Internet service providers, social media websites, search engines, and other online companies hosting user-generated content that do business in Brazil or collect information online from Brazilian consumers should be aware of the “Marco Civil da Internet,” or Brazilian Internet Law, that takes effect 23 June 2014. As detailed in an alert published by attorneys from the Hogan Lovells Washington, D.C., São Paulo, and Rio de Janeiro offices, While Brazil still does not have a comprehensive privacy law, the Brazilian Internet Law contains privacy requirements that broadly restrict these companies from the sharing of users’ personal information, their communications, and certain online logging data. Covered companies will, however, be required to retain Web logs for a period of time and protect the user-related information they hold.
The Brazilian Internet Law also incorporates an approach to liability for Internet companies hosting third-party user-generated content that is analogous to section 230 of the Communications Decency Act in the United States ). Specifically, under the Brazilian Internet Law, an Internet company will not be liable for user-generated content posted on its service unless it ignores a judicial order to remove content.
Notably, the Brazilian Internet Law does not include the original proposal (driven by political pressures in the wake of the Edward Snowden disclosures) of a mandatory Brazilian cloud for storage of Brazilian users’ data. However, the new law does embrace a broad concept of Brazilian government jurisdiction over online companies that collect or use Brazilian users’ data, even for companies located outside of Brazil.
Finally, the new law more broadly impacts Internet policy in Brazil, embracing net neutrality and increased Internet access for Brazilians.