Dirceu Santa Rosa writes:
In one of the last acts from the now impeached President Dilma Rousseff, she signed and validated a few “late night” amendments on the Brazilian Internet Law (a.k.a., the “Marco Civil da Internet”).
The official version ( in Portuguese ) of such amendments – Decree 8771/16 – can be found here.
There appear to be a number of significant amendments of importance to privacy advocates.
According to the Decree, companies that host third-party content, or any type of personal data, should provide mechanisms for encryption and authentication of access to records, using, for example, dual authentication systems. The Decree also requires that, when requested by public authorities, the provider must retain information and content created by a particular user that, for whatever reason, is under investigation by authorities. In such cases, providers should guarantee compliance with rules that restrict the handling and storage of such information.
The Decree stipulates that applications and Internet access providers should retain the “least possible amount” of personal data that can be collected from Brazilian users. And that such data must be permanently deleted as soon as the statutory term for retaining such data ends, or the period determined by a legal obligation or requirement.
The Decree also brings in its Article 14, for the 1st. time in Brazilian laws, specific written “definitions” of what should be perceived as “personal data” and “treatment of personal data”, in accordance with the Marco Civil .
Read more on LinkedIn.
h/t, Data Privacy Laws