BRAZIL LAW AND PRACTICE Contributed by: Ricardo Barretto Ferreira da Silva, Ingrid Bandeira Santos, Sylvia Werdmüller von Elgg Roberto and Isabella da Penha Lopes, Azevedo Sette Advogados
in the custody, intermediation and brokerage of crypto assets. Although no robust regulatory framework for cryptocurrency is currently in place, it is expect - ed that such a framework will be developed in the near future. A major challenge is to adapt existing technologies to regulatory standards that will be in place after design and other param - eters have been decided upon. Another relevant issue to be addressed is fraud and security breaches. The use of technologies in regulatory sandboxes, along with public consultations and discussions, allows the exchange of experience between the TMT industry, civil society and the government, which will lead to the development of more precise, useful and feasible rules for the cryptocurrency sector. 2. Cloud and Edge Computing 2.1 Highly Regulated Industries and Data Protection Although Brazil does not have specific legisla - tion dedicated solely to cloud services, various local laws address this issue. The MCI outlines principles, rights and duties pertaining to the use of the internet in Brazil, establishing obligations for internet connection and application providers that are pertinent to cloud computing solutions. A significant aspect of the MCI is the requirements related to data retention imposed on internet application pro - viders. The LGPD regulates the handling of personal data across all sectors. Cloud service provid - ers, whether acting as controllers or processors of personal data, must adhere to this Act. The LGPD particularly influences cloud computing
and its providers by establishing criteria for per - sonal data processing and data transfers. Regarding personal data processing, there are several key points in the cloud computing con - text: • the physical location of personal data is crucial for determining the applicable national law; • multiple stakeholders typically collaborate throughout the value chain in cloud comput - ing, which raises complex issues regard - ing personal data processing requirements, including data security concerns that may escalate with the addition of new service providers; and • cloud computing often involves significant personal data transfers across borders, necessitating that both data controllers and processors ensure compliance with relevant data protection regulations. The CDC applies to consumer transactions, including those involving cloud computing prod - ucts or services. Banking Resolution No 4893/2021 of the BCB estab - lishes requirements for cloud services used by financial institutions. It imposes critical obliga - tions on entities regulated by the BCB, including specific cybersecurity policies related to cloud environments. Insurance The Brazilian Superintendence of Private Insur - ance ( Superintendência de Seguros Privados ; SUSEP) has also issued standard cybersecurity guidelines applicable to insurance companies and their service providers, extending to general cloud services (Circular No 638/2021).
18
CHAMBERS.COM
Powered by FlippingBook