CIVIL LIABILITY OF COMPANIES AND THE PROCESSING OF PERSONAL DATA: PROTECTION OF PERSONAL DATA AND CIVIL LIABILITY OF SUPPLIERS OF SERVICES OR PRODUCTS IN CASE OF LEAKAGE OF CONSUMER DATA1

Abstract

This article analyzes the civil liability of companies in the processing of personal data, focusing on consumer protection and the prevention of information leaks. The General Data Protection Law (LGPD) establishes a legal framework for information security, imposing on companies the duty to adopt effective technical and administrative measures to protect personal data against unauthorized access and security incidents. It addresses the fundamentals of data protection in the Brazilian legal system, based on the Federal Constitution and the LGPD, highlighting the rights of data subjects and the duties of data controllers and operators. It also explores strict civil liability in consumer relations, according to the Consumer Protection Code (CDC), which establishes that suppliers of services and products must repair damages caused by failures in data processing, without the need to prove fault. It discusses the duty of information security, emphasizing the preventive measures that companies must adopt, such as encryption, multi-factor authentication, and compliance policies. Finally, the article addresses the legal consequences of data leaks, including administrative sanctions provided for by the LGPD, the civil liability of companies, and the reputational, financial, and legal implications, both for material and moral damages caused to consumers. The method used in this research was dialectical and deductive, being through the reading of articles and books, as well as the analysis of various legislations of the Brazilian legal system.