Since the Snowden revelations, Brazil has increasingly taken a leadership role in regards to digital rights and the right to privacy. Most notably, this can be seen with their creation of the Brazilian Digital Bill of Rights or “Marco Civil de Internet”. Among other things, Marco Civil protects the right to privacy and free expression online, net neutrality, and the rule of law online. Like the 1995 EU Data Protection Directive before it, which helped shape the form of numerous laws both inside and outside of the EU, the Marco Civil bill is shaping the conversation around a state need to create such bills for digital rights.
But how can such a bill be re-created and enacted across a wide spectrum of states? And would these state differences hinder the overall protection of digital rights? As privacy scholars Bennett and Raab remind us in their book Governance of Privacy: any effective privacy instrument must take into account the global and multilevel reality of our world today.
The EU Directive was only allowed to interact with the US after a round of policies were passed in an effort to “harmonize” the discrepancies in their privacy protections. These policies (Safe Harbor, Model Contractual Clauses, and Binding Corporate Rules) allowed for the US to be seen as an “adequate” third party in regards to how they handle data, as before the EU felt that the US did not have enough data protection legislation in place (Schwartz 2013). Now the two entities can work better together, although the relationship is anything but perfect.
UC Berkeley law professor Paul M. Schwartz also discusses the need to create uniformity in terms, which is something that Brazil and Germany were trying to do when their resolution “The Right to Privacy in the Digital Age” was presented at the 68th session of the UN General Assembly. For the first time, this resolution made surveillance and privacy an imperative global issue, one that needed a deeper look and a clear understanding of terms. This uniformity might allow for a greater harmonization, which Schwartz, citing Anne-Marie Slaughter, says “develop[s] when regulators in different countries work together to harmonize or otherwise adjust different kinds of domestic law to achieve outcomes favorable to all parties” (Schwartz 2013).
One way in which Brazil is seeking a more harmonization, one that is gaining momentum in usage, is through multi-stakeholderism. Whereas much of the EU legislation, as well as the UN, is conducted through multilateral approaches of government to government, the multi-stakeholder approach brings in many different voices. These voices include governments, non-governmental organizations, the private sector, civil society, and academics. For the Marco Civil bill in particular, Brazil created that, in part, by democratic participation and multi-stakeholderism. Brazil is also staunchly trying to hold onto its multi-stakeholder approach for international Internet governance forums, despite pressures from other BRICS nations and developing nations to make negotiations multilateral, where the potential to centralizing control increases, according to a Human Rights Watch report.
The issue of Internet governance, privacy, and data protection is not a simple one. As Bennett and Raab state in their book: “…privacy protection has to be negotiated through the various ‘stakeholders,’ rather than decreed: there is a politics of data protection, not just a blueprint” (234). A patchwork mosaic of policies that disintegrate across borders is no longer effective as data proliferation continues. A new way forward is needed, and Brazil and its bill of rights for the online world is helping lead the way.