Brazil's National Data Protection Authority (ANPD) has begun an administrative sanctioning process against telecommunications operator Claro for alleged violations of the General Data Protection Law (LGPD). Claro is accused of excessive data sharing with credit analysis company Serasa, lack of transparency with clients, and hindering access to its Data Protection Officer. If proven, Claro could face fines up to R$50 million per infraction or 2% of its revenue. Separately, Serasa is undergoing a new fiscalization process focusing on its data transparency and mechanisms for data subject rights. Both companies have 10 business days to present their defense, with failure to respond potentially leading to additional sanctions.
Action required
Claro and Serasa must prepare and submit their defenses within 10 business days of notification, addressing alleged LGPD violations related to data sharing and transparency.
Binding status
binding
Governing body
Autoridade Nacional de Proteção de Dados
Direction
restrictive
Innovation impact
constraining
Enforcement details
Case name
ANPD v. Claro and Serasa
Agency
Autoridade Nacional de Proteção de Dados (ANPD)
Penalty
R$ 50,000,000
Compliance requirements
Required disclosures
- Transparency to data subjects regarding data sharing partners and purposes (Serasa)
- Adequate privacy policy (Serasa)
Prohibited practices
- Excessive data sharing (Claro)
- Lack of transparency with data subjects (Claro)
- Difficulty in accessing the Data Protection Officer (Claro)
Transparency requirements
- Transparency with data subjects regarding data sharing
- Clear information in privacy policy about data sharing
Affected industries
Affected roles
Cross-references
Cites laws
Lei Geral de Proteção de Dados Pessoais (LGPD)
"ANPD inicia processo para sancionar Claro por irregularidades no compartilhamento de dados pessoais de clientes com a Serasa"
Enriched 2026-07-03
Stay informed
Get daily intelligence briefs on this and related regulatory developments.