Current Status: Brazil has no mandatory data retention law.

Public Discussion: Brazil’s first serious attempt to adopt a data retention bill failed due in large part to the activism of NGOs and citizens within Brazil. In 2005, the "Azeredo Bill" (Bill 84/99) was introduced as an attempt to fight online piracy through data retention and was backed by governmental and private sector entities. A public opposition campaign called Mega Não movement (literally, "mega no") was launched against the bill. Government and civil society responded by proposing a civil framework (Marco Civil) which contains strong protections for freedom of expression and Internet intermediaries. But Brazil does not have a data protection law. In January 2012, data retention opponents drew attention to the Brazilian Senate’s Substitute Act to the House Bill No.89 of 2003 known as the “Draft Law”. The Draft Law proposes the creation of new regulations relating to the prevention, detection and punishment of Internet crimes. Activists are concerned about provisions could require private companies to report alleged violations and impose criminal liability on those that fail to do so. The same provisions could require the mass surveillance and data retention of all online communications by unaccountable private companies for a period of three years, with few limits on court-ordered disclosure of the data.

Related Issues

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Backdoors have been discovered in Arris cable modems. This is why we need a security research exemption to the DMCA.

Nov 27 @ 2:15pm

Censorship powers, data retention, and vague hacking crimes: Pakistan's terrible cybercrime bill has it all:

Nov 25 @ 5:11pm

While Bangladesh blocks social messaging apps, locals are turning to Tor and Twitter:

Nov 25 @ 3:50pm
JavaScript license information