Lauren Morris
25 February 2019
Brazilian telecoms companies Vivo, NET and Oi could face regulatory and legal action if the country’s main consumer protection organisation confirms reports that they share customer databases, observers have said.
The Brazil Institute of Consumer Defence (IDEC) announced on 12 February that it had asked the telecoms companies to clarify reports that they share customer data with each other.
In a 8 February report, tech news site TecMundo reported that NET and Oi are offering internet plans to individuals that have registered for fiber optic internet on Vivo’s website but fail to meet Vivo’s location requirements. According to the report, the companies then share consumers’ contracts between each other using an open database.
IDEC said that a shared database of that description would violate several laws, and would help to explain “the exponential increase in the number of telemarketing calls” in the last year, which it said increased by 81% in 2018.
IDEC said that the practice violates the Consumer Defence Code, General Telecommunications Law, as well as the incoming General Law on Personal Data Protection.
Vivo told TecMundo that it does not share clients’ personal data with third parties, while Oi and NET both said they comply with telecoms laws and regulations.
Ricardo Barretto Ferreira, a partner at Azevedo Sette Advogados in São Paulo, told Latin Lawyers sister publication Global Data Review that the companies are likely to face scrutiny from multiple regulators.
“Public prosecutors and consumer protection agencies are concerned about being proactive in terms of data leakages and unauthorised data use in this new data protection climate … so one may expect that multiple investigations could occur”.
He added, however, that the operators may be able to provide valid justification for their data practices. He said that if the allegations prove to be true, the companies are likely to negotiate compliance agreements with the agencies, as they could otherwise face penalties under telecoms regulations and the consumer protection code.
Gustavo Artese, a partner at Viseu Advogados in São Paulo told Global Data Review that as Brazil does not yet have a data protection authority, Brazil’s complex ecosystem of consumer protection agencies will deal with the matter.
He added that IDEC is showing that it will be vigilant. “Since data protection has to do as much with reputation as it does with fines and regulatory enforcement, it is one more point of attention for data controllers and other stakeholders.”
Patricia Marta, a partner at TozziniFreire Advogados in São Paulo, says that if it comes to light that companies have been sharing their customer databases, IDEC is likely to file a class action claiming preliminary injunction and compensation for moral and material damages.
Marta added that Brazil’s highest consumer protection authority – the Federal Consumer Protection Agency – may consider launching an investigation given the current focus on data protection in Brazil.
“Data protection is the subject that consumer protection entities and public authorities in Brazil are talking about. The new secretary of the consumer protection agency said he will pay attention to big tech companies and is interested in how they will interact with the data protection agency.”
Vivo, Oi and NET did not respond to a request for comment from Latin Lawyers sister publication, Global Data Review.
This article was originally published in Latin Lawyers sister publication Global Data Review on 21 February.
https://latinlawyer.com/article/1180655/data-sharing-in-brazilian-telecoms-sector-scrutinised