Current Challenges of Telematic Confidentiality Breaches in Criminal Cases in Brazil

The swift pace of technology advancement has caused the Brazilian legislation regarding breaches of secrecy to become outdated, leaving much of its regulation and enforcement to legal interpretations and analogies.

The Brazilian Constitution protects the rights to privacy and intimacy, but also provides the possibility of limiting these guarantees. Federal laws, the Superior Court of Justice and the Supreme Court state that it is possible to limit the protection of privacy and intimacy in the context of a criminal proceeding when there is a relevant public interest.

Apart from the inevitable issue that arises from the broadness of the “relevant public interest” criterion, there are several unresolved questions in connection with the breach of telematic secrecy.

In times when people hold much, if not all, of their personal information in portable devices such as smartphones, tablets and smartwatches, finding the balance between the individual’s right to privacy and the government’s right to investigate has shown to be a complex challenge.

An overview of some of the most interesting topics under debate in Brazil are provided below.

The Supreme Court is currently discussing the limits of breaching secrecy concerning geographical points and undetermined people.

A lower court decision, held in a notorious case involving the murder of a Brazilian councilwoman, ordered a technology company to provide the data of all users who circulated on the day, time, and location where traffic monitoring cameras detected the vehicle used in the murder. The company refused to provide the information, arguing it was a generic request non-compliant with the legal requirements to breach the constitutional right to privacy.

The company appealed to the Superior Court of Justice, which maintained the lower court decision and ruled that breaking static computer data is different from intercepting communication.

The grounds for the decision were that intercepting communication refers to the transmission of information between at least two sources (a source and a recipient). In such cases, it is necessary to intercept the flow of information since it is not stored in any server. Meanwhile, static data refers to records that have already been transmitted but are stored in a server. Therefore, the breach of secrecy would not be related to the content of the communications but to the user’s identity and the place and time they used the internet platform.

According to the Superior Court of Justice, these two types of information do not hold the same constitutional protection, so the threshold of the judicial decision requesting the identity of the users is not the same as of the decision requesting access to the content of the user’s data exchanged in a certain time and location.  

The company appealed to the Supreme Court, which recognised the general repercussion of the matter, meaning the decision in such a case will affect many other cases with the same matter under discussion. A final decision is still pending analysis.

Another hot topic of discussion relates to the refusal of multinational companies to provide data requested by Brazilian courts, under the argument that the information is stored in another country. As such, the tech companies allege that there must be an international co-operation agreement between Brazil and the country where the data is stored for them to provide the results of the telematic breach.

However, given that most of these companies have branches in Brazil, which are incorporated under Brazilian law, the Superior Court of Justice understands that the company must be subject to Brazilian legislation and cannot evade compliance with a judicial request by invoking foreign legislation.

Most recently, the Supreme Court ruled that the breach of telematic secrecy in a criminal investigation for crimes committed in Brazil must be complied with where there is an international co-operation agreement or a direct request to the company's branch in Brazil. According to the Supreme Court, there is no violation of foreign data privacy legislation solely because the data is stored abroad.

Additionally, the Court explained that a direct request to obtain the data is easier and simpler than international co-operation, which contributes to a faster collection of evidence in a criminal investigation and prevents technology companies based abroad from delaying or failing to comply with Brazilian judicial requests.

Another issue that will undoubtedly have significant repercussions in the criminal investigation framework is the illegality of direct access by the police to the content of seized devices without a court order.

There are three points of view under discussion in the Supreme Court in connection with the acceptance of proof gathered in electronic devices seized by the police in a crime scene. A final decision on all of them is still pending.

Most recently, the discussion on the breach of confidentiality was revived after the anti-democratic acts that occurred in the National Congress and the Supreme Court premises in January 2023. The Supreme Court authorised a widespread breach of telephone and telematic confidentiality in the criminal investigations, which affected not only the eight individuals under investigation but also those who had contact with them in recent years.

The expectation is that either the courts or the Congress will face this discussion and set a legal direction to be complied with by all the stakeholders, to ensure that the criminal investigations will be effective but that they also respect the individuals’ right to privacy.