BUSINESS AND HUMAN RIGHTS / Šturma, Mozetic (eds)

In Brazil, the Federal Constitution of 1988 does not expressly provides for protection of personal data, nor for sensitive data, and the legislation on infraconstitutional level still does not have a regulatory and protective model on the subject. This lack of regulation causes issues involving the acquisition and the use by the employer of information relating to the employee which do not receive due attention in the brazilian labor law doctrine, as indicates Sanden. 10 However, as will be discussed in the sequence, the lack of legal provision may not be an obstacle to ensure an effective protection of personal and sensitive data in the extent that the importance of the subject today deserves. 3. Personal Data and Sensitive Data Having made this brief exposition on the use and risks afforded by the use of new technologies in obtaining personal and sensitive data of the employee in the work relationship, it is necessary to define what exactly are personal data and sensitive data. In the international context, the Council of Europe, by means of the Convention of Strasbourg 11 nº 108/1981, defined that personal data means “any information relating to an identified or likely identification.” 12 Similarly, the Recommendation of the Committee of Ministers of the Council of Europe – Recommendation CM/Rec 13 (2015)5 defines personal data as being “any information relating to an identified or identifiable individual.” 14 Starting from the concept introduced, Doneda 15 warns that not all information that relates to an individual is really a personal information. As an example, the author mentions the views from on a person, his intellectual production, which is not per se personal information (although the fact of his authorship is). Thus, according to the understanding of the Council of Europe, which identifies an information as personal is when the object is the very person, that is, the information has an objective bond with her. This distinction is fundamental to move other categories of information that, although they relate to a person, are not exactly personal information. As for the sensitive data, the Convention of Strasbourg nº. 108/1981 defined as those which “reveal racial origin, political opinions, religious or other beliefs, as well as personal data concerning health or sex life.” 16 Taking this brief approach from some international instruments on the subject, we must analyze the definitions of personal and sensitive data in the light of our legislation. 10 SANDEN MOREIRA DE SOUZA, A. F. The protection of personal data of employees in Brazilian law: a study on the limits on the obtaining and use by the employer of the information related to the employee. Sao Paulo: LTr, 2014, p. 18. 11 The Convention of Strasbourg nº 108/1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data. 12 In accordance with Article 2 of Convention nº 108/1981. 13 The Recommendation CM/Rec (2015)5 dispose on the treatment of personal data in the context of work. 14 According to part 1 of item 2 of Recommendation CM/Rec (2015)5. 15 DONEDA, D. From privacy protection of personal data . Rio de Janeiro: Renovar, 2006, p. 156. 16 In accordance with Article 6 of Convention nº. 108/1981.

228