What were the main digital policy regional updates in Latin America? This space brings you the main updates month by month, summarised by the observatory's curators.
Follow the GIP's March briefing on Internet governance, which will include updates from the Latin American region during March. Register to attend.
Curated by Cláudio Lucena
Brazil has a Data Protection Law
15 Aug 2018 | Privacy and data protection
A further and relevant development in the data protection landscape in Brazil, the country’s first data protection bill has been signed into law by the President, and published in the official journal August 15. The law will be in full force in 18 months, by February 2020. The national framework now provides mechanisms to ensure consent, legal grounds for processing, purpose and time limitation, security, universally recognized data subjects’ rights, rules on breach reporting and on transnational data transfers. Some of the mechanisms in the bill were vetoed by the President, as it was the case of the suspension and prohibition of processing and storing activities, on the grounds that the text as it was might risk the stability of strategic services, such as financial ones. Another relevant veto concerned the creation of an independent and autonomous national data protection authority, and of a national data protection council. According to the President, the bill as it was presented could not have formally approved the creation of the structures. He promised to send an appropriate proposal to the parliament addressing those issues soon.
Curated by Cláudio Lucena
Facebook removes pages and accounts in Brazil
25 Jul 2018 | Freedom of expression
On July 25 Facebook removed 196 pages and 87 profile accounts from its platform, most of them linked to MBL (Free Brasil Movement), a group that gained visibility after leading protests that resulted in the impeachment of former President Dilma Roussef. According to the company, the initiative was interconnected. It reached around 500 thousand followers and hid from the public the nature and origin of its content with the purpose of generating division and spreading disinformation. The movement contests the legality of the removal. They argue that the resources were used to inform and disseminate conservative and liberal ideas, and accuses Facebook of censorship. Federal Prosecutors in Brazil have requested Facebook to provide a list of the excluded resources, along with the justification and reasons for the removal.
Brazil has a Data Protection Law
24 Jul 2018 | Cybercrime
Colombia has passed national law approving the country’s accession to the Budapest Convention on Cybercrime. The bill was signed into Law July 24. Colombia had already incorporated cybercrime provisions in its criminal code since 2009, but the Presidency considers the Convention the best tool for States in the fight against crime in digital environments. Authorities believe that the instrument has a relevant role in strengthening the national regulatory landmark concerning cybercrime. They have also stressed the importance of the network which will now be available 24/7 to ensure prompt and timely response and international cooperation. According to the country’s rules, the constitutional court still has to give its opinion or concept on the constitutionality of the law before it goes into full effect.
Curated by Cláudio Lucena
Tor network block
25 Jun 2018 | Content policy, Freedom of expression
Journalists and non-governmental organisations have reported that the Tor network has been blocked by Venezuela’s largest state-owned Internet service provider CANTV. Traffic on the Tor network had recently increased in the country, following blocks that had affected news outlets. Activists said that the first blocks could be avoided by simply changing DNS settings to an international server, while a second wave of blocks demanded the use of Virtual Private Networks (VPNs) and the anonymous browsing capabilities of the Tor network to circumvent the ban. According to technical evidence collected and presented by local activists, a more complex measure was then taken, blocking vanilla connections as well as obfs3 and obfs4 bridges, with a high rate of success in preventing users from accessing the Internet.
National cybersecurity strategies
21 Jun 2018 | Network security
The governments, the private sector and the civil society in the Dominican Republic and in Guatemala have worked together for almost two years, with the support from Organization of American States (OAS), through the Inter-American Committee against Terrorism (CICTE) and the Cyber Security Program, and have now joined eight other Latin American countries in putting a national cybersecurity strategy in place. Their aim is to contribute to a cyberspace that is safer for citizens, businesses and public administration in the countries. For Luis Almagro, Secretary-General of the OAS, the adoption of the strategies is an important first step, but it is only the beginning of a process that should continue developing security capabilities for cyberspace, always taking into account the voices of the relevant stakeholders.
GDPR and Latin America
29 May 2018 | Privacy and data protection
The coming into force of the General Data Protection Regulation (GDPR) has already triggered repercussions in Latin America, a region where the GDPR is influencing other reform initiatives, as is the case with Argentina reviewing their data protection legal framework. On 29 May, the first data protection bill was finally approved by the lower house in the Brazilian Parliament. The bill reflects many of the approaches, tools and mechanisms of the GDPR, although there is still a bit of uncertainty concerning certain issues, for example, the legal nature and shape of the national data protection authority. The bill still has to go through the Senate on a second reading, but both the government and the opposition have already stated that it is a priority, which makes it very likely that Brazil will have its first data protection law by the end of the year.
Curated by Luca Belli
Chilean Senate approves Data Protection Bill
15 May 2018 | Privacy and data protection
The Chilean Congress approved a bill aimed at updating the country's data protection framework. The government and Congress agreed on the creation of a personal data protection authority in Chile and enshrined the protection of personal data as a constitutional right. The new legislation takes into account many elements of the EU General Regulation on Data Protection, which took effect on 25 May.
Positive credit registry law is approved in Brazil’s Chamber of Deputies
9 May 2018 | Privacy and data protection
On 9 May, the Chamber of Deputies in Brazil approved the Complementary Law Project (PLP) 441/17, which makes participation in the Positive Credit Registry – a system that gathers information on payments made by Brazilian citizens and authorises financial institutions to include consumer information in the system, regardless of specific authorisation – compulsory. The new legislation, if also approved by the Senate, will authorise the automatic inclusion of all consumer information necessary to create an individual’s credit scoring, into a unique database accessible to all financial institutions. The bill has been welcomed by representatives of the financial sector and criticised by consumer associations and digital rights advocates, who opposed the proposal’s approval.
Brazilian Superior Court of Justice rules in favour of the right to be forgotten
8 May 2018 | Privacy and data protection, Freedom of expression
On 8 May, the Superior Court of Justice (STJ), the highest appellate court in Brazil, issued a decision on the right to be forgotten. The court ruled in favour of the de-indexation of search results, highlighting the pivotal role of search engines in order to find information, but stressing that de-indexation can only happen as a result of a court injunction. The STJ issued the decision within the context of a case involving a public prosecutor form the Rio de Janeiro State, who filed a lawsuit against Google, Yahoo and Microsoft in 2009, requesting the de-indexation of Internet search results associating her name to reports about suspected fraud in the Rio de Janeiro State Magistrate's Exam.
Anonymous launches cyberattacks against official media and government institutions in Nicaragua
5 May 2018 | Network security
Nicaragua has been the scene of a series of protests initiated against a reform of the social security law. Hacktivist groups are coordinating DDoS attacks against the government and the government’s member portals and pro-government social network accounts. The group behind the operation, called #OpNicaragua, has already carried out the publication of the private information of various public figures that are part of the government and the ruling Sandinista Front.