Increase in complaints expected now that Brazil data protection law is effective, consumer secretary says

More complaints against data-privacy violations are expected to pop up in Brazil as society's awareness increases over data-privacy rights, Brazil's consumer secretary told MLex in an interview.

“Many consumers have difficulties in understanding what their rights are. But this situation tends to get better with the incorporation of the values and principles established by the data protection law” that took effect recently, said Juliana Domingues of the National Consumer Secretariat, or Senacon.

"An increase in the number of cases is expected not because companies will engage in more violations — they actually tend not to do that — but because consumer awareness will increase over the use of their data without their consent," she said.

Domingues said the same thing happened when the Administrative Council for Economic Defense, or CADE, launched its leniency program in 2011. She said there was a gradual increase in the number of investigations as people's awareness of illegal anticompetitive conduct increased.

"Society will understand that their privacy rights must be preserved so naturally the number of complaints tends to increase,” she said.

The Brazilian General Law for Data Protection, or LGPD, has been effective since Sept. 18, but the establishment of a new data protection authority is still pending.

The Senate last week approved five board appointees made by President Jair Bolsonaro for the National Data Protection Authority, or ANPD. The ANPD will be in place when its president-director, Waldemar Gonçalves Junior, takes office.

Domingues said ANPD early on will probably give companies time to develop data-protection mechanisms and “incorporate a culture of respect to the new law.” She said larger companies in general are more prepared to comply with the LGPD.

“Many companies, mainly larger ones that are listed on the stock exchange, have already been adapting to the new law as a matter of governance, compliance and reputation,” she said.

Domingues said the Consumer Defense Code and the Internet Civil Framework both to some extent already hold companies accountable for improper handling of personal data.

"From Senacon's point of view, the Consumer Defense Code establishes the need [for companies] to respect consumer data. So any sharing of consumer data already was a violation of this code,” she said.

— Convergences —

The consumer secretary pointed to the need to establish a dialogue among all government authorities that deal with data protection issues, citing ANPD, Senacon and the Public Prosecution Service.

“It is absolutely necessary that there is technical cooperation between authorities that deal with data protection subjects,” she said. “The ANPD will be the central body for the interpretation of the LGPD, and the establishment of rules and guidelines for the law's implementation.”

“Senacon will obviously collaborate so that the environment is increasingly safe, and so that society is duly informed about the form of analysis that will be carried out by us,” Domingues said.

— On the radar —

Domingues said Senacon is keeping a close eye on digital platforms’ treatment of data during the pandemic, especially for advertising purposes. She said the number of complaints has increased significantly lately and attributed this to an increase in the use of digital platforms.

The secretary also said Senacon is analyzing how banks are sharing customer data while Brazil implements a new open banking regulation allowing all market agents in the financial sector to have access to the same client database.

“We are monitoring all these issues to minimize the negative effects on the consumer in order to make the digital environment more secure,” the secretary said.

Domingues said Senacon currently has 34 ongoing cases involving digital markets, and 25 involving specifically data protection issues.

"These [data privacy] cases are our priority. They involve data leaks, data sharing without consumers' consent and use of consumer data for advertising purposes," she said.

The last fine imposed by Senacon involving data privacy was in August against Brazilian textile and retail clothing company Hering, which was using facial recognition on clients without their consent, Domingues said.

— International cooperation —

Domingues said that on Sept. 25, Senacon signed an accord with the US Federal Trade Commission to join Econsumer, an international platform for reporting fraud and scams in cross-border consumer relations.

Econsumer allows authorities to work together to combat international scams that affect consumers in different jurisdictions. The platform also presents statistics that guide public policies aimed at consumer protection.

Domingues said that without the Econsumer platform, it would be very difficult for Senacon to identify transnational frauds.

"Today, we have an environment driven by algorithms and advertisements that often come with information that is very harmful to consumers, especially those who have difficulty understanding the language. So this platform is very important because it will help us map these consumer conflicts that are international,” Domingues said.

She also pointed to the importance of Brazil joining Econsumer. “Global trade is a reality ... and for this reason we understand that Brazil's participation in this platform is also essential as an active actor in international issues,” she said.

Domingues said Senacon recently joined a consumer protection committee at the Organization for Economic Cooperation and Development, where it has been discussing digital-market and data-protection matters.