Civil Rights Framework for the Internet (Law 12.965/2014)

Establishes the principles, guarantees, rights and obligations for the use of Internet in Brazil

THE PRESIDENT OF THE REPUBLIC make known that the National Congress decrees and I sanction the following Law:


Art. 1o This Law establishes principles, guarantees, rights and obligations for the use of the Internet in Brazil and provides guidelines for performance of the Union, the States, the Federal District and the municipalities in this regard.

Art. 2o The discipline of Internet use in Brazil is founded on respect for freedom of expression, as well as:

I – the recognition of the global scale of the network;

II – the human rights, personality development and the exercise of citizenship in the digital medias;

III – the plurality and diversity;

IV – the openness and cooperation;

V – the free enterprising, free competition and consumer protection; and

VI – the social purpose of the network.

Art. 3o The discipline of Internet use in Brazil has the following principles:

I – guarantee of freedom of speech, communication and expression of thought, in accordance to the Federal Constitution;

II – privacy protection;

III – personal data protection, pursuant to law;

IV – preservation and guarantee of network neutrality;

V – preservation of stability, security and functionality of the network, through technical measures consistent with international standards and by encouraging the use of best practices;

VI – the liability of the agents in regard to their activities, pursuant to law;

VII – preservation of the participative nature of the net;

VIII – freedom of business models promoted on the internet, provided they do not conflict with the other principles set out in this Act.

Sole Paragraph. The principles expressed in this Law do not exclude others set out under the Brazilian laws related to this matter or in the international treaties of which the Federative Republic of Brazil is signee.

Art. 4o The discipline of Internet use in Brazil aims to promote:

I -the right of access to the Internet to all;

II – the access to information, to knowledge and participation in cultural life and in the conduct of public affairs;

III – the innovation and the stimulus to the broad diffusion of new technologies and models of use and access; and

IV – the adoption of open technology standards that allow communication, accessibility and interoperability between applications and databases.

Art. 5o For the purposes of this Law, the following apply:

I – internet: the system consisting of the set of logical protocols, structured on a global scale for public and unrestricted use, in order to enable communication of data between terminals through different networks;

II – terminal: a computer or any device that connects to the Internet;

III – internet protocol address (IP address): the code assigned to a terminal from a network to enable their identification, defined according to international standards;

IV – autonomous system administrator: an individual or legal entity that administrate specific blocks of IP addresses and its specific autonomous routing system, duly registered in the national entity responsible for the geographically registration and distribution of IP addresses related to the Country;

V – internet connection: the enabling of a terminal for sending and receiving data packets over the Internet, by assigning or by authenticating an IP address;

VI – connection record: the set of information pertaining to the date and time of the beginning and end of a connection to the internet, the duration thereof and the IP address used by the terminal to send and receive data packages;

VII – Internet applications: a set of functionalities that can be accessed through a terminal connected to the Internet; and

VIII – registrations of access to Internet applications: the set of information regarding the date and time of use of a particular internet application from a particular IP address.

Art. 6o In the construal of this Law, in addition to the groundwork, principles and purposes set forth, the nature of Internet, its particular uses and costumes and its importance for the promotion of human, economic, social and cultural development, shall be taken into account.


Art. 7o The access to the Internet is essential to the exercise of citizenship, and the following rights are guaranteed to the user:

I – inviolability of intimacy and private life, ensured the right for protection and compensation for material or moral damages resulting from their breach;

II – inviolability and secrecy of the flow of users%u2019s communications through the Internet, except by court order, as provided by law;

III – inviolability and secrecy of user%u2019s stored private communications, except by court order;

IV – non-suspension of the Internet connection, except if due to a debt resulting directly from its use;

V – maintenance of the quality of Internet connection contracted before the provider;

VI – clear and full information entailed in the agreements of services, setting forth the details concerning the protection to connection records and records of access to internet applications, as well as on traffic management practices that may affect the quality of the service provided;

VII – non-disclosure to third parties of users%u2019 personal data, including connection records and records of access to internet applications, unless with express, free and informed consent or in accordance with the cases provided by law;

VIII – clear and complete information on the collection, use, storage, processing and protection of users%u2019 personal data, which may only be used for the purposes of:

  1. justifys its collection;
  2. b) are not prohibited by law; and
  3. c) are specified in the agreements of services or in the terms of use of the internet application.

IX – the expressed consent for the collection, use, storage and processing of personal data, which shall be specified in a separate contractual clause;

X – the definitive elimination of the personal data provided to a certain internet application, at the users%u2019 request, at the end of the relationship between the parties, except in the cases of mandatory log retention, as set forth in this Law;

XI – the publicity and clearness of any terms of use of the internet connection providers and internet applications;

XII – accessibility, considering the physical, motor, perceptive, sensorial, intellectual and mental habilities of the user, as prescribed by law; and

XIII – application of consumer protection rules in the consumer interactions that take place in the internet.

Art. 8o The guarantee to the right to privacy and freedom of speech in the communications is a condition for the full exercise of the right to access to the internet.

Sole Paragraph. Are void by operation of law contractual clauses that are in breach of the caput above, such as those that:

I – cause an offense to the inviolability and secrecy of private communications over the Internet; or

II – in adhesion contracts, does not provide an alternative to the contracting party to adopt the Brazilian forum for resolution of disputes arising from services rendered in Brazil.


Section I
Of the Network Neutrality

Art. 9o The party responsible for the transmission, switching or routing has the duty to process, on an isonomic basis, any data packages, regardless of content, origin and destination, service, terminal or application.

  • 1º The discrimination or degradation of traffic shall be regulated in accordance with the private attributions granted to the President by means of Item IV of art. 84 of the Federal Constitution, aimed at the full application of this Law, upon consultation with the Internet Steering Committee and the National Telecommunications Agency, and can only result from:

I – technical requirements essential to the adequate provision of services and applications; and

II – prioritization of emergency services.

  • 2º In the happening of discrimination or degradation of traffic provided in §1º, the responsible entity must:

I – abstain from causing damages to users as foreseen in art. 927 of Law no 10.406, January 10th, 2002 – the Civil Code;

II – act with proportionality, transparency and equality;

III – in an advanced notice, provide, in a transparent, clear and sufficiently descriptive manner, to its users, the traffic management and mitigation practices adopted, including those related to network security; and

IV – offer services in non-discriminatory commercial conditions and refrain from anti-competition practices.

  • 3º When providing internet connectivity, free or at a cost, as well as, in the transmission, switching or routing, it is prohibited to block, monitor, filter or analyze the content of data packets, in compliance with this article.

Section II
Records, Personal Data and Private Communications Protection

Art. 10. The retention and the making available of connection logs and access to internet applications logs to which this law refers to, as well as, of personal data and of the content of private communications, must comply with the protection of privacy, of the private life, of the honor and of the image of the parties that are directly or indirectly involved.

  • 1° The provider responsible for the retention of the records as seth for in art. 10o shall only be obliged to provide them, whether separately or associated with personal data or other information that allows the identification of the user or of the terminal, upon a judicial order, as provided in Section IV of this Chapter, in compliance with what is set forth in art. 7º.
  • 2° The content of private communications may only be made available in the cases and in the manner established by law, by court order, in compliance with items II and III of article 7.
  • 3°. The provision of the caput of art. 10 does not prevent the access to record data that informs personnel qualification, affiliation and address, by administrative authorities as provided by law.
  • 4º The security and confidentiality measures and procedures shall be informed in a clear manner by the responsible for the provision of services, and meet the standards set by regulation, in compliance with the rights of confidentiality of business secrets.

Art. 11. In any operation of collection, storage, retention and treating of personal data or communications data by connection providers and internet applications providers where, at least, one of these acts takes place in the national territory, must be mandatorily respected the Brazilian law and the rights to privacy, to protection of personal data, to secrecy of private communications and of logs.

  • 1°. The established in Art. 11 applies to the data collected in the national territory and to the content of the communications in which at least one of the terminals is placed in Brazil.
  • 2°. The established in Art. 11 applies even if the activities are carried out by a legal entity placed abroad, provided that it offers services to the Brazilian public or at least one member of the same economic group is established in Brazil.
  • 3°. The connection providers and the internet application providers must provide, in respect with regulation, information that allows verification concerning its compliance with Brazilian legislation regarding the collection, storage, retention and treating of data, as well as, in regard to the respect of privacy and and of the confidentiality of communications.
  • 4°. A Decree shall govern the procedures to determine the infringements to what is established in this article.

Art. 12. Without prejudice to any other civil, criminal or administrative sanctions, the infringement of the rules for seth in the Articles 10 and 11 above are subject, in a case basis, to the following sanctions applied individually or cumulatively:

I – a warning, which shall establishing a deadline for the adoption of corrective measures;

II – fine of up to 10% (tem percent) of the gross income of the economic group in Brazil in the last fiscal year, taxes excluded, considering the economic condition of the infractor and the principle of proportionality between the gravity of the breach and the size of the penalty;

III – the temporary suspension of the activities that entail the events set forth in Article 11; or

IV – prohibition to execute the activities that entail the activities set forth in Article 11.

Sole paragraph – In case of a foreign company, the subsidiary, branch, office or establishment located in the Country will be held jointly liable for the payment of the fine set forth in this Article 11.

Subsection I
Keeping of connection records

Art. 13. In the provision of Internet connection, the entity responsible for the management of the autonomous system must maintain the connection records, under confidentiality, in a controlled and safe environment, for the term of 1 (one) year, in accordance with regulation.

  • 1°. The responsibility for the maintenance of such of connection records cannot be transferred to third parties.
  • 2°. The administrative or police authority or the Public Prosecutor may require precautionary keeping of connection records for longer periods of that set forth above in Art. 13.
  • 3°. In the case of Art. 13. §2, the authority that requires such precautionary keeping shall have 60 (sixty) days, as of the date of the first request, to initialize a Court proceeding to request access to the records set forth above in Art. 13.
  • 4°. The provider responsible for keeping the records shall maintain the confidentiality regarding the requirement set forth in Art. 13 §2.º above, which will become ineffective once the court order is denied or the Court proceeding is not started within the term set forth in Art. 13 §3.º above.
  • 5º In any circumstance, the disclosure to the requesting party of the logs referred to in this article must be preceded by a court order, as set forth in Section IV of this Chapter.
  • 6º When imposing a sanction due to breach of this article, the nature and gravity of the breach shall be considered, as well as the damages arising from such breach, any vantages obtained by the breacher, any aggravating circumstances, any prior records and any repeated infringements.
Subsection II
Keeping of records of access to the Internet applications in the Provision of Connection

Art. 14. In the provision of connection, whether free or at cost, it is prohibited to retain users%u2019 records of access to Internet applications.

Subsection III
Keeping of records of access to the Internet applications

Art. 15. The Internet application provider that is duly incorporated as a legal entity and carry out their activities in an organized, professional and with economic purposes must keep the application access logs, duly secured, in a controlled and secured environment, for 6 months, as detailed in regulation.

  • 1º A judicial order can mandate that application service providers that are not subject to Art. 15. to keep, for a determined period of time, access logs to Internet applications, to the extent that such logs are related to specific facts in a specific period of time.
  • 2º The police authority, the administrative authority or the Public Prosecutor may require, as a preventive measure, any application service provider to keep access to applications logs, including for a period of time greater than that set forth in this article, with due regard to §§ 3º and 4º of Art. 13.
  • 3º In any circumstance, the disclosure to the requesting party of the logs referred to in this article must be preceded by a court order, as set forth in Section IV of this Chapter.
  • 4º When imposing a sanction due to breach of this article, the nature and gravity of the breach shall be considered, as well as the damages arising from such breach, any vantages obtained by the breacher, any aggravating circumstances, any prior records and any repeated infringements

Art. 16. In the provision of Internet applications, whether free or at cost, it is prohibited to retain:

I – the records of access to other Internet applications without users%u2019 prior and express consent, in accordance with Art. 7o; or

II – personal data that exceed the purpose for which consent was given by the owner of the data.

Art. 17. Unless in cases provided in this Law, the option to not keep records of the access to internet applications does not imply liability for damages arising from the use of these services by third parties.

Section III
Liability for any damages arising from content generated by third parties

Art. 18. The provider of connection to internet shall not be liable for civil damages resulting from content generated by third parties.

Art. 19. In order to ensure freedom of expression and prevent censorship, the provider of internet applications can only be subject to civil liability for damages resulting from content generated by third parties if, after an specific court order, it does not take any steps to, within the framework of their service and within the time stated in the order, make unavailable the content that was identified as being unlawful, unless otherwise provided by law.

  • 1. The referred court order must include, under penalty of being null, clear identification of the specific content identified as infringing, allowing the unquestionable location of the material.
  • 2. The implementation of the provisions of this article for infringement of copyright or related rights is subject to a specific legal provision, which must respect freedom of speech and other guarantees provided for in art. 5o of the Federal Constitution.
  • 3º The disputes around compensation for damages arising from content made available on the internet related to the honor, reputation or personality rights, as well as the removal of said contente by internet application providers, can be presented to the special courts.
  • 4º The judge, including within the proceeding set forth in § 3º, can antecipate, partially or in full, the effects of the request contained in the initial petition, to the extent that undisputable proof exists of the fact, considering society´s colective interest in the availability of the content on the Internet, as long as the requisits of truthiness of the author´s claims, the the reasonable concern of irreparable damage, or damage that is difficult to repair are met.

Art. 20. Whenever the contact information of the user directly responsible for the content, referred to in art. 19, is available, the provider of internet applications shall have the obligation to inform the user about the execution of the court order with information that allows the user to legally contest and submit a defense in court, unless otherwise provided by law or in a court order.

Sole Paragraph. When requested by the user that provided the content made unavailable, the provider of internet applications that carries out this activity in an organized, professional manner and for economic purposes, shall replace the unavailable content for a note of explanation or the court order that gave grounds to the unavailability of such content.

Art. 21. The internet application provider that makes third party generated content available shall be held liable for the breach of privacy arising from the disclosure of images, videos and other materials containing nudity or sexual activities of a private nature, without the authorization of such participants, when, after receipt of notice by the participant-user or legal representative, refrains from removing, in a diligent manner, within its own technical limitations, such content.

Sole Paragraph. The notice set forth above must contain sufficient elements that allow the specific identification of the material said to violate the right to privacy of the participant-user and the confirmation of the legitimacy of the party presenting the request.

Section IV
Judicial Requests for records

Art. 22. The interested party may, for the purpose of creating evidence in civil or criminal legal procedures, in character incidental or autonomous, require the judge to order the entity responsible for the keeping of records to provide the connection or access logs to internet applications.

Sole Paragraph. Without any impairment to other legal requirements, the request shall contain, under penalty of inadmissibility:

I – justified evidence of the occurrence of the illicit;

II – motivated justification of the usefulness of the requested records for investigation or probative instruction; and

III – the period of time to which the records correspond.

Art. 23. It is the duty of the judge to take the necessary measures to ensure confidentiality of received information and the preservation of intimacy, private life, honor and image of the user, and the judge may determine secrecy of justice, including with respect to the requests for record retention.


Art. 24. The following are guidelines for the performance of Federal Government, States, Federal District and municipalities in the development of Internet in Brazil:

I – establishment of mechanisms of governance that are multi-stakeholder, transparent, cooperative and democratic, with the participation of the government, the business sector, the civil society and the academia;

II – promotion of the rationalization of management, expansion and use of the internet, with the participation of Brazilian Internet Steering Committee (CGI.Br).

III – promotion of rationalization and technological interoperability of e-Government services, within different branches and levels of the federation, to allow the exchange of information and speed of procedures;

IV – promotion of interoperability between different systems and terminals, including among the different federal levels and different sectors of society;

V – preferred adoption of open and free technologies, standards and formats;

VI – advertising and dissemination of public data and information in an open and structured manner;

VII – optimization of network infrastructures and promoting the implementation of storage, managing and dissemination of data centers in the country, promoting the technical quality, innovation and the dissemination of internet applications, without impairment to the openness, neutrality and participatory nature;

VIII – development of initiatives and training programs for internet use;

IX – the promotion of culture and citizenship; and

X – provide public services for attending citizens in an integrated, efficient and simple manner and through multi-channel access, including remote access.

Art. 25. The internet applications provided by public governmental entities ought to aim at:

I – compatibility of e-government services with multiple terminals, operating systems and applications for their access;

II – accessibility to all interested users, irrespective of their physical and motor skills, perceptual, sensorial, intellectual, mental, social and cultural characteristics, shielded secrecy and legal and administrative constraints;

III – compatibility with both human reading and automatic processing of information;

IV – easy understanding of e-government services, and

V – strengthening social participation in public policy.

Art. 26. The compliance with the constitutional duty of the state in providing education at all educational levels, includes integrated training and other educational practices, for safe, conscious and responsible use of the internet, as a tool for the exercise of citizenship, for the promotion of culture and for the technological development.

Art. 27. Public initiatives to promote digital culture and promote the internet as a social tool shall:

I – promote digital inclusion;

II – seek to reduce gaps, especially between different regions of the country, regarding the access and use of information technology and communication; and

III – promote the production and dissemination of national content.

Art. 28. The State must periodically seek to develop and promote studies, as well as set goals, strategies, plans and schedules for the use and development of the Internet in the country.


Art. 29. The user shall have free choice in the use of software in his-hers own device to enforce parental control over content that the user understands to be improper to his-hers minor children, to the extent that the principles set forth in this Law and in Law No. 8,069 of July 13, 1990 are respected.

Sole Paragraph. The government, together with providers of connection services and internet applications, as well as with civil society, shall promote educational initiatives and provide information about the use of the software referred to in this article, as well as establish good practices for digital inclusion of children and teenagers.

Art. 30. The defense of the interests and rights set forth in this Law may be exercised either individually or collectively, in the form of the Law.

Art. 31. Until the entry into force of specific law provided in § 2º of art. 19, the liability of the provider of internet applications for damages arising from content generated by third parties, in case of copyright or related rights infringement, shall continue to be governed by applicable copyright legislation in force, at the time of entry into force of this Law.

Art. 32. This Law shall enter into force after the expiry of sixty (60) days of its official publication.

Brasília, 23rd of April of 2014;
Year 193o of the Independency and year 126o of the Republic.
José Eduardo Cardozo
Miriam Belchior
Paulo Bernardo Silva
Clélio Campolina Diniz
This does not replace the text published in the DOU of 04/24/2014


Opice Blum, Bruno, Abrusio e Vainzof Advogados Associados

Primeira boutique jurídica brasileira especializada em Direito Digital.

Últimos posts por Opice Blum, Bruno, Abrusio e Vainzof Advogados Associados (exibir todos)

Leave a Reply

Your email address will not be published. Required fields are marked *