DATA SHARING IN BRAZILIAN TELECOMS SECTOR SCRUTINISED
In a 8 February report, tech news site TecMundo reported that NET and Oi are offering internet plans to individuals that have registered for fiber optic internet on Vivo’s website but fail to meet Vivo’s location requirements. According to the report, the companies then share consumers’ contracts between each other using an open database.
IDEC said that a shared database of that deblockedion would violate several laws, and would help to explain “the exponential increase in the number of telemarketing calls” in the last year, which it said increased by 81% in 2018.
IDEC said that the practice violates the Consumer Defence Code, General Telecommunications Law, as well as the incoming General Law on Personal Data Protection.
Vivo told TecMundo that it does not share clients’ personal data with third parties, while Oi and NET both said they comply with telecoms laws and regulations.
Ricardo Barretto Ferreira, a partner at Azevedo Sette Advogados in São Paulo, told GDR that the companies are likely to face scrutiny from multiple regulators.
“Public prosecutors and consumer protection agencies are concerned about being proactive in terms of data leakages and unauthorised data use in this new data protection climate … so one may expect that multiple investigations could occur”.
He added, however, that the operators may be able to provide valid justification for their data practices. He said that if the allegations prove to be true, the companies are likely to negotiate compliance agreements with the agencies, as they could otherwise face penalties under telecoms regulations and the consumer protection code.
Gustavo Artese, a partner at Viseu Advogados in São Paulo told GDR that as Brazil does not yet have a data protection authority, Brazil’s complex ecosystem of consumer protection agencies will deal with the matter.
He added that IDEC is showing that it will be vigilant. “Since data protection has to do as much with reputation as it does with fines and regulatory enforcement, it is one more point of attention for data controllers and other stakeholders.”
Patricia Marta, a partner at TozziniFreire in São Paulo, told GDR that if it comes to light that companies have been sharing their customer databases, IDEC is likely to file a class action claiming preliminary injunction and compensation for moral and material damages.
Marta added that Brazil’s highest consumer protection authority – the Federal Consumer Protection Agency – may consider launching an investigation given the current focus on data protection in Brazil.
“Data protection is the subject that consumer protection entities and public authorities in Brazil are talking about. The new secretary of the consumer protection agency said he will pay attention to big tech companies and is interested in how they will interact with the data protection agency.”
Vivo, Oi and NET did not respond to a request for comment.