Privacy and data protection were hot topics in 2015 in Brazil – from data breaches to misuse of personal data and from bills of law to criminal investigations. Never have those topics been so discussed in the country. And the trend will probably not fade away in this year beginning anew.
In the end of 2015, Whatsapp was blocked nationwide in Brazil. The company allegedly did not comply with a request for logs and content of communications between users investigated for criminal activities. The company argued that not only it was necessary to protect the privacy of its user, but also it needed to comply with both U.S. and Brazilian privacy laws, which established the need to use international means of judicial cooperation in order to render the data. For that, the service remained stalled in the country until the blocking was lifted by a writ of mandamus filed by Whatsapp Inc. in Brazil.
This was not the first attempt to block an Internet service in Brazil. Since 2006, services like Youtube, Google, Orkut, Facebook, Secret and Uber, just to mention a few, have been targeted with similar court orders – from blocking to requesting to remove the app from smartphones and app stores – which have all been halted after they were considered disproportional.
2015 was stage to several bills of law about protection of personal data. One, in particular, fondly entitled “Spy Bill” by Internet civil society members and academics, aimed on strengthening data retention capabilities and allowing public authorities to request data without court orders. Another one was focused on providing the right to be forgotten to Brazilian citizens without establishing any criteria. In practice, if an Internet user was upset, he or she could directly request the Internet service to remove the content, without the need of judicial oversight (curiously, the rapporteur of the bill is one of the most investigated members of the Brazilian House of Representatives).
But the most discussed project is not even a bill of law, yet. The bill on the protection of personal data is still a draft, but overwhelming discussions about it were held during the first semester of the year, and a (almost) final version was released in October with several improvements, such as:
The draft was clearly influenced by the European General Data Protection. The draft will probably become a proper bill of law and then referred to either the Senate or the House of Representatives.
Also, in 2014, the Brazilian Internet Civil Right Framework came into effect, but several provisions still need to be regulated by presidential decree, including some related to data protection, such as data retention by Internet services. The Ministry of Justice, the Federal Telecommunications Agency and the Brazilian Internet Steering Committee all held multistakeholder discussions aiming on providing a proper regulation, but so far the executive branch has not issued its decree. The norm is anxiously waited for in 2016.
With new business models focusing on the Brazilian market, the regulation of new technologies is also a hot topic, and some of them do need to include discussions involving the protection of personal data. For example, the City of São Paulo is currently discussing how to regulate services like Uber and Lyft and other transportation business models. One of the provisions of the proposed regulation is to share the transportation data with the city in order to improve the use of public spaces and urban mobility. However, even with the argument that the data to be shared is anonymous, one of the things that big data has shown is that there might not be such a thing as anonymous data. Therefore, these attempts to regulate new technologies and services do have to include discussion on how to protect the privacy and personal data of their users.
Hence, 2016 will for sure be an even more interesting year for privacy and data protection. Not only in Brazil, but worldwide. Let the games begin!
Originally published at IAPP Privacy Tracker: https://iapp.org/news/a/brazil-2016-trends-for-privacy-and-data-protection/
Advogado. Professor da Universidade Presbiteriana Mackenzie. Doutorando em Engenharia da Computação pela Universidade de São Paulo. LL.M. em Direito e Tecnologia pela New York University e pela National University of Singapore. Mestre em Direito Constitucional pela Universidade Federal do Ceará.