Colombia's Rappi targeted in Brazilian preliminary probe into improper use of clients’ data

The Brazil unit of Colombian on-demand delivery startup Rappi has been targeted in a Brazilian preliminary probe into its use of clients' data to analyze purchasing trends, according to a document seen by MLex.

In a short document dated Jan. 8, the national consumer protection agency asked Rappi Brasil Intermediacao de Negocios whether and how it obtains users' consent before using their data. Rappi has 10 days to respond.

The probe is being led by the Department of Consumer Defense and Protection (DPDC) from the National Consumer Secretariat, or Senacon — an agency of the Ministry of Justice. Senacon's DPDC opened the preliminary probe following a Jan. 6 Reuters report that "Rappi doesn't transfer individual customer data to merchants linked to its system but just looks at buying trends."

Questions from the DPDC to Rappi include whether the company obtains consumers' consent to process their data and, if so, for what purpose is the data is processed. The DPCD also asked how exactly users' consent is obtained.

The DPDC also asked Rappi to demonstrate that its user-consent process conforms with Brazil's Internet Bill and the Consumer Defense Act, and whether and for what purpose Rappi provides consumer data to any other entity.

Rappi didn't respond to MLex's request for comment.