Transposes To The Internal Legal Order The Directive 2006/24/ec Of The European Parliament And Of The Council Of 15 March 2006 On The Retention Of Data Generated Or Processed In Connection With The Provision Of Public Electronic Communications Services

Original Language Title: Transpõe para a ordem jurídica interna a Directiva n.º 2006/24/CE, do Parlamento Europeu e do Conselho, de 15 de Março de 2006, relativa à conservação de dados gerados ou tratados no contexto da oferta de serviços de comunicações electrónicas public

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now

Read the untranslated law here: http://app.parlamento.pt/webutils/docs/doc.pdf?path=6148523063446f764c3246795a5868774d546f334e7a67774c336470626d6c7561574e7059585270646d467a4c316776644756346447397a4c334277624445324d5331594c6d527659773d3d&fich=ppl161-X.doc&Inline=false

1 PROPOSAL of law No. 161/X reasons personal data protection, privacy, privacy of correspondence and telecommunications is of relevance in the context of the safeguarding of fundamental rights, both internally in the Member States of the European Union, such as at Community level. In a situation in which the boundaries between the virtual and material has long been blurred and that people and organizations to act with increasing agility in computer and telecommunications domain, it is also recognized that the new technologies are a tool which could be used for illicit purposes against which the community and the States cannot fail to equip. The need to provide the Member States of the European Union effective instruments for combating crime and terrorism led the Community institutions to opt for the harmonization of legal frameworks that apply in this area, through the creation of the obligation of conservation of certain data concerning communications, on the part of the providers of publicly available electronic communications services or of a public communications network by Directive No. 2006/24/EC of the European Parliament and of the Council of 15 May 2006 concerning the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58 Nr./CE, of the European Parliament and of the Council of 12 July 2002. The main purpose of this directive was to oblige the providers of publicly available electronic communications services or of a public communications network to save a DataSet defined in that directive, so that they can be accessed for the purpose of combating serious crime. There is no question the conservation of data relating to the content of the communications, but before the so-called ' traffic data and location ', that is, data needed to, for example, to find the source of a communication, the date, time and duration of the same or the location of mobile communication equipment used. 2 this draft law aims at transposing the directive. Thus, the providers of publicly available electronic communications services or of a public communications network are required to keep certain communications data specifically defined so they can be accessed by competent authorities, solely for the purpose of investigation, detection and prosecution of serious crimes. This Bill recognizes the sensitivity of the values in presence and conservation of data concerned. For this reason, special restrictions are adopted, precautions and security measures in the access to and processing of data and of the supervision and monitoring of compliance with the obligations laid down. So, first of all, the data retention can only be for the purpose of investigation, detection and prosecution of criminal, being expressly prohibited the use thereof for other purposes. Secondly, the access to the data can only be requested by the Prosecutor or by certain criminal police authorities and depends on the judge's decision. Thirdly, access to data is still two important limitations. On the one hand, only is admitted for investigation, suppression or detection of serious offences, i.e. those in which, under the criminal procedural legislation, it is possible the interception and recording of communications content. On the other hand, access to data is limited to the appropriate, necessary and proportionate in relation to the case. Fourthly, the data may not be saved eternally. Establishes that the storage period is one year, which corresponds to half of the maximum conservation period allowed by the directive that is now implementing. Fifthly, persons who, within the framework of the providers of publicly available electronic communications services or of a public communications network, must perform tasks associated with the fulfilment of the obligations laid down in this proposal must be specially authorized and registered with the National Commission for data protection (CNPD). Sixthly, adopt stringent rules regarding destruction of stored data, making sure that your use does not exceed the strict purposes of investigation, detection and prosecution of serious crimes for which they were kept.

3 Finally, is committed to an independent administrative entity-the CNPD-the function of the enforcement of this Bill. So, it is namely this authority to draw up a register of the extraction of the data transmitted and the imposition of fines for non-compliance with the rules laid down. Were heard the Superior Council of the Magistracy, the High Council of the Public Ministry, the Bar Association, the National Commission for Data Protection and communications Institute of Portugal-National Communications Authority.

So: under d) of paragraph 1 of article 197 of the Constitution, the Government presents to the Assembly of the Republic the following Bill: 1 – article 1 subject-matter this law regulates the conservation and transmission of traffic and location data relating to natural persons and legal persons, as well as the related data necessary to identify the Subscriber or registered user for purposes of investigation, detection and prosecution of serious crimes on the part of the competent authorities, transposing to the internal legal order the directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58 Nr./CE, of the European Parliament and of the Council of 12 June 2002, concerning the processing of personal data and the protection of privacy in the electronic communications sector. 2-the conservation of data revealing the content of communications is prohibited, without prejudice to the provisions of law No. 41/2004, of 18 August, and on criminal procedural law relating to the interception and recording of communications. 4 Article 2 Definitions


1-for the purposes of this law: (a)) ' data ' means traffic data and location data, as well as the related data necessary to identify the Subscriber or user; b) "telephone service" means any of the following services: (i)) calling services, including voice calls, voicemail, conference call or data transmission; II) supplementary services, including call forwarding and call transfer; and iii) and multimedia messaging services, including the short message service (SMS), enhanced messaging services (EMS) and multimedia services (MMS). (c)) code of user identification (user ID), a unique code assigned to people, when these become subscribers or enrolling in an Internet access service or Internet communications service; d) «cell identifier» («cell ID '), the identification of the source and target cell of a phone call in a mobile network; e) «telephone call failed ' means a communication in which the telephone connection was established, but got no answer, or that there has been a network management intervention; f) ' competent authorities ' judicial authorities and the criminal police authorities of the following entities: i) the judicial police; II) the National Republican Guard; III) public security police; IV) the Military Judicial Police; v) the Foreign and border service; vi) the marine police; 5 vii) the General Inspectorate of the environment and regional planning (IGAOT) and entities, in accordance with the applicable standards, are competent for research, in the autonomous regions, in matters of environmental impact, in accordance with this law, as serious crimes; VIII) the organs of the tax administration; IX) the organs of the social security administration. g) ' serious Crime ', the crimes for which the criminal procedural legislation admits the interception and recording of conversations or communications. 2-for the purposes of this law, shall apply, without prejudice to the provisions of the preceding paragraph, the definitions laid down in law No. 67/98 of 26 October, and law No. 41/2004 of 18 August.

Article 3 Purpose of treatment 1 – the conservation and transmission of data have for sole purpose the investigation, detection and prosecution of serious crimes by the competent authorities. 2-the transmission of the data to the competent authorities can only be ordered or authorized by a reasoned order of the judge, in accordance with article 9 3-the data subject cannot oppose to their preservation and transmission.

Article 4 categories of data to be retained


1 – the providers of publicly available electronic communications services or of a public communications network shall keep the following categories of data: a) data necessary to find and identify the source of a communication; b) data needed to find and identify the destination of a communication; 6 c) data necessary to identify the date, time and duration of a communication; d) data necessary to identify the type of communication; e) data necessary to identify the telecommunication equipment of the users, or what is considered to be the your equipment; f) data necessary to identify the location of mobile communication equipment. 2-for the purposes of point (a)) of the preceding paragraph, the information necessary to find and identify the source of a communication are the following: a) concerning fixed network telephony and mobile telephony: i) the called telephone number; II) the name and address of the Subscriber or registered user. b) with regard to Internet access, Internet e-mail and Internet Telephony: (i)) identification codes assigned to the user; II) the user ID and telephone number allocated to any communication between the public telephone network; III) the name and address of the Subscriber or registered user to whom the IP address, user ID, or the telephone number were assigned at the time of communication. 3-For the purposes of paragraph b) of paragraph 1, the data needed to find and identify the destination of a communication are the following: a) concerning fixed network telephony and mobile telephony: i) The dialed numbers and, in cases involving supplementary services such as call forwarding or call transfer, the number or numbers to which the call was forwarded; II) the name and address of the Subscriber or registered user. b) with regard to Internet e-mail and Internet Telephony: (i)) the user ID or telephone number of the intended recipient, or a telephone communication via the Internet; 7 ii) the names and addresses of subscribers, or of all registered users, and the user ID of the intended recipient of the communication. 4-for the purposes of subparagraph (c)) of paragraph 1, the data necessary to identify the date, time and duration of a communication are the following: a) concerning fixed network telephony and mobile telephony, the date and time of the start and end of the communication; b) with regard to Internet access, Internet e-mail and Internet Telephony: (i)) the date and time of the beginning (log-in) and the end (log-off) the connection to the Internet access service based on the given time zone, along with the address of the IP Protocol, dynamic or static, allocated by the supplier of the Internet access service to communication as well as the user ID of the Subscriber or registered user; II) date and time of the beginning and the end of the e-mail service through the Internet or communications over the Internet, based on the given time zone. 5-for the purposes of point (d)) of paragraph 1, the data needed to identify the type of communication are the following: a) concerning fixed network telephony and mobile telephony, the telephone service used; b) with regard to electronic mail through the Internet and Internet telephony, the Internet service used. 6-For the purposes of paragraph e) of paragraph 1, the data needed to identify telecommunications equipment of the users, or what is considered to be the your equipment are the following: a) with regard to telephone calls in the fixed network, the phone numbers of origin and of destination; b) with regard to telephone communications in the mobile network: i) the telephone numbers of origin and destination; II) International Mobile subscriber identity (International Mobile Subscriber Identity or IMSI) of the caller; 8 iii) the International Mobile equipment Identity (International Mobile Equipment Identity or IMEI) of the caller; IV) the IMSI of the recipient of the call; v) the IMEI of the phone call recipient; vi) in the case of pre-paid anonymous nature of services, the date and time of the initial activation of the service and the handle of the cell from which the service was activated. c) with regard to Internet access, Internet e-mail and Internet Telephony: (i)) the phone number requesting access for phone line; II) the digital subscriber line (digital subscriber line, or DSL), or any other terminal identifier of the author of the communication. 7-For the purposes of paragraph f) of paragraph 1, the data necessary to identify the location of mobile communication equipment are the following: a) the identifier of the cell at the start of the communication; b) data identifying the geographic location of cells by reference to their respective cell identifiers during the period in which the data retention.

Article 5 scope of data retention requirement 1 – telephone and Internet data concerning telephone calls have failed should be kept when they are generated or processed and stored by the entities referred to in paragraph 1 of article 4, in the context of the provision of communication services. 2-data on established calls are not preserved.

Article 6 shelf-the entities referred to in paragraph 1 of article 4 shall keep the data referred to in that article for a period of one year from the date of completion of the communication.

9 Article 7 data protection and security


1-the entities referred to in paragraph 1 of article 4 shall: a) Save the data for the categories referred to in article 4 in order to be provided immediately, by reasoned order of the judge, to the competent authorities; b) ensure that the data stored are of the same quality and are subject to the same protection and security that data on the network; c) Take appropriate technical and organisational measures to protect the data referred to in article 4 against accidental or unlawful destruction or accidental loss or alteration, and storage, processing, access or disclosure unauthorized or illicit use; d) Take appropriate technical and organisational measures to ensure that only specially authorized people have access to data related to the categories provided for in article 4; and) destroy the data at the end of the storage period, except for the data which have been made available and preserved; f) destroy the data that has been made available and preserved, where it is determined by the judge. 2 – data for the categories referred to in article 4 should remain blocked since the beginning of your upkeep, just being unlock target for release, pursuant to this law, the competent authorities. 3-Are laid down in Ordinance of Cabinet members responsible for areas of internal administration, justice and communications, the technical conditions concerning the protection and security of data. 4-the preceding paragraphs shall not preclude the observation of principles or the rules related to quality and to safeguarding the confidentiality and security of data provided for in law No. 67/98 of 26 October, and law No. 41/2004 of 18 August. 5-the public authority responsible for monitoring the application of this article is the National Commission for data protection (CNPD). Article 8 registration of 10 persons especially authorized 1 – the CNPD must maintain an electronic register permanently updated specially authorized persons to access the data, in accordance with subparagraph (d)) of paragraph 1 of the preceding article. 2-for the purposes set out in the preceding paragraph, the providers of electronic communications services or of a public communications network shall refer to the CNPD, by exclusively electronic, the data necessary for identification of the people specially authorised to access the data.

Article 9 1 Data Transmission-the transmission of data for the categories referred to in article 4 may be authorised except by order of the judge reasoned, as such is necessary for the investigation, detection and prosecution of serious crimes. 2-the authorization referred to in the preceding paragraph may only be requested by the Prosecutor or by the competent criminal police. 3-can only be authorized data transmission: a) the suspect or accused; b) the person who serve as an intermediary, for which there are reasonable grounds for believing that receives or transmits messages destined or proceeding from a suspect or accused; or c) the victim of the crime, upon their consent, actual or presumed. 4-the judicial decision to transmit the data must comply with the principles of appropriateness, necessity and proportionality, in particular as regards the definition of the categories of data to be transmitted and competent authorities with access to the data. 5-the preceding paragraphs shall not preclude the taking of cell phone location data necessary to ward off danger to the life or physical integrity is serious offense under article 252 of the code of criminal procedure. 6-the entities referred to in paragraph 1 of article 4 should compile records of the extraction of data transmitted to the competent authorities and send them to the CNPD. 11 article 10 technical conditions of transmission of the data transmission of data related to the categories provided for in article 4 takes place through electronic communication, in accordance with the technical and safety conditions laid down in Ordinance of Cabinet members responsible for areas of internal administration, justice and communications.

Article 11 Data Destruction 1-the judge determines, ex officio or at the request of any interested party, the destruction of the data in the possession of the competent authorities, as well as of available data and preserved by the entities referred to in paragraph 1 of article 4, as soon as they are no longer strictly necessary for the intended purpose. 2 – it is considered that the data will no longer be strictly necessary for the intended purpose as soon as one of the following circumstances occurs: the definitive Archive of criminal procedure); b) Absolution, which has become final; c) conviction, which has become final; d) Prescription of criminal proceedings; and) Amnesty.

Article 12 administrative offences 1-without prejudice to the criminal liability that there is place under the law, constitutes a misdemeanour: the) conservation of the categories of data referred to in article 4; b) the failure of conservation provided for in article 6; c) transmission of data to the competent authorities, when authorized in accordance with article 9; 12 d) the failure of any of the rules relating to the protection and security of the data referred to in article 7; e) no blocking of data, as referred to in paragraph 2 of article 7; f) data access per person not specifically authorized in accordance with paragraph 1 of article 8; g) not sending data necessary for identification of the people specially authorized, under paragraph 2 of article 8 2 – The contravention referred to in the preceding paragraph are punishable with fines of € 1500 to € 25 000 or € 5000 to € 5 000 000 depending on whether the agent is a natural person or legal entity. 3-the attempt and negligence are punishable.

Article 13 a misdemeanour procedures and application of fines 1-Competes to the CNPD the statement of offense and its imposition of fines relating to the conduct referred to in the previous article. 2-the amount of the sums levied as a result of the application of fines is distributed as follows: 60% for the State); b) 40% to the CNPD.

Article 14 applicability of sanctioning regimes provided for in law No. 67/98 of 26 October, and law No. 41/2004, of August 18 the provisions of articles 12 and 13 shall be without prejudice to the application of the provisions of Chapter VI of law No. 67/98 of 26 October, and in chapter III of law No. 41/2004 of 18 August.


13 article 15 information annual statistics to the Commission of the European Communities 1-the CNPD transmits annually to the Commission statistics on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of a public communications network. 2-in order to comply with the provisions of the preceding paragraph, the entities referred to in paragraph 1 of article 4 shall, until 1 March of each year, submit to the CNPD the following information concerning the preceding calendar year: a) the number of cases in which information has been transmitted to the competent national authorities; b) the period of time between the date from which the data were retained and the date on which the competent authorities have applied to your transmission; and (c)) the number of cases in which the authorities ' requests could not be met. 3-the information provided for in the preceding paragraph cannot contain any personal information.

Article 16 entry into force this law shall enter into force on the day following your publication.

Seen and approved by the Council of Ministers of September 6 2007 the Prime Minister the Minister of Parliamentary Affairs Minister Presidency