By: Leonardo Neri
Recently, the Superintendence for Consumer Guidance and Defense of Mato Grosso do Sul (MS) fined large national companies for failing to comply with the legal requirements demanded by the LGPD, namely: Leroy Merlin; Privália; James and Centaur.
During monitoring carried out by the regulatory body, irregularities were found in the privacy policies of the website. Leroy Merlin, which explicitly disregarded article 6 of the LGPD, claiming that it would collect electronic registration data, which would directly violate the principles of the legislation.
Furthermore, there was an understanding that abusive data processing had occurred, especially in the collection of biometric information, given that there would be more effective possibilities for repressing scams.
However, the group's use of cookies was understood as ineffective and ambiguous, causing confusion for consumer discernment.
The Company Privália was sanctioned due to non-compliance with article 11 of the LGPD, since the communication and sharing of sensitive personal data would have been carried out with exclusive economic interest, in addition to the lack of clarity about the real purpose of using consumer data, disregarding the principle of purpose.
The application James, would have presented similar irregularities to those mentioned above.
Finally, the Centaur was recently fined for lack of transparency in sharing data with the company's partner groups, resulting in risks to consumers affected by this marketing chain.