Companies must delete customer personal data and stop sending messages

mimmim

In order to verify whether the General Data Protection Act has been violated, Judge Thomaz Carvalhaes Ferreira of the 7th Civil Court of Ribeirão Preto (SP) ordered a company to stop sending advertising messages to customers and to inform all personal data in the file. Store and delete them within 10 days , with a daily fine of R$500 for a period of 30 days.

reproduction
Replication companies must delete customer personal data and stop sending messages
The consumer said in the lawsuit that the company stored his personal data without Chinese Overseas America Number Data consent and sent weekly telemarketing messages to his personal cell phone. He further claimed that the company violated the LGPD by refusing to remove his name and phone number from its database or provide his personal information.

The magistrate held that this violated the provisions of the Consumer Protection Act and the LGPD. He stressed that the phone numbers included in the company's registration belonged to former customers, but despite the defendants being aware of the change in line ownership, they continued to send telemarketing messages and refused customers' requests to provide and delete their data. .

“This requirement relates to objective/active civil liability for misuse of personal data (Article 5 I LGPD) and requires data controllers and operators to take proactive action to properly safeguard and process third-party personal data, configuring whether there is harm as set out in the LGPD (Article 5 I LGPD) 42), arises only from the act and its causal relationship with the result,” he said.



According to the judge, the qualifications of the person responsible for data management are not included on the controller’s website and are not made available even after an appropriate administrative request, which is a clear violation of Article 41 paragraph 1 of the LGPD “as it renders the information processing inappropriate. The inability of the holder to receive complaints and take steps is only provided in the defense part of the case".

On the other hand, the judge rejected the client’s request for compensation for emotional distress. For Ferreira, although unauthorized data processing was configured, it was not sensitive information, and there was no improper transfer to third parties, devaluation of the holder, improper economic exploitation, restriction of personality rights or materiality of other rights. Reflection, etc., "solely for marketing activities and may be terminated simply by judicial decree."