03 Jun VIVO, TELECOMMUNICATIONS COMPANY, IS CONDEMNED FOR DATA PROTECTION FAILURE
By Fabio Alonso Vieira, Flávio A. Spegiorin Ramos, Carolina Barbosa Cunha Costa and Eduarda Mourad Baldavira
The Court of Justice of the State of São Paulo (“TJSP”) unanimously condemned the telecommunications company Vivo to indemnify a user for failure to protect his personal data for R$ 10,000.00(ten thousand reais)[1].
The user alleged that Vivo did not act to protect his personal data because his ex fiancée called the operator and obtained personal and confidential data about the titularity of his telephone line account, which caused a serious crisis in their relationship, leading it to the end.
The owner of the telephone line argued that his ex-fiancée had pretended to be his mother in order to request his personal data. In the dialogue made available in the records, the ex-fiancée claimed to the attendant that the line that belong to her “son” was presenting problems and, while the matter was being handled, she decided to ask if the owner of the line would be only him or if it was also in her name. At this moment, the attendant asked only the name of her “son” and confirmed that he was the owner of the account, without asking for any other information to ensure the security of the owner’s data.
In the lawsuit, the owner of the telephone line claims that the telephone operator Vivo would have violated articles 2, items I and IV, and 17 of the Brazilian Data Protection Law (“LGPD”), when providing information without even certifying who the operator was talking to.
At first, the action was dismissed. The judge had understood that the ex-fiancée already had all the user’s personal data, condemning the owner for bad faith.
However, in the second instance, the TJSP decided unanimously to sentence Vivo, considering critical the sharing of the owner’s data done without authorization and consent with the ex-fiancée. The Reporting Judge Luiz Guilherme da Costa Wagner expressed concern about the conduct adopted by the telephone company, because – if not changed – “it will allow criminals to easily be able to access information that should not be public”.
It is expected that the Judiciary will increasingly deal with situations similar to this one, in which the obligations and limits of companies are discussed in relation to the universe and rights of protection of personal data.
Cases like this also serve as a paradigm to guide the market and improve the best practices of companies that collect, store, treat and deal with their customers’ personal data on a daily basis.
This article is intended exclusively to provide information and does not contain any opinion, recommendation, or legal advice from KV Advogados concerning the matters herein addressed. Copyrights are reserved to Kestener & Vieira Advogados.
[1] Superior Court of São Paulo. Civil Appeal No. 1065936-51.2020.8.26.0002. 34th Chamber of Private Law. Reporting Judge L.G. Costa Wagner. Date of Judgment: February 21, 2002.
No Comments