Brazil’s Federal Prosecution Office in São Paulo entered as co-plaintiff in a lawsuit against Serasa Experian, a massive credit protection agency. Prosecutors want the company to pay compensation for the 223 million people whose private data was leaked in 2021.
The lawsuit, initially filed by Sigilo, a nonprofit data privacy advocacy group, accused Serasa Experian of selling personal information about citizens (both dead and alive) on its database — going against multiple court decisions barring such activity. Private data, prosecutors now say, “continues to be sold by the company over the internet, creating a vulnerable environment that is prone to fraud.”
The list of information allegedly exposed includes people’s purchase history, email addresses, social security and tax information, their income, and even credit and debit card numbers.
Sigilo and the Federal Prosecution Office argue that each person affected should be granted compensation of BRL 30,000 (USD 6,000). Serasa should also be fined a value of up to 10 percent of its annual revenue in 2022 — but the amount should not be lower than BRL 200 million.
The lawsuit also asks courts to force the National Data Protection Authority to initiate and conclude, in up to six months, procedures against Serasa Experian. Prosecutors say the agency neglected its role as a watchdog.
The plaintiffs also demand that Serasa Experian notify the people who had their data leaked and publicly explain what motivated the security flaws. The company will also have to permanently end the commercialization of people’s information and improve its data protection mechanisms.
Prosecutor Karen Louise Jeanette Kahn says that each person whose data was leaked should also be allowed to “file individual lawsuits to ask for damages if the situation remains to their disadvantage, notably in cases involving possible violations of their honor and private life.”
Serasa Experian denies irregularities, adding that it obeys Brazilian privacy laws, and that the leaked data did not come from its database.Sigilo is also behind a lawsuit that sentenced the Brazilian government to pay BRL 15,000 (USD 3,000) to 3.7 million beneficiaries of the Auxílio Brasil benefit scheme. The leak was first exposed by The Brazilian Report in October 2022.
Search
