Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
Recent Decision Clarifies That The Availability Of Personal Data Without Authorization Does Not Configure Presumed Moral Damage And Reinforces Technical Criteria For Liability In The Scope Of Data Protection
The recent decision by the Fourth Panel of the Superior Court of Justice (STJ) reaffirmed that the sharing of consumers’ personal data without prior consent does not automatically grant the right to compensation for moral damages. The conclusion denied the appeal of a consumer who claimed that their information was made available by a credit score management company. This understanding opened a formal divergence in relation to the Third Panel, which in previous rulings adopted a stricter position and recognized presumed moral damage.
Legal Understanding Of The Fourth Panel Of The STJ On Personal Data
The decision analyzed a case in which a consumer claimed that name, CPF, nationality, voter registration, education level, presumed income, address, and phone number had been sold without their knowledge. However, the panel, following the vote of Minister Isabel Gallotti, understood that there is no automatic moral damage when there is no concrete proof of data leakage, illicit sharing, or misuse of information. The minister emphasized that, although the Positive Registration Law (Law 12.414/2011) does not authorize unrestricted data sharing, the mere availability of common information does not violate personality rights by itself.
Divergence Between The Private Law Panels
The Fourth Panel’s decision contrasts with rulings from the Third Panel, which in 2023 considered it unlawful to offer personal data to third parties consulting credit protection databases, establishing the presumption of moral damage. This difference should bring the matter to the Second Section of the STJ, responsible for unifying understandings of the panels specialized in Private Law, which may eventually define a more stable national parameter on responsibility in data protection. Additionally, the Second Panel, focused on Public Law, had already decided that data leakage by a public service concessionaire does not justify automatic compensation, reinforcing the need for concrete proof of harm.
-
77.2% of Brazilians support lowering the age of criminal responsibility and reinforce pressure for changes in criminal legislation in the country, a national survey indicates.
-
The law that many elderly people are still unaware of protects those aged 60 and over against abusive charges from banks, guarantees debt renegotiation, and prevents loans and credit cards from consuming their entire retirement pension.
-
Portugal approves Nationality Law: Brazilians from CPLP will have to live for 7 years to obtain citizenship (waiting for title does not count), rules tighten for children born in the country, Sephardim are excluded, and it awaits a decision from President António José Seguro.
-
Your neighbor is undergoing construction and debris has fallen on your property? This could lead to compensation and make the owner, responsible party, and construction company pay for the damages.
Concrete Case: Absence Of Proof Of Leakage
In the original process, the Court of Justice of São Paulo (TJSP) rejected, in 2022, the request for compensation for moral damages. According to the court, there was no demonstration of sale, undue disclosure, or irregular circulation of the data. Upon appealing to the STJ, the plaintiff insisted on the thesis that the damage would be presumed by the mere exposure of their information. The Fourth Panel, however, understood that the consumer did not prove any effective leakage, reinforcing that abstract allegations are not sufficient for recognizing moral damage.
Difference Between Personal Data And Sensitive Data According To The LGPD
Minister Isabel Gallotti also highlighted the legal distinction between two types of information:
Sensitive Data: related to racial origin, religious conviction, political opinion, health, sexual life, genetics, or biometrics.
Common Personal Data: ordinary information often used in registries and everyday platforms.
Only sensitive data receive a stricter legal regime, which did not apply to the case judged.
Technical Criteria For Configuring Moral Damage
For there to be moral damage, the panel highlighted essential criteria. The consumer must demonstrate effective sharing, misuse, and concrete harm to personality rights. Without these elements, liability cannot be sustained. The decision reinforced that there is no presumed damage, as the legal order requires objective proof of the alleged damages.
Legal Repercussions And Possible Proceedings
The divergence between the panels will be analyzed by the Second Section, which will decide which interpretation should prevail. The definition will therefore ensure legal stability and guide the actions of companies that handle personal data. Experts say that the standardization will prevent distortions in the application of the General Data Protection Law.
Position Of The Courts And Related Precedents
State courts have decisions that require concrete proof of damage to justify compensation. Some rulings recognize compensation when there is proof of misuse. Others, however, state that the simple presence of data in information banks does not characterize a violation.
Impact On The Relationship Between Consumers And Data Protection
The decision reinforced that consumers and companies must act with transparency and adequate documentation. The interpretation of the Fourth Panel will therefore require more rigor, more caution, and more precision. Data protection will continue to be a central theme, and jurisprudential evolution will define new limits and new responsibilities.
Given this internal divergence in the STJ, to what extent can new judgments redefine responsibility for leakage and sharing of personal data in Brazil?
-
-
2 pessoas reagiram a isso.