The Minas Gerais State Court of Appeals (TJMG) upheld a decision ordering a service provider to restore a user's access to her email account after proof of fraudulent invasion. The dispute arose after the account holder fell victim to phone line cloning, which allowed unauthorized third parties to access multiple platforms, including the email linked to the defendant, causing professional harm to the user, who works as a digital influencer.
The ruling highlights that account ownership was duly proven through documentation, evidencing the connection with other profiles and services associated with the plaintiff. It was also demonstrated in the proceedings that the unauthorized use of the email by third parties resulted in financial fraud and contractual losses for the plaintiff, constituting a risk of irreparable or hard-to-repair harm.
The ruling emphasizes that, under Brazil's General Data Protection Law (LGPD), internet application providers bear strict liability for ensuring information security and must provide effective mechanisms for recovering access to digital accounts, especially when essential to the user's professional activity. The court deemed legitimate the imposition of coercive measures, such as daily fines, to ensure compliance with the decision and the restoration of access, rejecting the defendant company's claim of insufficient proof of ownership.
The appeal was denied, consolidating the understanding that the provider is liable for failures in service delivery that result in harm to the user, especially in situations where the security system itself proved insufficient to safeguard data and ensure the prompt restoration of access to the rightful owner.
This post was summarized from the original court decision using AI, with human review.
TJMG/AI n. 4946034-63.2024.8.13.0000