/>
X

Brazil sees first lawsuit after introduction of data protection regulations

Real estate firm Cyrela has been ordered to pay compensation after sharing a customer's personal details with partners.
angelica-mari-author.jpg
Written by Angelica Mari, Contributing Editor on

Brazil has seen the conclusion of the first lawsuit where the final ruling was based on the General Data Protection Regulations, which have been introduced in the country last month.

The case involves Cyrela, one of the largest real estate companies in Brazil, and was initiated by a customer who bought property from the firm and successfully demonstrated that he had been harassed by various companies from the Cyrela partner ecosystem, offering services ranging from loans to furniture and architecture services.

As a result, a São Paulo court has ordered the company to pay 10,000 reais (US$ 1,759) in compensation for sharing that particular customer's personal information without authorization. In addition, Cyrela will have to pay 300 reais (US$ 52) for every contact that is shared in the same way. Cyrela could not explain how the customer's details had been forwarded on to these companies.

In a statement, the company said "it has hired the best professionals available to roll out a far-reaching program to comply with the General Data Protection Regulations, including training for all staff and suppliers."

Brazil's data protection regulations have been sanctioned by president Jair Bolsonaro on September 18, after nearly a month of uncertainty over the actual go-live date of the rules.

The regulations prohibit illicit or abusive processing of personal data from a specific person or a group to support business decisions, public policies, or the performance of a government agency. Sanctions for non-compliance range from warnings to daily fines of up to 50 million reais (USD 9.2 million), in addition to a partial or total suspension of activities related to data processing.

The interpretation of what can be deemed non-compliance with data protection laws is currently down to individual courts. When the regulations were created in 2018, it was decided that an agency would be responsible for enforcing the rules. However, the National Data Protection Authority, which is set to include members from industry, academia and national Internet governance bodies, still needs to be formed.

Related

Period tracking apps are no longer safe. Delete them
The best Tech inventions of all time 3 Science ZDNet

Period tracking apps are no longer safe. Delete them

Security
The 5 best pressure cookers of 2022
replace-this-image.jpg

The 5 best pressure cookers of 2022

Kitchen & Household
A business tried to use a 50% price hike as a recruitment tool. It didn't go well
fist-raised-success.jpg

A business tried to use a 50% price hike as a recruitment tool. It didn't go well

Business