Brazil: Announced Procon-SP decision to forward to inspection team Ticketmaster case due to non-compliance with previous order to send information regarding data breach

On 11 June 2024, the Consumer Protection Authority of the State of São Paulo (Procon-SP) announced its decision to forward to the inspection team the case against Ticketmaster due to non-compliance with a previous order to send information regarding a data breach, in line with Consumer Defense Code. In particular, Ticketmaster failed to adequately address inquiries from Procon-SP concerning a data leak impacting millions of users. Procon-SP had initially contacted the company early in the month following reports of the incident at the end of May. Ticketmaster did not provide satisfactory evidence to demonstrate the security of Brazilian consumers' data, nor did it outline its strategies for mitigating the impact on citizens after their data had been exposed. Such strategies could include immediate anonymisation of data, deletion of essential data, and the establishment of an internal investigative process widely communicated to affected individuals. Furthermore, Ticketmaster neglected to establish a dedicated service channel for consumers to inquire about or report potential data breaches.