PrivacyLatam

A research on Data Protection in Latin America

Privacy and data protection in the Marco Civil
da Internet (Brazilian Civil Rights Framework for
the Internet Bill)
The Civil Rights Framework for the Internet Bill (Marco Civil da Internet) was approved by the
lower house of Brazilians Parliament and is now being discussed by the Brazilian Federal Se-
nate, before being enacted into Law by Brazils president.
A substantial portion of the Bill deals with privacy and data protection and this is one of its major
changes since earlier versions. Its first draft was the result of a collaborative work done over the in-
ternet, which resulted in a principle-orientated statute with the main aim of assuring a set of rights
to internet users. Afterwards, an intense debate emerged concerning issues as the liability of inter-
mediaries and net neutrality. The Bill was amended in order to regulate more specifically these two
points.
Another major development was related to privacy and data protection. Firstly, the Bill sustained a
general approach to these issues, contemplating privacy and data protection as general principles
for the use of internet and reaching a more specific tone mainly on the issue of data retention by in-
ternet providers.
This scenario changed substantially after Edward Snowdens leaks some of them addressed docu-
mentation about Brazilian enterprises and politicians. This inspired the legislator to include more
specific data protection and privacy rules in the Bill. Thus, its final text ended up with a rather im-
pressive length of privacy provisions, which well proceed to briefly analyse.
Before going to the text, it must be stressed that Brazil doesnt have, as of yet, a general data protec-
tion statute nor general rules about data protection on the internet.
The privacy provisions on the Bill can be widely classified in three main groups: (i) principles and
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
1 de 17 23-06-2014 18:03
users rights; (ii) specifications on logs retention; (iii) access to personal data.
The conceptual definitions of Marco Civil are still basically the same of its prior versions. The main is-
sue is the lack of a definition of personal data (probably an intended one, as the general forthcom-
ing data protection bill shall work directly on this). This absence is not a problem per se, as it is pos-
sible to infer a definition from the usage of the term in actual Brazilian jurisprudence and from legal
scholarship as data which is or can be related to an individual. The Bill also was clear enough to
specify some special kinds of data that should further be considered as personal (i.g., access logs
and other).
The English text of Marco Civil is a free and unofficial translation. Well mention only the parts of the
Bill directly related to privacy and data protection. A full (and also unofficial) whole version of the
text can be found here.
(i) Principles and users rights
Privacy and data protection are separately mentioned as principles for the use of internet in the
very beginning of the Bill.
Art. 3 The discipline of the use of Internet use shall be grounded on the following principles:

II privacy protection;
III protection of personal data, in the terms of the law
The fact that privacy and data protection are mentioned separately evokes the concept of data pro-
tection as diverse from privacy and with a different scope despite its similarities. This approach can
be traced to the Charter of Fundamental Rights of the European Union, in which they are both men-
tioned but in different articles (7 and 8).
Art 3, III adds to the mentioning of the principle of protection of personal data the expression in
the terms of the law. This means that the general data protection regulation and principles shall be
found in another statute, which will regulate data protection in general terms, while the provisions
in Marco Civl related to data protection consist of particular specifications that take into account the
characteristics of internet
It is also worth mentioning that, at a first glance, the privacy principles in Marco Civil are compatible
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
2 de 17 23-06-2014 18:03
with the framework of the draft of the data protection bill that is currently being prepared by the
Brazilian Federal Government.
The chapter II of the bill mentions the rights of internet users several of them related to privacy
and data protection.
Art. 7. Access to the Internet is essential for the exercise of citizenship, and the following rights are
secured to its users:
I the inviolability of intimacy and private life, assuring their protection and compensation for
material or moral damages derived from their violation.
II the inviolability and secrecy of communications on the Internet, except under judicial order, in
the hypotheses and form established by law;
III the inviolability and secrecy of stored private communication, except under judicial order;
Art 7, I to III basically stresses that the general guarantees regarding privacy found in Brazilian Con-
stitution, and partly replicated in the Brazilian Civil Code, are applicable to the internet:
These provisions could be read as rather redundant, except for one very important point made clear
by art 7, III. This particular provision concerns the interpretation Brazilian courts make of Brazilian
Constitution, according to which the constitution only protects data when it is being communicated
(i.e., in a telephone call) and not the data which is stored (i.e. in the memory of a computer or in a
datacenter). The Bill recognised this paradox and endowed stored data with the same level of pro-
tection as communications have, filling an old gap that wasnt reasonable anymore given todays fea-
sibility of storing most of communications data.
VI the information provided in Internet service provider agreements must be clear and compre-
hensive, including detailed information on the protection of connection logs and access to Internet
applications records, as well as network management practices that may affect quality;
art 7, VI, together with VIII, can be read as a mandate to make privacy policies or any terms of use
applicable to personal data clear and understandable. This is particularly important given the fact
that consumer law also, and often, applies to personal data used on internet and taking into account
that the recent Decree 7.962 of 2012 establishes as mandatory the easy and meaningful communi-
cation of any relevant characteristic or restriction of the service to the consumer,
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
3 de 17 23-06-2014 18:03
The provision also mentions the necessary availability of information about logs and access to inter-
net records, which are the data that the Bill will further regulate in a very stringent way.
VII guarantee that personal data, including connection logs and access to Internet applications
records will not be shared with third parties, except upon the users express free and informed
consent or as provided by law;
Consent is here presented as the instrument the individual can use to decide whether his personal
data will (or wont) be disclosed or transmitted to third parties. The connection logs and internet ap-
plications records mentioned here will be further detailed in specific provisions later.
The consent must be free (it must correspond to the actual will of the citizen, not forced by any
means) and informed (valid only after the citizen has been given enough information in order to
know the context and the consequences of his choice) both are very important criteria that must
inspire industry to be clear and precise when informing and asking for citizens consent.
Lastly, consent will not be required when there is specific law permitting the treatment of personal
data even without consent.
VIII there must be clear and comprehensive information on personal data collection, use, stor-
age, care and protection, which can only be used for the purposes that
a) justify the collection;
b) not prohibit by law; and
c) are specified in the Terms of Service or Use of Internet applications.
Here Marco civil begins to turn into a small data protection framework, as two of its main principles
are presented: transparency and purpose.
The need for clear and comprehensive information is a consequence of the adoption of the in-
formed consent mechanism and ckarifies that all treatments of personal data shall be known and
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
4 de 17 23-06-2014 18:03
transparent to the data owner, in its existence and characteristics.
The purpose principle here stresses that use of personal data for purposes other than those known
(and authorized) by the data owner is unlawful. Thus, the secondary use of personal data (out of its
prior purpose) will not be possible unless a new consent is sought.
It is very important to note that these (and other) provisions are valid and must be followed also in
case of data treatments authorised by law without the consent of the datas owner. Thus, if the Law
allows personal data to be used by an enterprise for a certain purpose and without consent (for
databases of unpaid loans, for example), this does not absolutely mean that these data can be used
for any other purpose not explicitly mentioned in the law.
IX clear consent of the collection, use, storage, processing of personal data, which shall occur
separately from the other contractual terms;
The consent requisite is mentioned again, but this time in general terms; the consent shall be ob-
tained to any form of treatment of personal data, which is mentioned in its fundamental forms of
collection, use, storage, processing.
A fundamental specification here is that consent cannot be obtained by a clause inserted in a con-
tract with other provisions it must be obtained separately- This is a formal traditional contractual
tool to assure that the data subject actually had the opportunity to freely reflect before giving its
consent.
X upon a users request, at the end of the term of the agreement between parties, personal data
stored in connection with access to an application must be completely removed, except in case of
mandatory record keeping established in this Law; and
Marco Civil included here a right to be forgotten provision, which is rather weak and potentially
problematic. In fact, the Bill should have recognised that, in the end of the agreement between par-
ties, personal data must be completely removed by an internet application, for the very fact that
there would be no contractual justification its maintenance anymore. Anyway, the provision does
not change the fact that the consent was given for a certain use of the data during an agreement
and that, of course, the end of the agreement implies the necessary destruction of the data, unless
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
5 de 17 23-06-2014 18:03
law or the contract have different provisions.
Another problematic provision is that the text gives the impression that the individual is free to ask
for the removal of his data only at the end of an agreement. Nonetheless, there shall be occasions in
which the individual does not want (or even cant) end or break an agreement, yet he may want his
personal data to be totally or partially removed. In several situations this will be a legitimate claim
and the Marco Civil provision must be interpreted in a way that safeguards this fundamental right of
the individual to revoke, totally or partially, his consent to the treatment of his data, even without
ending another agreement.
As the Marco Civil does not permit some categories of personal data to be erased, it mentions that
even a request of the citizen cannot be enough to cancel the data in some occasions. These are the
cases of logs retention, to be later analysed.
XIII incidence of consumer protection and defence rules in all consumer relations conducted on
Internet.
The fact that several data treatments conducted in internet are also subjected to consumer law en-
dows the internet user with a very protective set of consumer rules to assure his personal data will
be fairly used. The intersection between Marco Civil and consumer law (mainly the Law 8.078 of
1990) will, thus, be the main framework to regulate personal data in internet while there is no gen-
eral data protection law enacted.
Importantly, Brazilian courts recognise that consumer law is also applicable to internet services
which are provided free of charge, or in other words, when it is possible to identify any form of indi-
rect payment (such as the permission to use personal data, in fact).
Article 8 Protection of the right to privacy and freedom of expression in communications is a pre-
requisite for the full enforcement of the right of access to the Internet.
Sole paragraph. Any provision contrary the above mentioned is void, such as:
I implies offence to inviolability and confidentiality of private communications over the Internet;
or
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
6 de 17 23-06-2014 18:03
The last of the general data protection provisions on the Bill provides another strong and sound af-
firmation of the fundamental value of privacy (as well as of freedom of expression) whenever inter-
net is considered.
This article even makes use of a common procedure in consumer law, that is, to recognise as void
any contractual clause which is contrary to the right to privacy (as well as, specifically, the secret of
private communications). In such cases, the clause is to be considered not written, although the
rest of the contract can still be valid and enforced.
(ii) specifications on logs retention
Section II
Record, Data Protection and Private communications protection
Article 10. Record retention of Internet connection and access to application logs, for the purposes
of this Law, as well as personal data and private communications content, must protect the pri-
vacy, private life, honour and image of the parties directly or indirectly involved.
Before mentioning the mandatory retention of some types of personal information, Marco Civil
makes it clear that the data stored must be used only in accordance of the law. This technique of
mentioning the protective standard first and the data retention second reinforces the interpretation
of data retention as an exception that must be treated as such.
The provision calls for the protection of personal data of everyone involved, be it the sender, re-
ceiver of the communication as well as any third party mentioned or indirectly involved.
1 The provider responsible for record retention will only be required to provide the aforemen-
tioned logs, alone or combined with personal data or other information that may help identifying
a user or terminal, upon court order, as set forth in Section IV of this Chapter, complied with arti-
cle 7o.
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
7 de 17 23-06-2014 18:03
As a way to protect the individual,the logs stored must only be disclosed upon judicial order, avoid-
ing thus generic (and, in some occasions, bad-faith) requirements to access personal data made pro-
cessed in some easier way.
Not only logs, but other personal information stored and useful to identify users can be given by the
provider upon judicial request.
2o. Private communications content may only be released by court order, in the terms and provi-
sions established in this Law, complied with article 7, II and III.
The specific mention to the content of communications in 2o strengths the conceptual difference
between content and metadata in internet communications. It also establishes as mandatory the re-
quirement to obtain a specific judicial order to access the content of communication, which cannot
be a general one or one that only refers to the metadata involved in communications.
3o The provisions in this article do not prevent the access by administrative authorities that have
legal competence to request data related to personal qualification, affiliation and address, in
terms of the law.
This provision establishes a major exception in Marco Civil: in particular situations, personal data
can be requested by an administrative authority without the need for a warrant.
It is important to note that not all personal data is subject to this kind of request, but only personal
qualification, affiliation and address.
This provisions is essentially the repetition of one presented in Law 12683 of 2012, which authorised
the police and the public prosecutor to request data for the purpose of investigations regarding
money laundering
As this provision is and must be considered as an exception, its interpretation is restrictive and must
take into account the limits to the requisition of personal data which are already mentioned in Law
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
8 de 17 23-06-2014 18:03
12683 of 2012 and that basically narrows these request to the scope of ongoing investigations. Thus,
even if this provision is a fundamental exception in Marco Civil, an integrative perspective of the
statute assures that it may not, in any sense, be taken as a general nor multi-purpose exception, and
that its misuse is unlawful by its own terms.
4 Security and confidentiality measures and procedures must be communicated by the provider
and clearly meet the standards set forth by regulation.
This provisions establishes that the citizen must be informed of the security measures taken to pro-
tect its data from misuse and unauthorised access. The specificities of the security measures and
standards that must be followed for the treatment of personal data in internet are to be detailed in
secondary legislation as defined by the Brazilian government.
Art. 11. Any operation involving collection, storage, retention and treatment of records, personal
data and communications by Internet connectivity and applications providers, wherein at least
one of these acts occur in national territory, it will be mandatory to comply with national legisla-
tion, privacy rights, data protection rights and the confidentiality of private communications and
records.
1 The provisions in this article apply to any data and communications content collected in the
national territory, wherever at least one of the terminals are located in Brazil
2 The provision in this article applies to foreign-based legal entities, if they provide services to
Brazilian audience or at least one of the holder in the same economic group is based in Brazil.
3 Internet connectivity and applications providers have to provide information that allow for the
inspection of compliance to Brazilian legislation referring to collection, retention, storage and
treatment of data, as well as the respect to privacy and confidentiality of communications, under
the terms of the law.
4 A Decree shall regulate the procedures for inspection of violations to this article.
This is the jurisdiction clause of Marco Civil, which establishes that any treatment of personal data
that is processed in Brazil, even if partially and even if the data is only collected by means of a ter-
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
9 de 17 23-06-2014 18:03
minal located inside the territory, must comply with Brazilian legislation (which includes but is not
restricted to the Marco Civil). l,.
Foreign companies are subjected to this rule whenever they provide services to Brazilian citizens.
This means that even if a company doesnt particularly focus and approaches Brazilian users but ad-
mits them as customers, this provision shall apply. Also, if the company holds a foothold or sub-
sidiary of its same group in Brazil, the provision will also apply.
Companies must also permit inspections aimed to verify the compliance of its practices to the legis-
lation. The Bill does not specify nor clarify which is the body in charge of this inspection, although
the inspection procedures are also going to be further regulated in a Decree (the second explicitly
mentioned in Marco Civil).
Art. 12 Regardless of other civil, criminal or administrative sanctions, any violation to articles 10
and 11 are subject to the following sanctions applied exclusively or in conjunction with others, ac-
cording to each case.
I Warning, with a deadline to start any corrective action;
II fine up to 10% of the economic group revenue in Brazil, according its last financial year, ex-
cluding taxes, and considering the economic condition of the offender and the principle of propor-
tionality between the level of fault and the severity of the penalty.
III temporary suspension of activities involving the actions referred in article 11;
IV prohibition of activities that involve the actions referred in article 11.
sole paragraph. In the case of foreign based companies, any subsidiary, branch, office or estab-
lishment in the country will be jointly liable.
Here we can find listed the substantial sanctions for the lack of compliance with the data retention
provisions in the Bill, which ranges from warning, corrective measures and fines, to suspension and
even prohibition of the activities that involves data retention. Foreign companies are also subject to
these sanctions, which can also be imposed on their Brazilian subsidiaries or alike.
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
10 de 17 23-06-2014 18:03
Subsection I
Internet Connection Records Retention
Art. 13. Under the terms of the relevant Regulation, when providing Internet connection, autono-
mous system administrators are obliged to retain connection records under strict confidentiality,
in a controlled and safe environment for one year.
1 The responsibility for retaining connection logs cannot be transferred to third parties.
2 The police, administrative authorities or the public prosecutors may require that precautionary
connection logs are retained for longer than foreseen in the caput of this article.
3 In the case foreseen in paragraph 2, the applicant authority shall have a period of sixty days,
from the date of request to the ISP, to file for a court order to authorise access to the referred
records.
4 The provider responsible for record retention must protect the confidentiality of the requests
foreseen in paragraph 2, which shall be void if the court order is denied or if it is not filed within
the period set forth in paragraph 3.
5 In any case, the availability of records mentioned in this article to the applicant must be pre-
ceded of a court order, according Section IV of this Part.
6 In the execution of sanctions for the violations of this article, it should be considered the na-
ture and severity of the infraction, the respective damages, potential benefit gathered by the of-
fender, aggravating circumstances, background violations of the offender and recidivism.
The data retention performed by internet providers embodies a lengthily discussed provision of
the Marco Civil and is, interestingly, one of the main reasons of the very existence of the Bill! In
effect, this piece of legislation was firstly proposed as a counter part to another Bill that proposed
mandatory data retention within a legal framework build upon criminal sanctions.
The very definition of a connection log can be found at Article 5, V:
VI connection log: a set of information regarding the date and time that the Internet connection
begins and ends, its duration and the IP address used by the terminal to send and receive data
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
11 de 17 23-06-2014 18:03
packets;
The minimum period for the retention of data of connection logs is one year, but this period can be
extended if a request is made by the police, administrative authorities or the public prosecutors (no
judicial order is needed for the extension but the request to a judicial order must be filed within 60
days).
There is no maximum time limit for data retention.
The log must be kept by the company which collected it. In order to technically comply with this obli-
gation, the company will not be able to use a contractor or third party as a kind of data processor.
Subsection II
Access to Internet Applications Records Retention in Connectivity
Art. 14. In the provision of Internet connection, costly or gratuitous, it is forbidden to retain
records of access to Internet applications.
Marco Civil uses the technique of not bundling together the connection logs (kept by ISPs) with data
from internet application (kept by sites and alikes) in fact, it forbids it. This very explicit measure is
key to its privacy framework as it expects ISPs not only not to deal with the contents in ones con-
nection, but also not to keep logs of what is happening in the sphere of internet applications, which
would be a restrict place for the OTT (over-the-top).
As the Bill makes it mandatory both kinds of logs (at least for the big branch of applications with
economic purposes), this provisions aims to draw a strict line between these two main genre of
mandatory logs that will, in fact, be the very recent memory of internet use in Brazil once the Bill is
enacted and effective. It can be argued if it is really possible to conceive such a clear and concrete
line.
Subsection III
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
12 de 17 23-06-2014 18:03
Access to Internet Applications Records Retention for Applications Provision
Art. 15 providers established as a legal entity acting in organised and professional structure, with
economic purposes, shall keep records of their access to Internet application, under confidential-
ity, in safe and controlled environment, for at least 6 months, under the terms of regulation.
1 Court order may require, for a specific time frame, Internet applications providers that are not
under the above mentioned requirements, to keep record of access log to Internet applications,
only if it is related to a specific event in a specific period
2, the police, administrative authorities and public prosecutors may require in precaution to any
Internet applications provider that records are stored, including for a longer term than above-
mentioned, observed the procedure and terms set forth in 3 and 4 of article 13 from this Act.
3 In any case, the availability of records mentioned in this article to the applicant must be pre-
ceded of a court order, according Section IV of this Part.
4 In the execution of sanctions for the violations of this article, it should be considered the na-
ture and severity of the infraction, the respective damages, potential benefit gathered by the of-
fender, aggravating circumstances, background violations of the offender and recidivism.
Several Internet applications shall have to keep records of theirs users access for at least six
months.
Internet applications are, according to Article 5, V:
VII Internet application: a set of features that can be accessed by a terminal connected to the In-
ternet
And the logs of access to them contains, says Article 5, VIII:
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
13 de 17 23-06-2014 18:03
VIII Record of access to Internet applications: a set of information regarding the date and time
when a specific Internet application was used, from a given IP address.
This measure is a very extreme one as it may not only increase drastically the volume of personal
data being kept as a result of regular internet navigation but also makes it impossible to run several
kinds of privacy-friendly services which are not meant to preserve records of their normal use.
More data being kept means more costs in the eyes of internet enterprises, but means other pretty
negative consequence for internet users: it raises the risks of something bad happens with personal
data, such as non-authorised access, accidental disclosures and so on.
Even if the records mentioned doesnt directly contain personal information, it is clear that they will
be useful only in occasions they could be contextually related to an identifiable individual, so, for the
proposed purposes, that must be considered as equivalent to personal data.
This kind of mandatory logs were a last-minute increment to the Bill that were not fully discussed, as
other provisions were. They find practically no equivalence in other legislation (in fact, data retention
usually refers to ISP logs and not log from internet sites). There is a strong argument that can be
made on the grounds of the principles of proportionality and economy.
Only for-profit and legal entities qualify as applications that are bound by this provision. The Bill re-
quires a judicial order as the only means for this logs to be disclosed, and even establishes in 4
some requirements for the order to be issued.
As with connection logs, there is no time limit on the retention of these logs, as the six-months pe-
riod can be extended on the requirement of an authority.
Art. 16. When providing paid or free Internet applications, it is forbidden to retain:
I access log to other Internet applications without the data owner previous consent, in compli-
ance with article 7o.
II personal data that exceed the purpose for which has been consented by the holder.
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
14 de 17 23-06-2014 18:03
One internet application is forbidden to keep records of access to other internet applications, in or-
der to make another clear line between who are the natural depositories of these records.
Anyway, this procedure can be done providing the data owner has given his consent.
Art. 17. Except in the cases mentioned in this Law, the choice to not to keep records of access to
applications does not imply liability for damages from use of these services by third parties.
The provision tries not to make the retention of access data to internet applications the implicit rule
also for non-profit services or to other services not mentioned in Article 15.
(iii) access to personal data
Section IV
Court Order for Disclosure of Records
Art. 22 For the purpose of gathering evidence and proof for legal proceedings in civil or criminal
areas, the interested party may request a judge an order addressed to the entity responsible for
record retention to disclose connection or access to applications logs, on an incidental or stand-
alone basis.
Sole paragraph. Without prejudice to other legal requirements, the court order shall contain, sub-
ject to becoming void:
I underlying evidence of the offence;
II detailed reasons for the relevance of the requested records to the investigation or probative
use, and
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
15 de 17 23-06-2014 18:03
III the specific period the records refer to.
Art. 23 The judge is responsible for taking the necessary steps to ensure the confidentiality of the
records received under custody, and to safeguard the privacy, private life, honour and image of
the user. The judge may deem the legal proceedings classified.
The judicial order, generally required to access private information, is directly mentioned in art. 22
and 23.
A judicial order can be given either in criminal as in civil cases. This substantially widens the array of
situations in which a judge can find it reasonable to issue such an order when compared to some
propositions to make it ossicle (possible) only in criminal cases.
In order to restrain the effects of a excessively wide judicial order, the Bill mentions that the order
shall only be taken into account after the judge has received underlying evidence of the offence
which is being discussed; after having received and considered the relevance of the data to the in-
vestigation in course, the judge must also define a specific period to which the order refers to.
The principles of proportionality (regarding the measurement of the importance of the data re-
quested and its importance to the investigation) and specification (regarding the limitations the time
period the data requested refers to) are present and are important constrains to any form of abuse,
proposital or not. Moreover, the judge is not only supposed to issue the order but, as article 23 men-
tions, he needs to take any necessary precaution to assure the privacy of the individuals affected by
the disclosure of the data. This provision also includes the possibility and, we shall add, the neces-
sity of the judge classic and the proceedings related to the requested data, as party of his duty to
safeguard the privacy of the citizens involved.
Danilo Doneda
The author would like to thank Norberto Nuno de Andrade for his comments on a draft of this post.
This entry was posted in Brazil and tagged Bill, Marco Civil on April 15, 2014 [http://www.privacy-
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
16 de 17 23-06-2014 18:03
latam.com/?p=239] by admin.
Privacy and data protection in the Marco Civil da ... http://www.privacylatam.com/?p=239
17 de 17 23-06-2014 18:03