|
|
The National Data Protection Authority (ANPD) published in June this year a technical note on the practices of processing personal data and sensitive personal data by pharmaceutical retailers , including representative entities, with the aim of monitoring markets, carrying out studies on current practices, encouraging good practices and identifying their adequacy to the General Personal Data Protection Law (LGPD).
The study was conducted due to the relevance gambling data south africa of the topic to society, the interest of pharmacy associations in Brazil, since the country has more than 80 thousand chains, with an annual revenue of more than 139 billion reais, complaints from several public entities, in addition to a Conduct Adjustment Term (TAC) carried out by the Public Prosecutor's Office of Minas Gerais, such as Drogaria Araújo S/A which, although the case was argued based on constitutional precepts, the Civil Rights Framework for the Internet and the Consumer Defense Code, the TAC in question is paradigmatic because it already recognizes principles of personal data protection, imposes transparency and information criteria to users, prohibits the generic use of the CPF number of holders, among other terms.
Privacy Policy Comparison
To understand the maturity of the pharmaceutical market, ANPD analyzed several privacy policies in the sector, with some important conclusions:
Although the General Data Protection Law was approved in 2018, many of the policies of Brazilian organizations were still in an embryonic stage of adaptation to a personal data protection regime. The responses of the pharmaceutical groups, verified in the ICP records, confused concepts and principles of the LGPD and it was possible to note a lack of preparation of the groups with regard to the topic of privacy and data protection;
Some websites do not even provide information about their privacy policies;
Networks that have loyalty programs sometimes do not go into detail about their methodology and under what conditions the data of holders is processed;
Some privacy policies made available require several points of improvement, as they do not provide information about which data is collected, ways in which data subjects exercise their rights, or the legal bases used;
Some privacy policies list advertising profiling and the linking of purchase history to loyalty programs as processing purposes, with the consent of the holder as the only legal basis cited;
Based on an analysis of the websites and privacy policies of pharmaceutical groups, a lack of transparency was noted regarding the data processing carried out, which harms the exercise of rights by data subjects, such as the right of access ( art. 9, LGPD ), since information must be made available in an easy and free manner on all aspects of the processing, such as the purpose, identification of processing agents and information on data sharing.
|
|
發表於 2025-3-6 18:35:34