Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

And speaking about spam...

No items found.

According to the Merriam-Webster dictionary, the term spam refers to unsolicited usually commercial messages (such as emails, text messages, or Internet postings) sent to a large number of recipients or posted in a large number of places.  While it is quite true that the most common means of spamming is via electronic mail or email, spam may also be sent by text messaging applications, phone, blogs, social networks, and even paper correspondence.

By the way, according to the Hotmart blog, the word "spam" was popularized by British comedians Monty Python when they went to a restaurant to stage a scene composed of a group of Vikings (played by the comedians) watching a couple ordering dinner. At the time, an American brand of canned, spicy ham was marketed in England as "spam" (derived from Spiced Ham). In the restaurant where the comedy scene took place, this "spam" was served with every dish. Thus, even if customers did not order it, they ended up being served the canned product. Observing this, the humorists began chanting the word "spam," disturbing everyone in the restaurant.

Although, for the most part, electronic spam is sent for promotional purposes, spam can take licit or illicit forms involving chains, fake news, malware (malicious software), viruses, frauds, political advertisements, etc.

However, under the General Data Protection Law (LGPD) and after the Marco Civil da Internet edition, we still do not have specific legislation in Brazil to regulate spam use and traffic.  The LGPD protects personal data and, therefore, can be used palliatively to question the framing on a specific legal basis to collect, use and store someone's personal information (which may include email) and whether they identify an individual or make them identifiable. However, the Marco Civil da Internet is primarily concerned with delimiting responsibilities, especially for internet providers, in addition to rights and guarantees for users.

A comparison of the two sets of rules reveals the following features:

Art. 7 The processing of personal data can only be carried out in the following cases:

I - by consent of the subject;
II - for the fulfillment of a legal or regulatory obligation by the controller;
III - by public administration, for the treatment and shared use of data necessary for the execution of public policies provided for in laws and regulations or supported by contracts, agreements or similar instruments, subject to the provisions of Chapter IV of this Law;
IV - to carry out studies by a research body, guaranteeing, whenever possible, the anonymization of personal data;
V - when necessary for the execution of a contract or preliminary procedures related to a contract to which the holder is a party, at the request of the data subject;
VI - for the regular exercise of rights in judicial, administrative, or arbitration proceedings, the latter under the terms of;
VII - for the protection of the life or physical security of the subject or third party;
VIII - for the protection of health, exclusively, in a procedure performed by health professionals, health services, or health authority;
IX - when necessary to serve the legitimate interests of the controller or third party, except in the event that the fundamental rights and freedoms of the subject prevail that require the protection of personal data; or
X - for credit protection, including the provisions of the relevant legislation.
Art. 7 Access to the Internet is essential to the exercise of citizenship, and it is guaranteed to users the following rights:

I – Stipulates the inviolability of intimacy and private life and its protection with indemnity for material or moral damage resulting from its violation;
VII - failure to provide third parties with your personal data, including connection records and access to internet applications, except with free, express, and informed consent or in the cases provided for by law;
VIII - clear and complete information about the collection, use, storage, treatment, and protection of your personal data, which can only be used for purposes that:
    a) justify their collection;
    b) are not prohibited by law; and
    c) are specified in service provision contracts or in terms of internet use applications;
IX - express consent on the collection, use, storage, and treatment of personal data, which must occur in a detached manner from the other contractual clauses;
X - definitive exclusion of personal data that you have provided to a particular internet application, at your request, at the end of the relationship between the parties, except for the cases of mandatory record-keeping provided for in this Law;

In any case, the rules above deal only with spam recipients' personal data or that of someone mentioned in their content, but not with the mass sending of such messages.

Although the lack of specific legislation constitutes the current reality, several bills are passing through the National Congress to regulate or prohibit spam.  They are listed below:

Bill 1589 /1999 Deals with electronic commerce, the electronic document's legal validity, and the digital signature, and makes other provisions.
Bill of Law 4906 / 2001 Deals with electronic commerce.
Bill 6210 / 2002 Limits the sending of unsolicited electronic messages ("spam") through the Internet.
Bill 7093 / 2002 This law deals with commercial electronic correspondence and makes other provisions.
Bill of Law – 757 / 2003 It prohibits providers of mobile cellular services and personal mobile services from using the messaging service for the transmission of commercial advertising.
Bill of Law – 2186 / 2003 Deals with sending unsolicited messages through computer networks intended for public use.
Bill of Law – 2423 / 2003 Deals with computer intrusion procedures and sending unsolicited electronic messages ("spam") through the Internet.
Bill of Law – 3731 / 2004 Limits and defines the sending of unsolicited commercial email messages ("spam") through the Internet.
Bill of Law – 3872 / 2004 Deals with sending commercial messages over a computer network for public use.
Bill of Law – 1227 /2007 Deals with sending commercial messages over a computer network for public use.
Bill of Law – 4187 / 2008 Deals with sending unsolicited email messages.
Bill of Law – 5485 / 2013 Deals with the criminal classification of computer fraud.

On the other hand, some lawyers defend the framing of spam in Art. 186 (Anyone who, by voluntary action or omission, negligence or imprudence, violates the right and causes harm to others, even if exclusively moral, commits an illegal act) of the Civil Code and in Art. 286 (Incitement to Crime - Publicly inciting the practice of crime: Penalty - detention, from three to six months, or fine) of the Criminal Code.

An example of existing regulations that have affected spam regulation is the CAN-SPAM Act of December 16, 2003, an United States law that established the following rules:

1. Opt-in - The customer must consent to the registration. 6. Opt-out - The customer must have the right to no longer receive emails.
2. False or misleading information should not be used in the header. 7. Requests to cancel the sending of emails must be respected.
3. Texts must not contain false or misleading content. 8. The obligation to monitor third parties who are using spam on your behalf.
4. Since the message is an advertisement, this needs to be made clear. 9. Establish the definition of promotional email.
5. Customers must be given a real (geographical) location. 10. Comply with incentives for forwarding email, such as discounts, prizes, etc.

Despite the laws mentioned above, some common-sense rules should be followed by email users to prevent spam and the consequences resulting from its use by third parties:

  1. Never respond to or complain about spam messages, however attractive or irritating they may seem.
  2. Never believe in tempting offers or unrealistically good deals, as well as sensational news.
  3. Avoid forwarding spam messages to someone you know, as their content could be misleading or even illegal.
  4. Get in the habit of setting up your email program so that you can preview your messages before opening them.
  5. Avoid using your private or business email to subscribe to newsletters or access websites, or register for things. Instead, use a free email from platforms like Gmail, Yahoo, Outlook, etc., created just for that purpose.
  6. Use email addresses that don't reveal your name. Ex:
  7. If possible, do not publicly disclose your email.
  8. Due to the widespread use of bots and spiders on the Internet, try to display your email address on your website by spelling it out in full. Ex: ad3842 at gmail dot com.
  9. Use an anti-spam filter if your email program doesn't already have one.
  10. Do not click on links within messages that could be considered spam.
  11. Make it a habit to read the privacy policy before registering for anything on the Internet for any purpose. And if there is no privacy policy or option to unsubscribe from their emails, think twice before doing so.
  12. Even if you do subscribe to a newsletter or service, and you agree to receive emails, never click on the box that states that you will accept email from third parties.
No items found.