Follow on Google News

Positive Registry Law complements CDC and LGPD in consumer protection

The bill that amends the CP law maintains the principles enshrined in international law and also used in the Consumer Protection Code, which turns 28 this month.

The Positive Registry Law (number 12.414/2011) reinforces the existence of the “fair information principles”, These principles are strong not only in Europe, but also in Canada and the United States, and are directly related to consumer databases. The principles of fairness in the processing of information include publicity, access or participation, integrity or security and redress.

These principles are set out in articles 5, 6 and 7 of the PC law. There is also the principle of purpose, which authorizes the use of data only for the purpose defined by the CP legislation itself. The bill (PLP number 441/2017), which amends the PC law to the model opt-out, automatic inclusion of the consumer with the possibility of withdrawal at any time, maintains these principles and is in line with the Consumer Defense Code, which turns 28 this month.

On September 11, 1990, the CDC, which regulates the relationship between consumers and suppliers of goods and services, was signed into law by then President Fernando Collor de Mello. The law was based on the guidelines defined by the United Nations Organization for consumer protection. Known in English as United Nations Guidelines for Consumer Protection, The document was first created in 1985 and has served as an inspiration not only for Brazilian legislation but also for that of many other countries.

The CDC, in article 43, enshrines the same principles available in the CP law. By publicity, we mean the consumer's right to be notified about the use of their personal information. Access or participation is the consumer's right to access their information in databases. Not only to consult it, but also to demand that this information be corrected. The fourth principle, integrity or security, stipulates that the information must be accurate. There can be no inaccuracy.

Finally, redress concerns ways of ensuring that the previous principles are respected. The CDC defines joint and several liability as an institute of responsibility, which means that all companies in the supply chain are equally responsible for repairing damage, regardless of whether they caused it, unless they can prove that the service was not defective or that the consumer or a third party was solely to blame.

PLP 441/2017, which amends the Positive Credit Registry law, establishes as valid the recording of information needed to generate a credit score based on credit history, which is a fundamental factor in making decisions about granting credit or doing business safely. As such, the use of sensitive personal information for the purposes of granting credit is strictly forbidden, in accordance with article 3, paragraph 3, item II, of the PC law, the content of which is preserved by the bill.

It is worth remembering that, according to article 5 of the General Data Protection Law (number 13.709/2018), recently sanctioned by the President of the Republic, sensitive personal data involves information about racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, or any data relating to health or sex life, as well as genetic data.

Also according to article 3, paragraph 3, of the Positive Registry law, the content of which is preserved by PLP 441/2017, we find, in item I, a provision that expressly limits the use of information not linked to consumer credit risk analysis. In other words, this use must comply with the rule of appropriateness and necessity, with information that deviates from that used to generate the credit score being considered excessive. In Article 5, as defined by the General Data Protection Law, the rights of the registered person are listed one by one, such as having their data used only in accordance with the purpose for which it was collected and the possibility of requesting an objection to erroneous information recorded in the database. The LGPD addresses the use of personal data for credit protection in article 7, item X, referring to specific legislation.

For these reasons, it is clear that the bill to amend the Positive data is in line not only with the Consumer Defense Code but also with the General Data Protection Law, This provides a respectable legal framework for consumer protection in Brazil.

Thanks for reading! Access other content at ANBC website.

By: Elias Sfeir President of ANBC & Member of the Climate Council of the City of São Paulo & Certified Advisor