanding of the most adequate path for solving less complex disputes, especially for consumer relations.
In this scenario, ODR provides an answer for disputes that otherwise would not be economically viable. It applies information and communication technologies to deliver faster and cheaper answers for disputes. Even though ODR can be considered any dispute resolution mechanism that uses communication technologies, we believe that the most promising field lies in the Artificial Intelligence applied for ODR. Big Data, Deep Learning and AI are in vogue for ODR. However, besides all the security and privacy issues dilemmas, in this particular field there is a tension between the confidentiality inherent to Mediation and data collection and processing.
In the past years, a wide regulation was developed in Brazil related to this theme. There are at least 4 laws that regulate and provide legal certainty, ensuring individuals, private companies and the government which are the limits and guarantees for ODR and Data Protection in Brazil. They are:
– Law 12965/2014 (Brazilian Civil Rights Framework for the Internet);
– Law 13140/2015 (New Procedure Code);
– Law 13140/2015 (Mediation Law);
– Law 13709/2018 (General Data Protection Law).
Both Mediation Law (applied for any mediation) and the New Procedure Code (applied for the Mediation in the Courts) guarantee confidentiality as a fundamental principle for mediation procedures. In fact, article 30 of the Mediation Law estates that Mediation procedures are confidential, unless both parts decide otherwise.
The General Data Protection Law was approved in 2018 but will come into force only in August of 2020. It applies to any data collection or processing taking place in the Brazilian territory, or designed for services offered in Brazil (article 3). It sets up several principles, such as finality (data collected can only be used for the purpose it was informed at the time of consent), adequacy, necessity and transparency.
This Law establishes a difference between general personal data and sensitive data, which is “personal data about racial or ethnic origin, religious belief, political opinion, membership in a union or organization of a religious, philosophical or political character, data relating to health or sexual life, genetic or biometric data, when linked to a natural person”, which gets special protection. Lastly, it creates a national authority, which is a body of experts that will supervise the implementation of the guarantees for personal data usage in Brazil.
Given that, we ask if the collection and treatment of data by tech companies violates the confidentiality inherent to Mediation? Also, what are the limits for data collection for ODR mechanism other than Mediation? What are the differences between public and private actors when it comes to data collection and processing? In the next posts we will try to address those questions.