The National Data Protection Agency (ANPD) does not yet exist, and even if it did, would be prohibited from penalizing companies that do not comply with the General Data Protection Law (LGPD) until the end of August. However, this does not take away the freedom of lawyers to use the standard during the judgment of cases for private clients. And that is exactly what has just happened in the city of São Paulo (SP).
Cyrela, one of the largest real estate companies in Brazil, has just become the first company to be penalized under the terms of the LGPD. The company was accused of improperly sharing personal and contact details of its customers – whoever bought a property from the construction company was harassed by calls from partners offering planned furniture and the like.
Due to the decision of Judge Tonia Yuka Koroku, of the 13th Civil Court of São Paulo, the corporation will be obliged to pay an indemnity fine of R $ 10,000 – very light, we must observe -, with an additional R $ 300 for each contact that will be shared again in the future.
“It remains duly proven that the plaintiff was harassed by several companies for having signed a contractual instrument with the defendant for the acquisition of a stand-alone unit in a real estate development”, explains Tonia, adding that the client “had received contact from financial institutions, consortia , architecture and construction companies and furniture supply planned due to the fact that it acquired property from the defendant ”.
Cyrela tried to appeal, but in an informal exchange of messages between an employee of the construction company and the complaining customer, the company representative confesses: “We work with several partnerships to offer our consultancy in question the settlement of projects by some construction companies. I am not sure who passed your contact ”.
“The contract signed between the parties prescribed only the possibility of including the applicant’s data for purposes of insertion in a database (‘Cadastro Positivo’), without having been effectively informed about the use of the data for purposes other than those relating to to the legal relationship established between the parties ”, adds the judge. “However, depending on the documentary evidence indicated above, it was used for a different purpose and without the author having adequate information (art. 6, II, LGPD)”, he concludes.
Update: 09/30 at 5 pm
Cyrela contacted The Hack and sent us the following position:
Cyrela announces that she is aware of the decision made by the judge of the 13th Civil Court of the Central Forum and that her lawyers will take the appropriate legal measures. The company reinforces its commitment to excellence with its customers and for this reason it hired the best professionals to implement a broad program to comply with the General Data Protection Law with the development of training for all its employees and suppliers.
Source: Digital Convergence
See the original post at: https://thehack.com.br/ja-comecou-cyrela-e-a-primeira-empresa-a-ser-penalizada-pela-lgpd/?rand=48873
