Brazil’s Recent Ratification of the Budapest Convention on Cybercrime

Bruno Calabrich (Public Prosecutor (Brazil) | PhD candidate at the University of Brasília (UnB).)

Cybercrime is a growing issue in today’s digital age, with criminals taking advantage of the interconnectedness and dependency on technology for personal and organizational activities. Cybercrime is not a new problem and has been addressed by the Council of Europe with the Budapest Convention on Cybercrime in 2001, which entered into force in 2004 after ratification by five Council member countries. This international treaty was conceived to serve as a framework for nations to coordinate and cooperate in the investigation, prosecution, and prevention of cybercrime. As highlighted in its preamble, the Convention recognizes the crucial importance of establishing common criminal law and criminal procedural law in order to facilitate “detection, investigation and prosecution at both the domestic and international levels and by providing arrangements for fast and reliable international co-operation”.[1] Chang and Grabosky point out that “the Budapest Convention is the first and only international convention to encourage harmonization of cyber laws and regulations, and to build cooperation among nations in controlling cybercrime”.[2] In its core fundamentals, Member States commit to work together to provide quick and effective responses to cyber-attacks, exchange information on emerging threat trends and assist each other in investigating cross-border criminal activities.

Brazil, as a leading South American country in terms of technological advances and digital economy, has also recognised the importance of addressing these issues. Indeed, after a long period in which little importance was given to the topic (particularly when compared to the European tradition), Brazilian legislation has shown significant advances in several matters related to digital law, cybercrime and personal data protection in recent years. Its main normative milestones are Federal Statute No. 12.737/2012,[3] which “establishes the criminal typification of cybercrimes” – also known as the “Carolina Dieckman Act” –, Federal Statute No. 12.965/2014[4] – the Brazilian Internet Civil Rights Framework –, and Federal Statute No. 13.709/2018[5] – the Brazilian General Data Protection Act (“Lei Geral de Proteção de Dados Pessoais”, or LGPD). In Brazilian Courts, there have also been important decisions, such as the ruling by the Federal Supreme Court (STF) on ADC (“Ação Direta de Constitucionalidade”, a declaratory lawsuit of constitutionality of federal laws or normative acts) no. 51,[6] in February 2023, which confirmed the validity of court orders issued in the interest of criminal investigations for technology companies running internet applications in Brazil, even when the requested data is stored on servers located abroad. Prior to that, in May 2020, the STF, in the judgment of ADI (“Ação Direta de Inconstitucionalidade”, a direct lawsuit of unconstitutionality of federal or state laws or normative acts), no. 6387 MC-Ref/DF, recognized for the first time the protection of personal data as an autonomous fundamental right, not explicitly stated, but inferred from an integrated reading of several provisions of the Brazilian Constitution.[7] This decision prepared the grounds for the enactment of Constitutional Amendment no. 115/22, in February 2022, which expressly included the protection of personal data in the wording of the Constitution among the fundamental rights and guarantees.[8]

Continue reading “Brazil’s Recent Ratification of the Budapest Convention on Cybercrime”

Editorial of May 2023

By Pedro Madeira Froufe (Editor) 

30 years after “Maastricht”: the past and the future of integration (marking Europe’s Day)

1. November 2023 will mark the 30th anniversary of the Treaty on European Union – the Maastricht Treaty. “Maastricht” marks the beginning of a then new era in the integration process which, in a sense, may now be coming to an end. The “post-Maastricht era”, its assumptions and political meaning (guiding European integration), will most likely be different after the war in Ukraine. From this perspective, we can say that European integration has so far had two major phases: an initial phase, a path traced and, at the same time, built, from 1951 (Treaty of Paris, ECSC) to the birth of the European Union (Maastricht Treaty, 1992); and, on the other hand, an era already marked by the existence of the Union, i.e. from 1992/1993 to the present day (a “post-Maastricht” phase). The war in Ukraine heralds the inevitability of a third stage in the integration process which may to some extent redefine (widen?) the very understanding of integration – at least in a political and geostrategic sense. We will most likely be at the dawn of a third phase of “post-war” European integration in Ukraine.

Continue reading “Editorial of May 2023”

Once again on the rule of law in Romania. The risk that thousands of defendants would not face criminal liability: a new wave of requests preliminary rulings at the CJEU

Dragoș Călin (Judge at the Bucharest Court of Appeal and Co-President of the Romanian Judges' Forum Association) 

The decisions of the Constitutional Court of Romania once again created a wave of requests for preliminary rulings at the CJEU. Currently there are ten such new referrals that the ordinary courts in Romania (Brașov Court of Appeal, Bucharest Court of Appeal, Bistrița First Instance Court) have submitted or are going to submit after drafting the decisions,[1] under Article 267 of the Treaty on the Functioning of the European Union. In fact, one of the requests (case C-107/23 PPU, Lin) will be heard in an urgent preliminary ruling procedure, therefore, in a very short time, a solution is expected from the CJEU, as the pleadings are scheduled for 10 May 2023. Another reference for a preliminary ruling was dismissed in a peculiar manner, as a result of the admission by the High Court of Cassation and Justice – Criminal Division of the request to transfer the hearing of the case, the High Court noting the fear of a defendant, judged in several cases in which he has such a capacity, regarding the referral to the CJEU.

In the domestic cases in which these requests were submitted, the accused requested the application of the principle of the most favorable criminal law (lex mitior) in the situation where a decision of the Constitutional Court of Romania declared unconstitutional a legal provision (Article 155 par. (1) of the Romanian Criminal Code) regarding the interruption of the limitation period of criminal liability (Decision no. 358/2022). To do so, the Constitutional Court argued the passivity of the legislator, which did not intervene to bring the legal text into agreement with another decision of the Constitutional Court, issued four years earlier (Decision no. 297/2018). During that time the case law of the common courts formed and attempted to interpret the existing in law in accordance with the Constitutional Court’s decision, the practical consequence of reducing to half the limitation period for all criminal acts for which a final judgment of conviction was not issued prior to the first decision of the Constitutional Court and of terminating the criminal proceedings against the accused in question.

Continue reading “Once again on the rule of law in Romania. The risk that thousands of defendants would not face criminal liability: a new wave of requests preliminary rulings at the CJEU”

From the Digital Services package to the Digital Markets Act: the road to a (more) secure, open, and fundamental rights-friendly digital space

Inês Neves (Lecturer at the Faculty of Law, University of Porto | Researcher at CIJ - Centre for Legal Research | Member of the Jean Monnet Module team DigEUCit)

Aware of the shortcomings arising from the lack of changes to the European Union’s legal framework governing online platforms and digital services, practically since the adoption of the Directive on electronic commerce[1] of 2000, the European Commission presented the Digital services Act package[2] in December 2020. It seeks to ensure and strengthen European digital sovereignty in terms that guarantee fundamental rights and the affirmation of the Union (also on the international stage) as a community of values and rights whose applicability should not depend on the online vs. offline divide. To this end, the options initially pursued, favouring non-interference, minimal regulation,or even the immunisation of intermediaries from any liability, soon proved insufficient to respond to the new digital challenges.

The imperative to provide European citizens and businesses with a secure digital space, respectful of fundamental rights, as well as open, contestable, and fair, is therefore at the origin of a fundamental paradigm shift of increasing responsibility that marks the genetic identity of the digital services package. The vision of a “minimal” European Union is thus replaced by the imposition of a set of obligations on platform service providers, according to a model of ex-ante regulation.

Continue reading “From the Digital Services package to the Digital Markets Act: the road to a (more) secure, open, and fundamental rights-friendly digital space”