Google and Facebook express concern over data protection laws in Brazil

Possible requirement to store data locally would affect the Internet giants – and everyone doing business with Brazil
Written by Angelica Mari, Contributing Writer

As the Brazilian government attempts to create the country's first set of regulations around data and Internet governance, Facebook and Google have expressed concerns over possible additions to the bill. 

Proposed amendments to the Brazil's "Internet Constitution", the Marco Civil da Internet, include a requirement to store all data locally. The Internet giants, until now supporters of the creation of the regulations, are not happy about this possibility.  

A Reuters article published this week cited Google's public policy director Marcel Leonardi as saying that his employer is happy to support the Marco Civil, but only "in its original form" (without the requirement to set up datacenters in Brazil). 

The piece also quoted Facebook's public policy head Bruno Magrani as saying that the social networking firm is concerned about the possible changes, because they represent "an enormous technical challenge" to the company, which would also jeopardize the Internet service in Brazil as a whole. 

The big picture

Demanding that companies store data locally is not only worrying to these large companies, but also to any company providing IT services to clients in Brazil using strategies such as cloud computing - as well as any user of web services that might not necessarily be hosted locally. 

Information security expert at consulting firm Alvarez & Marsal, William Beer, warned that a series of laws that would introduce more complexity to an already challenging environment is not a good idea. 

"[The Brazilian government] needs to be very careful as there are a lot of datacenter-related issues already, such as the high cost of electricity, access to skills and even the temperature, which makes it expensive to run those facilities in Brazil," he says. 

"Then if you add regulation that will present further obstacles, companies might end up moving their IT operations to other South American countries where the rules are not so strict," Beer adds. 

It appears that the government is also choosing to disregard the fact that individuals in general are happy and willing to give personal information away to the likes of Facebook and Google. Any legislation should have more of a macro focus on the use of data to ensure that it stays within these companies and prevents criminals, or other companies, from accessing that data. If the public is not worried about where their Gmail information physically resides, then why should the government intervene?

That said, even the enforcement of stricter rules regarding data protection do not mean that our information is safe. While legislation can help create a safer environment on the web, the law is never going to be ahead of the technology.

"There are no guarantees [that personal data can be kept safe] - the government, Google, Facebook and others can show that they are adhering to guidelines and that they are transparent, but any standards you might want to apply can't keep up with the pace of change," Beer says. 

The expert added that that he fears the Marco Civil might be voted as a knee-jerk reaction to the NSA spying episode from last month. He cited the Carolina Dieckmann law as an example - a set of basic regulations around online privacy introduced after issues faced by Dieckmann, a Brazilian actress who had personal photos stolen from her computer and then published online.

Brazilian politicians might be just reinventing the wheel. The US Department of Commerce and European Commission have had agreements in place on data protection since the 1980s. The EC Directive on Data Protection has been around since 1998. The basic work in trying to create a framework for the protection of personal data has already been done. 

Instead of knee-jerk legislation that could affect business in Brazil for many years to come, the Brazilian government should explore what other countries have been doing for decades – take what works and discard what doesn’t. Perhaps they need a lesson in how Cloud Computing works?

Editorial standards