Data protectionism, the real fallout from the NSA scandal; new contributor will make you care about global privacy issues
Juliana Jorge
Brazil is considering a law that would force U.S. companies like Google to store and keep data on its citizens only within Brazil’s borders – not at Google’s U.S. servers. Let's call that data protectionism. Pandora, meet the NSA. This isn’t a story about Brazil. It’s a story about the future of technology, and about a lot of money.
U.S. surveillance of global Internet traffic and the Edward Snowden revelations have made governments around the world skittish about dealing with U.S. companies. If you are in Germany, or Brazil, how can you now trust Amazon or Google not to share your data with the U.S. government? Just last week, the Information Technology and Innovation Foundation estimated that the NSA scandal will cost U.S. tech firms up to $180 billion by 2016.
Data knows no borders, and as this year’s NSA surveillance revelations jarringly demonstrated, all privacy issues are global, too. So I’ve asked privacy law expert Juliana Jorge to be a regular contributor at BobSullivan.net. She’ll call attention to important privacy issues or perspectives from outside the U.S. – and explain why U.S. consumers should care. Jorge is in a unique position to do so. A lawyer from Brazil, she lived in New York before moving to Madrid to work in private practice as a privacy law expert for ECIX Group. Here is today’s discussion about Brazil, the concept of protectionism -- protecting your nations economy by somehow limiting trade with others -- and why the rest of the world is watching.
JORGE: Brazil doesn't have a data protection law. There is a draft that was open to public consultation in 2011 but it has not been passed yet. However, Brazil has passed a law that governs the Internet, called Marco Civil da Internet, also known as the “Internet Constitution”. Still, it falls short of a real data protection law compared to the ones that most South American countries have in place, such as Chile and Argentina.
Lately the Brazilian Government has signaled its intention to require services such as Google and Facebook to store the data regarding Brazilian citizens locally. In order to be able to require that, the Marco Civil would need to be updated.
In sum, this is the situation: Brazil does not have a specific data protection law while most countries in Latin America do, but Brazil considers the NSA collection of information on Brazilian citizens outrageous and that (going forward), datacenters should be located in Brazil. In my opinion, this requirement does not make sense since Brazil has not been really making an effort to pass a data protection law, so it does not seem that the real issue here is the privacy of Brazilian citizens. Also, this requirement is unreasonable , since it will send business away from an already complicated market.
BOB: Are any other countries in LA or Europe even thinking about reacting this way?
JORGE: In Europe, (German Chancellor Angela) Merkel reacted strongly and publicly to the scandal, asking for clarification from the U.S. Government about NSA activities, but so far, Brazil is the only country to request local data storage as a result of the U.S. surveillance.
BOB: It makes sense at first blush – keep our data here! But can you say a little more about why it’s impractical and how this is the kind of mess the US has created for Google, and for nation-states, after the NSA revelations?
JORGE: First of all, it is useless to store locally the data. From what I understand, the NSA still would be able to access the information if they wanted to:
“If Facebook has a server in Brazil where information is routed through before it goes back to their offices in the U.S., the NSA can still get a hold of that data,” (Amie) Stepanovich of (EPIC) said (in this story). “They would have to be walled off completely. The nature of the Internet means that data flows everywhere, so the thought that they could keep information within the geographical boundaries of the country just doesn’t seem to make a lot of sense.”
Second, this requirement would raise the costs, and Brazil already has very expensive Internet services when compared to the US and Europe. That would only create a bigger social gap (less access to information for the people with less money).
Third, this requirement would scare away foreign Internet companies from Brazil in the future and even drive away the ones that are already there. The cost of keeping their databases in Brazil would outweigh the benefits of doing business there.
And last, all that would result in less local innovation, with fewer innovative companies going to Brazil, and fewer people with Internet access as a result of cost increases.
(To answer the second part of that question) I don´t believe that the main reason the Brazilian Government wants the data stored locally is to protect the privacy of the citizens. Maybe, one of the reasons is the belief that it would benefit Brazil (more taxes, more jobs, etc.). And the NSA could be used as a excuse to defend the Government´s point and help rush the passage of the changes to the Marco Civil. If President Dilma was really that worried about Brazilians’ data, why not to press for the passage of the data protection law? That would be an easier beginning to protect Brazilian´s privacy.