Contributed By Pinheiro Neto Advogados
Considering that Brazilian labour legislation has recently allowed and regulated this contracting model, we expect the IT outsourcing market to expand in the years to come.
Although it is possible cost reduction is an important factor in IT outsourcing, the focus on the efficiency and reliability it provides seems more important than merely a cut in costs. Due to the increase of competition between IT service providers, companies can find, in the IT market, the best expertise available to cater for their business.
New business models will change the landscape of IT outsourcing. IT trends include automation, artificial intelligence (AI), 5G and the internet of things (IoT). Over the next few years, these trends are going to become reality, in no small part due to the vast investments made in this field, and this has the potential to change the work landscape and make the need for IT services even more critical for businesses.
The demand for cloud data storage is on the rise considering its costs and efficiency. However, every day companies are becoming more and more concerned about the security of their systems and their data and this will require the outsourcing of IT services to find ways to mitigate the risk of data breaches and threats pertaining to cloud-based computing and storage services.
BP (business process) outsourcing allows companies to focus on their core businesses. BP contractors bring technology, expertise and high-quality non-core processes and allow companies to dedicate their time and energy to the key focus of their businesses.
One trend is the use of emerging technologies such as data mining, bid data, cloud computing and storage, social media, software and automation to reduce costs and accelerate growth.
Several industries, such as business services, supply chain management, banking, asset management, e-commerce and healthcare, are increasingly implementing BP outsourcing in their operations.
One point of attention is that BP outsourcing requires a study of the contracting companies’ businesses, internal procedures and infrastructure and, as a result of this, the sharing of sensitive data and information with their service providers, which could increase the likelihood of a data breach.
Nowadays, the advent of new technology is increasingly affecting the society as a whole. This is no different when looking at the labour market.
We are constantly seeing new companies offering new and alternative formats for services in Brazil, many of them in the gig economy. The ride-hailing services we know well were just the first; other gig economy businesses now offer real-time delivery of almost anything: housekeeping, bartenders and waiters, real estate brokers and even some types of legal services.
The main discussion arising from these new technologies and model of business is the level of autonomy between the service provider and the end customer; the old-time employee vs independent contractor discussion.
It is clear to most users that gig economy workers are less similar to employees than independent contracts (eg, they are free to log in and log out when they want and are not required to be on one platform exclusively) and Brazilian courts are still looking into, and making sense, of this phenomenon.
It is worth mentioning that the Brazilian Superior Court of Justice has recently ruled that, because the case deals with independent contractors, civil courts - and not labour courts - are the ones to resolve a case brought by, for example, an Uber driver (Case No. CC 164544). This decision, however, falls short of resolving the issue entirely as, in this case, the driver was not challenging his status as an independent contractor.
Additionally, there is some concern about unemployment caused by AI and robotics replacing workers, but this discussion is still in a very early stage and should gain some momentum in a few years.
When it does gain momentum, one might expect that scholars and legislators may construe an analogy with two types of jobs, which, albeit on the verge of extinction in many places, still exist to an extent in Brazil, partially due to pressure from labour unions: public transport ticket collectors; and petrol pump attendants in our service stations.
There are a few federal statutes regulating outsourcing in Brazil. Federal Law No. 6,019/1974 (as recently amended by Federal Law No. 13,429/2017), regulates contingent work and outsourcing in general. Under this statute, businesses may engage a vendor to supply contingent workers for up to 180 days, and this term may be extended for a further 90 days. These workers can be engaged if one or more members of the permanent staff are on leave, or if the company needs additional workers for unexpected upsurges in business activity or for seasonal reasons. This law also regulates outsourcing in general, which is defined as an arrangement whereby businesses contract specific and defined services from independent contractors.
Before these recent legislative changes, precedents regulated the matter. The Superior Labour Court (“TST”) issued the Precedent (“Súmula”) 331, setting certain parameters for valid outsourcing. In sum, the TST ruled that outsourcing would be valid only when authorised by law or when the outsourced workers acted only in non-core activities and independently of the recipient of the services. If their services resembled (in a judge’s interpretation) the core activity of the recipient of their services, or if they reported directly to employees or agents of that principal, courts would reclassify these workers as employees.
The amended statute overruled the court precedent and allowed businesses to use contractors in any activity. The requirement that outsourced personnel must be independent of the principal company survived. In other words, if the principal is the one supervising their services, courts can reclassify them as principal’s employees instead of outsourced workers.
Law No. 6,019/1974 has been challenged. Some political parties and unions brought a suit, arguing the new rules were unconstitutional. This matter was put to rest as, on 30 August 2018, Brazil’s Supreme Court (“STF”) issued an opinion on a leading case, defending that the outsourcing or any other form of division of work between different legal entities is lawful, regardless of the corporate purpose of the companies involved, while the recipient of the services continues to be subject to secondary liability (applicable if the employer of the outsourced workers breach labour and employment laws).
There are some industry specific legal restrictions and permissions. The outsourcing of government IT and telecommunication services (covered by Laws. No. 8,987/95, No. 9,074/95 and No. 8,666/93) requires bidding processes. Telecom carriers and utilities could use third-party contractors in the rendering of their services to customers (Federal Laws No. 9,472/1997 and No. 8,987/1995). Federal Law No. 7,012/1983 regulates security and cash in transit services.
Outsourcing in private companies is subject to the Brazilian Federal Constitution, the Consumer Protection Code and labour law (as summarised in 2.1 Legal and Regulatory Restrictions on Outsourcing).
The rule of thumb in public sector is that outsourcing transactions must follow the bidding procedures set forth in specific laws.
In general, when the Federal Union, the States, the Municipalities or the Federal District are involved, outsourced must be done via one of the following types of procurement processes:
Law No. 10,520/02 also created another type of procurement process, the reverse auction, which is very common in Brazil and is carried out by public entities to contract regular goods and services. Furthermore, there is also the electronic reverse auction, regulated by Decree No. 5,450/05.
As for state-owned companies, Law No. 13,303/16 provides general rules for the procurement process to be followed by these entities.
Some specific rules apply to the outsourcing of telecommunications and IT services (Decree No. 7,174/2010) in the public sector.
Considering that Brazilian law establishes specific requirements that should be observed to avoid the mischaracterisation of outsourcing, companies must seek legal counsel and proceed with a prior in-depth study of the operations they intend to outsource.
Brazil has no specific data protection regulation currently in force. The collection, storage, use, disclosure and processing of personal data in Brazil is subject to a set of rules provided by general legal statutes, such as the Federal Constitution, Civil Code, Consumer Protection Code, Civil Rights Framework for the Internet, Decree No. 8,771/2016 and Decree No. 7,724/2012.
Due to the broad definition of internet application providers by the Civil Rights Framework for the Internet (which covers any “functionalities that may be accessed through a terminal connected to the internet”), when it comes to the collection of personal data and private communications in the online environment, it will be subject to these regulations and their specific obligations.
Restrictions Involving the Personal Data of Internet Application Users
The supplier is obliged to collect and keep internet application access logs (IP address, date and time of registration) of the data subjects confidential, within a controlled and safe environment, for a period of six months.
The supplier can only disclose access logs and personal data to third parties upon the prior, informed consent from data subjects, or in compliance with court orders rendered in civil or criminal cases.
Brazilian General Data Protection Act (Lei Geral de Proteção de Dados Pessoais - “LGPD”)
A single specific data protection law in Brazil has been recently approved and will come into force in August 2020: Law No. 13,709/2018. LGPD provides additional and detailed rules on the collection, use, processing and storage of personal data in Brazil, in regards to both online and offline activities and was inspired by the General Data Protection Regulations of the European Union (“GDPR”).
Any outsourcing transaction will need to comply with the LGPD as of August 2020. This law applies to individuals and entities that process personal data in the Brazilian territory, regardless of the location of the controller or processor, and requires a legal basis for data processing.
In general, the LGPD establishes principles regarding the processing of personal data, data subjects' rights, legal bases for processing, accountability measures, specific rules for international transfer of personal data, penalties and civil liability for data breaches or any other form of improper processing of personal data.
With regard to requirements/restrictions to process personal data, the LGPD requires a valid lawful basis. There are ten available lawful bases for data processing, including:
As of August 2020, companies will be required to find the most appropriate legal basis to justify the processing of data.
The Civil Rights Framework for the Internet and Federal Decree No. 8,771/2016 impose some specific security standards on Internet providers with regards to the storing and processing of personal data and private communications.
The LGPD also requires the treatment agents to adopt security, technical and administrative measures to protect personal data and avoid any unauthorised access. Specific rules and legal provisions regarding information security may apply to certain industries.
Restrictions on Cross-border Transfer of Data
Brazilian law currently does not set forth cross-border transfer restrictions, data localisation obligations or specific procedures applicable to personal or non-personal data processed by private entities in general. There is no specific procedure applicable to cross-border transfers and, as a rule, private entities are not required, under the Brazilian law, to locate their databases or process personal or non-personal data of consumers within Brazilian territory.
The LGPD will restrict the transfers of personal data outside Brazil, unless they fall within the scope of one of the exceptions provided by law. This restriction will apply to all transfers, regardless of the volume and frequency of the transfers or who the receiving party is. Furthermore, the transfer restriction applies to transfers within the same company and those between companies of the same group.
Under LGPD, the transfer of personal data to other countries may only occur:
The LGPD does not set forth the specific proceedings related to cross-border transfers. Regulations on this are expected to be issued by the data protection authority, which is still in the process of being created.
Any infringement of the data processing rules provided by the Civil Rights Framework for the Internet will subject the responsible party to:
The LPGD also establishes that, in case of violation and non-compliance with its provisions, the responsible party will be subjected to warnings, fines of up to 2% of a companies' annual turnover or BRL50 million per infraction and daily fines, among other sanctions indicated in Article 52. There are also several sanctions that may be imposed in case of violation of the consumer’s privacy according to the Consumer Protection Code.
Specific terms on data protection can be included in the services agreements, such as the obligation of the parties to ensure that any processing of personal data must observe certain standards of information security. The parties can also establish that they will take all related security, technical, administrative measures required in order to protect personal data and avoid unauthorised access or any inappropriate processing and may be held liable for any damage that might affect data subjects should these measures be insufficient or be breached.
In Brazil, the standard supplier customer model is the services agreement. This is the type of agreement used for most outsourcing agreements. There are two types of legal structure frequently implemented regarding services agreements: a master agreement between the contractor and recipient of the services, where the specific services are governed under schedules; or specific contracts for specific types of services. Note, however, that the recent statute governing outsourcing defines outsourcing as the contracting of defined and specific services. In view of this, specific contracts are preferable.
Although the services agreement is the most common type of contract model used for an outsourcing transaction, some alternative contract models can be used.
One alternative model of outsourcing which involves the corporate structure of the contracting parties is the joint venture (JV) agreement. This type of agreement may also be used for an outsourcing transaction in a case whereby the supplier incorporates a new entity in the form of a JV. Advantages of this type of agreement include the shared risk and the possibility of entering into a new business with a smaller financial commitment. In addition, the customer is more capable of interfering with the provision of services. One downside is the time required to form a successful JV and the difficulty in establishing the limits of liability of each contracting party, since both of them share the risk of the business (for employment purposes, for instance, the liability would be joint and several for the members of a JV).
As the companies usually contract different suppliers for services that are not part of their core business, multi-sourcing is also a common practice.
Considering that the captive and shared services centres are usually implemented in-house, it is not technically correct to classify these services as a type outsourcing in Brazil. In this model, the relevant in-house employees will be designated to execute the services and there would be no contracting of suppliers.
A captive or shared services centre involves more investment in the initial years in comparison to the outsourcing model. For this reason, the companies must choose a model that works for their business and operational needs. Companies generally opt for captive and shared services centres when they have an interest in supervising the services closely or in case an employee must perform a specific activity due to confidentiality.
To define the location of a shared services centre, companies must understand, not only the financial factors of the local market, but also the regulatory requirements involved. Where companies choose to outsource, these studies and costs can be avoided as the service provider will already have an established infrastructure, which allows the operations to commence within a short period of time and with no capital investment required.
In order to protect the customer against a breach of contract by the supplier, the following terms could be included in the services agreement:
It is also recommended to include in the services agreement a provision establishing that the supplier’s employees will be subject to the customer’s anti-corruption policy and code of conduct.
The liability arising from the outsourcing relationship is also a customer protection, as detailed in 4.3 Liability.
A breach of contract gives rise to the suspension of compliance to the obligations set forth in the agreement, as well as monetary damages and/or “just cause” for the termination of the outsourcing agreement should the cause of the breach not be rectified during the cure period (in the case a breach can be cured). Specific performance goals and injunctions are also available as remedies, but are an exception and apply only when damages are not an adequate remedy and other criteria under Brazilian procedural rules are met.
The parties are free to establish their own terms of the contract. However, the practice is to have these contracts entered into for a fixed term (varying from two to five years). Most contracts allow for renewal.
Considering the lack of specific regulation on the termination of outsourcing agreements, the general rule usually applies, ie, either party may unilaterally terminate the agreement without cause upon 30-90 days’ prior written notice to the other party, according to Article 473 of the Brazilian Civil Code. Usually, fees are payable until the end of the notice period. However, if one of the parties has made significant investments to perform to the services agreement, the termination may only be effective after a period proportional to the nature of the investment required has elapsed.
One of the parties may only unilaterally terminate fixed-term agreements without cause if it is expressly provided in the agreement and that reasonable prior notice is given in accordance with the term and investments made by the parties. In addition, the Civil Code provides a default rule of severance pay: 50% of the fees payable from the date of termination to the original end of the term. This would apply in the absence a contractual provision in connection with notice and possibility of early termination. If the agreement does not contain a provision of termination without cause, the terminating party may face a dispute for “losses and damages”. According to Article 944 of the Civil Code, the amount of compensation for losses and damages must be determined according to the extent of the harm caused.
When it comes to employment agreements, some contracts establish additional payments, such as compensation for upfront investments and or severance pay triggered by the termination of employees as provided under Brazilian employment law. Contractually provided “just causes”, if not subject to a cure period (sometimes set to be 30 days), usually authorise immediate termination, ie, without any notice. In this situation, no payment, other than normal fees for the services rendered until termination for “just cause”, is required.
To mitigate the risk of a claim for damages due to the termination of an outsourcing arrangement, the terminating party must, if terminating without cause, make sure that notice and outstanding payment requirements, if any, are met, and, if terminating with just cause, make sure there is material evidence of the cause and that the occasional cure period has passed.
In Brazil, it is customary to add a general indemnity and hold harmless provisions, where the independent contractor must keep the recipient of the services harmless from any liability imposed by labour, social security and tax courts and authorities. Besides this, contractors generally assume the obligation to reimburse any expenses that the contracting party may incur in case of labour lawsuits eventually filed by the supplier’s employees.
It is worth mentioning that, as a rule, the contracting party is not joint or directly liable for the labour and employment rights of the supplier’s employees. The customer holds secondary liability for the suppliers’ employees’ rights, which is restricted to the period of the rendering of the services by the employee to the customer. This means that the contracting company will only be held liable for employment obligations arising from the outsourced services in the case the supplier cannot comply with its obligations (for example, due to bankruptcy, insolvency, etc).
Parties are generally free to contract liquidated damages, compensatory or non-compensatory penalties (the former would count towards additional damages) and to cap or limit certain types of damages.
Certain situations of liability, however, cannot be excluded under Brazilian law, such as in cases of fraud, harassment, discrimination, torts, environmental risks and consumer contracts, and shall be subject to civil (and sometimes criminal) charges.
There is no restriction under Brazilian law on the agreement of a financial cap on liability by the contracting parties. However, it is advisable to set certain caveats to this cap since the liability provisions must be reasonable and justifiable. For instance, employment disputes with independent contractors’ employees may become a sizable exposure and, in view of this, a recipient of the services may prefer to carve this situation out of a cap on liability.
In general, the courts do not uphold a limitation of liability provisions and define whether the limitation is reasonable or not on a case-by-case basis by considering the nature of the contract, the damages that it may cause and whether the limitation violates Brazilian public policy rules.
Law 6,019/1974 — as amended by Law 13,429/2017 — sets out terms to outsourcing contracts that cannot be disposed or changed by parties. The most important ones are:
In Brazil, employees can be transferred by operation of law under two specific situations: a change to the employer deriving from a corporate reorganisation (merger, acquisition, incorporation, etc); or between two companies belonging to the same economic group (when two or more companies are held, managed or controlled by the same parent company).
In view of this, outsourcing transactions do not trigger any transfer by operation of law because outsourcing means a triangular legal relationship in the engagement of services. Instead of contracting an employee directly, a company contracts a third company that, within the scope of a contractual relationship, provides resource.
Outsourced workers are hired, paid and have their work overseen by the service provider. The recipient of the services cannot (or at least should not) directly control or manage outsourced workers as this would be an element of employment with the outsourced worker. Although outsourcing is now subject to more flexible rules, the recent legislative change did not modify the legal definitions of an employee and of an independent contractor, see Articles 2 and 3 of the Consolidated Labour Laws (“CLT”). As a result, labour courts can still reclassify outsourced workers as employees.
As a rule, companies do not need to consult with unions or workers to implement outsourcing contracts. Nevertheless, it is important to check collective bargaining agreements to confirm they do not have any provision on outsourcing.
In an outsourcing contract, it is advisable to add a provision whereby the recipient of the services can direct the independent contractor to replace the employees engaged in services under the outsourcing transaction. The ultimate decision to terminate or not to terminate the employment of an individual is on the independent contractor.
Moreover, the outsourcing contract normally requires the contractor to prove, monthly or at any time (sometimes under penalty of fees being withheld), the payment of all salaries, benefits taxes and social security charges. These obligations stem from the secondary liability. If the independent contractor or subcontractor fails to pay their employees, the recipient of their services will be required to make those payments.
It is also common practice to ask for the personal information of outsourced employees, including their names and ID numbers, to grant them access to company facilities. In view of these two facts, the outsourcing contract should ideally cause the independent contractor to obtain employee consents when necessary or required.
The customer can both retain the ownership of its assets in an outsourcing transaction or transfer, or lease and license them during the period of the contract. To transfer, lease or license the assets, the customer and the supplier must enter into an agreement setting forth the conditions of the use and re-purchase of the asset at the end of the agreement. These are the main formalities to transfer, lease or license assets on an outsourcing transaction:
Transfer of IP Rights
Notwithstanding the contract by which the parties set forth the terms of the transfer, the parties must register the transfer with the respective administrative entities:
Even though the copyright and registration of software is not mandatory to ensure its ownership, if they are already registered at the competent bodies, the transfer of such IP rights must also be duly registered.
Licensing of IP Rights
As a rule, the registration of the licensing contract at the INPI is not required. However, to be effective against third parties and allow the remittance of royalties abroad if the licensor is a foreign entity, as well as to enable the deductibility of payments by the licensee for tax purposes, some agreements must be registered at the INPI, including: technology agreements; trademark, patent, industrial design licence agreements; and franchise agreements.