Sanction Dosimetry by ANPD and Typology of Privacy Harms
*This is an AI-powered machine translation of the original text in Portuguese
The sanction dosimetry derives from the constitutional principle of proportionality, based on the norms that structure the democratic rule of law, and it concretizes the principle of individualization of penalties, as provided in Article 5, Section XLVI of the Federal Constitution of 1988[1]. Proportionality is expressly mentioned in the rules that guide the federal administrative process (Article 2 of Law 9,784/1999), and in this context, it is the responsibility of public officials to adopt objective criteria and coherent metrics for intervening in private domains or applying sanctions, whether in terms of pecuniary or non-pecuniary penalties[2].
Recently, the National Data Protection Authority opened a public consultation on the rules for the dosimetry of its sanctions. The regulation and clarification of these criteria through a resolution provide legal certainty to the administered individuals and ensure the possibility of democratic control over the exercise of state power. Public participation in the formulation of these rules is another way for the administered individuals to contribute to the application of the law.
The proper proportionality between the harm to the protected legal interest and the penalty applicable to the offender involves the consideration of various objectives, including: deterring unwanted behavior; restoring the previous state (when feasible); incentivizing compensatory beneficial behavior; directing future conduct, among others. In addition to these objectives, a combination of factors and metrics related to the context of the unlawful conduct and the specific conditions of the offender must also be considered. This logic applies not only to sanctions but also to agreements (e.g., Conduct Adjustment Terms) in which behavior rules and monetary contributions to the State can be defined.
However, any analysis must start with the correct assessment of the degree of harm to the legal interest protected by the norm, considering its implications for the public interest and the common good. Therefore, regardless of the dosimetry criteria, whether contextual, personal, or the objective pursued by the sanction, an appropriate typology of types and degrees of privacy violation should be established as an analytical guideline for the specific case under examination. This typology can be expressly stipulated in regulations, such as the regulation under development by the National Data Protection Authority, or it can be built through the consolidation of jurisprudence formed through the concrete exercise of administrative judicial activity.
This typology should consider not only aspects of data protection but also privacy in the broader sense to systematize a general theory that aligns with current technological developments. Thus, creating a vocabulary that names different types and degrees of harm that can impact data subjects and individual privacy is a fundamental step for the consistent application of the LGPD and, consequently, the National Data Protection Authority's resolution on the dosimetry of its sanctions. Failing to adopt a common vocabulary hinders the harmonization of interpretations of how typical conduct impacts individual rights, risking obscuring substantive debates in terminological discussions.
Consequences for privacy violations are varied, become more complex with technological developments, and are not always materially tangible. This intangibility, often associated with technology use, can lead authorities to reach conflicting conclusions, making it difficult to understand the scope of privacy protection. Therefore, when assessing the existence or absence of harm in a specific case, it is essential to rigorously consider why individual privacy would or would not be affected and to what extent. The seriousness of the harm is even one of the main elements of dosimetry indicated in the proposed regulation by the National Data Protection Authority. However, its evaluation depends on interpretation, which again underscores the need to adopt objective criteria.
In an effort to standardize this analysis and create a vocabulary for discussing privacy cases, Daniel Solove developed a typology of privacy harms, which seems to be a good starting point for constructing an analytical reference to assist the work of the National Data Protection Authority. According to Solove, privacy harms can be divided into several types, as privacy is an umbrella term that encompasses distinct yet related protections (SOLOVE, p. 18); it includes family coexistence, personal data protection, individual intimacy, and many other aspects of our lives. In this line, Solove proposes the following categorization of privacy harms (SOLOVE, p. 832 et seq.):
Physical - privacy violations that result in harm, including bodily injury, death, or other forms of physical harm. Economic - direct or indirect financial losses or devaluation of assets, including, for example, taking out loans in the affected person's name. Reputational - impacts on the person's image in relation to third parties (SOLOVE, p. 837). Psychological - encompasses a range of negative mental responses and can be divided into (i) emotional suffering, linked to the expression of unpleasant or painful feelings, and (ii) disturbance, the disruption of tranquility or peace of mind (SOLOVE, p. 841). Autonomy - when an individual's choice is restricted, inhibited, undermined, or unduly influenced. These undue restrictions on autonomy can be caused by (i) coercion, (ii) manipulation, (iii) lack of information, (iv) frustration of expectations, (v) lack of real control over one's information, or (vi) chilling effects on lawful behavior (SOLOVE, p. 845-6). Discriminatory - unequal or unfavorable treatment based on membership in a social group or other characteristics and affiliations such as gender, race, nationality, sexual orientation, gender identity, and age; it is usually associated with stigmatization and more directly affects socially marginalized groups, causing not only the loss of specific opportunities but also psychological consequences that are often permanent. Relational - impacts on the individual's personal relationships that can affect their health, well-being, daily activities, and participation in society, potentially affecting professional, personal, and different agent relationships. An integral part of privacy is the ability to control what information we disclose to whom, and the undue disclosure of information (i) is harm in itself due to the loss of control over the information caused by its confidentiality violation and (ii) can affect the individual's ability to form new relationships, considering the distrust that can arise after certain information is disclosed.
With a clearer delineation of types of privacy harm, it is possible to use these categories to more clearly present how a particular situation fits into one or more of the classifications. Invariably, the same situation can be viewed from more than one perspective, but the ability to separate its potential consequences into categories allows for a clearer debate about the problem being addressed. It is important to note that this typology only seeks to identify different ways in which a violation can harm privacy in an abstract analysis. Any assessment of harm in a specific case must take into account other factors such as the type of information affected, expectations of privacy, the adoption or lack of mitigating measures, the specific conditions of the active subject, and the entire factual context corresponding to the case.
Although not a panacea, adopting a language aimed at classifying the different problems related to privacy violations is the first step in resolving them collectively. With the imminent approval of the Regulation on the Dosimetry and Application of Administrative Sanctions by the National Data Protection Authority, the possibility of discussing these topics clearly becomes even more important for all stakeholders, ensuring greater conceptual precision, communication clarity, and, consequently, promoting greater legal certainty regarding the application of sanctions by the authority in each case.
[1] See, in particular, the decision of the Brazilian Supreme Federal Court in RE 374,981-RS (STF Information No. 381), delivered by Justice Celso de Mello.
[2] MARANHÃO, J. S. A.; Freire, M.G. ; QUEIROGA FILHO, M. . Asset Disqualification Penalty in Conduct Cases under Law 12,529/11 and CADE Jurisprudence. In: RODAS, J. G.. (Org.). Competition Law: Advances and Perspectives. 1st ed. Curitiba: Prismas, 2018, v. 5, p. 105-132.
Originally published in JOTA.