Matt Thompson
02 May 2018
Brazilian public prosecutors suspect mobile phone service provider Vivo may have unlawfully allowed advertisers access to personally identifiable customer data.
In an administrative investigation launched on 2 April, public prosecutors at Brazil’s Federal District public prosecutors (MPDFT) said Telefónica-owned Vivo could be breaching data protection laws by failing to allow customers to object to their data being used for advertising, and that neither Vivo’s service contract nor its privacy policy informs customers that their information could be used for this purpose.
Prosecutors claim that the geolocation and browsing history data Vivo offers to advertisers could reveal if a customer was, for example, undergoing medical treatment. Frederico Meinberg Ceroy and Paulo Roberto Binicheski are leading the investigation.
Brazil still lacks a general federal regulation of data protection, but under the country’s internet law, internet service providers like Vivo must inform customers of how their data is processed and give them an opportunity to object.
In a statement, Telefónica denied any suggestion that Vivo has acted inappropriately, claiming that it complies with all current legislation, and that it is possible for customers to view its guidance on how customer data is used in its privacy policy.
There are three possible outcomes to the investigation: the prosecutors could close the case without charge, Vivo and the prosecutors could negotiate a settlement, or the prosecutors could file a class action lawsuit. In Brazil, public prosecutors commonly use class action lawsuits in consumer protection cases.
Azevedo Sette Advogados partner Paulo Brancher said the case illustrates that “public prosecutors and… companies often have completely different views and interpretations of the law”.
Brancher said there is an “urgent need” to enact a federal data protection regulation and establish a data protection authority to “bring more clarity and create certainty”. There are currently no proposed bills before Brazil’s congress seeking to set up such an authority, he said. Bills of law currently in Brazilian congress do not stipulate the need for a federal data protection authority.
Neither Telefónica nor the MPDFT immediately responded to requests for comment.
This story was written for Global Data Review, a new service by Latin Lawyer’s publisher, Law Business Research.
https://latinlawyer.com/article/1168860/vivo-misusing-customer-data-say-brazilian-prosecutors?utm_source=Law%20Business%20Research&utm_medium=email&utm_campaign=9436632_Latin%20Lawyer%20Headlines%2002%2F05%2F2018&dm_i=1KSF,5M9CO,9GPGR9,LU39O,1