First Lawsuit over Alleged Violation of the LGPD Filed in Brazil
On September 22, 2020, Brazil’s Public Ministry of the Federal District and Territories filed the first public civil action based on the country’s General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”).
According to the lawsuit, a company based in the city of Belo Horizonte sells personal information, including names, e-mail and postal addresses, and SMS contact numbers, of about 500,000 individuals on its website. The company’s website also offers data segmented by profession. The Ministry alleged that company’s handling of personal information violated the LGPD and the right to privacy guaranteed by the Brazilian Constitution. The Ministry requested that the company refrain from disclosing, in a paid or unpaid manner, the personal information and sought a freezing of the website domain until a final judgment is issued by the court.
The LGPD took effect on September 18, 2020 and creates a new legal framework for the use of personal data in Brazil, replacing and/or supplementing a sectoral regulatory framework. The law, largely modeled on the European Union’s GDPR, deals with the concept of personal data, lists the legal bases that authorize its use, and provides various rights to data subjects such as access to data, rectification, cancellation or exclusion, opposition to treatment, right to information and explanation about the use of data.
Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653