This is another InternetLab newsletter about the Brazilian public consultations about the Marco Civil da Internet regulation and the Data Protection Draft Bill. Check the chosen topics of this week.

It its worth remember that the consultation about the Marco Civil da Internet regulation was extended for another month, until late April (the ending was formerly scheduled for the end of March).

The InternetLab is planning the release of a final report at the end of the debates. The idea is to organize the contributions and to produce a map of the main arguments.

Marco Civil Regulation: network neutrality and copyright

Although the discussions about the interactions between copyright and the Internet are numerous, the Marco Civil da Internet barely mentions this field of law. The only mentions (article 19 and article 31) do not innovate in the subject and only refer to “specific legal provisions” and the copyright law already in force. This is because, during the Marco Civil drafting process, several of its framers realized that including the issue of copyright in the law would eventually hinder its approval due to the multiplicity of interests involved.

Even though, the Motion Picture Association – Latin America (MPA-LA), association that represents the copyright interests worldwide, has sent to the Ministry of Justice their concerns about the regulation of Marco Civil. The association raised the discussion of exceptions to network neutrality. The MPA has positioned itself in favor of a provision in the future regulation expressing that the rule of net neutrality does not prevent blocking contents considered illegal when such content is hosted outside of Brazil:

“Regarding contents hosted within the national territory, the judge may issue a removal order to the application provider or, if the violation is in the copyright field, the holder of the rights can send a notice of withdrawal to the ISP, asking for the unlawful content to become unavailable. However, when the content is hosted in a foreign nation, the Brazilian court order may become void or, if accepted by letter of request, not produce the expected results, for months, perhaps years after the court order has been issued.”

According to the association, a way to inhibit this kind of illegal content would be a court request to the connection provider to block traffic from the sites that are providing the content. This measure, however, would be in violation of the rule of network neutrality – which would not allow discrimination of traffic based on the source of the data. In the association’s view, the regulation should provide for an exception to the neutrality, enabling this type of practice.

This understanding has raised some opposition among the consultation participants.

The participant Luis Paulo Bogliolo argued that the rule of network neutrality is in no way related to copyright and that, furthermore, the connection providers would be exempt from liability for content posted by Internet users, as set forth in article 18 of Civil Marco.

In response to Luis Paulo, the MPA-LA clarified that its contribution relates solely to a technical locking hypothesis to be carried out through court order by the connection providers. It would not be about, therefore, blaming the connection providers for the content generated by third parties, but making room for judges to determine compliance with Brazilian legislation of copyright protection.

The participant Ivella worries about the fact that blocking all traffic from a server because of the availability of some illegal content also ends up affecting the lawful content of that site. The measure would therefore be disproportionate, as it would also affect users who have nothing to do with the illegal content.

At this point, we must emphasize that any chance of degradation or discrimination of data traffic to be ruled by the regulation shall appear in one of two exceptions to neutrality enshrined in the Marco Civil da Internet: (i) “technical requirements essential for the correct provision of services and applications” and (ii) “prioritization of emergency services.” It is not within the regulation scope to create new types of exception, in accordance with the rule of Article 84 of the Constitution.

Personal data: impossibility of consent

One of the pillars of the Data Protection Draft Bill is the consent. It is through the consent that the right of citizens to protect their data, on one hand, and the use and processing of data for the offer of online services (and its innovation and definition of business models), on the other hand, is balanced.

Several provisions of the bill seek to give weight and meaning to the consent given by the user. In spite of that, this is an issue that raises many problems. Often Internet users do not care or are unaware of the existence of privacy policies of the services used, for example. In addition, there are several cases where the conditions for the offer of the service are written in a technical language and difficult to understand.

In his contribution placed in article 10 of the draft bill, the participant Roberto Taufick argued that, in many situations, for technical and practical reasons, the treatment of some types of data is not even preceded by any contract. This is the case, for example, of third-party cookies.

Sending small text files called “cookies” is a trivial mechanism on the Internet. Cookies are used by websites to distinguish users and to remember when the same machine accesses it again. Through this instrument is possible to “map” the user activity on the Internet. These data segments can be sent by both the site you visit and by advertisers on that page. How could there be consent to receive cookies from these third-advertisers, for example?

It is true that there are several technical defenses and programs able to remove and prevent the sending and receiving of cookies on your computer. However, besides being difficult to imagine that all users make use of this type of program, the doubts regarding the legal treatment of this type of data and activity remain.

The discussion becomes especially important in light of cases involving cookies “more elaborated”. Last year, it was discovered that one of the major US mobile broadband providers, Verizon, used the so-called unique identifier header (UIDH) (or “permacookie”) to “follow” the activities of users on the network without their consent.

By Francisco Carvalho de Brito Cruz and Jonas Coelho Marchezan