Stalking: A little less than 2 months ago, Law No. 14.132/2021 included in the text of the Penal Code the crime of persecution, typifying the conduct commonly referred to by the term, in English, stalking. The new penal type consists of “persecuting someone, repeatedly and by any means, threatening their physical or psychological integrity, restricting their ability to move or, in any way, invading or disturbing their sphere of freedom or privacy”.
Upon denunciation by the victim, the offender may be sentenced to imprisonment, from 6 months to 2 years, and a fine. The penalty may be increased by half if: the act is committed against a child, teenager or elderly person; against women for reasons of gender condition; if practiced by two or more people; if committed using a weapon.
With this legislative innovation, Brazil is equal to countries like France, Italy, Germany, India, Netherlands, Canada, Portugal and the United Kingdom, whose criminal laws also consider the practice of “stalking” as criminal.
It is noteworthy that crime often takes place through virtual means (cyberstalking), in which the stalker uses technology to amplify acts of persecution, such as sending messages via social media tools. There are even cases of applications that are developed with the aim of supporting similar practices, allowing, for example, the user to monitor the times when the person who is the target of persecution remains online or monitors their activities.
There are also applications that originally would have been designed for legitimate purposes, such as the monitoring of the child’s online activity by the parent or guardian, but which end up having its use distorted by stalkers.
This distortion of the purpose of a technological tool, a phenomenon known as “function creep”, in parallel with the possibility of criminal reprimand for the conduct of users, can lead to reputational consequences for organizations responsible for improperly exploited technology.
Black Mirror of real life
For example, in 2012, two large tech companies had to respond publicly because of the emergence of an application, developed by a third-party company, called Girls Around Me (in free translation: “girls around me”).
In short, the application extracted and combined data from social media platforms and then displayed the profiles and location of females who would have registered their presence online in establishments close to the user (an act known as “checking in” ).
On the app’s download page, it was announced: “Girls Around Me is a revolutionary ‘scanner’ that transforms your city into a dating paradise”. However, unlike what happens on normal dating platforms, the girls displayed in the app had no idea of the existence of the tool, and the creation of their profiles was totally involuntary and not communicated.
In this context, there was a lot of discussion at the time to what extent the existence of the application would represent a legal violation. Arguments arose that, once women made public the data in their profiles on the social media consumed by the application, the mere organization and availability of such information does not constitute any irregularity.
This apology is an adapted version of the sayings “she was asking”, an absurd and unreasonable attempt to justify abuses by attributing guilt to the victim that should never be attributed to him. Although the data that fed the platform were, in fact, originally made available by women on social media profiles, this does not mean that the application could freely explore such information, even more in the intended way, by packaging and providing it in a timely manner. way to almost encourage the commission of criminal practice. No wonder the episode yielded the need for explanations and culminated in the removal of the application from virtual stores.
In any case, regardless of the discussion about the legality of Girls Around Me, the event serves as a warning to technology companies in general, whose solutions can be used tomorrow to support projects by unorthodox developers, so to speak, and generate the need for explanation of the lack of measures to avoid this deviation of purpose.
Therefore, it is worth remembering that, when developing technology, organizations must measure the possible impacts on privacy from the outset (an approach known as “Privacy by Design”), asking “what if?” for possible abuses that may be practiced by the various potential users, thus avoiding the occurrence of “function creep”, which can have serious reputational consequences. Increasingly, organizations must be able to demonstrate that they promote and care for the lawful, but also fair and ethical use of the personal data entrusted to them.