Introduction

After five years of discussion by the public and almost three by Congress, Federal Law No. 12,965/2014, known as Marco Civil da Internet or the Internet Legal Framework, which deals with the regulation of Brazilian cyberspace, was approved on April 23, 2014, and went into effect on June 23, 2014.1 The law establishes the principles and rights regarding the use of the internet and details the responsibilities of internet connection providers as well as content providers and the government in the virtual environment.

In this survey we will explain two positive aspects of the law: one relating to privacy and data protection rules that must be respected by foreign companies that offer services to Brazilian citizens; the other relates to the protection of network neutrality. We will also discuss internet service providers' liability for damages resulting from content generated by third parties.

Transparency and Data Protection

Brazil has codified general principles and rules about transparency and data protection in the Brazilian Federal Constitution of 1988; in the Brazilian Civil Code (Federal Law No. 10,406/2002);2 in Federal Law No. 8,078/1990, the Consumer Protection Code;3 and, most recently, in Decree No. 7,962/13,4 which regulates contracts with customers in electronic commerce. Among other things, the decree provides that suppliers shall present a summary of a contract highlighting any clauses that limit consumer rights before the customer signs it, and suppliers must also utilize safe payment and data handling practices for the treatment of consumer data.5

The Brazilian Ministry of Justice considers data privacy and security to be critical enough to warrant the inclusion of additional specific rules about personal data in a draft bill known as the Personal Data Protection Act6-even though the Internet Legal Framework already deals with some of the issues relevant to this. Article 7 of the Internet Legal Framework provides that any private communications that are stored remain confidential except under the direction of a court order.7 The Internet Legal Framework prohibits the disclosure to third parties of personal data and electronic records of users, except with the user's free, informed consent in writing.8 Furthermore, service suppliers are required to provide clear, complete information to their users about the collection, use, storage, treatment, and protection of the user's personal data, which can only...