Desculpe-nos, mas este texto está apenas disponível em Inglês Americano.

Law 12.965/2014, better known as the Brazilian Civil Rights Framework for the Internet (or simply Brazilian Internet Act) aims to establish (from a civil perspective and to supplement the criminal laws already in force) the basic principles that shall govern users’ rights, liabilities of connection suppliers and applications providers, as well as government directives concerning the use of the Internet in Brazil.

The Brazilian Internet Act is the result of an extensive consultation process entirely conducted online that allowed any interested party (including local and foreign individual users, government entities, NGOs, Internet connection suppliers and applications providers, associations, universities and law firms) to publicly discuss and offer suggestions that were taken into consideration in the draft bill submitted by the Executive to the Brazilian Congress in 2011.

Net Neutrality

Adoption of net neutrality in Brazil is in fact one of the most relevant innovative aspects brought by the Brazilian Internet Act. According to the Brazilian Internet Act, equal treatment to all data transmitted through the Internet is mandatory, and no discrimination, preference or privilege by content, origin, destination or by the type of access device or terminal or of application used shall be allowed. Net neutrality forbids connection suppliers and services providers to prevent, restrict or prioritize users’ access to specific contents, but it shall not impair connection suppliers from charging different prices depending on the speed connection. As a practical matter, net neutrality will prevent that companies enter into agreement with connection suppliers to secure priority in the transmission of its content in detriment of other content. Exceptions to the net neutrality rule are admitted under specific circumstances and subject to specific regulations yet to be enacted.

Liability of Connection Suppliers and Service Providers

The Brazilian Internet Act also regulates the civil liability of Internet connection suppliers and of Internet service providers for damages caused by content published or uploaded by their clients or users. According to the Brazilian Internet Act: (i) Internet connection suppliers shall not be held liable for content published by a third part; and (ii) Internet service providers shall only be considered responsible for damages caused by infringing content posted by third parties only if they refuse or fail to comply with a Court order determining the deletion or exclusion of a said infringing content.

The Brazilian Internet Act also establishes the requirements to be considered by the judges when issuing judicial Court order determining the exclusion or deletion of Internet content, as well as the procedures to be observed by Internet applications provider to inform the relevant party about the exclusion or deletion of any content. Exclusion of images, videos or material containing nudity scenes or sexual activities shall not require a Court order when requested by any of the individuals involved and in this case the Internet Service provider shall be held responsible for damages resulting therefrom if it fails to exclude the infringing material after receiving the relevant request.

As a practical matter, in establishing, as a general rule, the need of a Court order as a condition for the exclusion of third party infringing content, the Brazilian Internet Act protects with one hand the Internet Service Providers and with the other renders more costly and difficult the exclusion of infringing content. Besides, it establishes rules in the opposite direction of the prevailing judicial understandings that have already consolidated that Internet Service Providers shall be held liable if it fails to exclude third party infringing content after receiving a written notice from the interested party.

Copyright infringement on the Internet was not regulated by the Brazilian Internet Act and continues to be subject to specific copyright law.

Storage of Data and Right to Privacy

Among the rights and guaranties ensured to Internet users, the Brazilian Internet Act specifically extended to online or stored private communications the constitutional guarantee of privacy and confidentiality. This provision was inserted into the draft bill of the Brazilian Internet Act by direct request of the Executive, after reports that the United States National Security Agency (“NSA”) has been monitoring Brazilian government communications but, as a practical matter, does not represent any additional obligation to Internet players since privacy and non-violation of correspondence were already constitutional rights.

More important was the obligation for connection providers to store and keep confidential all connection logs for a period of 12 months and for service providers to store and keep confidential the records of applications usage for the period of 6 months. In both cases, disclosure of such information shall be obtained only with Court order. Connection suppliers are not allowed to keep or store records of applications usage and service providers may not keep records of usage of any third party application without user’s prior consent.

Protection of Personal Data

The Brazilian Internet Act expressly establishes, as a general principle and as a specific guaranty for Internet users, the protection of personal data. Moreover, it sets forth that all transactions involving the capture, storage or treatment of data that occur within the Brazilian territory or in which one of the terminals are located in the Brazilian territory will be subject to the Brazilian laws and regulations regarding privacy and personal data protection. These provisions shall apply even if the activities are performed by companies headquartered outside the Brazilian territory, provided that (i) the companies offer services to the Brazilian public; or (ii) at least one company of the same economic group is established in Brazil. In this regard it is worth mentioning that there is a bill of law regulating personal data protection proposed by the Ministry of Justice under public consultation.

Regulation of Specific Aspects

Although the Brazilian Internet Act is in force since 2014, it was regulated by Decree 8.771/2016 (“Decree”) only recently. Below a summary of the Decree:

• Net Neutrality: The Brazilian Internet Act establishes net neutrality as a basic principle and that different treatment for data packages may be allowed only in emergency situations or due to technical requirements necessary for the supply of data traffic services. The Decree clarifies the emergency situations (risk of disaster, emergency or public catastrophe or communication among emergency service providers) and which are the technical requirements (net security, congestion and quality or other issues necessary for the proper use of an Internet application). The Brazilian Telecommunication Agency (ANATEL) should oversee potential infringement to the technical requirements, observing guidelines to be established by the Brazilian Internet Steering Committee (CGI).
• User’s Registration Data: The Brazilian Internet Act allows administrative authorities to request Internet users’ registration data without determining the relevant conditions. The Decree determines that such administrative authorities should mention the legal basis and the justification to require Internet users’ registration data. Users’ registration data includes qualification data (complete name, marital status and profession/occupation), filiation and address.
• Security and Secrecy of Personal Data and Private Communication: The Brazilian Internet Act obligates the ISP to storage access and connection data, by adopting security and secrecy measures on the data storage. The Decree establishes the minimum security and secrecy measures, which are (i) strict control over data access, (ii) authentication measures to access the data, (iii) detailed information on the access to the data; and (iv) use of cryptography measures or similar protection measures. The CGI would recommend procedures for the implementation of security standards.