Earlier this month, the Brazilian Data Protection Authority (ANPD) dished out its first fine ever, issued against Telekall Infoservice, a telemarketing company, for carrying out practices that are not in line with the general data protection law (LGPD).
In short, the general coordinator in charge of the proceeding understood that Telekall did not observe the provisions in both Article 7 of the law (or failed to adequately make use of a valid legal basis for processing personal data) and Article 41, which outlines the obligation to designate the Brazilian version of a data protection officer.
Though the process for penalizing companies had already started — the ANPD had publicized its ongoing processes at the end of May, as well as created specific norms for how sanctioning should be carried out and what the sanctioning guidelines would look like — this was the first concrete outcome, and one that sets the stage for the future.
This development is relevant for a variety of reasons. First, for its symbolism. It is, after all, the first ANPD fine.
The ruling is also important for how it can inform cases in the future. Though guidelines have been issued, it is helpful for data processors to...
Search
