February 27 2001
There are few specific regulations for information technology in Brazil and the regulations that do exist mostly concern the protection of software. Draft legislation concerning computer crimes, digital signatures and the authenticity of digital documents is under discussion. In the meantime the Civil Code (Law 3,071 of January 1 1916) and the Consumer Protection Code (Law 8,078 of September 11 1990) adequately regulate issues concerning the privacy of databases, the protection of personal information, and the validity of contracts and documents, although some interpretative work is necessary to adapt old legal concepts for the digital age.
Computer software is ruled by Law 9,609/98 of February 20 1998. Software is considered to be copyrightable subject matter and the Copyright Law also applies.
Software is protected for 50 years from January 1 of the year following its publication, release or creation. Registration is not required for the protection of software copyrights, although the Patent and Trademark Office accepts the registration of computer programs.
Rights relating to software that is developed during employment rest with the employer unless the relevant contract includes a contrary provision. All rights relating to software that is created by the employee outside the employment relationship are reserved to the employee.
Law 9,609/98 requires that software sold in Brazil must bear the technical validity period in the licence agreement, purchase invoice or package. The software licensor and/or authorized distributor must provide technical maintenance and assistance for customers during the technical validity period.
The law lists what are considered to be abusive clauses for licence agreements. Invalid clauses include those that exempt any parties of responsibility for indemnifying losses or damages caused to third parties by viruses, flaws or defects of the software, and/or copyright infringement.
Technology transfer agreements relating to software must be registered with the Patent and Trademark Office in order to be effective against third parties. For the purposes of registration the source code and other technical documents relating to software are recorded secretly with the office.
Violation of software rights is subject to the following penalties:
A software owner is entitled to provisional remedies that include the removal of the relevant hardware (especially personal computers) and claims for loss and damages against the infringer. The statute of limitations to recover losses and damages for copyright infringement is five years.
A company's criminal responsibility is attributed to its legal representatives at the time of the crime.
The following do not constitute software infringement:
Databases are protected as copyrights under Copyright Law (Law 9,610 of February 20 1998). Regulations covering contract protection, trade secret and unlawful competition are also applied to the use of databases. Several laws in the areas of telecommunications, banking and crime protect data itself.
The 1988 Constitution grants the fundamental right to privacy. The Consumer Protection Code (Law 8,078 of September 11 1990) regulates the collection of personal information and the protection of databases. The code emphasizes that a consumer's consent should be obtained before collecting personal data. It also establishes that consumers shall have continuous access to personal data. It restricts the keeping of registers that hold 'negative' information to five years.
Following world trends concerning self-regulatory e-commerce practices, a research organization affiliated to the University of São Paulo (Fundação Carlos Alberto Vanzolini) created a Reference Rule for Online Privacy (Norma de Referência da Privacidade Online, June 2000).
The reference rule is the result of an adaptation of various legal sources on privacy practices, such as ISO9000, as well as recommendations issued by official agencies and foreign legislation. These include the American Senate's Federal Trade Commission, the European Council, the Spanish Agency on Data Protection and the British Data Protection Act.
Although the reference rule is not considered to be enforceable it provides an efficient method for evaluating quality and commitment levels of companies that collect data and use databases. The rule has become a standard reference document in Brazil. Privacy certificates are issued to companies on its basis.
The Habeas Data Law (Law 9,507 of November 11 1997) also covers the demand for access to and rectification of personal data contained in public registers. This law determines the procedure for obtaining personal data stored in public registers.
A project that is under discussion at Congress relates to IT crimes. The project determines that all internet service providers must keep a register of their clients' names, addresses and identification registration numbers. This must be kept for at least three years.
The collection of personal data will be subject to the prior authorization of the relevant person or legal entity. Use of personal data may be suspended at the request of the person or entity. Penalties are imposed for unauthorized disclosure of sensitive or personal data.
Most of the newly recognized crimes are not already covered by criminal law. If the project is approved, the following actions will be prohibited:
Provisions are not yet enforceable and are still subject to change.
A related governmental aim is the manufacture of inexpensive computers (costing around $200) so that they can be made available to low income families. This task is to be handled in conjunction with the Ministry of Science and Technology. Further information can be obtained at www.mct.gov.br.
On January 12 2001 the legislative branch enacted Law 10,176 which regulates the capacity and competitiveness of the IT sector.
According to the law, domestic companies that develop and manufacture IT and computer goods will enjoy the following benefits:
The IT goods that are manufactured in the domestic tax exemption zone (Zona Franca de Manaus) will continue to be exempt from the tax on manufactured goods until 2013.
The annual investment for research and development of 5% of the gross income obtained from the sale of goods and services in the IT sector is still obligatory. Tax deductions on this investment are allowed but at least 2.3% of the gross income shall be invested under the new IT law.
The law defines the concept of 'IT goods' in the following terms:
Also, the new law determines that cell phones and video monitors can be considered to be IT goods.
The new law requires further regulation in the form of decrees. Future decrees are expected to define the procedures and requirements that are necessary in order for the IT industry to be exempt from tax.
For further information on this topic please contact Maristela Basso at Tozzini, Freire, Teixeira e Silva Advogados by telephone (+55 11 232 2100) or by fax (+55 11 232 3100) or by e-mail (firstname.lastname@example.org).
The materials contained on this web site are for general information purposes only and are subject to the disclaimer
ILO provides online commentaries as specialist Legal Newsletters. Written in collaboration with over 500 of the world's leading experts and covering more than 100 jurisdictions, it delivers individually requested information via email to an influential global audience of law firm partners and international corporate counsel. Please click here to register for the service.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription. Register at www.iloinfo.com.