A defesa do consumidor e o Personal Data Breach: A adoção de uma norma no Mercosul à luz do regulamento geral de proteção de dados da União Europeia

Abstract

The present dissertation aims to analyze the feasibility of adopting a legal rule within MERCOSUR, in the light of the General Data Protection Regulation of the European Union (GDPR), which defends consumers against breaches of personal data. The research problem that will guide the dissertation refers to: under what conditions would it be possible to adopt a MERCOSUR norm to protect the consumer against personal data breach, in the molds of the RGPD? It is worked with the hypothesis that such normative mirroring is possible in the current scenario of MERCOSUR. It is believed that the possible conditions to obtain success lie in the fact that there is (i) a lack of legislation within MERCOSUR regarding the protection of personal data, while there is a strong regional and international trend towards creation of legislations and standardization of this theme; and (ii) the relative compatibility of technical criteria of the personal data protection laws of the MERCOSUR States Parties with each other and with the RGPD to facilitate a process of legislative harmonization. The approach method used in the dissertation was qualitative and applied research; the method of procedure was normative, descriptive and comparative research; and the research technique was bibliographic and documentary. The results of the work are satisfactory in demonstrating greater than expected compatibility of technical criteria in Member States' personal data protection laws and, concerning MERCOSUR legislative production, by showing a promising record of legislative harmonization in the areas of consumer and e-commerce law, although beginner regarding to the protection of personal data. The sum of these findings positively signals that the adoption of, within MERCOSUR, a GDPR-based protective norm is viable, and shall facilitate the processing and circulation of personal data, reduce personal data breaches and strengthen consumer protection. At the end, there is a treaty proposal presented for this purpose.