A bill circulating in the Chamber of Deputies should limit access to and exchange of information by defaulting customers for credit protection services. The text, authored by deputy Wolney Queiroz (PDT-PE), provides for changes to the LGPD and the Positive Registration Law to specify which data can be collected by companies such as SPC and Serasa – and what information is outside the limits of these companies.
- Passwords saved on the cell phone facilitate theft via bank apps, says Febraban
- How to see accounts and debts made in your CPF and CNPJ [Registration]
Two-thirds of Brazilians are in debt (Image: Rodrigo Dia Tome/ Flickr)
PL prohibits access to defaulters' social network profile
According to PL nº 4374/2020, proposed by Queiroz, credit protection services will not be able to obtain data from the debtor's social network profile or publications. It is also out of the question to collect messages from applications such as WhatsApp or through tracking mechanisms, such as cookies or scripts.
The text that is being processed in the Chamber still makes changes to the Positive Registration Law, which allows creditors to have access to the entire database of a defaulter. Establishments, such as stores and restaurants, may still be required to transfer information from their consumers' databases; which, according to the PL, is contrary to the LGPD.
The change proposes to prohibit the use of information obtained from electronic payment made by the citizen. In addition, the law wants to prohibit access to asset data and banking transactions, such as deposits, loans and investments. This information, according to the text, could not be used to assess the consumer's credit score.
According to a lawyer and supervisor of LGPD projects Cristiano Girardello, this aspect of the PL infers the personal consent of the data subject . “The change in the Positive Registration Law is not a good one [amendment], because it is based on consumer consent. It is in the legitimate interest of some cardholders to provide evidence of transactions, such as bank statements, to improve their credit score with these credit protection services. Some companies can evaluate this metric as proof that the person does not owe anyone”, says Girardello.
Deputy Wolney Queiroz (PDT-PE) emphasizes in the text that credit protection companies in Brazil are private and carry out investigations into the financial lives of Brazilians at the request of the banking sector, their main client.
Two-thirds of Brazilians are in debt
In the midst of the COVID-19 pandemic, which led to the adoption of social isolation measures, the indebtedness of Brazilian families reached the highest level in 11 years. According to data from the National Confederation of Trade in Goods, Services and Tourism (CNC), about 66.5% of Brazilians have some type of debt.
José Roberto Tadros, president of CNC, said in a statement It is recent that the pandemic led to the adoption of financial aid policies for low-income citizens, such as emergency aid and easy credit lines. This money was used to negotiate existing debts, but it led to more expenses.
The bill infers the LGPD, according to a lawyer
If approved, PL nº 4374/2020 may make it difficult for indebted Brazilians to seek credit protection services. According to data protection lawyer Lucélia Marcondes, this task will be even more arduous in the midst of the pandemic. “It should be noted that companies will suffer a considerable impact from the lack of information if the Bill is approved, since credit protection services will only be able to provide data related to the unfulfilled contract or transaction”, says Marcondes.
But Cristiano Girardello, from Benício Advogados, argues that this impact on privacy protection companiesand credit is positive, since the only data that must be commercialized refer to tax defaults.
“Any project that tends to absolutely prohibit the use of data is in disagreement with the LGPD. The law does not bring this spirit, it deals with the governance of personal data”, says Girardello. “The cookie section hurts the LGPD. Because the law already requires companies to have transparent policies and automated ways of collecting and treating cookies – and it is the user who must choose whether or not to accept these terms”, added the lawyer.