Businesses selling online to Brazil-based consumers could be forced to store any personal data they collect about those individuals on local servers under proposed new laws under consideration in the country.

According to an automated translation of a report by the Reuters news agency, the federal government in Brazil has proposed amendments to a new civil rights law currently being worked on called the Marco Civil da Internet. Under the amendments, data collected about Brazilian internet users would have to be stored locally.

Google and Facebook have both raised objections with the plans, according to an automated translation of a report by Agência Brasil. Both are in favour of the original proposals.

"We have concerns with the [possible] changes, such as requiring the maintenance of data in Brazil," said Bruno Magrani, head of public policy at Facebook Brazil, according to the report. "This requirement would entail huge costs and inefficiencies in online business in the country, it will impact small and new technology companies that want to provide services to Brazilians."

Microsoft already has data centres in Brazil and so sees "the location of data" issue as "irrelevant", Microsoft Brazil's director-general of legal affairs and of institutional relations, Alexandre Esper, said, according to the Agência Brasil report.

The amendments may have been prompted by revelations made about a US internet surveillance programme called PRISM, according to William Beer, an information security expert at consulting firm Alvarez & Marsal.

"There are a lot of datacenter-related issues already, such as the high cost of electricity, access to skills and even the temperature, which makes it expensive to run those facilities in Brazil," Beer said. "Then if you add regulation that will present further obstacles, companies might end up moving their IT operations to other South American countries where the rules are not so strict."

The PRISM programme, it is claimed, allows the US' National Security Agency (NSA) to collect data from a number of major technology companies, including Microsoft, Facebook and Google. The revelations came from NSA whistleblower Edward Snowden and were reported by a number of newspapers, including the Guardian in the UK. They have sparked concerns about the scope and oversight of such surveillance.

The Prism revelations have prompted the European Commission to conduct a review of an existing agreement that governs personal data transfers from the EU to US. In addition, a US think tank has said that US cloud providers could lose out on up to $35 billion in revenues over the next three years as a result of the adverse publicity surrounding the Prism programme.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.