By Renato Opice Blum, Caio Lima, and Camila Rioja
Originally published at the Information Law Journal
Technology is pushing away remaining physical boundaries between countries and people – either in terms of social contact or services rendering. However, conflicting interests strengthen the need for a coherent legislative framework to address contemporary challenges regarding data protection, ownership and cross border information flow.
The million-dollar question as regards technology surpassing existing physical frontiers — as technological services can be rendered oceans apart from the contracting party or even in the cloud — is how legislations can cope with such intricate new business models preserving their countries’ sovereignty and not hindering innovation in global markets.
This article provides brief remarks of important aspects concerning data flow, privacy and protection, including: the recently enacted Brazilian “GDPR”; the current MLAT controversy; first impressions of the CLOUD Act and a Brazilian Central Bank cloud services regulation.
Legislation and Policies as a Barrier to Data Flow As a bit of a background, Brazil’s very first legislation concerning the internet, the Law 12,965 from 2014, best known as “Internet Civil Landmark” is quite recent and underwent a lot of criticism. While still a draft bill, it included provisions regarding the so called “data localization”, which sets forth that information and data should be held in local servers exclusively, irrespective of the location of the parent company or other commercial decisions deemed applicable by the business.