Does the Confidentiality Agreement meet the requirements of LGPD?

Lawyers are often asked about the scope of protection of the confidentiality of personal data in the execution of a Confidentiality Agreement and whether such protection would supersede the need to comply with the LGPD Policies, i.e., whether the execution of a Confidentiality Agreement would confer to the parties the obligation to comply with the LGPD.

It is important to distinguish the nature of the Confidentiality Agreement, which is linked to the parties' will regarding the protection of a certain secret, from the protection conferred on personal data by the General Data Protection Act ("LGPD").

Not every Confidentiality Agreement is specifically linked to the exchange of sensitive personal data, which is the object of protection regulated by the LGPD, and if this were the case, it would be necessary to obtain the consent of its holders for this purpose. Thus, although the Confidentiality Agreement deals with secrecy and restriction on the disclosure of information, it is established by an obligatory relationship freely adjusted between the parties involved, which, by itself, does not include all the provisions of the LGPD.

The Confidentiality Agreement, usually referred to by its acronym NDA (Non Disclosure Agreement), is a contract that seeks to protect industrial or commercial secrets, as well as information that the parties consider to be confidential and that will eventually be transmitted due to the particular circumstances of the business to be contracted. The intention, in this case, is the protection of circumstances pertaining to the legal business to be entered into.

The Confidentiality Agreement may be signed by means of a separate contract or be contained in a clause of a contract whose main object deals with a different obligation, in both situations with the imposition of penalties between the parties in case of non-compliance.

The LGPD establishes the legal responsibility in the protection of natural persons' data, contemplating the rules on the collection, storage, handling, and processing of the data to which it has access, whether digital or physical, and has as one of its main purposes the security in legal relations, through the reestablishment of the trust of the data holder regarding the possibility of assigning and making his data available.

In summary, the Confidentiality Agreement does not imply data protection by the LGPD and, even if in the Confidentiality Agreement the contracting parties do not establish as confidential their personal data, the LGPD will bring the protection precepts that, in turn, may not be the same as the data that will deserve secrecy in accordance with what was adjusted by the parties in the Confidentiality Agreement.