TJ-SP reforms sentence and exempts construction company for data leakage

If there is no reliable proof that the supplier of the product passed the consumer’s data to third parties without their authorization, there is no causal link that justifies the acceptance of the indemnity claim.

reproductionTJ-SP reforms sentence and exempts construction company for client data leakage

With this understanding, the 3rd Private Law Chamber of the Court of Justice of São Paulo overturned a first-degree sentence and exempted Cyrela from paying R$ 10 thousand to a client who had personal information sent to other companies.

The author bought an apartment from Cyrela in November 2018. In the same year, he began to be contacted by financial institutions and decoration companies, who mentioned his recent acquisition with the construction company. He filed a lawsuit against the company alleging leaks of personal data.

The first degree judge considered thatSharing customer data with companies outside the contractual relationship violates provisions of the LGPD, in addition to rights provided for by the Constitution itself, such as honor, privacy, informative self-determination and the inviolability of intimacy, generating the duty to indemnify.

However, the TJ-SP had a different understanding and granted Cyrela’s appeal. The rapporteur, Judge Maria do Carmo Honório, agreed with the construction company’s defense argument that the LGPD should not be applied to the case, since the rule was not in force at the time of the purchase of the apartment by the plaintiff.

“The contract was signed on 11/10/2018 and that the shortest period for entry into force of said Law (12/28/2018) referred only to the creation of the National Data Protection Authority (ANPD) and the composition of the National Council for the Protection of Personal Data and Privacy. In addition, the full validity of the Special Law only took place on 8/14/2020”, he said.

According to the magistrate, the general rule is the non-retroactivity of the rule. For her, there is also no unequivocal proof that it was Cyrela who forwarded the author’s personal data to service providers who contacted him by email and WhatsApp.

In addition, Honório said that references to the name of Cyrela’s enterprise, by themselves, are not enough to prove authorship of the information leak: “In this context, the evidence is not secure in the sense that it was Cyrela who passed on her given to third parties, in such a way that it is not possible to verify the causal link to justify the conviction of the defendant as claimed in the initial petition”.

In the view of the judge, there is no evidence of any fact from which the effective off-balance sheet damage to the client can be inferred, much less for the illegal conduct of the construction company, and, without the demonstration of this, there is no basis for imposing the obligation to indemnify.

“The alleged calls, messages and e-mails received by the author, even if repeatedly and despite causing annoyance, do not, by themselves, characterize a violation of intimacy. In fact, in the circumstances presented, they did not go beyond the sphere of mere annoyance,” added the rapporteur.

According to Honório, the hypothesis of the case records requires proof of the damage suffered by the plaintiff. She also said that the simple forwarding of generic messages by email or WhatsApp is not a conduct capable of causing moral damage, as it does not interfere with the consumer’s “psychological balance”.

“The consumer, in this case, regardless of the authorship of the messages, has not suffered any exceptional burden, other than the one that every human being has to learn to bear for living in a technological, frenetic and massified society, otherwise the social coexistence will become unbearable” , finished.

Other side
Consumer protection, sponsored by the lawyer Mario Filipe Cavalcanti, informed the Conjure which will appeal the decision until next week. For him, the court ended up contradicting itself and omitting itself when recognizing the consumption relationship and not applying the inversion of the burden of proof and strict liability.

“Unfortunately, the court required the consumer to prove by A + B Cyrela’s breach of their data, when it is obvious that the low-income party (which is the consumer) has no means of building such evidence, and the consumer has shown numerous signs of that in all contacts, third parties mentioned Cyrela’s enterprise, assuming the purchase made by it for granted,” said the lawyer.

For Cavalcanti, the TJ-SP decision also sets a “dangerous precedent” by creating a kind of obstacle to the reversal of the burden of proof: “By applying the consumer’s right, it is deciding in favor of the entrepreneur who violates data, but hides in the difficulties of the consumer to prove what happened”.

Click here to read the judgement