After broad social debate, the Act passed two years ago has finally been regulated by a Decree, which contains important safeguards.
One of the last actionsof Brazil’s President Dilma Rousseff prior to the removal of her presidential powers and duties was the publication of Decree 8771 on 11 May 2016 regulating the Civil Rights Framework for the Internet. While the text does not address major issues relating to Internet development in Brazil, such as access to the web, it does set out important safeguards for online freedom of expression.
The most important element of this Decree is the reaffirmation of net neutrality, which is addressed in Articles 3 and 4 of the Decree. Article 3 says that the equal treatment requirement (…) must safeguard the unrestricted public nature of access to the Internet (…). Article 4 says that discrimination or degradation of traffic flows are exceptional measures, insofar as they may only ensue from technical requirements that are vital to the proper provision of services and applications, or from the prioritisation of emergency services.
The Decree also set outs significant transparency measures for user data requests made by administrative authorities, without prejudice to data requests made via the Access to Information Act.
Besides stipulating the legal basis of “explicit competence” and describing the reasons for requests to access user data, the highest authority of each federal administrative public body must annually publish statistical reports of these requests on its website. Furthermore, the reports must contain the number of requests made, a list of Internet service providers and application providers from whom the data were requested, the number of accepted and declined requests or the number of users affected by the requests.
Regarding data retention, the Decree sets out obligations for the adoption of data exclusion and security standards that, for the most part, are appropriate. Among them is the definition of the responsibilities of people who will have access to stored data, the creation of authentication mechanisms to provide such access, the need for a detailed inventory of how access to data was given, and the use of encryption.
Lastly, in order to inspect and investigate violations, the Decree establishes a shared responsibility mechanism that complies with the guidelines of the Brazilian Internet Steering Committee (CGI.br). Thus, within the scope of its powers, each body will act in collaboration with other federal administrative public bodies.
The Civil Rights Framework for the Internet came into force in 2014, so it had been void of regulation for nearly two years. The delay was due to the broad public debate on the Decree text, which the Ministry of Justice and other bodies like CGI.br and the National Telecommunications Agency (Anatel) had encouraged.
Consultation on the formulation of the Decree was necessary and expedient in terms of consolidating the entire participatory methodology used throughout the process of devising the Bill. After its enactment, it was crucial for a Decree to come into force. It is a response to the civil society that took an active part in the entire process of formulating, approving and regulating the Civil Rights Framework for the Internet.
ARTICLE 19 calls upon Brazil’s Acting President Michel Temer not to revoke the Decree, and to protect the Internet rights of society as a whole.