Brazil's Self-Regulatory Code for Internet Service Providers
According to the Brazilian Association of Internet Service Providers (ABRANET) there are currently more than 1,000 ISPs in Brazil. Yet, only 5 large companies hold 50 percent of the market share in terms of Internet users. Brazil is not only the largest and most populous country in South America (about 190,132.630 inhabitants) but also one of the biggest economies in this region (9th in the world in terms of purchase power). These facts make it attractive for foreign ISPs in search of Latin American markets. In addition to administrative and regulatory rules, ISPs in Brazil may submit to the self-regulations of the Brazilian ISPs Code - Código De Auto-Regulamentação De Operadores De Rede E De Serviços Internet.-
ABRANET published the Código De Auto-Regulamentação De Operadores De Rede E De Serviços Internet (the ISPS Code), a self-regulatory code for ISPs, in April 2007. The code is currently in force for those companies that agree to its terms. Its first goal is to establish a set of ethical rules for companies providing Internet services in Brazil and for users of these services; including rules for the handling of individuals' private information. Second, it purports to protect ISP users. And, third, it sets the ISPs' responsibilities. Article 3 states that this code's rules should be interpreted deferring to the freedom of expression and communication, and users' right to the information and access to the information. Its rules do not apply to individuals' private conflicts such as commercial contracts, e-mail violations, spam, or offensive e-mails.
Chapter one of the ISPS Code sets the code's objectives as mentioned above. Chapter two establishes general principles for ISPs' activities. For instance, signatories to the ISPS Code (1) cannot engage in illegal practices such as those that incite violence, racism, discrimination of any kind, and child pornography; (2) must display honesty in their dealing. This means ISPs cannot abuse users' inexperience or lack of knowledge regarding IT matters, and when services are provided to minors or adolescents, they must exercise extreme care; (3) ISPs agree to establish data privacy rules. For example, ISPs agree to collect private data for the sole purpose they announce, they must inform users about how their personal data will be used, request users' previous authorization (opt-in) about the use of their personal data, and inform users of the ISPs' data collection; (4) ISPs agree to employ technological means to prevent the fraudulent use and manipulation of the private data they collect; (5) ISPs agree to use security means to protect users' information, and to set up mechanisms to allow users to denounce illegal practices observed in the services the ISP offers; and (6) ISPs agree to cooperate, within the limits of the law, with public authorities in their efforts against crime and discrimination.
ISPs' responsibilities are set for in Chapter three. ISPs must use a simple access system for transmission of the information; ISPs are not responsible for the information temporarily stored in their systems, except in some specific cases enumerated by this chapter; if the ISP stores information in its servers or provides content, it will be responsible for this information stored unless the IPS knows that (i) the information is illegal, and (ii) acts promptly to remove that information when it has knowledge of its content or when requested by the Brazilian authorities; ISPs are responsible for monitoring the services they provide to detect illegal activities, especially those against children and those promoting religious, gender, race, and other forms of discrimination; ISPs must inform the public on legal use of online forums like blogs; IPSs must inform the Brazilian authorities of any illegal activity they detect, especially when it involved child pornography; and ISPs must preserve private information stored, according to other data privacy laws. Chapter four sets the penalties incurred by ISPs that violates the rules of the ISP Code. They include (1) warning; and (2) recommendation on how to adopt the principles and measures required by this code. Chapter V includes a definition of terms. Chapter VI sets some general and transitory rules.
ABRANET's ISPs' Code is a simple summary of the rules to be followed by ISPs. The ISPs' Code sets rules similar to those existing in the United States and the European Union. The only problem is that this code is a self-regulatory one. That means, only those ISPs that voluntarily agree with its terms are regulated by its rules. What would happen to those other ISPs that do not adopt this code's rules? We are not aware of public sanctions against them but, probably, users will rule them out as companies providing services without guarantees for the protection of their privacy and without protection for other sector of society such as children and adolescents.