Google and Facebook express concern over data protection laws in Brazil

Google and Facebook express concern over data protection laws in Brazil

Summary: Possible requirement to store data locally would affect the Internet giants – and everyone doing business with Brazil

TOPICS: Security, Government

As the Brazilian government attempts to create the country's first set of regulations around data and Internet governance, Facebook and Google have expressed concerns over possible additions to the bill. 

Proposed amendments to the Brazil's "Internet Constitution", the Marco Civil da Internet, include a requirement to store all data locally. The Internet giants, until now supporters of the creation of the regulations, are not happy about this possibility.  

A Reuters article published this week cited Google's public policy director Marcel Leonardi as saying that his employer is happy to support the Marco Civil, but only "in its original form" (without the requirement to set up datacenters in Brazil). 

The piece also quoted Facebook's public policy head Bruno Magrani as saying that the social networking firm is concerned about the possible changes, because they represent "an enormous technical challenge" to the company, which would also jeopardize the Internet service in Brazil as a whole. 

The big picture

Demanding that companies store data locally is not only worrying to these large companies, but also to any company providing IT services to clients in Brazil using strategies such as cloud computing - as well as any user of web services that might not necessarily be hosted locally. 

Information security expert at consulting firm Alvarez & Marsal, William Beer, warned that a series of laws that would introduce more complexity to an already challenging environment is not a good idea. 

"[The Brazilian government] needs to be very careful as there are a lot of datacenter-related issues already, such as the high cost of electricity, access to skills and even the temperature, which makes it expensive to run those facilities in Brazil," he says. 

"Then if you add regulation that will present further obstacles, companies might end up moving their IT operations to other South American countries where the rules are not so strict," Beer adds. 

It appears that the government is also choosing to disregard the fact that individuals in general are happy and willing to give personal information away to the likes of Facebook and Google. Any legislation should have more of a macro focus on the use of data to ensure that it stays within these companies and prevents criminals, or other companies, from accessing that data. If the public is not worried about where their Gmail information physically resides, then why should the government intervene?

That said, even the enforcement of stricter rules regarding data protection do not mean that our information is safe. While legislation can help create a safer environment on the web, the law is never going to be ahead of the technology.

"There are no guarantees [that personal data can be kept safe] - the government, Google, Facebook and others can show that they are adhering to guidelines and that they are transparent, but any standards you might want to apply can't keep up with the pace of change," Beer says. 

The expert added that that he fears the Marco Civil might be voted as a knee-jerk reaction to the NSA spying episode from last month. He cited the Carolina Dieckmann law as an example - a set of basic regulations around online privacy introduced after issues faced by Dieckmann, a Brazilian actress who had personal photos stolen from her computer and then published online.

Brazilian politicians might be just reinventing the wheel. The US Department of Commerce and European Commission have had agreements in place on data protection since the 1980s. The EC Directive on Data Protection has been around since 1998. The basic work in trying to create a framework for the protection of personal data has already been done. 

Instead of knee-jerk legislation that could affect business in Brazil for many years to come, the Brazilian government should explore what other countries have been doing for decades – take what works and discard what doesn’t. Perhaps they need a lesson in how Cloud Computing works?

Topics: Security, Government

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The author trust the American corporate way too much.

    1)When citizens are willing to yield to something does not mean the government should not intervene, say drugs for instance.
    2)Personal data is resource that in turns can be viewed as money. A country has all the right to regulate on out flowing of resources. If this data is not important to their survival of these giant data companies why do they want to store them? In an other word, these companies make money off these data, so why not have them run data centers in your own country and pay the proper tax? It's a world of competition, if you let out your resources so easily, you would end up running in the ruins.
    3)Data stored overseas is at the mercy of how the foreign country use them. Do you really trust any government, including your own, that they really safe guard the data or use only the ways you expect them to? For e.g., years back, we would call foul(class action was filed) when a gaming company log our computers in the USA but look at what our big companies are doing such as eBay nowadays-not only does it log your mac address, CPU info, OS info, email address, physical address(including outdated ones-ones that you don't even remember) and habit of posting/browsing without really trying to let you know in a plain manner that it is doing all these. How can you trust a foreign company to store data not under the jurisdiction of your own country?
  • Why Should It Be So Hard?

    I thought the Internet made a mockery of the tyranny of distance, so it became just as easy to store data in place A as place B.

    So why should it be hard to ensure that Brazilian data stays in Brazil?
  • Agreements?

    The US Department of Commerce and European Commission have had agreements in place on data protection since the 1980s. The EC Directive on Data Protection has been around since 1998.
    Fat lot of good all of that has been too!!