The Minas Gerais State Court of Appeals (TJMG) upheld a ruling that denied a request for moral and material damages from an account holder who was a victim of bank fraud, also highlighting aspects related to LGPD (Brazil's General Data Protection Law). The consumer voluntarily provided their facial biometrics and other personal data to a third party, who then used this information to take out loans and make bank transfers in the victim's name through the defendant financial institutions.
The decision emphasized that there was no unlawful act on the part of the banks, since all transactions were authorized through the biometrics and data of the account holder himself, who acted without coercion when providing such information to the scammer. The court found this to be an external fortuitous event, ruling out civil liability for the financial institutions, as provided in Article 14, paragraph 3, item II, of the Consumer Protection Code. In this scenario, the exclusive fault of the consumer was established, breaking the causal link necessary for the duty to compensate.
From the perspective of the LGPD, the ruling stated that there was no breach by the financial institutions in the processing of the plaintiff's personal data. No data leak, improper exposure, unauthorized sharing, or systemic security failure was identified that would compromise the obligations set forth in the LGPD. According to the court, the harmful event resulted exclusively from the consumer's own conduct, bearing no relation to any breach of the principles of purpose, necessity, transparency, or security required by data protection legislation.
This post was summarized from the original court decision using AI, with human review.
TJMG/AI No. 5017030-54.2023.8.13.0313