The Brazilian body of consumer protection in São Paulo (Procon/SP) has imposed a R$9,9 million fine to Google and a R$7,7 million fine to Apple, for allegedly violating consumers’ data protection rights with regards to FaceApp, which was made available to consumers through the companies’ online stores. Procon’s decision should be interpreted not only as a warning to publishers and to all companies which provide third-parties’ applications for download in Brazil, but it should also be seen as an indication of the new approach Brazilian entities are taking regarding data protection in the territory.
Since FaceApp is made available for download through Google Play Store and App Store, Google and Apple are considered providers in light of CDC’s provisions. Hence, they are jointly liable for the lack of adequate and clear information on FaceApp’s personal data processing operations.
We highlight that the fines were imposed considering only CDC’s provisions and without regards to any concrete provision of the General Data protection Law (LGPD), which will only come into force next August. Both companies can still appeal to the Courts to overturn the sanctions.