TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Will Brazil seize this opportune moment for data protection and privacy? Related reading: The Latest Draft of the Brazilian Law on the Protection of Personal Data: Main Innovations




As of late, it seems data protection and privacy on the internet seem to have finally conquered the agenda of key state actors, the market and society in Brazil. Such a conclusion is supported by a recent judicial decision blocking WhatsApp communications. It was for the third time in less than a year that the services were temporary blocked in the whole country because the company refused to deliver records of conversations between drug dealers. The theme is under the Brazilian Supreme Court judicial review, which has suspended the Whatsapp use as a precaution based on fundamental rights of freedom of expression and communication.

Other proof related to the constitutional moment of data protection and privacy are supported by the regulation of the Act for Civil Rights in Internet (Marco Civil da Internet); by the draft of the Data Protection Personal Act that was presented for the Congressional approval by the President; by the Open Data Public Policy and Streaming Service Policy that were set forth by the Executive Branch, and finally, by another lawsuit questioning the constitutionality of the Act for Civil Rights for the Internet was filed before the Supreme Court.

At the same time, Argentina and Chile are preparing reforms regarding their data protection acts, but first the government organized public hearings in order to receive some suggestions from society and experts. Brazil is one of the Latin American countries that does not have a data protection and privacy law. Eleven other countries already have their specific legislation (Colombia, Costa Rica, Ecuador, Nicaragua, Peru, Argentina, Chile, Mexico, Saint Lucia, Trinidad and Tobago and Uruguay). Overseas, while the European Directive and the General Data Protection Regulation came into light after so many years, the new transnational agreement to exchange data, the EU-U.S. Privacy Shield, was signed after Safe Harbor was struck down by the European Court of Justice.

Indeed, it is a decisive opportunity to foster constitutional guarantees while creating an adequate environment for technological innovation in Brazil. Many companies are anticipating the implementation of data protection compliance programs and privacy risk management in order to optimize their trade relations and competitive advantages. If Brazil's Congress passes the bill for Data Protection Draft, the aforementioned measures would also be adopted and enforceable in Brazil, which will require fast adjustment of public and private sectors to suit the user's preferences. Further, not only technology companies will likewise face challenges to shape devices and platforms for privacy by design and privacy by default standards.

The increasing interest for data protection and privacy in Brazil has a clear origin: the development of the data-driven economy and the Snowden effect. In the information society — marked by disruption, convergence, and digitization — each individual can be considered a wealth source whose data represents a valuable commodity. Mastering the art of analysis, processing and data storage may represent a competitive advantage for any company, while, at the same time, individuals must be empowered to make choices about their data.

The period when data analysis was restricted to technology companies has passed. Banks and insurance companies also have to cope with storage and data treatment, which means that they are submitted to legal obligations, such as rules for storage, Know Your Client proceedings, and the duty to report suspicious operations of corruption and money laundering. The markets for hoteling, pharmaceutical, and food sectors, for instance, have also became important data processing centers, because data handling has allowed them to better understand consumer’s preferences and profiles, strengthening the quality of services and products.

If unlawful exploitation of sensitive data, encryption and anonymity are some concerns of state actors, the government’s bulk surveillance practices are the opposite worry of civil society. The era of liquid surveillance is not only identified by the proliferation of security agencies and telephone wiretappings. It also involves expanding access and monitoring controls, closed-circuit TV in public places, digital and facial recognition. But the countermeasure efforts to state surveillance in Brazil have found limits, especially in provisions set forth in the Access to Information Act, the Civil Rights for Internet Act (Marco Civil da Internet) and the Wiretapping Act, which all have allowed a better control of the inviolability of privacy and data protection under the Constitution.

As the main controller of the databases on citizens, the government can be identified as one of the population’s greatest allies but also its the biggest enemy. A good example is the Brazilian Federal Law 12,654/12, which determines the collection of criminals’ DNA in order to maintain a public database of genetic material. The constitutionality of said law is under review by the Supreme Court.

If in the past the Brazilian Supreme Court limited its position to only protect data communication secrecy, today the court faces the challenge of readjusting to guarantee the secrecy of data itself, following what happened in Riley v. California, when the U.S. Supreme Court ruled to prevent breach of data secrecy without judicial authorization.

For this reason, the regulatory challenge in Brazil will be to strengthen data protection and privacy, while promoting a trustworthy digital governance, marked by simplicity, stability and good faith, while also fostering economic and social development. The country needs to overcome the simple model of a binary regulation "allow/deny," leaving space for technological innovation as has been observed in thus-far disruptive platforms like Uber and Airbnb.

It is essential to understand that some peculiarities of cyberspace do not mirror the physical world, requiring the improvement of regulatory frameworks for innovation. The criminalization of misconduct for those who invade a device by violating a barrier or a security system is feasible in the physical world, but not necessarily the same in cases of cloud computing.

Brazil is due for a review of its structural public policy which is attentive to international cooperation, not susceptible to the measures such as the aforementioned suspension of Whatsapp by judicial order. Only time will tell whether it will rise to the challenge. 

1 Comment

If you want to comment on this post, you need to login.

  • comment Dan Manolescu • Aug 31, 2016
    Excellent article! It is true: there should be a defined and regulated legal basis for law enforcement, investigation and criminal proceedings. Should be the exception not the norm! Congrats Thiago!