On March 18, 2014, Brazilian lawmakers announced the withdrawal of a provision in pending legislation that would have required Internet companies to store Brazilian users’ data within the country.
The Marco Civil da Internet (“Marco Civil”), a draft bill introduced in the Brazilian Congress in 2011, proposes Brazil’s first set of Internet regulations, including requirements regarding personal data protection and net neutrality. As we previously reported, the Marco Civil received renewed attention last year in the wake of revelations that the U.S. National Security Agency’s PRISM surveillance program may have monitored digital communications in Brazil. In response, the Marco Civil was amended to add a local data storage requirement for Brazilian data. The provision generated controversy and opposition from Internet companies that claimed complying with the requirement would be expensive and burdensome.
According to reports, the legislation now states that global Internet companies “are subject to Brazilian laws in cases involving information on Brazilians even if the data is stored abroad.”