PL 2630 provides for extensive subsequent regulation – 05/07/2023 – Power

The battle for the regulation of internet platforms will not be limited to the already arduous mission of approving the Fake News PL in Congress. Even if the allied base of the Lula government (PT) obtains the necessary votes, a series of points must still be the subject of future debates, since the bill provides for extensive subsequent regulation.

Among them are the detailing of how companies’ transparency and risk assessment reports should be, as well as the objectives and steps of the so-called “security protocol”. The latter will be the mechanism through which it would be possible to make Article 19 of the Civil Rights Framework for the Internet more flexible, for a specified period of time on a specific topic in case of “imminent damage”.

The need to detail rules through resolutions and ordinances is common in legislation of this type, especially due to rapid technological change, so that the law does not become obsolete soon.

In the case of the PL, however, there is a peculiarity in the scenario: the lack of definition of the body that will perform a series of tasks foreseen in the text and that will be subject to regulation.

The intention of the project’s rapporteur, Deputy Orlando Silva (PC do B-SP), was to predict that the Executive could create an autonomous supervisory entity, and that it should have technical and administrative independence. Without the support of parliamentarians, it was removed from the text.

With that, the text was left with a kind of hole, without defining who will make the law effective. And, moreover, opening a loophole for an agency directly linked to the government, such as a ministry, to make this regulation.

Considered a priority agenda for the PT administration, the project gained urgent status, but the vote was postponed due to the concrete possibility that it would be rejected. In addition to the big techs offensive against the proposal, there was a disembarkation of parliamentarians from parties that had initially voted in favor of the urgency.

In an interview with Sheet, Orlando Silva, who is still negotiating the text, said that the safest way would be to delegate the supervision of the law to Anatel (National Telecommunications Agency). He stated that the ANDP (National Data Protection Authority), another option that has been discussed, would have few instruments to be effective in the short term.

Bruno Bioni, director of Data Privacy Brasil and member of the National Council for Data Protection, points out that the fact that there is still no definition of the entity that will play this role is a serious absence for the debate.

“Substantially, the law loses with this, it is almost without a soul. In the sense that what is its great filling would be without, let’s say, a captain or a female captain to lead it”, he says.

“Faced with this power vacuum, it would open up even more space for the Executive Branch to be removed from the agenda, following the example of what the Ministry of Justice has done through the National Consumer Secretariat, which is terrible,” he says. “An autarchy is the most suitable for having functional, technical and budgetary independence from the Executive.”

In April, in the context of the operation that seeks to combat content that advocates violence in schools, the Minister of Justice, Flávio Dino, signed an ordinance establishing rules for the platforms on this topic and assigning to Senacon the task of initiating an administrative process for verification and accountability of big techs.

Juliana Abrusio, partner in the area of ​​Digital Law and Data Protection at Machado Meyer, also considers that this portfolio would not be the ideal supervisory body for regulation, since it already has a tendency, consumer protection.

The ideal thing to guarantee independence, he says, is to create a model that is different from what exists in other regulatory bodies in Brazil. She says she sees no problem with the details on compliance with the measure being established later.

Bioni is of the opinion that Anatel, despite being an autarchy, would not be the most appropriate body. He argues that it is linked to a specific sector and focused primarily on market failures, unlike PL 2630, in which it would have to balance fundamental rights.

Among the items to be regulated later, according to the current version of the PL, are points such as the “systemic risk” assessment guidelines, a report that must be made by technology companies and that will be one of the elements for analysis on whether they are or are not fulfilling the “duty of care”.

It would also be better defined in later rules how an eventual security protocol on the platforms would work —a period of 30 days in which, in the face of the verification of some imminent danger or negligence of the platform, it can now be held responsible in court, if it fails to remove some illegal content about certain topic after being notified.

The way in which access to data from the platforms will be guaranteed to researchers and also the details on external audits would also be subject to regulation. Such points, for example, are also the subject of discussion in the European Union today.

Likewise, the definition of the form of remuneration for copyright and also for journalistic content would occur after the law was approved —although there is an articulation of deputies for the removal of this theme from the last version of the project.

Legislation such as the General Data Protection Law also provided for further regulation, but in this case, many of the articles specified that the national authority to be created would be the one to make the regulation.

The guarantee of social participation, with public consultations and formal space for multisectoral groups, is cited as one of the tools to seek more forms of control of the future regulation and supervision process.

In the protocol version of the text, another actor was included in the regulatory architecture: the Internet Management Committee in Brazil (CGI.br), which is composed of representatives of civil society, government, companies and the technical-scientific community.

Laura Tresca, social scientist and CGI.br senior advisor, explains that there is a discussion about the points listed in the text, regarding which tasks would or would not fall within the committee’s competences.

“In our case, the guidelines are more in the field of recommendations, good practices. While a regulatory body is the one who really has the word of ‘enforcement'”, he explains. “The advantage of the guidelines built by the CGI is that it is done through a multisectoral negotiation”, she says.

In a public note on the 28th, CGI.br declared that it recognizes “the forecasts established for this Committee” as relevant and said that it would seek the rapporteur “to agree on adjustments” to the project.