30 Sep Claro S.A. has been convicted for personal data violation
By Fabio Vieira and Gabriela Tchalian
Although still in formation, caselaw on privacy and data protection has just received a new precedent, Civil Appeal No. 1010253-75.2020.8.26.0019, decided on February 1, 2022, in the District of Americana, São Paulo.
The plaintiff (“Plaintiff”) is a natural person, whose name will not be revealed for identity preservation as well as due to the case running in secret of justice. It refers to a consumer relationship, with Claro S.A. (“Claro”) as the defendant in the lawsuit.
The Plaintiff has stated that, on September 16, 2020, she pleaded to Claro for the confidentiality of her information and application of “verification in two stages” procedure. This procedure consists of requesting information that only the parties would have access to validate the identity of the Plaintiff in further contacts with the company.
However, on October 8, 2020, Claro was contacted by a third party, who obtained the Plaintiff’s consumption invoice, which contained its registration data.
Because of that, the Plaintiff reported to have been sought by her former partner’s father in her own residence. It is relevant to point out that, against said ex-partner, Plaintiff has a preventive measure.
Finally, she claimed that Claro’s response sent to the National Telecommunications Agency (“ANATEL”) regarding the incident is recognition of failure in the provision of service and demanded moral damages compensation in the amount of fifty (50) minimum wages.
In response, Claro argued that (i) the misuse of Plaintiff’s personal data or access by her former partner had not been proven; (ii) it values the quality and security of its customers’ information; (iii) the claim of data leakage would be hypothetical, based on mere assumptions; (iv) its own response to ANATEL did not constitute confession; and (v) there was no damages to be paid.
On May 18, 2021, a decision was issued by the first-degree judge Gilberto Vasconcelos Pereira Neto, which dismissed the indemnity claim and ordered the Plaintiff to pay costs, procedural expenses, and attorneys’ fees.
The Plaintiff appealed, having its appeal known by the 37th Chamber of Private Law of the Court of Justice of São Paulo, under the rapporteurship of Judge José Wagner de Oliveira Melatto Peixoto.
Following the rapporteur’s vote, the appeal was partially granted.
The rapporteur understood that it would be up to Claro to ascertain and prove the identity of those who contacted it on October 8, 2020, as it is a consumer relationship, according to articles 6th, VIII, of the Consumer Protection Code; 373, II, of the Code of Civil Procedure; and 42, §2nd, of the General Data Protection Law (“LGPD”). However, the company did not fulfill its responsibilities.
It was therefore determined that there was a violation of confidentiality of Plaintiff’s personal data, in breach of article 2nd, I, LGPD, and a provision of defective service.
Consequently, compensation was understood to be appropriate and defined by (i) the circumstances and extent of the damage; (ii) the principles of disincentive, proportionality, and reasonableness; (iii) prohibition of illicit enrichment.
Claro may still be required to appear before the Consumer Protection and Defense Foundation of São Paulo (“Procon-SP”) and the National Data Protection Authority (“ANPD”) for the same fact.
It is remarkable that data protection was granted even in a case dealing with registration data only, departing from the worrying trend of a few precedents issued in 2020 that considered that there was moral damage only in violation of sensitive personal data.
This article is intended exclusively to provide information and does not contain any opinion, recommendation or legal advice from KV Advogados in relation to the matters herein addressed. Copyrights are reserved to Kestener & Vieira Advogados.
No Comments