The Brazilian Law on Internet Applications, Cookies and Robots

The Brazilian regulatory framework for the Internet was established by Law No. 12.965 of April 23, 2014 ("the Internet Law"). Its enactment was not without drama: the Brazilian Congress was prompted to enact the law due to considerable indignation over the alleged violation of the secrecy of communication of members of the Brazilian Executive via United States World-Wide-Web connection providers.

The pathos to the creation of the law is reflected in its text, with its lengthy declarations of principles and rights as well as repetitiveness and lack of clarity.

The law imposes secrecy on Internet data and communication, as well as non discrimination in the provision of the services and indemnity for privacy violation-related damages.

The parties on which such obligations are imposed are Internet connection and Internet application providers. Whereas the former are reasonably well defined under the Internet Law, the law broadly considers Internet applications to be "any functionality that may be accessed through an Internet connected terminal" (Article 5, Section VII). A terminal is defined as any computer or electronic device (including a tablet or cell phone) that is connected to the Internet (Article 5, Section II).

Internet application providers are obliged to ensure data secrecy and obtain data owner consent for data storage, use and communication to third parties (Article 7, Sections VII, VIII and IX). Protected data includes information on access to other sites (Article 16, Section I), which must be kept for at least 6 months in a "safe environment" (Article 15).

The elusive concept of Internet application includes Internet sites that are functionalities accessed through terminals. It also includes communication/convenience interactive services (e.g., taxi services, parking, street finding and similar needs).

A question to be analyzed is whether the definition of Internet application would include robot programs and cookies that are installed in terminals to obtain information on user Internet access preferences.

Installation of such programs without the user’s knowledge or consent is unlawful, since they violate privacy protection provisions of the Brazilian Constitution (Article 5, Section X) and the Brazilian Civil Code (Article 21).

The situation is different regarding cookies and robots that are installed by the Internet user itself, or with his/her consent, to enable its consumer preferences to be known by suppliers, research institutes and others. These functionalities are accessed when the Internet user is connected to a terminal and thus they must be considered internet application within the Law.

Lastly, the Internet Law does not apply to databanks that are not open to the supplier of the information but are managed internally by the entity receiving the information. This is also the case if the information is supplied by regular e-mail or other means (text messaging, telephone, etc.) to the databank manager, who inputs the information into the databank itself. In fact, according to the law, the databank is not a functionality that can be accessed by the Internet user.

PDF File

L&S Authors

Eduardo Salomão Neto

Eduardo Salomão Neto

Partner

Other issues

Restrictive policy regarding rankings

We do not participate in or supply information to rankings of law firms requiring disclosure of confidential client data. We also do not pay for editorial or marketing space. This may lead to omission or distortion of information regarding our activities in such publications. Visiting our website is the best means of obtaining information on our practice.
developed by asteria.com.br designed by pregodesign.com.br
^