Building Trust 3 February 2015

The Brazilian Experience of Public Consultation for the “Marco Civil Da Internet” and The Data Protection Law

Raquel Gatto
By Raquel GattoFormer Senior Manager, Policy

In 2014, we saw Brazil take a strong leadership role in the global community on Internet issues and we expect 2015 to be no different. As Brazil looks to implement a framework of principles and rights for Internet use, its open participatory process is giving its citizens the opportunity to help shape the future of the Internet in Brazil.

Context

Brazil has been referenced for a long-time as an example of the multistakeholder approach to Internet governance, with the establishment of the CGI.br – the Brazilian Internet Steering Committee started in 1995. It has also played an important role in advocating for the model of a bottom-up, transparent and multistakeholder approach in the World Summit on the Information Society tracks and the Internet Governance Forum.

Fueled by the Edward Snowden revelations back in mid-2013, Brazil has undertaken several efforts to reinforce clear framework on the Internet space.

At the international level, President Dilma Roussef called for principles for the use of the Internet

(UN GA 68th Speech) and strengthened rights to privacy and data protection online (UN GA 69th A/RES/69/166) . Early in 2014, Brazil also hosted a Global Multistakeholder Meeting called NETmundial, which resulted in the São Paulo Declaration on principles and roadmap for the Internet Governance.

On the national level, Brazil focused on protecting Internet user’s rights by adopting the Brazilian Civil Rights Framework for the Internet, known as Marco Civil da Internet, that sets principles, rights and responsibilities for Internet use in Brazil. A roughly translated version of Marco Civil da Internet can be found here.

In 2015, the policy process in Brazil will focus on implementing the Marco Civil framework. Fortunately, the government will endeavor to maintain the same bottom-up and multistakeholder approach in implementation that went into construction of the original law, by opening it up to public consultation. In parallel, the government will also move forward on new legislation regarding data protection.

Last week, the government of Brazil launched two tracks for open public consultations on the implementation of the Marco Civil da Internet, and the new draft Data Protection Law.

“Marco Civil da Internet”

Sanctioned 23 April 2014, under Law no. 12,965, the “Marco Civil” has been a result of a long process that began with a set of principles for the use of Internet from CGI.br

issued in 2009. These principles were the basis for two rounds of public consultation, in an open and participatory manner, to finalize a common text submitted for the National Congress in 2011.

To keep up the good pace that led to this legislation, the next steps towards the implementation of the Law maintain the multistakeholder approach and collaborative processes, taken by flexible mechanisms to accommodate the dynamic evolution of the Internet.

The consultative process for the implementation of the Marco Civil da Internet is open into 4 main axes: Net Neutrality, Privacy, Data Log Records and Other Topics.

Net Neutrality

The principle of Net Neutrality, for instance, has been safeguarded under article 9 as The agent in charge of transmission, switching and routing is obliged to treat any data packets with isonomy, regardless of content, origin and destination, service, terminal or application.

However the same article has the exceptional provisions for discrimination or degradation of traffic due to technical requirements and emergency services prioritization. This part is subject to consultation to determine which are the exceptions and under which conditions.

Privacy and Data Retention

Privacy, Private Life, Freedom of Expression, and Honor are among the rights already safeguarded in Marco Civil. Moreover, major provisions on privacy and personal data issues will be tackled by the subsequent track on Data Protection Law. Now, the focus is on how to turn those principles into implementable rules.

Below are the pieces of Marco Civil that are up for discussion as part of the Data Retention consultation:

Article 10: the security and confidentiality standards that the provider needs to follow in acting for the record retention of Internet Connection and Access to Application logs.

Article 13: consolidated rules and liabilities for the Autonomous System Administrator to retain the connection records under strict confidentiality, in a controlled and safe environment for 1 year. The law has already foreseen some situations, e.g., precautionary connection logs required by law enforcement agencies.

Article 15: consolidate rules and liabilities for the Internet Application providers to retain access to application records under strict confidentiality, in safe and controlled environment, for at least 6 months.

Draft Data Protection Law

The second track under public consultation is the Data Protection law, which has a similar consultative process that brought about Marco Civil da Internet in 2014.

Now that Marco Civil da Internet has entered into force, the data protection piece (which has been largely stalled since 2011) is ready to go for a second round on the consultative process.

The current consultation has 52 articles, divided into 13 main axes: scope and reach; personal, anonymous or sensitive data; principles; consent; end of processing; data owner rights; communication, interconnection and sharing of data; international data transfer; parties liabilities; secrecy and security of personal data; best practices; safeguard of rights; and temporary provisions.

The current text has a strong influence from the EU regulation, mainly the Convention 108, on the definition, consent ruling, international data transfer and oversight, following the pattern adopted by many countries in South America. However, it also brings pieces of the US model, for example, adopting the market balance on the best practices, self-regulation. A roughly translated version Draft Data Protection Law here.

International Focus in 2015

We fully expect that Brazil will continue its international leadership on Internet issues through its ongoing involvement in the NETmundial Initiative, activities in the UN regarding online privacy, preparations for the follow-up to the UN World Summit on the Information Society, and with its hosting of the Global Internet Governance Forum in João Pessoa, northeast of Brazil.

Conclusion

It is critical that the Brazilian Internet community works together to ensure that this ground-breaking legislation is well-implemented and continues to evolve in a way that supports the global, open Internet; that protections of human rights remain strong; and that the Internet environment in Brazil is open for innovation, creativity, competition and free expression. Fortunately, the process of implementation is open for participation – it is up to Brazilians to seize the opportunity to shape the future of the Internet in our country.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...