The importance of intellectual property and data protection

8 April 2022

The development of the digital economy and new technologies have led to an increase in the disclosure of personal information and the transfer of personal data, as well as the exchange of this information between public and private operators within and beyond our borders.

8 April 2022

Globalization, the development of the digital economy and new technologies have led to an increase in the disclosure of personal information and the transfer of personal data, as well as the exchange of this information between public and private operators within and beyond our borders.

Data protection in the corporate world has become an increasingly important issue and awareness of the need to protect intellectual property, in order to preserve the trade secrets of companies. In addition, the manipulation of personal data has gained space with technology, and defines consumption and behavior profiles, very useful in companies’ marketing.

Thus, personal data is information held by third parties that can lead to the identification of a particular person. And this same data has ownership, that is, it means that a good part of the use has implications of Intellectual Property, the system that deals with the right to trademarks, patents and copyrights, including applications and other computer programs.

At a time when large companies use artificial intelligence resources to process and monetize, on a large scale, the personal data of citizens in order to predict their behavior and provide products, content and services in a targeted way, the Data Protection as a fundamental right increases the responsibility for building an action agenda guided by the collective concern of protecting this right.

The proper treatment of the personal data of its customers and consumers, as well as the provision of agile and functional channels so that holders of personal data can access information, now become an important differential for companies.

Among the ways of misappropriating intellectual property, some practical ways to protect strategic data, in addition to intellectual property and trade secrets, involve limiting the creation of stored data.

The General Law for the Protection of Personal Data (LGPD) in Brazil, for example, which is based on the European General Data Protection Regulation (GDPR), now requires companies to keep less information for shorter periods. The reality of information security is advancing as more information is harder to lock down and protect, thus increasing the risk of loss.

The GDPR, by establishing a binding normative framework, with great generalizing capacity and strong extraterritorial effects, unbalanced the dispute that existed in the international scenario about the best way to regulate the protection of personal data, represented mainly by the antagonism between the US position and the european.

In force since 2018, the GDPR relates to the processing of personal data and the free movement of such data. Based on the Primary Law of the European Union, where the Fundamental Right to “informational self-determination” is found, the GDPR prevents the appropriation of personal data, as well as guarantees the right to portability of this data. In this way, it even makes it possible to transfer data processing from one controller to another.

Thus, the GDPR sets out the principle of data minimization, as they must be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. This also has a temporal dimension, which articulates it with the principle of limiting conservation, being those “preserved in a way that allows the identification of data subjects only for the period necessary for the purposes for which they are processed”.

It should be noted that the GDPR, when involving third countries and extraterritoriality, provides that even when the personal data of an European if transferred outside the European Union, this operation must be adequately protected. The basic rule is the prohibition of the international transfer of personal data, unless the conditions imposed by the GDPR have been met, namely: (i) decision of adequacy; (ii) have appropriate guarantees; (iii) through binding rules applicable to companies; (iv) upon derogations or exceptions; or yet, (v) in view of international cooperation in the field of personal data protection.

In the matter of extraterritoriality for the transfer of data, the GDPR regulates the condition of the transferor, in the availability of personal information to the responsible agent or operator, that is, the collection of data, the transmission by the transferor to the receiver in the foreign State, and the processing data for its storage. Therefore, there is a requirement to have a transferor now responsible, and the automatic application of the GDPR, and a data receiver that, given the uncertainty of the applicability of the regulation, a prior verification of the level of protection of the country or organization of destination in order to protect against the risk of violating the fundamental rights and freedoms of citizens of the European Union.

This regulation is an essential measure to strengthen people’s fundamental rights in the digital age and facilitate commercial activity by clarifying the rules applicable to companies and public bodies in the digital single market.

In fact, in the GDPR there is a general duty of security in the treatment, which is projected as one of the “principles related to the processing of personal data”, that of “integrity and confidentiality”, since the data must be “processed in a way that guarantees its safety, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by adopting appropriate technical or organizational measures”.

However, GDPR impact factors reach Brazilian legislation to LGPD. In similar terms, the LGPD contains the principle of security, which requires the “use of technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination”. Since “the systems used for the processing of personal data must be structured in order to meet the security requirements, the standards of good practices and governance and the general principles provided for in the Law”. And, therefore, “the processing agents or any other person who intervenes in one of the stages of the processing are obliged to guarantee the security of the information provided for by the Law in relation to personal data, even after its termination.

Thus, one of the most important aspects of the LGPD is the transversal and multisectoral impact, in the public or private sector, for individuals or legal entities, regardless of the medium, host country or the country in which the data are located, and that the treatment is carried out in the national territory with the objective of offering or providing goods and services.

The explosion of interest and technical production is due to the advance of data protection legislation around the world, in addition to the various issues surrounding the topic that have become the subject of global news. As also the effects of the pandemic highlighted the importance given to the “imposition” of the virtual mode, with 2021 being a year full of developments in the field of technologies and innovation.

The internet has become an indispensable technology for the realization of several personal relationships, including those of a consumerist and contractual legal nature, which bring challenges to Internal and International Private Law in determining the applicable law in the protection of users’ data to the detriment of the classic connecting elements.

The importance of developing new technologies in times of crisis was evident. Companies began to expose themselves more in the digital environment and the “stagnant” culture of some markets evolved to accompany the global movement of innovation, creativity, content and digital presence.

All this revolution that took place in just a few months ended up generating in companies a greater concern with the protection of their intangible assets, which were often seen as costs and not investment, especially in more timid sectors and in companies with less economic capacity.

A quick survey on the fields of intellectual property and data protection shows that they are profoundly different, with very different structuring principles, whose main point of proximity seems to be only the protection of intangible assets that are highly valued in the informational society, especially by the large companies of technology.

However, intellectual property plays a key role in companies’ marketing strategies. When investing large amounts in communication campaigns to launch a product on the market, companies need to first ensure that effective and adequate protection of intellectual property rights has been duly ensured and that there is no violation of third-party rights.

Even within the scope of the GDPR, there are those who claim that – at least to a certain extent – personal data can (and should) be cumulatively protected by intellectual property rules, including to avoid undue commodification through the portability rights of the Regulation.

The approximation between the fields (intellectual property and data protection) occurs to the extent that personal data has become an important and fundamental asset for marketing and business strategies based on data analysis. Despite being more protective, even European privacy legislation allows personal data to be exploited for commercial purposes, such as profiling – automated data processing in order to create data sets of customer profiles and be able to predict their consumption behavior and use it in advertising. This commercial exploitation is possible as long as a series of rules are followed for its feasibility, with attention to the current legislation. The set of these data, when stored and managed by companies, can be considered part of the trade secret in several countries.

It is possible to imagine how many opportunities have emerged from a new regulatory environment involving data protection. At least since the scandal involving the social network Facebook, the relationship between users and consumers of technology services has been severely shaken. Users began to demand transparency in the way their data is used, treated and even stored.

Data protection and intellectual property rules aim to regulate the flow of information to preserve certain values and interests – one prioritizes privacy by limiting the access and handling of personal data about a given individual, while the other creates temporary exclusives about intellectual assets created, in exchange for their dissemination to society. Although originally the former had as its primary objective to make access to certain information difficult and the latter generally sought to disseminate it (in its social aspect of stimulating innovation and creativity), the changes in recent years seem to point to a role reversal: the protection norms increasingly focus on transparency, and intellectual property is becoming more and more restrictive.

The fact is that the company is responsible for protecting its industrial property assets, aiming to avoid or ward off unfair competition and protecting its consumer public, as well as giving correct treatment and proper use to the data of this public – ordinary citizens, under penalty of of losing any of these assets (the industrial property or, most importantly, its consumer) and with this, being responsible for the damages suffered or even answering for possible violations of third party rights. Although many companies invest in modern data security systems, it will be important to review the data handling practices of consumers and even employees.
All companies or organizations, regardless of their size, turnover and location, that process and store personal data of citizens must review their processes to adapt to compliance with legislation that modifies some aspects of the current regime and introduces new obligations. This regulation applies to the fully or partially automated treatment of personal data, as well as to the non-automated treatment with personal data to be included in a file.

The act of protecting personal data is intrinsically linked to personality rights, the dignity of the human person and the right to privacy, reaching the behaviors and events of personal relationships but also commercial ones that do not want publicity. In this way, a third party will not be able, without the consent of the online consumer, to obtain, process and expose personal data if not authorized, otherwise it may have legal support.

The so-called information society has brought a new look to privacy. With the advent of new information technologies, it was necessary to review regulations that delimit the powers of those responsible for data processing and ensure the rights of the holders of these data. Technology and human potential can work towards the security of your company. To ensure the best results, it is necessary to be increasingly updated with market trends, with analysis, courage and strategy.


5/5 - (1 vote)

Rafaela Mattos



Leave a Reply

Your email address will not be published. Required fields are marked *

Responsable del tratamiento: HERRERO & ASOCIADOS, S.L.

Finalidad del tratamiento: Publicar su comentario sobre la noticia indicada.

Derechos de los interesados: Puede ejercer los derechos de acceso, rectificación, supresión, oposición, portabilidad y limitación del tratamiento, mediante un escrito, acompañado de copia de documento que le identifique dirigiéndose al correo

Para más información visita nuestra Política de Privacidad.

*Los campos marcados con el asterisco son obligatorios. En caso de no cumplimentarlos no podremos contestar tu consulta.

No Comments