A bill circulating in the Chamber of Deputies must limit access to and exchange of information by defaulting customers for credit protection services. The text, authored by Deputy Wolney Queiroz (PDT-PE), provides for changes in the LGPD and in the Positive Registration Law to specify which data can be collected by companies like SPC and Serasa – and which information is outside the limits of these companies.
PL prohibits access to social media profile of defaulters
According to PL nº 4374/2020, proposed by Queiroz, the credit protection services will not be able to obtain data from the debtor’s social network profile or publications. Collecting messages from applications such as WhatsApp or through tracking mechanisms such as cookies or scripts is also out of the question.
The text that is being processed in the Chamber still makes changes to the Positive Registration Law, which allows creditors to have access to the entire database of a defaulter. Establishments, such as stores and restaurants, may also be required to transfer information from their consumers’ databases; which, according to the PL, goes against the LGPD.
The change proposes to prohibit the use of information obtained from the electronic payment made by the citizen. In addition, the law wants to prohibit access to equity data and bank transactions, such as deposits, loans and investments. This information, according to the text, could not be used to assess the consumer’s credit score.
According to Cristiano Girardello, lawyer and LGPD project supervisor, this aspect of the PL infers from the personal consent of the data subject. “The change in the Positive Registration Law is not a good [alteração], because it is based on consumer consent. It is in the legitimate interest of some cardholders to provide proof of transactions, such as bank statements, to boost their credit score with these credit protection services. Some companies may assess this metric as proof that the person owes no one,” says Girardello.
Deputy Wolney Queiroz (PDT-PE) emphasizes in the text that credit protection companies in Brazil are private and carry out investigations into the financial lives of Brazilians at the request of the banking sector, their main client.
Two thirds of Brazilians are in debt
Amid the COVID-19 pandemic, which led to the adoption of social isolation measures, the indebtedness of Brazilian families reached the highest level in 11 years. According to data from the National Confederation of Commerce of Goods, Services and Tourism (CNC), around 66.5% of Brazilians have some type of debt.
José Roberto Tadros, president of CNC, said in a recent statement that the pandemic has led to the adoption of bailout policies for low-income citizens, such as emergency aid and easy credit lines. This money was used to negotiate existing debts, but it led to the contraction of more expenses.
Bill infers on LGPD, second lawyer
If approved, PL nº 4374/2020 may make it difficult to seek credit protection services for indebted Brazilians. According to data protection lawyer Lucélia Marcondes, this task will be even more difficult in the middle of the pandemic. “It should be noted that companies will suffer considerable impact from the lack of information if the Bill is approved, since credit protection services will only be able to provide data related to the contract or transaction that has not been fulfilled”, says Marcondes.
But Cristiano Girardello argues that this impact on credit protection companies is positive, since the only data that should be traded are related to tax defaults.
“Any project that tends to absolutely prohibit the use of data is at odds with the LGPD. The law does not bring this spirit, it deals with the governance of personal data”, says Girardello. “The item on cookies hurts the LGPD. Because the law already requires companies to have transparency of policies and automated forms of collection and handling of cookies – and it is the user who must choose or not to accept these terms”, added the lawyer.