Current Status: Brazil has no mandatory data retention law.
Public Discussion: Brazil’s first serious attempt to adopt a data retention bill failed due in large part to the activism of NGOs and citizens within Brazil. In 2005, the "Azeredo Bill" (Bill 84/99) was introduced as an attempt to fight online piracy through data retention and was backed by governmental and private sector entities. A public opposition campaign called Mega Não movement (literally, "mega no") was launched against the bill. Government and civil society responded by proposing a civil framework (Marco Civil) which contains strong protections for freedom of expression and Internet intermediaries. But Brazil does not have a data protection law. In January 2012, data retention opponents drew attention to the Brazilian Senate’s Substitute Act to the House Bill No.89 of 2003 known as the “Draft Law”. The Draft Law proposes the creation of new regulations relating to the prevention, detection and punishment of Internet crimes. Activists are concerned about provisions could require private companies to report alleged violations and impose criminal liability on those that fail to do so. The same provisions could require the mass surveillance and data retention of all online communications by unaccountable private companies for a period of three years, with few limits on court-ordered disclosure of the data.