Brazil: consumer data protection guide published

The National Data Protection Authority (ANPD) in joint work with the National Consumer Secretariat (SENACON) of Brazil have published the new guide "How to protect your personal data" within the framework of consumer relations.

The ANPD has started its first months in office on the right foot, just last year we inform that the Brazilian data protection law would come into force in May of this year and one of the reasons for its delay was the delay in the start of the ANPD's functions, however, they have managed to catch up quite quickly.

The guide in question deals with a very important issue in the field of personal data protection, which is its treatment in consumer relationships (which, we could say, is the most common scenario of mass data processing). It happens that a consumer must give his personal data to the supplier of the goods or services, precisely so that this consumption relationship can be carried out satisfactorily, however, it is very important to know what the supplier can do with this information, what is it? what the consumer can do in a scenario of infringement of their information, among others.

What should the consumer know about the information handled by the provider? As the guide: (i) who is collecting your information (business name), (ii) what data is actually being collected, (iii) that the information is being collected in order to deliver the product (and not with others, or if there are any, say what the other purposes are - such as the contact for subsequent promotions, for example) and (iv) if that information is given to a third party, such as if it is to the shipping company to deliver the order.

What should the agents that process personal data procure? (i) guarantee that the treatment is carried out on a legal basis, (ii) keep a record of the treatment operations, (iii) implement secure data storage and treatment systems, (iv) inform the holders of information about the violations security that may cause a relevant risk or damage, (v) repair the damage caused, (vi) give access to the personal data collected to the owner of the information, among others more indicated in the aforementioned guide.

From a consumer point of view, what can you do to protect your personal data? (i) enable encryption on disks and external media such as usb sticks, (ii) create strong passwords that include combination of characters, (iii) enable two-step password verification, mainly on cloud storage systems, (iv ) limit the disclosure of your personal data on the internet, among others indicated in the guide.

What if there is a violation of consumer rights? According to the guide, it is recommended to collect all the evidence of the event, emails, screenshots, among others. In the first instance, the company should be contacted and, failing that, the Consumer Protection Defense Authority or the ANPD.

- Advertising Notice-
Marilú Lazo
Lawyer from the Pontificia Universidad Católica del Perú (PUCP). Director of The Crypto Legal Blog, she has experience in corporate advice, consumer protection, as well as in matters of personal data protection and new technologies.


1,954Happy fans


*All fields are required
es Spanish