A simple phone number sharing between clients in a gym has become a national alert about data privacy. The publication made by a woman went viral in X (former Twitter) after she reported that her number was delivered by the reception of the establishment to another frequented, without her consent.
In addition to being illegal, the problem goes far beyond an embarrassing situation. All of this emphasizes what the numbers already show: according to a survey released by NORDVPN, Brazil occupies the first position among countries with the highest volume of hollow internet data In the world. The report also shows that of the 94 billion cookies exposed in dark web7 billion are from Brazilian users.
According to Mário Henrique Martins, a lawyer specializing in diffuse and collective rights at Martins Cardozo Advogados, the practice represents a clear violation of the General Data Protection Law (LGPD) and the Consumer Protection Code (CDC). Penalties may vary from warnings to millionaire fines and, in more severe cases, the suspension of activities.
“The telephone number is classified as personal data, as it allows to identify a person. By LGPD, this type of data can only be shared with clear, specific and informed consent. By delivering this data to another client, the academy has violated both LGPD and the Consumer Protection Code, which recognizes privacy as a basic right,” he explains.
Penalties range from fines to suspension of activities
The administrative sanctions provided for in LGPD They are severe and may include: fines of up to 2% of the company’s revenues, limited to R $ 50 million per infraction; Warnings and requirement of corrective measures; block or elimination of irregularly collected personal data; and partial or total suspension of activities involving data processing.
In addition, the affected consumer can go to court with actions for moral and material damages. “When we talk about personal data, it doesn’t matter if it’s a startupa neighborhood gym or a big tech. The legislation is clear: the data belongs to the holder, not to the company. Use without consent can generate not only administrative sanctions, but also civil and even criminal repercussions ”, reinforces Mário Henrique Martins.
Data governance is a matter of reputation
In addition to legal aspects, the viral crisis shows how negligent practices with personal data can lead to irreversible damage to the image of companies of any size. “Digital trust has become a valuable asset. All innovation needs to be born responsibly. Data governance is not just a legal obligation – it is a competitive advantage. When a company fails this, the impact is not limited to fines: it is loss of reputation, customers and market value,” says Eduardo Freire, CEO of FWK Innovation design and innovation strategist.
The professional also warns that the biggest risk today is not technological, but cultural. “Many companies still operate as if data protection were just a problem of IT or legal, when, in fact, it is a matter of organizational culture. If the receptionist delivers a client’s phone, it reveals that the company could not internalize the principles of privacy“He says.
Privacy by design It must be a rule
The concept of privacy by designwhich provides for the inclusion of data protection from the conception of processes, products or services, should be standard. “Companies that do not internalize this take operational, legal and reputational risks. And who thinks this is just for big techsis mistaken. The LGPD applies to any company, of any size, from any segment, ”adds Eduardo Freire.
By Maria Fernanda Benedet