EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Country Reports >Federative Republic of Brazil|
Article 5 of the 1988 Constitution of Brazil provides that "the privacy, private life, honor and image of people are inviolable, and the right to compensation for property or moral damages resulting from their violation is ensured." The Constitution also holds the home as "inviolable," and "no one may enter therein without the consent of the dweller, except in the event of flagrante delicto or disaster, or to give help, or, during the day, by court order." Correspondence and electronic communication are also protected, except by court order "for purposes of criminal investigation or criminal procedural finding of facts." "Access to information is ensured to everyone and the confidentiality of the source shall be safeguarded, whenever necessary to the professional activity." Finally, the Constitution provides for habeas data, which guarantees the rights: a) to ensure the knowledge of information related to the person of the petitioner, contained in records or databanks of government agencies or of agencies of a public character; and, b) for the correction of data, when the petitioner does not prefer to do so through a confidential process, either judicial or administrative.
The scope of the constitutional right to habeas data was clarified with the passage of additional procedures and definitions in 1997. Under the Habeas Data Law, an individual has a right to petition for rectification of incorrect data. However, if the maintaining organization disputes or chooses not to make the correction, the petitioner only has the right to annotate the data with an explanation, rather than force a correction.
The Brazilian Civil Code, effective since January 2003, provides protection by declaring, "the private life of an individual is natural and inviolable" and evinces that the judiciary, at the request of an individual, must adopt measures to protect against actions to the contrary. In particular, the Civil Code states that the non-authorized disclosure of writings, transmission of words, publication, exhibition or use of a person’s image may be hindered, at his/her request and without prejudice to any potential indemnifications, in case such acts may cause harm to the honor, good fame or respectability of said individual, or in case such use is made for commercial purposes. Exception is made in cases where such disclosure, transmission or use is required to ensure the administration of justice and/or the maintenance of public order.
In 1990, Brazilian law provided protection for the privacy of children, outlawing the total or partial unauthorized divulgence of a child or adolescent's name, or their police, agency or judicial documents. This law was amended in November 2003, expressly including the Internet as a way of perpetrating the crime of publishing or disclosing pornography involving children or teenagers.
The Information Technology Law, which establishes the guidelines for a national policy concerning technology development, determines as a principle the creation of legal and technical mechanisms in order to protect the secrecy of stored, processed and disclosed data, in the interest of the privacy and security of natural persons and legal entities. The Telecommunications Act of 1997 states as one of its operating principles that users of telecommunications services have the right to have their privacy respected in the usage of their personal data.
A 1997 law provided for the creation of a National Register for Civil Identification. The law stated that each Brazilian citizen should have a unique identification number, which would be linked to further data on the citizen and should be used in every relationship with public and private entities. The law also said that all the current ID documents would not be valid after a 5-year term beginning from the enactment of the law. However, more than ten years after its issuance, no further norms have been issued, nor has the National Register for Civil Identification been implemented.
Broad consumer rights in data were created under the 1990 Consumer Protection Law, which provides that consumers have access to personal data, consumer files and other information stored in files, and databases about themselves, as well as about the sources of this data. The law further requires that consumer files and data be objective, clear, true, easily comprehensible, and shall not contain derogatory information regarding periods prior to five years ago. In addition, the opening of a consumer file, archive, registry, or database should be communicated in writing to the consumer, if not opened at the behest of the consumer. Also, whenever consumers find that data and files about them are incorrect, they can demand immediate correction, and the archivist shall communicate the corrections within five days. Finally, once the consumer has settled his or her debts, Credit Protection Services shall not provide any information that may prevent or hinder further access to credit for that consumer.
It is worth mentioning that there is currently neither a public data agency nor private entities specifically acting in the defense of privacy rights. Courts have recognized that infringement upon any of these rights is subject to costly settlements, based on consumers' affected moral rights. Also, a 2004 ruling by the 2nd Regional Labor Court determined that no worker may be fired solely based on the fact that they have an open file in a Credit Protection Service.
In the beginning of 2003, São Paulo State Attorney's General Office (Ministério Público do Estado de São Paulo) investigated and questioned the data collection and processing practices of a major supermarket chain (CBD) that tracked its customers' purchases thanks to a loyalty card marketing scheme. As a consequence, on June 2003, São Paulo State Attorney's General Office and CBD executed an Undertaking of Performance (Termo de Ajustamento de Conduta) in which CBD committed itself to clearly informing its clients about the scope and intended use of the data it collected from customers, as well as to obtain their express consent before any future data collection. CBD further promised to delete customers' names from its current database if they did not expressly authorize the processing of their data.
Some of the biggest legal and public Internet-related debates involve Orkut, a social network service run by Google Inc. The majority of Orkut’s users are Brazilian and its popularity in the country gave rise to a series of legal issues including cyber crime, paedophilia, and defamation. By the end of 2004, a group hijacked several communities in Orkut, by using a social engineering attack against community owners exploiting flaws both in Orkut and Microsoft Internet Explorer. More than 30 communities, which are areas for internal discussion of various subjects, each of them including more than 1,000 members, were hijacked. Communities were returned to their original owners some time later. Orkut later implemented better security measures to prevent similar problems from happening again. In April 2005, the Brazilian Information Agency (Agência Brasileira de Informações – ABIN) took down two allegedly false profiles from the Orkut network, one for the Chief Ministry of the Communication and Strategic Management Secretary, Luiz Gushiken, and the other for the President’s wife.
In almost all Orkut legal cases, the specific privacy concern relates to judges requesting Google Inc. to provide Orkut users’ personal identification in order to investigate and eventually prosecute users. In October 2006, a federal judge ordered Google Inc. to supply a user’s personal information in a case involving child pornography. Other rulings followed the same path, leading to a certain degree of collaboration of Google Inc. with law enforcement agencies (after a prior denial period) and hence even to a deal between Google Inc. and Ministério Público do Estado do Rio de Janeiro (the District Attorney’s Office in the State of Rio de Janeiro). In 2006, the Federal Attorney General’s Office initiated legal proceedings in order to hold Google’s Brazilian Office responsible for the provision of information to law enforcement. The initial court decision fining Google R$ 50,000 (approximately USD 25,000) for the security breach was subsequently overturned on appeal.
A YouTube video showing a famous Brazilian model in a very intimate situation caused a judge to order YouTube to ban the video. This order caused major Brazilian Internet Service Providers to block the entire YouTube site. As a result of anti-censorship protests that arose, the same judge ordered the restoration of the YouTube site a few days later, observing that YouTube should ban that particular video.
Anti-spam legislation has been introduced in several separate bills, none of which has yet reached a final vote. A bill, proposed in 2002, would create criminal penalties for disseminating or selling personal data without the data subject's permission. In 2003, three separate bills were introduced to regulate the telemarketing activities, and two in 2004 – mainly, a reflection of the US "do-not-call list." In general, the intent is to create such lists under the control of either telemarketing companies or the Brazilian Ministry of Communications.
The Brazil Anti-Spam Group created a market-oriented self-regulation initiative to encourage advertisers to provide accurate information about themselves to recipients, to observe truth-in-advertising norms, and to let recipients opt-out of future mailings, thus aiming at promoting consumer confidence in the use of e-mails. However, the effectiveness of the Anti-Spam Code of Ethics has been questioned, because there are no proposed sanctions for the breach of its terms other than the listing of the spammers on the Brazil Anti-Spam Group's website and because the Code of Ethics allows the sending of unsolicited e-mails as long as some conditions have been met.
A ruling by a court of Florianópolis considered receiving unsolicited e-mail something perfectly normal in the “cybernetic age” and unable to result in either moral or actual damages. Meanwhile, the spam problem began to be addressed by non-governmental institutions, such as the Comitê Gestor da Internet no Brazil – CGI.br (Brazilian Internet Managing Committee). CGI.br launched a website and a campaign to instruct on the proper behavior online to avoid spam, as well as to support research for legal solutions.
The Financial Institutions Secrecy Law provides that "financial institutions will preserve secrecy in their active and passive operations and services." However, broad exemptions to this secrecy exist, including information exchanged between financial institutions, reporting of information requested by the Secretaria da Receita Federal (Federal Revenue and Customs Secretariat), or to report illegal activity to the appropriate authorities. In addition, confidentiality can be breached when necessary to confirm suspicion of any illegal activity in any phase of an inquiry or action at law. As a rule, such a confidentiality breach shall depend upon a court order.
The Brazilian Supreme Court has declared that bank records are private, and are covered by the constitutional right to privacy. This entails that bank records may only be used as exhibits in judicial proceedings if previously authorized by a judge. The Supreme Court in 2006 ruled that the inviolability of computer data is not absolute. In cases of seizure of computers in conformity with legal requirements, the information contained therein may be used as evidence. Furthermore, such use does not constitute a violation to the secrecy of data communications, even if the information is in electronic format. The Superior Court of Justice decided that information contained in individual income tax declarations is protected by secrecy. However, the Court affirmed that “there are no reasons for secrecy” with regard to information concerning the addresses of judgment debtors.
In addition, a 2004 ruling issued by the Rio Grande do Sul State Court of Justice determined that the breach of secrecy concerning banking accounts constitutes an intrusion into an individual's privacy, and that, as long as such privacy rights are protected by the Brazilian Constitution, any breach to such rights may only be justified by a clear determination of the need for the intrusion based on a plausible argument. Based on that reasoning, the Court denied a company's request for information regarding the defendant's banking records.
On the other hand, since 2002 the Brazilian Central Bank has been implementing an electronic system named "Bacen-Jud," which allows judges to determine, through a judicial order sent via electronic means, whether to freeze accounts held by individuals in any financial institution in Brazil.
On January 9, 2004, the City of São Paulo regulated the activity of computer games in "Lan Houses," by mandating those establishments to register patrons under 18 years old, or to face civil penalties of up to BRL 6,000 (2,320 EUR) and business license revocations.
Medical record keeping is regulated by the Federal Council of Medicine (Conselho Federal de Medicina – CFM). Regulations authorize the use of electronic means for the storage of such documents, not only for documents originally in the electronic format, but also for digitized documents originally created as paper documents. Specific procedures in order to ensure the confidentiality, privacy and integrity of the data have been established, and the secure transmission of data shall use ICP-Brasil's digital certificates in order to ensure its confidentiality.
Under the scope of the Federal Decree on the Safeguard of Confidential Data, the Brazilian National Health Surveillance Agency (Agência Nacional de Vigilância Sanitária – ANVISA) issued a regulation concerning the secrecy, security and access to its own information. According to its terms, each ANVISA employee shall execute non-disclosure agreements concerning the information obtained during his or her working hours. Non-authorized disclosure, use or grant of access to confidential information within ANVISA is now punished by administrative, civil and criminal sanctions.
An internal regulation of the House of Representatives determined specific rules for the use of e-mail by their deputies and staff. The fact that the Information Technology Center of the House is competent to regulate and supervise e-mail systems, and is entitled to gather evidence on potential unauthorized uses, has raised some concerns on potential privacy violations of deputies' e-mails.
The 9th Regional Labor Court has found that auditing or monitoring an employee's computer is an illegal violation of the secrecy of electronic communications. Any employer's labor agreement allowing such monitoring practices is therefore also considered illegal. Any monitoring shall be authorized only upon a prior court order. Another decision, issued by the 10th Regional Labor Court, held that the privacy right and the right to the secrecy of correspondence and electronic communications are inviolable. As a consequence, evidence obtained by infringing these rights will not be admissible.
The highest Brazilian Labor Court (TST – Tribunal Superior do Trabalho) issued a series of cases regarding privacy and corporate e-mail. One decision stated that an employee doesn’t have a reasonable expectation of privacy when using his corporate email account. Only the personal or private e-mail account based on its own server can take advantage of the constitutional and legal inviolability; corporate e-mail, based on resources supplied by the employer follows a different rule. It is possible for the employer to monitor employee use of a corporate e-mail account in the workplace. Another important decision in 2006 stated that video monitoring in the bathrooms of one company are illegal, as an offence of employees' privacy.
In 1996, a law regulating wiretapping was enacted. Official wiretaps are permitted for 15 days, renewable on a judge's order for another 15 days, and can only be resorted to in cases where police suspect serious crimes punishable by imprisonment, such as drug smuggling, corruption, contraband smuggling, murder, and kidnapping. The granting of judicial eavesdropping permits by judges was previously an ad hoc process without any legal basis. By now, procedures involving legal wiretapping are treated in confidentiality, which means that access to recordings and transcripts is restricted to the judge and the parties involved in the procedure. Illegal wiretapping by police and intelligence agencies is still common.
In principle, investigative powers to instruct criminal procedures are restricted to the judiciary police, which is an auxiliary body of the Judiciary Branch. The Attorney General's Office (Ministério Público) is the entity officially competent to propose criminal actions of a public nature. There is still a controversy, based on different interpretations of the Brazilian Constitution, on whether the Attorney General's Office should be entitled to initiate criminal investigations. Such controversy is under review before the Supreme Court. A decision that would allow prosecution attorneys to promote criminal investigations could weaken privacy rights by allowing privacy violations within the investigations conducted by prosecution attorneys, as long as the judicial control over such investigations is bypassed. On the other hand, a decision denying such investigative powers to prosecution attorneys would certainly nullify several criminal procedures currently initiated and in which such powers have been employed, such as corruption cases involving judges, police chiefs and politicians.
The Federal Penal Code was altered in 2000 to criminalize certain information crimes. The insertion of false data into an information system is punishable by a prison sentence of two to 12 years. Unauthorized alteration of an information system is punishable by detention from three months to two years. The Federal Penal Code and Federal Procedural Penal Code were also altered in July 2003 in order to strengthen sanctions corresponding to the violation of copyrights, and to criminalize the unauthorized distribution of copyrighted works through cable, fiber optics, satellite, radio waves or any other means. Changes in Federal Procedural Penal Code facilitated search and seizure procedures, thereby minimizing the defendant's rights. As a consequence, criminal actions have been initiated by the Brazilian Association of Record Producers (ABPD) against suspects of online music distribution. According to the ABPD's Web site, they have been monitoring the Brazilian Internet since 1999 – even before the alterations to Federal Penal Code were enacted – and such practices could represent potential privacy violations, since the intercept of Internet communications is allowed only with a judge's order.
The major private bank in Brazil, Bradesco, has begun to test a biometric identification module for ATM called “Palm Vein.” This is a hand reading system with sensors able to recognize the hand’s vein pattern. Other banks are expected to do the same as well as many other businesses such as fitness centers, nightclubs and even at least one University.
In November 2006, the Brazilian National Road Traffic Council approved a Resolution adopting a Radio Frequency Identification (RFID) tags in all licensed vehicles across the country. The Resolution aims to reduce the number of car thefts, facilitate the recovery of stolen vehicles, improve the control of payment of automotive-related taxes, and allow better traffic planning. The installation of such tags will be performed by State Traffic Departments, at no cost for vehicles’ owners, and shall be fully implemented within 5 years. The Resolution creates the SINIAV, or "National System for the Automatic Identification of Vehicles," to manage the required infrastructure. In terms of privacy protections for personal data, the Resolution simply states that information obtained through SINIAV that requires secrecy will be "preserved according to the terms of the Federal Constitution on the laws that regard this matter."
Due to security concerns, the number of surveillance cameras in public and private places has increased significantly in Brazil. Some regulations have been implemented in this regard. The City of São Paulo, for instance, passed a Municipal Law mandating the installation of signs notifying the public of the existence of surveillance cameras, both in public and private areas. Recorded images are meant to be confidential and protected under law. Failure to comply with the installation of warning signs may subject infringers to statutory fines.
On December 2003, the Supreme Court issued a decision mitigating the scope of privacy rights. According to the decision, the seizure of e-mails stored in computers, upon a court order, is an issue referring to privacy rights instead of the protection of electronic communications. The Supreme Court recognized that such privacy rights are not absolute, and may therefore be mitigated in view of social and public interests, as well as in view of the interest of justice.
In 2006, the Court of Düsseldorf, Germany requested that the Brazilian Superior Court of Justice (Superior Tribunal de Justiça) disclose the web log and personal data concerning the user of a particular IP (Internet Protocol) address that had been used to unlawfully deny access to certain websites. The Superior Court decided that such records (name and address) are not protected by any privacy and/or secrecy regulations. In fact, the same court had previously ruled that the inspection of a Brazilian Internet Service Provider’s log would not hurt "sovereignty or public order".
A general bill was proposed in 1999 delineating information crimes, including restrictions on the collection, processing and distribution of information. In addition, it would outlaw computer crimes such as unauthorized access to, or alteration of, data or computer programs. After its approval at the House of Representatives, the bill was sent to the Senate for further discussions. As of June 2007 the bill is still under deliberation.
In February 2003, a privacy bill was introduced, which would make illegal the transmission to a third party of information provided by a person or organization. An amendment was made in June 2003, establishing that this prohibition would not apply to public organizations, registries or notaries. In April 2003, an Internet privacy law was proposed to establish criminal sanctions referring to the unauthorized disclosure of protected information and harvesting of personal information. As of May 2007 the bill is still under deliberation.
An Internet identification and data retention bill intended to reduce cyber crimes caught the attention of Brazilians in 2006. This bill originally provided that Internet users should always identify themselves before using the Internet, through personal identification cards or digital certificates; it also stipulated that providers retain logs for three years. This provision drew much opposition from NGOs and government alike, as it could be seen as a threat to universal digital access. The bill was recently amended to remove the compulsory identification provision. However, the bill still contemplates delegating surveillance powers and responsibilities to the private sector by using Internet Service Providers to identify illegal conduct supply the police with the personal data of the suspect.
The first data protection bill based on European data protection standards has been undergoing amendments for the last two years and is currently being evaluated at the Senate.
The use of digital certification in Brazil is regulated by specific norms. Current regulation foresees two different levels of digital certificates: those issued under the structure of ICP-Brasil (Brazilian Public Key Infrastructure), which are considered presumptively valid, and those issued by certification authorities outside the structure of ICP-Brasil, which may be considered valid if such validity has been granted or accepted by the parties or persons, and/or entities to which such documents have been presented. Technical regulation of the digital certification system is issued by ICP-Brasil’s Steering Committee. ICP-Brasil stands as a hierarchical public-key infrastructure, in which the Root Certification Authority plays a fundamental role, certifying further certification authorities in the structure. The Instituto Nacional de Tecnologia de Informação (ITI) (the Brazilian Information Technology Institute), an entity directly connected to the Presidential Cabinet, is the Root Certification Authority of ICP-Brasil. ITI also stands as the entity officially entitled to promote the popularization of digital certificates in Brazil.
Use of ICP-Brasil’s digital certificates is already compulsory in some spheres. In particular, its use is required in certified electronic communications between entities of the federal administration, such as ministries. Recently, the Federal Revenue and Customs Secretariat determined that the use of ICP-Brasil’s digital certificates should be compulsory for the delivery of tax statements for companies whose income surpasses BRL 30 million per year (about USD 10 million per year). As of now, tax statements for individuals and companies with lower yearly income may also be performed by electronic means, without the use of digital certificates. Nevertheless, the Federal Revenue and Customs Secretariat showed its express intent to compel all electronic statement deliveries to be performed with the use of digital certificates in the coming years. However, a recent preliminary ruling by a federal court has determined that no law firm in the state of São Paulo is required to acquire a digital certificate in order to fulfill their tax obligations based on the fact that such a requisite violates basic constitutional principles, such as legality and the public administration morality.
Voting is mandatory in Brazil for citizens between the ages of 18 and 70 and voluntary for those 16-18 and over 70. After two periods of suspended democratic rule, public elections returned once again to Brazil in 1982. In 1989, Brazil introduced computer voting in the Santa Catarina State. By 1996, almost a third of Brazil's 100 million voters cast ballots on direct recording electronic (DRE) voting machines. In 1998, 57 percent of the country's voters cast ballots on DREs. In 2002, Brazil held the first fully electronic election in the world with more than 115 million participants voting. Chapter 4, Article 14 of the Constitution guarantees the secrecy of the ballot in public elections to its citizens.
In addition to laws specifically addressing individual privacy rights and data protection, Brazil has apparently unrelated laws and treaties that have privacy implications. The Brazilian national policy on access to government information grants individuals the right to receive information of general or individual concern. However, the right is self-limited by individual privacy: "the inviolable intimacy, private life, and honor and image of people." According to the Brazilian Constitution, "every citizen is granted the right to receive, from public entities, information of his/her personal interest, or of general or collective interest, which shall be provided on the terms established in the law." The Brazilian Constitution also determines that access to such information may be denied where secrecy is required to ensure the security of society or the Brazilian State. The law provides for such exceptions and has established a new specific body, the Commission for the Verification and Analysis of Secret Information, composed of ministers, in order to verify the adequacy, necessity, and possibility of disclosure concerning personal data of a top secret nature.
Further, Brazilian national administrative policy on the safeguarding of confidential data, information, documents and materials considers as "secret documents" not only any data whose unrestricted access could constitute a risk for the security of Brazilian society or its government, but also any data whose secrecy may be required in order to preserve an individual's privacy, intimacy, honor or image. Access to this kind of information is restricted, classified according to specific rules, and provided only on a "need-to-know" basis. Access may also be made available to citizens, as regards their own personal information, or information of their particular interest, or of collective or general interest, by means of a request to the competent governmental agency. Decisions denying such requests shall be based on a reasonable justification.
The Constitution holds that the Federative Republic of Brazil will act internationally according to the "prevalence of human rights" and that "no one will be subject to torture, nor to inhuman or demeaning treatment." Brazil signed the United Nations Convention on Torture (1984) on September 23, 1985, and the American Convention on Human Rights on September 25, 1992. The latter provides that every person has "the right to have his honor respected and his dignity recognized." Additionally, "no one may be the object of arbitrary or abusive interference with his private life, his family, his home, or his correspondence, or of unlawful attacks on his honor or reputation." According to the convention, "everyone has the right to the protection of the law against such interference or attacks." Also, Brazil recognizes the competence of the American Court of Human Rights for interpretation and judgment of human rights cases, subject to international reciprocity.
Brazil participated in the XIII Ibero-American Conference held in Bolivia. The results of this meeting were reflected in "Santa Cruz de La Sierra Declaration," that recognizes data protection as a fundamental right. Brazil took part in the meeting and signed the Declaration; this was the first time the term “data protection” was present in an international document that Brazil helped to edit.
Brazil’s first attempt to regulate data protection occurred after receiving a proposal for a Treaty on Data Protection for the countries in the Mercosur. Since then, some government agencies have begun to work on drafts bills regarding data protection.
Constitution, available at
 Brazilian Constitution, Title 2, Chapter 1, Article 5, X.
 Id. at XI.
 Id. at XII.
 Id. at XIV.
 Id. at LXXII.
 Federal Law
No. 9,507, November 12, 1997.
 Id. at Article 4 § 1.
 Id. at Article 4 § 2.
 Federal Law No. 10,406, January 12, 2002.
 Federal Law
No. 8,069, July 13, 1990.
 Federal Law No. 10,764, November 12, 2003.
 Federal Law
No. 7,232, October 29, 1984.
 Federal Law No. 9,472, July 16, 1997, Book 1, Art. 3, IX. (Telecommunications Act).
 Federal Law No. 9,454, April 7, 1997.
 Federal Law No. 8,078, Article 43, September 11, 1990.
Tribunal de Justiça, RESP No. 653568-MG (12/14/2004), RESP No. 595170-SC
(11/16/2004), RESP No. 612619-MG (10/21/2004), RESP No. 540944-RS (08/17/2004),
RESP 602401-RS (03/18/2004), RESP No. 511921-MT (03/09/2004), RESP No. 556745-SC
(10/14/2003), RESP No. 471091-RJ (05/22/2003), RESP No. 448010-SP (02/06/2003),
RESP No. 419365-MT (11/11/2002), RESP No. 442051-RS (11/07/2002), RESP No.
402958-DF (08/30/2002), RESP No. 373219-RJ (05/28/2002), RESP No. 292045-RJ
(08/27/2001), RESP No. 285401-SP (04/19/2001), RESP No. 165727-DF
 TRT 2ª Região, Recurso Ordinário nº 02831.2002.037.02.00-1, 6ª Turma, Rel. Juiz Valdir Florindo, j. September 09, 2004.
See "Pão de Açúcar
Pode Perder Base de Dados" (Pão de Açúcar may lose its
databases), Rádio Bandeirantes, April 23, 2003, available at
 Available at <http://www.mp.sp.gov.br/caoconsumidor/atua%E7%E3opr%E1tica/termos/TA563-03.doc>.
 Circa 55%
of orkut’s users are Brazilians, as available at
 "O Grande Roubo das Comunidades do Orkut" (The great theft of Orkut communities), Giordani Rodrigues, Infoguerra, January 9, 2005, available at <http://www.infoguerra.com.br/infonews/viewnews.cgi?newsid1105149979,29493,>.
 "Governo tira da Internet falso orkut do ministro Luiz Gushiken," Consultor Jurídico, April 1st, 2005, available at <http://184.108.40.206/novo/static/text/33899,1>.
at <http://www.prsp.mpf.gov.br/cidadania/dhumInt/Liminar na ACP
 Daniela Braun, "Denúncias de Crimes no Orkut Crescem Mais de 10 Vezes, diz Relatório", ("Denunciations of Crimes in Orkut have Risen More than 10 Times, According to a Report"), IDG Now!, May 2, 2007, <http://idgnow.uol.com.br/internet/2007/04/23/idgnoticia.2007-04-23.6011316931>.
 "MP e Google Fecham Acordo Para Evitar Crimes no Orkut", ("MP and Google Make a Deal In Order to Avoid Crimes in Orkut"), O Estado de São Paulo, April 6, 2007, <http://www.estadao.com.br/tecnologia/internet/noticias/2007/abr/06/93.htm>.
 See Press release - “Caso Google – MPF-SP recorrerá da decisão do TRF-3” (“Google Case Federal Prosecution Attorney of São Paulo State shall appeal from Third region Federal Court”), November 27, 2006 <http://producao.prsp.mpf.gov.br/news/internews/news_inter_conteudo.php?var_id=4373>.
 "Justiça de SP suspende bloqueio ao YouTube, mas mantém proibição a vídeo", ("Court in São Paulo lifts the Ban to YouTube, but Maintains a Video Blocked"), IDG Now!, January 9, 2007, <http://idgnow.uol.com.br/internet/2007/01/09/idgnoticia.2007-01-09.9436244203/IDGNoticia_view>. See also “Brazil court revises ban on YouTube over sex video”, Reuters, January 9, 2007 <http://www.reuters.com/article/internetNews/idUSN0948365620070109>.
 House of
Representatives Proposed Law No. 1589, 1999; House of Representatives Proposed
Law No. 2,358, 2000; House of Representatives Proposed Law No. 7,093, 2002,
Senate Proposed Law No. 367, 2003; House of Representatives Proposed Law No.
2,186, 2003; House of Representatives Proposed Law No. 2,423, 2003; Senate
Proposed Law No. 21, 2004; Senate Proposed Law No. 36, 2004; House of
Representatives Proposed Law No. 3,731, 2004; House of Representatives Proposed
Law No. 3,872, 2004.
 House of Representatives Proposed Law No. 6,541, 2002.
 House of Representatives Proposed Law No. 2,130, 2003; House of Representatives Proposed Law No. 2,387, 2003; House of Representatives Proposed Law No. 2,404, 2003, Senate Proposed Law No. 243, 2004; House of Representatives Proposed Law No. 4,412, 2004.
Anti-Spam Group, “Anti-Spam Code of Ethics and Best Practices for the Use
of Electronic Messages.”. November 2003, available at
<http://www.brasilantispam.org/main/codigo.htm>. The Anti-Spam Code is
based on the provisions of the "Code of Ethics" of the National Auto Regulation
Advertising Council (CONAR) and on the "Code of Ethics" of the Brazilian
Association of Direct Marketing (ABEMD), as well as on current legislation and
international rules; "Brazil Group Launches Anti-Spam Campaign," The Miami
Herald, November 20, 2003, available at
 Amaro Morais e Silva Neto, "Código de Ética Antispam Representa um Passo para Trás," (Antispam Ethics Code Represents a Step backwards), Consultor Jurídico, November 24, 2003, available at <http://conjur.uol.com.br/textos/23041/>.
Especial Cível, Process No. 023.04.067876-0/002,Comarca de
Florianópolis – SC.
 See <http://www.antispam.br>.
 See generally Lemos Ronaldo, Rossini Carolina, et al. Estudo sobre a reglamentacao juridical do spam no Brasil. Trabalho comissionado pelo Comite, Gestor da Internet no Brasil ao Centro de Tecnologia e Sociedade (CTS), da Escola de Direito do Rio de Janeiro, FundacaÞo Getuìlio Vargas, April 2007, available at <http://www.cgi.br/publicacoes/documentacao/ct-spam-EstudoSpamCGIFGVversaofinal.pdf>.
Supplementary Law No. 105, January 10, 2001.
 Id. at § 3, I.
 Id. at § 3, III.
 Id. at § 3, IV.
 Id. at § 4.
Tribunal Federal, Recurso Extraordinário No. 219.780 – PE.; Supremo
Tribunal Federal, Mandado de Segurança No.
 Supremo Tribunal Federal, Recurso Extraordinário No. 418416, December 19, 2006.
 Superior Tribunal de Justiça, Recurso Especial No.83.824 – BA (17/05/1999).
 TJRS - 12ª Câmara Cível, Agravo Interno nº 70009729112, Rel. Des. Orlando Heemann Junior, j. October 14, 2004.
specialized in multiplayer online
 São Paulo City Municipal Law No. 13,720, January 9, 2004.
 Federal Council of Medicine, Resolution No. 1,639, July 10, 2002.
Decree 5,301, December 9, 2004.
 Resolução da Diretoria Colegiada- RDC No. 5, January 20, 2005.
 Câmara dos Deputados, Portaria No. 96, August 20, 2004.
– 5ª T., RO 5568/2002, Rel. Juíza Janete do Amarante, j.
20.02.2003, DJ 04.04.2003.
 TRT 10 – 13.000613/2000, issued on October 9, 2001.
Tribunal Superior do Trabalho,
1ªTurma, Relator: João Oreste Dalazen, RR - 613/2000-013-10-00, DJ
- 10/06/2005, available at
 Tribunal Superior do Trabalho, AIRR 1660/2003-044-03-40.1, DJ – 05/05/2006. availabe at <http://brs02.tst.gov.br/cgi-bin/nph-brs?s1=4028070.nia.&u=/Brs/it01.html&p=1&l=1&d=blnk&f=g&r=1>.
 Federal Law
No. 9,296, July 24, 1996.
 "Brazil Makes Police Phone-Taps Legal," Reuters World Service, July 24, 1996.
 Federal Law
No. 9,983, July 14, 2000.
 Id. at Article 313-a.
 Id. at Article 313-b.
 Federal Law No. 10,695, July 1, 2003.
 Brazilian Constitution, Title 2, Chapter 1, Article 5, XII.
Febraban’s Social Communication Superintendence,
Brazilian banks start using biometry in
Automated teller Machines, available
 Diógenes Muniz, Universidade Mineira usa Biometria para Monitorar Freqüência de Alunos [State University uses Biometry to Monitor Students' Attendance], Folha Informática, January 27, 2007, available at <http://www1.folha.uol.com.br/folha/informatica/ult124u21497.shtml>.
Nº 212, November 13, 2006, available at
 Sistema Nacional de Identificação Automática de Veículos.
 São Paulo City Municipal Law No. 13,541, March 24, 2003.
 Supremo Tribunal Federal, Agravo Regimental no Recurso Extraordinário No. 373.058-4 – RS.
 Superior Tribunal de Justiça, Carta Rogatória Nº 297 - DE (2005/0010755-8), Rel. Ministro Barros Monteiro, j. 18.09.2002, DJ 19.09.2006, available at <https://ww2.stj.gov.br/decisoesmonocraticas/decisao.asp?registro=200500107558&dt_publicacao=29/09/2006>.
 Superior Tribunal de Justiça, Carta Rogatória Nº 1.430 - EX (2006/0026385-1), DJ 04/04/2006, available at <https://ww2.stj.gov.br/decisoesmonocraticas/decisao.asp?registro=200600263851&dt_publicacao=04/04/2006>.
 House of Representatives Proposed Law No. 84, 1999, altered to Senate Proposed Law No. 89, 2003.
 House of
Representatives Proposed Law No. 123,
 Senate Proposed Law No. 95, 2003.
Substitutive Senate Proposed Law No. 76,
 Denise Madueño e Gerusa Marques, "Aldo e Ministério Critica Projeto de Controle da Internet", O Estado de São Paulo, November 7, 2006 <http://www.estadao.com.br/tecnologia/internet/noticias/2006/nov/07/98.htm>.
 See <http://www.denunciar.org.br/twiki/pub/SaferNet/PLSEduardoAzeredo/PLS_Azeredo-CCJ-versao-de-19-04-2007.pdf>. An update on the state of this proposal is available at <http://www.senado.gov.br/sf/atividade/materia/detalhes.asp?p_cod_mate=43555>.
 An update on the state of this proposal is available at <http://www.senado.gov.br/sf/atividade/materia/detalhes.asp?p_cod_mate=71080>.
 In particular, Federal Provisional Measure 2200-02, August 24, 2001.
da Receita Federal, Normative Instruction 482, December 21,
 3ª Vara Federal de São Paulo, Mandado de Segurança No. 2005.61.00.004736-2, Juíza Maria Lúcia Lencastre Ursaia, j. April 6th, 2005.
Electoral Law, available at
 "The History of Brazil," available at <http://www.ccc.commnet.edu/stuweb/~quiterio5816/History.htm>.
 29 Brazilian National Elections, available at <http://lists.virus.org/isn-9902/msg00059.html>.
 Center for Digital Government, Brazil Holds National Electronic Election, available at <http://www.centerdigitalgov.com/international/story.php?docid=29221>.
 Brazilian Constitution, Chapter IV, Article 14, available at <http://www.oefre.unibe.ch/law/icl/br00000_.html>.
 Federal Law
No. 8,159, January 8, 1991, Chapter 1, Article
 Brazilian Constitution, Title 2, Chapter 1, Article 5, XXXIII.
 Federal Provisional Measure 229, December 9, 2004 and Federal Decree 5,301, December 9, 2004.
 Federal Decree No. 4,553, December 27, 2002.
Constitution, Title 1, Article 4,
 Brazilian Constitution, Title 2, Chapter 1, Article 5, III.
 American Convention on Human Rights, Art. 11, July 18, 1978, available at <http://www1.umn.edu/humanrts/oasinstr/zoas3con.htm>.
 Legislative Decree No. 89, December 3, 1998; Decree No. 4,463, November 8, 2002.
 XIII Cumbre - Santa Cruz de la Sierra 2003, Declaración de Santa Cruz de la Sierra, Article 45, November14-15, 2003, <http://www.cumbresiberoamericanas.com/ant/docs_pdf/decla_Santa_Cruz_de_la_Sierra.pdf>.
 Mercosul (or Mercosur) is a Regional Trade Agreement (RTA) between Brazil, Argentina, Uruguay, Venezuela, and Paraguay.