Brazil Internet Decree Aimed at Clarifying 2014 Law

The Telecommunications Law Resource Center is the most comprehensive reference and news platform for communications law, covering broadcasting, cable, broadband, telephony and wireless;...

May 16 — Embattled Brazilian President Dilma Rousseff signed a decree related to Brazil's 2014 Internet framework law in one of her last acts before being suspended from office as preparation for a possible impeachment proceeding.

Rouseff's May 11 decree, which is being called the regulation of the — commonly referred to in English as the Brazilian Civil Rights Framework for the Internet — is a series of measures designed to clarify aspects of the law that have been questioned or considered undefined.

The decree is scheduled to take effect June 10, but it may be overtaken in Brazil's tumultuous political climate. Just hours after Rousseff signed the decree, the Brazilian Senate voted to remove her from office for 180 days while it conducts an impeachment investigation, which might lead to a trial. Brazil's vice president, Michel Temer, became interim president with full powers May 12. Temer is from a different political party and it is not clear whether he will accept the Internet decree in its present form or demand changes.

The decree establishes the rights and responsibilities of telecommunications service users and providers, spelling out situations in which net neutrality rules do not apply to specific telecom services, how providers can structure data packages and the legal requirements for delivering Internet-enabled applications.

Network Neutrality

The framework was signed into law in 2014

According to the decree (Number 8.771/2016), network neutrality regulations guarantee equal treatment for all data and those rules can only be violated for emergency services.

“The technical requirements mainly refer to network safety issues and exceptional situations of network jams. The decree sets forth that [Brazilian telecommunications regulator] Anatel will supervise and investigate violations of such technical requirements, and may issue regulatory parameters based upon guidelines of the Internet Steering Committee in Brazil (CGI.br),” the law firm Trench, Rossi e Watanabe Advogados said in an analysis of the decree.

The decree prohibits “certain conduct or unilateral acts or agreements between Internet connection providers and application providers that prioritize data packages as a result of commercial arrangements or that favor applications offered by Internet connection providers or affiliated companies,” the law firm said.

This provision is intended to ban the practice of mobile phone operators offering Internet packages that exempt the use of Facebook, WhatsApp or other applications from counting against usage limits, often referred to as “zero rating.”

Protection from Law Enforcement Requests

Rousseff's decree attempts to resolve the issue of whether Brazilian courts can force companies such as WhatsApp Inc. to release the contents of conversations held using their applications.

Twice in the last two months, a Brazilian judge attempted to force Facebook Inc.-owned WhatsApp to release conversations between individuals involved in a police investigation. Facebook refused and the app was shut down for 24 hours in Brazil. The new decree states “a provider that does not collect user enrollment information shall inform this fact to authorities and will be released from the obligation to provide this information.” Analysts see the clause as aimed at preventing a recurrence of the WhatsApp shutdown.

WhatsApp has stated that it does not store user data, including conversations. Analysts believe this clause would protect the app from future judicial incursions—provided it informs authorities that it does not collect the information.

At the same time, however, Article 20 of the decree states that foreign companies offering Internet services in Brazil must obey Brazilian laws which require the release of information sought by the courts.

Privacy Standards

The decree sets confidentiality standards for logs, personal data and private communications. These include “strict control over data access through the definition of responsibilities of the persons who may have access to data and exclusive access privileges to certain users, inventory of any such accesses, and the need to use techniques which ensure the inviolability of data, such as encryption or equivalent protective measures,” the Trench, Rossi e Watanabe firm said.

The decree also requires “that connection and applications providers retain the least possible amount of personal data, private communications and connection and access logs.”

According to the decree, the telecommunications regulator Anatel will be in charge of regulating and inspecting Internet service providers but consumer protection agencies will be responsible for policing economic violations of the Internet law. In addition, the Internet Steering Committee (CGI.br) may set Internet guidelines and recommend procedures, rules and technical standards.

Consumer protection groups' initial reaction the decree has been positive, but telecom operators are not pleased by the new rules. Although individual companies have declined to comment directly, saying they are still studying the decree, telecom sector association TeleSintese released a statement May 12 in which it said that the decree is overly vague and open to many interpretations.

Specifically, the association questioned the decree's holding that CGI.br will set Internet guidelines that Anatel would have to adopt.

“The telecom sector is concerned that CGI.br may decide to establish directives that affect company business models. The issue for company executives is that the government cannot pass its (Internet) responsibility to an organization that only represents itself,” TeleSintese said.

To contact the reporter on this story: Ed Taylor in Rio de Janeiro at correspondents@bna.com

To contact the editor responsible for this story: Tim McElgunn at tmcelgunn@bna.com

For More Information

The Brazilian Civil Rights Framework for the Internet is available, in Portuguese, at http://src.bna.com/e1g.

Decree Number 8.771/2016 is available, in Portuguese, at: http://src.bna.com/e1k.