Brazil case against Google raises issue of commercial use of personal data

Gmail Screen

5 December 2016. By Carolina Guerra.

A court case involving Google’s use of personal data to target advertising to users raises a new question in Brazil: To what degree should Internet users be aware of the commercial use of data that they supply to online services?

Federal prosecutor Alexandre Assunção e Silva in November authored a complaint against Google stating that the company scans users’ Gmail messages in order to target advertising without gaining users’ full authorization.

The prosecutor from Piauí state says that Google should seek clearer permission from its users, and he is seeking an injunction to prevent Google from using that information while a ruling is pending. He is also seeking a fine of 1 million reais ($274,000).

“The Gmail user only agrees, in a general manner, with the privacy policy of the company, without a specific and express consent regarding the use of his/her personal data,” said the complaint from Silva.

This, according to prosecutors, breaches the country’s civil Internet law, which allows information to be collected for commercial purposes only with express consent.

“People don´t know that Google will scan their information, and therefore that consent should be clear.… The action aims to defend the right of users,” Silva told MLex in a recent interview.

He said such rights are “inalienable, imprescriptible and cannot be waived” by an individual.

Silva said his office is available to establish an agreement with Google aimed at adapting its practices to the Brazilian Internet law.

Google, according to the complaint, told prosecutors that “the analysis of the content comes from the need to optimize the experience and increase protection of Gmail users, to filter undesired messages such as spam, phishing, viruses and other malware.”

The tech giant also said it uses scanning to offer products and ads that are relevant to users.

Google told MLex it does not comment ongoing cases.

Data privacy

The complaint against Google is understood by some members of Brazil´s digital regulation community as a step toward discussions promoting increased transparency for users, who rarely read terms and conditions before subscribing to an online service.

The current procedures, critics say, neglect users’ full rights to know what is done with their data.

There could be alternatives for those who choose not to share their data, such as the offer of a more restricted e-mail service or even paying for an e-mail account.

On the other hand, it is difficult to empower users who will click on a user agreement without reading it, so it could be more appropriate for privacy policies to be mandated by the government or courts.

The Google case in Brazil is only an initial foray into complex issues of privacy that have been dealt with in more depth elsewhere.

For example, there is no general consensus on how sensitive user information should be used to offer advertising on health matters or religious issues. Authorities must consider how essential a technology service is before taking aggressive regulatory measures.

And the authorities must familiarize themselves with other tech-related issues.

In March, Facebook Vice President Diego Dzodan was taken into Brazilian Federal Police custody for a couple of days because the company refused to provide data about a criminal suspect’s confidential WhatsApp communications.

WhatsApp told the Brazilian authorities that it could not comply because its US-based servers do not keep a record of a communication once it is delivered. The Brazilians, who shut down WhatsApp for 12 hours in December last year, decided to arrest Dzodan.

Unlike some European countries, Brazil has no authority to deal with data protection, but the case against Google, which is being handled by federal Judge Márcio Braga Magalhães, will offer some clarity on the future direction of the country’s privacy regulation.

*MLex translation from Portuguese