Amendment Of The Telecommunications Act 2003 - Tkg 2003

Original Language Title: Änderung des Telekommunikationsgesetzes 2003 - TKG 2003

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.

27. Federal Act to amend the 2003 Telecommunications Act-TKG 2003

The National Council has decided:

The Telecommunications Act 2003-TKG 2003, BGBl. I n ° 70/2003, as last amended by the Federal Law BGBl. I No 50/2010, shall be amended as follows:

1. In Section 1 (4), the point after Z 5 is replaced by a line-point and the following Z 6 is added:

" 6.

Directive 2006 /24/EC on the retention of data relating to the provision of data publicly available electronic communications services or public communication networks, and amending Directive 2002 /58/EC, OJ L 206, 22.7.2002, p. No. L 105 of 13 April 2006, S 54. "

2. In § 78 (2), after the expression "Data Protection Act 2000" the parenthesis expression "(DSG 2000)" inserted.

3. In § 87 (2) the word "Security Policy Act" through the phrase " The Security Police Act-SPG, BGBl. No 566/1991, " , the expression shall also be replaced by "StPO" through the phrase " The Criminal Procedure Code 1975 (StPO), BGBl. N ° 631, " replaced.

Section 90 (6) reads as follows:

" (6) Providers of communication services shall be obliged to provide administrative authorities with information on their written and reasoned request concerning master data within the meaning of § 92 (3) (3) (3) (3) (3) lit. a to e of subscribers suspected of having committed an administrative surrender by an act carried out through a public telecommunications network, to the extent that this is possible without the processing of traffic data. "

5. In § 90, the following paragraphs 7 and 8 are added in accordance with paragraph 6:

(7) Providers of communication services are obliged to inform and prosecute the competent courts, public prosecutors or the criminal police (§ 76a para. 1 StPO) in order to investigate and prosecute the concrete suspicion of a criminal offence. Information about master data (§ 92 paragraph 3 Z 3) of participants. This applies analogously to the request of the security authorities in accordance with § 53 (3a) Z 1 SPG. In urgent cases, however, such requests may be submitted orally for the time being.

(8) Mobile telephone network providers shall keep records of the geographical location of the radio cells used for the operation of their service, so that at any time the correct assignment of a location identifier (CellID) to the actual geographical location Location with geo-coordinates guaranteed for any time within a six-month period. "

6. In § 92 (2) the term " " (StPO), BGBl. No. 631/1975, " .

7. In § 92 (3), the following Z 2a and 2b shall be inserted after Z 2:

" 2a.

"subscriber identification" means the identifier which allows the unambiguous assignment of a communication process to a subscriber;

2b.

"E-mail address" means the unique identifier assigned to an electronic mailbox by an Internet e-mail provider; "

8. § 92 (3) Z 3 lit. a to c are:

" 3.

"master data" means any personal data necessary for the justification, processing, modification or termination of the legal relationship between the user and the provider or for the creation and publication of subscriber directories; These are:

a)

Name (surname and first name in the case of natural persons, name and/or name) Name for legal persons),

b)

Academic degree in natural persons,

c)

Address (residential address in the case of natural persons, registered office or Billing address for legal entities), "

9. In § 92 (3) the following Z 6a and 6b are inserted after Z 6:

" 6a.

"location identifier" means the identifier of a radio cell via which a mobile radio link is established (Cell-ID);

6b.

"Data for data" means data which is stored solely on the basis of the storage obligation pursuant to Section 102a; "

10. § 92 (3) Z 8 reads:

" 8.

"call" means a connection built up via a public telephone service, which allows for two-or multi-page real-time communication; "

11. In § 92 (3) the following Z 8a is inserted after Z 8:

" 8a.

"unsuccessful call attempt" means a telephone call where the connection has been successfully established, but which remains unanswered or in which the network management intervened; "

12. The point in accordance with section 92 (3) Z 10 is replaced by a stick point and the following Z 11 to 16 are added:

" 11.

"electronic mailbox" means an electronic filing system which is associated with a subscriber of an e-mail service;

12.

"E-mail" electronic mail, which is sent via the Internet on the basis of the Simple Mail Transfer Protocol (SMTP);

13.

"Internet telephone service" means a public telephone service within the meaning of § 3 Z 16, which is based on packet-switched communication via the Internet Protocol;

14.

"Internet access service" means a communication service within the meaning of Section 3 Z 9, which consists in the provision of facilities or services for the provision of access services to the Internet;

15.

"e-mail service" means a communication service within the meaning of § 3 Z 9, which includes the dispatch and delivery of e-mails on the basis of the "Simple Mail Transfer Protocol" (SMTP);

16.

"public IP address" means a one-time numerical address from an address block provided by the Internet Assigned Numbers Authority (IANA) or by a regional Internet registry (Regional Internet Registered Office) to a provider of an Internet access service. for the allocation of addresses to its customers, which can clearly identify a computer on the Internet and can be routed on the Internet. Public IP addresses are access data within the meaning of § 92 (3) (4a). If a specific public IP address is assigned to a participant for the duration of the contract for exclusive use, it is at the same time a master date within the meaning of section 92 (3) Z 3. "

13. § 93 (3) reads:

" (3) The listening, listening, recording, interception or other monitoring of messages and related traffic and location data, as well as the transmission of information about it by persons other than a user without consent All participating users are not allowed. This does not apply to the recording and tracing of telephone calls in the context of the receipt of emergency calls and the cases of fishing gear, the monitoring of messages and the information on data of a communication including inventory data as well as for technical storage that is required to forward a message. "

Section 93 is added to the following paragraph 5:

" (5) The secrecy of the editorial staff (§ 31 of the German Media Act) as well as other confidentiality obligations, which are standardised in other federal laws, are subject to the protection of the sacred secrecy and professional secrecy as well as to the prohibition of their Circumvention pursuant to § § 144 and 157 (2) of the StPO. The provider shall not be subject to a corresponding inspection obligation. "

15. § 94 together with the title is:

" Technical Facilities

§ 94. (1) In accordance with the regulations issued in accordance with paragraphs 3 and 4, the provider shall be obliged to provide all facilities for the monitoring of news and information on the data of a communication including the information provided by the supplier. Data on data in accordance with the provisions of the StPO are required. For the purposes of the provision, the provider shall be replaced by 80% of the costs (personnel and material expenses) which he had to spend in order to set up the functions required by the Regulations adopted pursuant to paragraphs 3 and 4 of this Article in his/her installations. The Federal Minister of Transport, Innovation and Technology, in agreement with the Federal Minister of the Interior, the Federal Minister for Justice and the Federal Minister of Finance, has, by means of a Regulation, the basis for the assessment of this percentage and the To determine the modalities for the assertion of this replacement claim. In particular, it is the economic reasonableness of the effort, the sole interest of the trader concerned in the performance of the services to be provided, and a possible due diversion by the technical possibilities offered. The risk to be counteracted by the required participation, as well as the simplicity and cost-effectiveness of the procedure, should be taken into consideration.

(2) The provider is obligated to participate in the monitoring of messages as well as the information on data of a communication, including the information on the data of the data in accordance with the provisions of the StPO, to the extent necessary. The Federal Minister for Justice, in agreement with the Federal Minister for Transport, Innovation and Technology and the Federal Minister of Finance, has to provide for an appropriate cost replacement by means of a regulation. In particular, it is the economic reasonableness of the effort, the sole interest of the trader concerned in the performance of the services to be provided, and a possible due diversion by the technical possibilities offered. Risks to be countered by the required participation, as well as the public task of the administration of justice.

(3) By means of a regulation, the Federal Minister of Transport, Innovation and Technology, in agreement with the Federal Ministers for Home Affairs and Justice, may adopt the relevant state of the art in accordance with the detailed provisions governing the design of the technical equipment to ensure the monitoring of messages in accordance with the provisions of the StPO and to protect the data to be transmitted against the unauthorised knowledge or use by third parties. After the adoption of the regulation, the main committee of the National Council must be reported directly.

(4) The transmission of traffic data, location data and master data, which require the processing of traffic data, including the transmission of data, in accordance with the provisions of the StPO and the SPG, has been carried out using a Transmission technology, which ensures the identification and authentication of the transmitter and receiver as well as the data integrity. The data is to be transmitted as a "Comma-Separated Value (CSV)" file format using a technically sophisticated encryption technology. Apart from this, the transmission of data in the cases of § 98, of data in the cases of § 99 paragraph 5 Z 3 and 4 in case of danger in default, of location data in the cases of the determination of the current location according to § § 134 ff StPO as well as the Transmission of accompanying call data in the context of a monitoring of messages. The Federal Minister of Transport, Innovation and Technology can, in agreement with the Federal Ministers of the Interior and Justice, adopt the more detailed provisions on the uniform definition of syntax, data fields and encryption. for the storage and transmission of data as well as the more detailed provisions relating to the storage of the protocols made pursuant to § 102c. After the adoption of the regulation, the main committee of the National Council shall be immediately reported. "

16. § 97 (1) reads:

" (1) Master data may be determined and used only for the following purposes without prejudice to § § 90 (6) and (7) and 96 (1) and (2) of providers:

1.

the conclusion, implementation, modification or termination of the contract with the participant;

2.

the settlement of charges;

3.

Creation of subscriber directories, in accordance with § 18 and

4.

Provision of information to emergency carriers. "

17. The previous § 98 is referred to as para. 1 and the following paragraph 2 is added:

" (2) If a current location determination is not possible, the location identifier (Cell-ID) may be processed for the last communication process of the terminal equipment of the at-risk person, even if, for this purpose, access to the terminal equipment according to § 102a (3) Z 6 lit (6 lit). d stored data is required. The provider shall inform the participant concerned about location data according to this point at the earliest after 48 hours, but at the latest after 30 days in principle by sending a short message (SMS) if this is not possible. in writing. This information has to be included:

a)

the legal basis,

b)

the data concerned,

c)

the date and time of the query,

d)

Indication of the location from which the site determination was commissioned, as well as corresponding contact information. "

18. § 99 (1) reads:

" (1) Traffic data shall not be stored or transmitted except in the cases governed by this Law and shall be deleted or anonymized immediately by the provider upon termination of the connection. The admissibility of the further use of traffic data, which are transmitted in accordance with paragraph 5, is governed by the provisions of the StPO and the SPG. "

19. § 99 (4) reads:

" (4) In addition to the cases which are particularly regulated in this law, the provider shall be prohibited from evaluating a local loop beyond the purposes of the settlement after the subscriber numbers called for by this connection. With the consent of the participant, the provider may use the data for marketing purposes for the purpose of their own telecommunication services or for the provision of services with additional benefits. "

(20) In § 99, the following paragraph 5 is added:

" (5) Processing of traffic data for information purposes is permitted for information on:

1.

Data of a message transmission according to § 134 Z 2 StPO;

2.

Access data, even if the data are stored as data in accordance with § 102a (2) (1) (3) (3) (6) (6) ( a and b or § 102a (4) (1), (2), (3) and (5) shall be stored at least six months before the request, in courts and public prosecutors in accordance with Section 76a (2) of the StPO.

3.

Traffic data and master data, if this is necessary for the processing of traffic data, as well as for information on location data on the security authorities responsible for the SPG in accordance with § 53 (3a) and (3b) SPG. If a current location determination is not possible, the location identifier (Cell-ID) may be processed for the last communication operation of the terminal device, even if access to the last communication process of the terminal device is permitted in accordance with § 102a (3) Z 6 lit. d stored data is required;

4.

Access data, even if these were stored as data in accordance with § 102a (2) (1) (1) or § 102a (4) (1), (2) and (5) at least three months before the request, on the security authorities responsible for the SPG in accordance with § 53 (3a) (3) of the SPG. "

21. The following sentence shall be added to section 102 (3):

"Without prejudice to § 93 (3), the identification and use of location data which are not in connection with a communication process is inadmissible for information purposes."

22. In accordance with § 102, the following § § 102a, 102b and 102c shall be inserted together with the headings:

" Data

§ 102a. (1) In addition to the authorisation for storage or processing in accordance with § § 96, 97, 99, 101 and 102, providers of public communications services shall, in accordance with the provisions of subsection 2 to 4, have data from the time of production or processing up to six Months after termination of communication. The storage is carried out exclusively for the investigation, detection and prosecution of criminal offences, the seriousness of which justifies an order pursuant to § 135 Abs 2a StPO.

(2) Internet access providers shall be responsible for the storage of the following data:

1.

the name, address and subscriber identification of the subscriber to whom a public IP address was assigned at a given time, indicating the time zone underlying it;

2.

the date and time of the allocation and withdrawal of a public IP address in the case of an Internet access service, indicating the time zone on which it is based;

3.

the call number of the calling port for access via the dial;

4.

the unique identifier of the port over which Internet access has been made.

(3) Providers of public telephone services, including Internet telephone services, shall be responsible for storing the following data:

1.

the subscriber number or other identifier of the calling and the called port;

2.

in the case of additional services such as call forwarding or call diversion, the subscriber number to which the call is directed;

3.

the name and address of the calling party and the called party;

4.

the date, time of the beginning and duration of a communication process, indicating the time zone on which it is based;

5.

the type of service used (calls, ancillary services and participation and multimedia services).

6.

In the case of mobile networks

a)

the international mobile subscriber identification (IMSI) of the calling and the called terminal;

b)

the international mobile radio device identifier (IMEI) of the calling and the called port;

c)

The date and time of the first activation of the service and the location identifier (CellID) on which the service was activated, if the anonymous services are pre-paid;

d)

the location identifier (CellID) at the start of a connection.

(4) Providers of email services shall be responsible for storing the following data:

1.

the participant identifier assigned to a participant;

2.

the name and address of the participant to whom an e-mail address was assigned at a given date;

3.

when sending an e-mail, the sender's e-mail address and the public IP address, as well as the e-mail address of each recipient of the e-mail;

4.

the e-mail address of the sender and the recipient of the message, as well as the public IP address of the latter communication network facility, when receiving an e-mail and delivering it to an electronic mailbox;

5.

in the case of registration and logout of the e-mail service, the date, time, subscriber identification and public IP address of the subscriber, indicating the time zone on which the subscriber is based.

(5) The storage obligation referred to in paragraph 1 shall consist only of those data as referred to in paragraphs 2 to 4, which are generated or processed in the course of the provision of the relevant communication services. In connection with unsuccessful call attempts, the storage obligation in accordance with paragraph 1 exists only insofar as these data are generated or processed and stored or logged in the course of the provision of the relevant communications service.

(6) The storage obligation pursuant to paragraph 1 does not apply to those providers whose companies are not subject to the obligation to pay the financing contribution pursuant to § 34 KommAustriaG.

(7) The content of the communication and, in particular, data on addresses accessed on the Internet may not be stored on the basis of this provision.

(8) The data to be stored in accordance with paragraph 1 shall be deleted immediately after the expiry of the storage period, without prejudice to section 99 (2), but no later than one month after the expiry of the storage period. The granting of an information after the expiry of the storage period is inadmissible.

(9) With regard to data in the form of data transmitted in accordance with § 102b, the claims for information or information about this data use are based exclusively on the provisions of the StPO.

Information on the data

§ 102b. (1) Information on data in the form of data is permitted solely on the basis of a court-approved order of the Public Prosecutor's Office for the investigation and prosecution of criminal offences, the seriousness of which justifies an order in accordance with § 135 Abs 2a StPO.

(2) The data to be stored in accordance with § 102a shall be stored in such a way that it shall immediately apply to the competent authorities in accordance with the provisions of the StPO and in accordance with the procedure laid down therein for the purpose of providing information on the data of a communication transmission. authorities may be sent.

(3) The transmission of the data shall be carried out in an appropriately protected form in accordance with section 94 (4).

Data security, logging and statistics

§ 102c. (1) The storage of the data has to be stored in such a way that it is possible to distinguish between data stored in accordance with § § 96, 97, 99, 101 and 102. The data shall be protected by appropriate technical and organisational measures against unlawful destruction, accidental loss or unlawful storage, processing, access and dissemination. Likewise, appropriate technical and organisational measures shall be taken to ensure that access to the data is reserved exclusively for authorised persons, subject to the four-eye principle. The historical data shall be stored for three years from the end of the storage period for the relevant date of storage. The control of compliance with these regulations is the responsibility of the data protection committee responsible for the data protection control in accordance with § 30 DSG 2000. The Federal Minister of Transport, Innovation and Technology can set out a detailed description of the due diligence measures to ensure data security.

(2) The providers obligated pursuant to § 102a for storage shall ensure that any access to data in the data as well as any request and information about the data in accordance with § 102b shall be logged in a revision-proof way. This logging includes

1.

the reference to the public prosecutor's or court order referred to by the provider with the request for information, in accordance with the provisions of the StPO, which is based on the transmission of the data,

2.

in the cases referred to in Article 99 (5) (3) and (4), the number of files of the safety authority notified to the provider by means of the request for information,

3.

the date of the request, the date and the exact date of the information provided,

4.

the number of transferred data records, broken down by date and category pursuant to section 102a (2) to (4);

5.

the period of storage of the data transmitted at the time of the transmission of the transmission,

6.

the name and address of the subscriber concerned by the information on the data on the supply data, as far as the provider has such data, and

7.

a unique identifier that allows the assignment of the people who have accessed the data in the provider's enterprise.

(3) The storage of the data has to be stored in such a way that it is possible to distinguish between data and data stored in accordance with § § 96, 97, 99, 101 and 102.

(4) The providers obligated according to § 102a for storage have

1.

for the purposes of the control of data protection and to ensure data security, the protocol data referred to in paragraph 2 to the Data Protection Commission and the Data Protection Council, and

2.

for the purpose of reporting to the European Commission and to the National Council, to the Federal Minister for Justice, to submit the protocol data pursuant to section 2 (2) (2) (2) to (4).

(5) The transmission of the protocol data shall be subject to the written request of the Data Protection Commission. of the Federal Minister of Justice; the transmission to the Federal Minister of Justice must also take place annually up to the 31. Jänner shall be made for the previous calendar year.

(6) In addition to the reporting requirements of paragraph 2, the storage of the transmitted data records shall be inadmissible. "

23. § 103 (4) deleted.

Section 109 (3) Z 14 reads as follows:

" 14.

Contrary to Section 94 (2), it does not participate in the monitoring of news or information on the data of a communication to the extent necessary; "

25. § 109 (3) Z 17 reads:

" 17.

does not provide information on master data or location data, or informs the participants, contrary to § 98; "

26. In Section 109 (3), the point after Z 20 is replaced by a stroke point and the following Z 21 to 26 are added:

" 21.

, contrary to § 99 (5), information on traffic data is provided or traffic data are processed for information purposes;

22.

does not store data contrary to § 102a; the criminality does not exist if the investment costs required for this purpose have not yet been paid out on the basis of a regulation adopted pursuant to section 94 (1) of this Regulation;

23.

contrary to Section 102a (8), data shall not be deleted;

24.

Contrary to § 102b, data without the existence of a judicial authorization is instituted;

25.

Contrary to § 102b, data is transmitted in non-encrypted form via a communication network;

26.

contrary to § 102c, does not log or provide the necessary information. "

27. § 109 para. 4 Z 7 reads:

" 7.

who does not provide technical facilities in the sense of Section 94 (1). The criminality shall not exist if the investment costs required for this purpose have not yet been paid out on the basis of a regulation adopted pursuant to Article 94 (1) of this Regulation; "

28. In accordance with § 136, the following § 136a including the heading is inserted:

" Linguistic equality

§ 136a. All functional designations and personal expressions used in this federal law are to be understood as gender-neutral. "

29. § 137 the following paragraph 4 is added:

" (4) § § 94 (1) and 102a (1) in the version of the Federal Law BGBl. I No 27/2011 will enter into force on 1 April 2012. "

30. The table of contents before § 1 is amended as follows:

§ § 94, 102a, 102b, 102c and 136a are:

" § 94 Technical Facilities

Section 102a Data for data

Section 102b Information on the data

§ 102c Data security, logging and statistics

§ 136a Language Equality "

Fischer

Faymann