On April 23, 2014, Brazilian President Dilma Rousseff sanctioned into law (Federal Law no. 12,965/2014) a bill of rights for Internet users, known as the “Marco Civil da Internet”, which establishes principles, guarantees, rights and duties related to the use of the Internet in Brazil. The law enters into force in the end of June and is a first-of-its-kind: developed collaboratively after almost three years of virtual debates and public consultations, it adopts the net neutrality and aims to guarantee freedom of expression to the country’s Internet users.
The present article analyzes how the Marco Civil will affect the enforcement of intellectual property rights against online infringements. Specifically, it discusses: a) the provisions that impose mandatory user data retention by Internet service providers (ISPs) and Internet application providers; b) the disclosure of stored user data to interested third parties; and c) the liability of ISPs and Internet application providers for third parties content.
HOW IT USED TO BE BEFORE THE MARCO CIVIL
The former Brazilian law did not regulate the collection and treatment of user data nor the liability of ISPs and Internet companies for third parties content. Despite the absence of written norms, some precedents had built the case law.
In this sense, Brazilian courts had affirmed that ISPs should store Internet access logs and application providers should collect and secure user data and application access logs for at least three years, as stated in the recent case of REsp No. 1398985/RJ, decided by the Superior Court of Justice.
Regarding the disclosure of collected user data, courts had understood that the constitutional rights to intimacy and to the secrecy and inviolability of private communications should not include the collected data that leads to the identity of Internet users (as IP addresses). Thus, it had been said that it was not necessary for an aggrieved party to file a court action in order to access such user data (e.g., Habeas Corpus 83.338/DF, decided by the Superior Court of Justice).
About the liability of Internet companies for third parties content, Brazilian courts had stated that application providers (such as social networks, web search engines, Internet forums and video streaming websites) were not obliged to analyze and filter the content published on their platforms by their users. However, these application providers could eventually be held responsible for an illicit content if they fail to make it unavailable after becoming aware of its illicit nature, as seen in the case of AgREsp No. 259482/MG, where the Superior Court of Justice held a website responsible for a copyrighted material published by one of its users.
The court precedents were very positive toward copyright holders and trademark owners, as they would pressure Internet companies to remove infringing content without the need for the aggrieved party to take the case to court.
WHAT CHANGES WITH THE NEW PROVISIONS OF THE MARCO CIVIL?
Period Of Storage Of Records
The new Federal Law establishes that Internet companies will be obliged to collect from their users and secure in safe place the records of Internet connection access logs or Internet applications access logs, namely date and time of access and the user IP address.
ISPs will have to keep records of Internet connection access logs for one year. Internet application providers that carry out their activities in an organized, professional manner and with economic purposes have to keep records of application access logs for six months. As it is clear, the Marco Civil drastically reduced the minimum period of three years that had been imposed by Brazilian superior courts.
The mandatory user data retention is being perceived with some dissent. On the one hand, some authors and digital activists note that indiscriminate collection of access logs represents a violation of the fundamental rights to privacy and to intimacy, and of the principle of presumption of innocence. For instance, they argue that users do not want to have websites that provide health information or legal pornographic content storing their medical history or data that can reveal the way they express their sexuality.
On the other hand, supporters of the new provisions imposing mandatory data retention state that, in some cases, Internet connection and application access logs are the only available information that can lead to the identification of individuals responsible for crimes committed online or through the Internet.
Judicial Control Of Retained User Data
The Marco Civil establishes that the access logs collected and stored by ISPs and Internet companies will only be disclosed to third parties through a court order, or when expressly authorized by the users themselves.
The request for access to recorded connection access logs or application access logs can be made during a civil or a criminal lawsuit. It has to be grounded on evidence of the illicit committed by the user and on the utility of the records for an investigation or a given court action. Moreover, the request must refer to a determined period of time.
Liability For Third Parties Content
The Marco Civil establishes that ISPs cannot be held accountable for content generated by third parties.
On the other hand, application providers can be liable for third parties content if they maintain the content accessible even after being ordered to remove it by a court order. Before being summoned of this court order, Internet companies are no longer obliged to remove the infringing content, even if they are notified to do so by the aggrieved party.
The new Federal Law aims to guarantee the freedom of expression and the absence of any form of private control of content by Internet companies. However, some problems may arise from its legal provisions.
In this sense, it is to say that the Marco Civil also states that a prior court order is not necessary in order to oblige the application provider to remove unauthorized content of nude or sexual nature. In these cases, the application provider can be held accountable if the controversial content is not removed after the notification of whoever is exposed by it. In other words, the Marco Civil admits that obliging the aggrieved party to take the case to court would be unnecessarily damaging, assuming that the propagation of certain audiovisual materials in the digital environment can be extremely burdensome.
On our part, we believe that the legal distinction between unauthorized material depicting sexual behavior and material that infringes other fundamental rights is artificially moralist. If it is admitted that obliging the victim to take a case related to sexual content to court might not be suitable for repairing damages to the victim’s image, we have to agree with the possibility of damages to other victim’s rights that will not be repaired by the mandatory judicial control foreseen by the Marco Civil.
We therefore understand that it would be better for the new Federal Law to regulate non-judicial solutions of potential conflicts of interests arose from those who create and publish content online and those who might have their fundamental rights offended.
As an example, we could mention the put-back procedures adopted by some countries: the user whose published material is removed has the right to counter-notice the application provider. If a valid counter-notice is filed, the provider makes the material once again available, unless the party that firstly felt offended by the content files a court action to have the material removed as per a court order.
The new provisions of the Marco Civil are not applied to copyright violation, which will still be ruled by the Brazilian Copyright Law (Federal Law No. 9,610/98) until a new law is enacted.
The problem is that the Brazilian Copyright Law does not have specific rules toward Internet companies. Thus, in view of the absence of written laws, the court precedents stating that applications providers are to be held accountable for third parties content that violates copyrights as soon as they are notified by the aggrieved party are still applicable.
How these changes affect online infringement of IP rights?
Preserving Internet connection logs and application access logs of Internet users is of fundamental importance for the identification of infringers of intellectual property rights and the adoption of appropriate legal remedies.
Through those records, it is possible to seek, for instance, the identification of the infringer who uses the Internet to commit crimes of unfair competition, as defined by the Brazilian Industrial Property Law (Federal Law No. 9,279/96): anonymously posting at a blog defamatory information about a certain company, or anonymously disclosing company’s data protected as trade secrets.
Even more common is the online infringement of registered trademarks or copyrights, as counterfeit products being sold at e-commerce websites, or the unauthorized reproduction or publication of intellectual or artistic creations.
Before the new Marco Civil, Internet companies would quite often provide brand owners and copyright holders’ lawyers and representatives with the identity of those users involved with illicit practices. Although aims at guaranteeing the intimacy and privacy of Internet users, the Marco Civil, when establishing the judicial control of user data retained by Internet companies, also imposes a new obstacle to IP rights holders, who now will have to take each online infringement case to court in order to disclose the infringer’s identity.
Regarding the liability of application providers for third parties content, the new Marco Civil now requires the aggrieved party to support the burden of filing court actions in order to have infringing materials removed. For example, it is usual for counterfeiters to post nearly identical offers at e-commerce sites announcing products that imitate or reproduce registered trademarks. Up to these days, it would be enough for the trademark owner to inform to the website the URL addresses of those offers in order to have them removed. However, with the new rules of the Marco Civil, the trademark owner may now have to file court actions aiming at the removal of each of those infringing offers, as the sole non-judicial notification of the e-commerce site is no longer enough to hold the website responsible for the infringing content it hosts.
Furthermore, the law establishes that the court order has to identify precisely the illicit content to be removed. This can be very challenging in some situations, as when search websites return hundreds of results announcing products identified by a counterfeit trademark. It is clear that the individual identification of each one of those results is virtually impossible.
To conclude, it is to say that the need to resort to court will depend on the right violated by the illicit content. If the material published by an Internet user infringes copyrights, the application provider can still be held responsible, in ways that the Internet companies are likely to remove the material when notified to do so. In this situation, taking the case to court will not be necessary. On the other hand, if the illicit content infringes other intellectual property rights, the application providers can only be compelled to remove it through court orders, and therefore filing court actions will probably be the most usual remedy to put an end to ongoing infringements.