The Internet Legal Framework comes into effect
Law 12.965/2014, widely referred to as the Internet Legal Framework, came into effect in June 23, 2014 (the “Law”). The long-awaited regulation of the Law, however, has yet to be issued. It is expected to be drafted following public hearings, just like it happened in the case of the draft of the Law.
Due to the lack of regulation and parameters for interpretation of the Law, a number of questions remain unanswered concerning the practical application of the Law, including the issue of the self-applicability of its rules.
One of the rules in regards to which the self-applicability has been brought into question is the one which obliges application and connection providers to store users’ access and connection logs. Law 12.965/2014 states that its forthcoming regulation will address the secure means required for the storage of such data. The prevailing understanding up until this date, however, has been that these logs, which may serve as evidence in lawsuits, may be requested from the providers as from the date in which the Law entered into effect, that is, June 23, 2014. Various consequences to a provider’s unjustified refusal to present these logs may possibly apply, in addition to the sanctions provided for by the Law itself. Among such main possible consequences are: (i) the possibility of a search and seizure of these logs; (ii) characterization as a crime of disobedience from the part of the provider to provide the logs; and (iii) the application of a daily fine for non-compliance with the court order.
Additionally, regarding the preservation and non disclosure of personal data provided by users, application providers need to obtain prior express consent to collect, store or share such personal data.