Brazilian President approves the Internet Law Framework
Dear friends and colleagues,
On April 23, 2014, the Brazilian President approved the Bill of Law No. 21/2014, which establishes the principles, guarantees, rights, and duties for the use of the Internet in Brazil.
The so-called “Internet Law Framework” sets forth a number of guidelines and rules to be observed in the use of the Internet in Brazil, among which is the protection of privacy, the protection of personal data, and the preservation and guarantee of net neutrality. It also provides for several rights to Internet users.
The Internet Law Framework was published today, April 24, 2014, in the Official Gazette and shall enter into force 60 (sixty) days from the date of its publication.
Please find below a summary of the main issues related to the approved Law, that require special attention from companies that somehow operate on the Internet, either as telecommunication providers, Internet connection providers, or application/content providers.
***
1 – The Internet Law Framework addressees
The addressees to the obligations provided for in the Internet Law Framework are:
The Internet Law Framework aims at covering a gap in Brazilian legislation on the subject.
Under the approved Law, any operation of gathering, use, storage, or treatment of personal data that takes place on the Internet shall be subject to express consent from the user. The information gathered shall only be used for the purposes that justify its gathering, which shall be specified in the Internet service agreement or in the Internet application terms of service.
Both Brazilian legislation and jurisdiction are deemed applicable to operations of gathering, storage, custody, and treatment of logs and personal data on the Internet, even for operations performed by companies based abroad, as long as they offer their services to Brazilian users.
3 – The obligation of storing connection and Internet application access logs
According to the Internet Law Framework, Internet connection providers are obliged to store, for a period of 01 (one) year, logs referring to the date and time of beginning and ending of Internet connections, the navigation duration, and the IP number used by a terminal for sending and receiving data packages.
Furthermore, Internet applications providers are required to store, for a period of 06 (six) months, information referring to the date and time of use of a specific Internet application given a certain IP address.
Such obligation must be complied with by any Internet applications provider that is organized as a legal entity and that performs its activities in an organized and professional way, and with economic purposes, even if such provider is based abroad, as long as it offers its services in Brazil.
The disclosure of connection and Internet application access logs shall only occur upon specific judicial order.
4 – Net neutrality
The new Law provides for all telecommunication operators responsible for the transmission, switching, or routing of data packages a general obligation of equal treatment, without any distinction based on content, origin, or destination, service, terminal, or application.
It also forbids telecommunication operators from blocking, monitoring, filtering, or analyzing the data packages’ content.
There are some exceptions to those obligations, particularly those related to (i) technical requirements deemed necessary for the adequate provision of services and applications, and (ii) prioritization of emergency services. In such cases, the operator must act with proportionality, transparency and isonomy, refraining from causing damages to users.
According to the Internet Law Framework, net neutrality shall be regulated by a Presidential Decree, which shall only be enacted after both the Brazilian Internet Steering Committee (Comitê Gestor da Internet) and the Brazilian National Telecommunications Authority (ANATEL) have expressed their opinion.
5 – The liability of content providers for content from third parties
The Internet Law Framework confirms the rule under which Internet connection providers cannot be held liable for damages caused by content generated by third parties.
Regarding Internet applications providers, the liability for content generated by third parties shall only prevail in cases of noncompliance with a specific judicial order to turn the reputed infringing content unavailable.
For cases involving sexual content material or nudity, it shall be applied the “notice and take down” rule. Internet applications providers shall only be held liable if they do not make such content unavailable, in a diligent way, after receiving a notification from the concerned person or his legal representative.
***
The Regulation and Competition Practice Group from Mundie e Advogados remains at your disposal for further clarification.
Yours sincerely,
Mundie e Advogados
Partners:
Ana Claudia Beppu (acb@mundie.com.br)
Elinor Cotait (ecc@mundie.com.br)
Guilherme Ribas (gfr@mundie.com.br)
Kevin L. Mundie (klm@mundie.com.br)
E-mail: central@mundie.com.br
Tel: 55 (11) 3040 2919
Fax: 55 (11) 3040 2940
Av. Pres. Juscelino Kubitschek, 50 - 18.º andar
04543-000 São Paulo, SP, Brasil
www.mundie.com.br
On April 23, 2014, the Brazilian President approved the Bill of Law No. 21/2014, which establishes the principles, guarantees, rights, and duties for the use of the Internet in Brazil.
The so-called “Internet Law Framework” sets forth a number of guidelines and rules to be observed in the use of the Internet in Brazil, among which is the protection of privacy, the protection of personal data, and the preservation and guarantee of net neutrality. It also provides for several rights to Internet users.
The Internet Law Framework was published today, April 24, 2014, in the Official Gazette and shall enter into force 60 (sixty) days from the date of its publication.
Please find below a summary of the main issues related to the approved Law, that require special attention from companies that somehow operate on the Internet, either as telecommunication providers, Internet connection providers, or application/content providers.
***
1 – The Internet Law Framework addressees
The addressees to the obligations provided for in the Internet Law Framework are:
- Internet connection providers, meaning those who are responsible for authentication of terminals for sending and receiving data packages through the Internet, by means of attribution of an IP number.
- Telecommunication services providers, meaning those who are responsible for the transmission, switching, or routing of data packages.
- Internet applications providers, meaning those that provide functionalities that can be accessed by a terminal connected to the Internet.
- Public authorities.
The Internet Law Framework aims at covering a gap in Brazilian legislation on the subject.
Under the approved Law, any operation of gathering, use, storage, or treatment of personal data that takes place on the Internet shall be subject to express consent from the user. The information gathered shall only be used for the purposes that justify its gathering, which shall be specified in the Internet service agreement or in the Internet application terms of service.
Both Brazilian legislation and jurisdiction are deemed applicable to operations of gathering, storage, custody, and treatment of logs and personal data on the Internet, even for operations performed by companies based abroad, as long as they offer their services to Brazilian users.
3 – The obligation of storing connection and Internet application access logs
According to the Internet Law Framework, Internet connection providers are obliged to store, for a period of 01 (one) year, logs referring to the date and time of beginning and ending of Internet connections, the navigation duration, and the IP number used by a terminal for sending and receiving data packages.
Furthermore, Internet applications providers are required to store, for a period of 06 (six) months, information referring to the date and time of use of a specific Internet application given a certain IP address.
Such obligation must be complied with by any Internet applications provider that is organized as a legal entity and that performs its activities in an organized and professional way, and with economic purposes, even if such provider is based abroad, as long as it offers its services in Brazil.
The disclosure of connection and Internet application access logs shall only occur upon specific judicial order.
4 – Net neutrality
The new Law provides for all telecommunication operators responsible for the transmission, switching, or routing of data packages a general obligation of equal treatment, without any distinction based on content, origin, or destination, service, terminal, or application.
It also forbids telecommunication operators from blocking, monitoring, filtering, or analyzing the data packages’ content.
There are some exceptions to those obligations, particularly those related to (i) technical requirements deemed necessary for the adequate provision of services and applications, and (ii) prioritization of emergency services. In such cases, the operator must act with proportionality, transparency and isonomy, refraining from causing damages to users.
According to the Internet Law Framework, net neutrality shall be regulated by a Presidential Decree, which shall only be enacted after both the Brazilian Internet Steering Committee (Comitê Gestor da Internet) and the Brazilian National Telecommunications Authority (ANATEL) have expressed their opinion.
5 – The liability of content providers for content from third parties
The Internet Law Framework confirms the rule under which Internet connection providers cannot be held liable for damages caused by content generated by third parties.
Regarding Internet applications providers, the liability for content generated by third parties shall only prevail in cases of noncompliance with a specific judicial order to turn the reputed infringing content unavailable.
For cases involving sexual content material or nudity, it shall be applied the “notice and take down” rule. Internet applications providers shall only be held liable if they do not make such content unavailable, in a diligent way, after receiving a notification from the concerned person or his legal representative.
***
The Regulation and Competition Practice Group from Mundie e Advogados remains at your disposal for further clarification.
Yours sincerely,
Mundie e Advogados
Partners:
Ana Claudia Beppu (acb@mundie.com.br)
Elinor Cotait (ecc@mundie.com.br)
Guilherme Ribas (gfr@mundie.com.br)
Kevin L. Mundie (klm@mundie.com.br)
E-mail: central@mundie.com.br
Tel: 55 (11) 3040 2919
Fax: 55 (11) 3040 2940
Av. Pres. Juscelino Kubitschek, 50 - 18.º andar
04543-000 São Paulo, SP, Brasil
www.mundie.com.br
