The General Data Protection Law (LGPD – Law No. 13.709/2018) includes, in its article 2, item VI, consumer protection as one of its fundamental principles and, in article 18, § 8, assigns to consumer protection agencies, such as PROCONs, the competence to receive complaints and reports from data subjects when, obviously, the processing occurs within the scope of consumer relations, which encompasses the majority of cases. Therefore, PROCONs are decentralized instances for the protection of personal data, especially in relation to data processing agents in the health sector such as pharmacies, medical clinics, education, financial services, and liberal professionals.

Since 2018, the LGPD (Brazilian General Data Protection Law) has recognized principles and legal bases that harmonize with consumers' rights to the protection of personal data. The leadership of the National Data Protection Authority (ANPD) is undeniable. However, the authority has a single headquarters in Brasília, DF, an extremely small staff, and therefore lacks the adequate reach to respond to complaints and grievances from personal data owners arising from violations of the regulations in a country of continental dimensions, with approximately 215 million inhabitants, distributed across more than 5500 municipalities in 26 states plus the Federal District.

Therefore, paragraph 8 of article 18 of the LGPD (Brazilian General Data Protection Law) expressly grants consumer protection agencies the authority to process the exercise of data subjects' rights, as is the case with the ANPD (National Data Protection Authority).

This decentralization of the exercise of rights, and therefore of oversight, to bodies such as the municipal PROCON (Consumer Protection Agency), makes the exercise of rights by rights holders more effective, bringing them closer to the protection system and increasing the efficiency of conflict resolution, including the signing of agreements and the application of fines.

In Porto Alegre, RS, for example, the PROCON service, linked to the Municipal Secretariat of Transparency and Control (SMTC), offers convenient, agile, practical and fast electronic service, thanks to the available structure, through its website. https://prefeitura.poa.br/procon/reclamacaoIn addition, it is also possible to use the 156 app or the “Procon and Protocol Consultation” option on the 156 WhatsApp number (51) 34330156, all channels capable of receiving complaints and reports such as lack of indication of a data protection officer (DPO), calls offering loans, requests for CPF numbers, among other inappropriate handling of personal data that may trigger inspections with the initiation of administrative proceedings and sanctions provided for in the Consumer Protection Code.

The consolidation of PROCONs (Brazilian consumer protection agencies) as channels for exercising rights provides security, encourages data subjects, and, through their proximity and the example set by inspections and enforcement, should pressure companies in sectors such as health, education, financial services, and liberal professions to structure themselves correctly in relation to the handling of personal data of patients, clients, and consumers in general.

The advancement in privacy awareness contributes to a more ethical, transparent, and responsible environment for data processing, and effectively integrates the LGPD (Brazilian General Data Protection Law) with the Consumer Protection Code, consolidating local protection mechanisms, with an emphasis on physical and institutional proximity, agility in investigative procedures, and resolution of conflicts.

Want to read more articles by this author? Learn what a fake DPO is and why you should avoid them. here.