The National Institute of Social Security (INSS) was penalized for illegally sharing an insured person’s data. Unanimously, the Twelfth Panel of Appeals of the Judiciary Section of São Paulo decided that the federal agency must pay a fine of R$ 2,500 to the plaintiff for moral damages.
According to the magistrates, the evidence gathered in the case file proves that there was data leakage by the INSS, contrary to the General Data Protection Law. “With regard to the public authority, the LGPD establishes that it is prohibited to transfer personal data contained in the database to which it has access to private entities (art. 26, § 1, Law 13.709/2018), without the consent of the insured ”, highlighted the rapporteur Janaína Gomes.
In June 2021, after receiving a death benefit, the author decided to sue the court after receiving daily calls, SMS and WhatsApp messages from financial institutions offering credit. When opening the process against the INSS, she requested compensation for moral damages for the data leak by the social security authority.
Image: Pedro França/Agência Senado
INSS appeals and denies failure to keep the information
The request, upheld by the 1st Court Office of the Federal Special Court of Marília/SP, made the INSS appeal the decision, arguing that there was no conduct, the accusation of failure to keep the information was dismissed, and the causal link between the alleged damage and the omissive act or resulting from some action by the municipality.
However, the illegal sharing of data was confirmed after the rapporteur analyzed the appeal. “The legislation establishes that personal data of natural persons contained in databases must be protected, being used only for legitimate, specific and informed purposes to the data subject, and it is up to the processing agents to use effective security measures capable of preventing unauthorized access by third parties,” said Gomes.
According to her, the institutions that extensively contacted the beneficiary obtained information about the pension quickly and through the transfer of data from the municipal system. “Which demonstrates a lack of control, affronting the right to privacy of its beneficiaries”, she highlighted.
From this, the causal link was evidenced. “If the leak had been carried out by another operator (for example, the bank through which the plaintiff receives his social security benefit) there would have been no real harassment of the plaintiff by several credit companies, but only by that interested third party”, added the judge. .
“This incessant disorder occurred for at least 15 days, and at a difficult time in her life, given the recent loss of her husband and the medical treatment she was undergoing”, concluded the judge, thus recognizing the moral damages. caused by the approaches suffered by the beneficiary, which exceeded normality.
By unanimous decision of the Twelfth Panel of Appeal, the INSS must pay compensation of R$ 2.5 thousand for moral damages to the plaintiff.
