We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Brazil issues £900,000 privacy related fine to Brazilian telco provider

1 September 2014

On 23 July 2014 the Brazilian Department of Defence and Protection of Consumers (DDPC) issued a fine in the amount of Brazilian Reais 3.5 million (equivalent of approx. £900,000) to TNL PCS S/A., the company operating the Brazilian's massive telecommunication brand Oi (which means "hello" in Portuguese) for unfair commercial practices with regards to the privacy of its users.

Despite the timing of this fine, it was not issued under the newly approved Internet Bill of Rights.

The fine was issued in accordance with the rules set out in the Brazilian Consumer Protection Code, and the facts go back to 2010, when Brazilian TNL and the British company Phorm (through its Brazilian operation) developed the software tool Navegador (which can be translated to English generally as seafarer or, web specific, browser).

Apparently Navegador collected traffic data from users of Oi in order to create profiles which were then sold for marketing usage. Moreover, it is also alleged that Navegador would redirect users' online traffic to facilitate the creation of the profiles.

The DDPC argues that consumers were not informed about what was being done with their personal information, and also that redirecting online traffic to create the profiles would be in breach of internet standards such as the rule of neutrality.

The feedback from Brazil's media is that TNL will appeal or has appealed this fine, arguing that Navegador has not been in use since 2013 and even then it was only used with specific pilot users who were fully informed of what was happening with their personal information.

Even though this fine was not issued under the recent Internet Bill of Rights, it does seem that this is a crucial decision which sets the tone for the future of Brazilian's privacy enforcement.

It could also mean further investigative action in the UK, if the ICO decides that the practices mentioned by the DDPC in Brazil are likely to have taken place in a similar fashion in the UK, especially as they apparently involve a British company.

This article was written by Robert Bond.

For more information contact Robert on +44 (0)20 7427 6660 or robert.bond@crsblaw.com