Transborder data flows and Bill n. 5,276/2016: some remarks for the Brazilian legislative process
31 de May de 2017
This is one of several research products developed by our team on our Project on Internet & Jurisdiction. This policy paper is designed to submit the scientific contribution of the Institute for Research on Internet and Society – IRIS to a broader public discussion concerning the current text of Bill No. 5,2761, which deals with data protection in Brazil. This research has been undertaken in collaboration with the International Study Group on Internet, Innovation and Intellectual Property – GNet, from Federal University of Minas Gerais (UFMG), under the coordination of Prof. Fabrício Bertini Pasquot Polido.
Under Brazilian law, “protection of personal data” is conceived as one of the underlying principles of Internet governance at domestic level, being ensured by Law n. 12.964 – the Brazilian Civil Rights Framework for the Internet (“Marco Civil da Internet”). Recognized as a pioneer legislation worldwide and an example of the multistakeholder approach typical of the internet governance related processes, Marco Civil establishes, in its Article 3.III, a specific regulatory provision for the further enactment of a statutory law dealing with data protection.
Bill n. 5,276 was sent to Congress by the President’s Office, in May 13, 2016. It seeks to target some important normative clusters such as internet users’ rights and distinct aspects of data treatment, collection, processing and storing.
This preliminary study, however, will focus on the analysis of specific material and procedural issues touching Chapter V of the Bill, namely the international data flows and related international transactions. The main goal of this policy paper is to collaborate, both from scientific and technical standpoints, to the current law-making process involving the Bill on Data Protection and its interfaces with extraterritorial application of Brazilian law, particularly how the provisions under discussion at the National Congress should affect the existing data protection legal regime(s).
This paper, conceived in an independent and nonpartisan fashion, aims to clarify, for the general public and congress representatives, some of the legal and political matters emerging from from the cross-border transactions involving internet users and the management of their personal data at global level.
It appears to the authors of this paper that the current moment is an excellent occasion for the congresswoman and congressman to think about the various interests at stake: on the one hand, companies and governments in increasingly collecting and treating data; on the other hand, individuals, internet users and interested parties in the protection of personal data that circles among various territories, way beyond Brazilian borders.
Some questions are inevitably in place: i) To what extent the proposed regulation for international data transfer, from the Brazilian legal system standpoint, is compatible with the norms and safeguarding already established by Brazil’s Internet Bill of Rights regarding users’ rights and civil liberties? ii) What are the technical, material and procedural limits imposed to the Legislative Branch – according to the law-making powers assured by the Brazilian Constitution, by Brazilian law and applicable international instruments to the regulation of this subject at the domestic level?
This policy paper attempts to critically comment on the state of the art of the pending Bill, approaching the debate to specialists’ views and compared insights in order to submit recommendations for reshaping the existing models adopted by the draft legislation.
To see the results of this research, click here.
1 Comment