Understand better what monitors the applications on your device. Protect yourself!
The first fine in Brazil for violating the LGPD (the law that protects data) was applied earlier this month to the telephone company Telekall Infoservice, but this is not the only company targeted by the authorities.
WhatsApp, ByteDance (owner of TikTok) and other companies and public bodies are under investigation by the National Data Protection Authority (ANPD). The aim is to assess whether the companies are complying with the law in protecting personal information and ensuring privacy and security. Read on to find out more.
List of institutions
A list published by the ANPD in May this year mentions 16 cases and names 27 institutions. The oldest cases began in 2021 and are still ongoing. Here is the list:
Bytedance
Serpro
Ministry of Justice and Public Security
Unitfour Information Technology Ltd.
Contact Pro
Claro SA and Serasa SA
INEP
INSS and Dataprev
Government of the State of Paraná
Celepar
Algar ICT Solutions SA
São Paulo Education Media Center,
Simplify
Escola Mais, Study at Home, Explicaê, Manga High and Stoodi
Drogasil SA
Stix Fidelity and Intelligence SA
Febrafar
WhatsApp and Tik Tok
According to ANPD data, the processes do not correspond to the number of inspections carried out to date. Some are ready and others are out of bounds, which have not yet been discovered. Fabrício Lopes, the main coordinator of ANPD inspections of WhatsApp and TikTok, explained that the current disclosure process involving WhatsApp is focused on analyzing data exchanges between the platform and Facebook, another company in the same directory as the Meta group that controls the messaging application.
The expert said WhatsApp responded to the ANPD that the company uses phone numbers, nicknames and public groups for personal data. The messaging service also added that “everything in communication is encrypted.” This means you get a layer of security that encrypts your data to make unauthorized access more difficult. The ANPD must analyze the organization's response and decide whether to close the investigation into WhatsApp or the company will face criminal prosecution. There is no official deadline, but it could be up to three years.
In 2022, WhatsApp was already analyzed for compliance with the LGPD. The investigation was concluded in May without sanctions. In other words, there were no fines or other penalties. This initial process focused on the messaging app's privacy policy.
In addition, the Brazilian part of ByteDance, which is responsible for TikTok, is under scrutiny by authorities to ensure that the company processes the personal data of children and young people in accordance with the LGPD rules. This process includes activities such as collecting information, cross-referencing it with other information, and storing it securely in corporate databases. The ANPD executive explained that some parents have filed lawsuits against TikTok for using their children's data.
How is the inspection carried out?
At this stage of the inspection, the ANPD has not determined the possible fines and penalties. As happened with WhatsApp in 2022, the authorities may determine that organizations must comply with preventive or corrective measures to comply with the LGPD within a certain period of time. According to the company, another eight cases are moving towards the so-called sanctioning processes, where investigations may continue and harsher measures may be taken.
The sanctions phase can begin immediately or continue after the monitoring phase is completed. This happens, for example, when the inspection agency fails to correct errors or does not cooperate with the ANPD. The authorities have not yet provided details on these administrative processes. The coordinator emphasized that the 16 processes are based on the principle of good faith, according to which the ANPD does not consider an organization guilty until evidence on the matter is gathered.
