A trial held a few weeks ago drew much attention for involving the terms of the General Data Protection Law (LGPD). In the case, a consumer stated that their personal data had been shared without their authorization.
As a result of such information being shared, the plaintiff claimed to having received unwanted messages, via e-mail and SMS, in addition to unwelcome phone calls.
The São Paulo Court of Justice determined that the data leakage had occurred and sentenced the defendant company to provide information concerning the entities with which it shared the data, under penalty of daily fine of R$500.
According to an article of the Valor Econômico journal, the reporting judge on the case, court of appeals judge Alfredo Attié, reported that “the doctrine has been defining active or proactive liability, case in which it is not enough for companies to comply with the articles in the law, it will be necessary to display the adoption of effective measures capable of demonstrating the observance and compliance with the personal data protection rules and, also, the effectiveness of such measures”.
That was a groundbreaking decision that complied with the LGPD principles. The trial factored in the companies’ obligation and valued responsibility towards consumers’ data.
Written by Marcos Ferreira, Content Assistant at Drummond Advisors