As of 21 October 2019, Private Internet Access (PIA) has announced its intention to pull its servers out of Brazil. This is in an attempt to avoid the country’s increasingly invasive data retention laws.
The VPN provider alleges that the Brazillian government is currently “trying to force companies like VPN companies to comply with logging laws.”
These laws dictate that any responsible for a user’s IP address must keep connection logs for at least a year.
While the law in question was passed in 2014, the datacenter company that PIA use in Brazil, Equinix, claim that the “tone” of Jair Bolsonaro’s government has changed, and they now intend to compel ISPs as well as VPN providers to comply closely to the law.
The law allows provision for the government to access these logs, but only after being granted a court order to do so. The law states that it applies to any data collected in Brazil, and to communications which take place with a device in Brazil.
Potential punishment for not abiding by the law includes any or all of the following:
- A warning with a deadline for adopting corrective measures
- A fine of up to 10% of the company’s yearly revenue in Brazil
- A temporary suspension of activities involving the infraction
- Permanent prohibition of activities involving the infraction
In more plain English, this means that VPN companies who do not keep connection logs in Brazil could be subject to a significant fine or prevented from operating in the country.
It will still be possible for PIA customers to access the VPN network from within Brazil, but they will need to connect to servers outside of the country.
In January, a group of 20 Brazillian parliamentarians traveled to China to learn about the country’s network of facial recognition cameras. These discussions did not extend to methods of online monitoring, but they suggests a desire to import a Chinese approach to mass surveillance and censorship.
Bolsonaro has also come under criticism recently for attempts to censor LGBT+ art – which he claims is merely an attempt to “preserve Christian values.” But up to the present, attempts at surveillance and censorship from the Brazillian government have aimed at controlling the internet.
Several other providers, including ExpressVPN, NordVPN, HideMyAss! and CyberGhost, still maintain Brazillian servers. It is not currently clear whether or not these providers have been compelled to adopt similar logging practices in the area, or whether they intend to continue operating in Brazil.
Private Internet Access is also to withdraw its servers from Johannesburg, South Africa, after the closing of its local partner datacenter.