that's what should be illegal: to give discounts based on whether you disclose your PII or not. that's because they were already investigated once on allegations that they would sell this data to insurance, but that's hard to prove. if the discount was straight up illegal, prosecutors would have a much easier case
in the Brazilians drugstores case, it's absurd, it's like, a $400 drug sold for $300 (mumbers in local currency) if you agree to disclose the equivalent of your SSN. how can your data be worth so much?
truth is that they don't expect so sell a single unit for $400 - the price difference in this case is enough for, in practice, providing your PII is mandatory
> that's what should be illegal: to give discounts based on whether you disclose your PII or not
That would definitely help, but I think it wouldn't be enough. Drugstores would promptly come up with some app-related trick, like "just scan this QR-code to redeem your discount", and personal info would be acquired indirectly.
Legislators started to elaborate a bill recently, addressing the case of drugstores in particular, but I suspect they will end up delivering something full of breaches, just like they did in the State of Sao Paulo.
Moreover, drugstores are on the spot currently, but there are plenty of companies doing exactly the same nowadays.
> in the Brazilians drugstores case, it's absurd, it's like, a $400 drug sold for $300
Indeed. And I've seen even more scandalous differences already. Psychiatric drugs are the champions, in my experience.
UK supermarkets (and I assume many more around the world) have done this "discount" for PI trick for decades.
It used to be that you'd get a 1% cashback (in vouchers), but they realised people weren't bothering when just spending a few quid, so they hiked the prices from £3 to £4.50 then offered a 50p discount for your PI.
> that's what should be illegal: to give discounts based on whether you disclose your PII or not
That would definitely help, but I think it wouldn't be enough. Drugstores would promptly come up with some app-related trick, like "just scan this QR-code to redeem your discount", and personal-info would be acquired indirectly.
They started to elaborate a bill recently, addressing the case of drugstores in particular, but I suspect they will eventually deliver something full of breaches, just like they did in the State of Sao Paulo.
Moreover, drugstores are on the spot currently, but there are plenty of companies doing exact the same nowadays.
The EU/GDPR solution to that is definition of "freely given consent" where such discount treatment means that the "consent" doesn't count as a valid reason to permit processing data, as it was not freely given; and also by the requirement to be able to withdraw consent as easy it was to give it, at any time, and without adverse consequence, for example, one minute after receiving that discount.
Brazilian LGPD also mandates companies to provide channels for users to request their data to be deleted. Theoretically, one can ask their data to be deleted right after they received a discount. But I dont't know. I guess they would do everything they are entitled to in the interim, and by the time your data removal request is fulfilled, the damage is already done.
in the Brazilians drugstores case, it's absurd, it's like, a $400 drug sold for $300 (mumbers in local currency) if you agree to disclose the equivalent of your SSN. how can your data be worth so much?
truth is that they don't expect so sell a single unit for $400 - the price difference in this case is enough for, in practice, providing your PII is mandatory