Advanced Search

Transposes To The Internal Legal Order The Directive 2006/24/ec Of The European Parliament And Of The Council Of 15 March, On The Conservation Of Data Generated Or Processed In Connection With The Provision Of Publicly Available Electronic Communicatio...

Original Language Title: Transpõe para a ordem jurídica interna a Directiva n.º 2006/24/CE, do Parlamento Europeu e do Conselho, de 15 de Março, relativa à conservação de dados gerados ou tratados no contexto da oferta de serviços de comunicações electrónicas publicamente disponí

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

1

PROPOSED LAW NO. 161 /X

Exhibition of Motives

The protection of personal data, from the reservation of the intimacy of private life, of the

correspondence and telecommunications takes on a recognized relevance in the

Context of the safeguarding of fundamental rights, both in the internal plan of States

members of the European Union, as in the community plan.

At a juncture in which the boundaries between the material and the virtual have long been slugfed

and in which people and organisations act with a growing agility in the field

informatics and telecommunications, it is also recognized that new technologies

it substantiates a tool likely to be used for illicit purposes against the

which the community and the states cannot fail to apt themselves.

The need to provide the member states of the European Union of instruments

effective combatting crime and terrorism has led community instances to

opt for the harmonisation of the legal frameworks applicable in this matter, through the

creation of the obligation to preserve certain data concerning communications, by

part of the providers of electronic communications services publicly

available or from a public communications network, through Directive n.

2006 /24/CE, of the European Parliament and of the Council of May 15, 2006 on the

conservation of data generated or treated in the context of the provision of services of

publicly available electronic communications or public networks of

communications, amending Directive No 2002 /58/CE, of the European Parliament and of the

Council, of July 12, 2002.

The main purpose of this directive was, therefore, to oblige service providers

of publicly available electronic communications or from a public network of

communications to be kept a set of data set out in that directive, so to

that can be acheed for the purpose of combating serious crime. It is not in question

the conservation of the data relating to the content of communications, but rather the

named "traffic and location data", that is, data needed to, by

example, find the source of a communication, the date, time and duration of the same or the

location of the mobile communication equipment used.

2

This proposed Act is aimed at the transposition of the said Directive. Thus the

providers of publicly available electronic communications services or of

a public communications network go on to be required to conserve certain data

of communication specifically defined, so that they can be acheed by the

competent authorities, exclusively for the purposes of research, detection and

repression of serious crimes.

This proposed law recognizes the sensitivity of values in presence and of the

conservation of the data concerned. For that reason, special restrictions are adopted,

guarded and security measures in access and processing of the data and of

supervision and enforcement of the fulfilment of the obligations set out herein.

So, first of all, the conservation of data will only be able to have for purpose the

research, detection and criminal repression, being expressly vetted using

of the same for other purposes.

Second, access to the data can only be requested by the Ministry

Public or by certain criminal police authorities and depends always on the decision of the

judge.

Third, access to the data finds still two important limitations. By

one side, it is only admitted for the investigation, repression or detection of serious crimes,

that is, of those in which, under the criminal procedural law, it is possible to

interception and the recording of the contents of the communications. On the other hand, access to the

data is limited to the appropriate, necessary and proportional face to the concrete case.

Fourth, the data in question cannot be conserved eternally.

It is established that the period of conservation is one year, which corresponds to half of the

maximum conservation period allowed by the directive that now transposes.

Fifth, the people who, within the scope of the providers of services of

publicly available electronic communications or from a public network of

communications, they should perform tasks associated with the fulfillment of the obligations

provided in this proposal must be specially authorized and registered with the

National Commission for Data Protection (CNPD).

Sixth, exacting rules on the destruction of data are adopted.

conserved, ensuring that their use does not exceed the strict purposes of

research, detection and repression of serious crimes for which they have been retained.

3

Finally, it is committed to an independent administrative entity-the CNPD-a

monitoring function of the performance of this proposed Act. Thus, it's up

in particular to this entity to draw up a record of the extraction of the transmitted data

and the application of fines for failure to comply with the established rules.

The Higher Council of the Magistrature was heard, the Higher Council of the

Prosecutor's Office, the Order of Lawyers, the National Commission for Protection of

Data and the Institute of Communications of Portugal-National Authority of the

Communications.

Thus:

Under the terms of the paragraph d) of Article 197 (1) of the Constitution, the Government presents to the

Assembly of the Republic the following proposal for a law:

Article 1.

Subject

1-A This Law regulates the conservation and transmission of traffic data and

location relating to natural persons and legal persons as well as data

related necessary to identify the subscriber or registered user, for the purposes of

investigation, detection and repression of serious crimes by the authorities

competent, transposing to the internal legal order Directive No 2006 /24/CE, of the

European Parliament and of the Council of March 15, 2006 on the conservation of

data generated or treated in the context of the provision of communications services

publicly available electronic or public communications networks, and that

amenates Directive No 2002 /58/CE, of the European Parliament and of the Council, of 12 of

June 2002, concerning the processing of personal data and the protection of privacy in the

sector of electronic communications.

2-A The conservation of data revealing the content of communications is prohibited, without

prejudice to the provisions of Law No 41/2004 of August 18 and in procedural law

penal regarding the interception and recording of communications.

4

Article 2.

Definitions

1-For the purposes of this Law, it is understood by:

a) "Data", the traffic data and location data, as well as the data

related necessary to identify the subscriber or the user;

b) "telephone service", any of the following services:

i) The call services, including the vocal calls, the vocal mail,

the teleconference or the transmission of data;

ii) The supplementary services, including the forwarding and the

transfer of calls; and

iii) The messaging and multimedia services, including the services of

short messages (SMS), the improved messaging services (EMS)

and multimedia services (MMS).

c) "User identification code" (" user ID ") , a single code

assigned to people, when these become subscribers or enroll in a

access service to the Internet , or in a communication service by the Internet ;

d) "Cell Identifier" (" cell ID ") , the identification of the source cell and

of the destination of a telephone call in a mobile network;

e) "Missed telephone call", a communication in which the link

telephone was established, but that it did not get an answer, or in which there was

an intervention by the network manager;

f) "competent authorities" the judicial authorities and the authorities of

criminal police of the following entities:

i) The Judicial Police;

ii) The Republican National Guard;

iii) The Public Security Police;

iv) The Military Judicial Police;

v) The Office of Foreign and Border Protection;

vi) The Maritime Police;

5

vii) The Inspectorate for the Environment and Planning of the Territory

(IGAOT) and the entities which, in the terms of the applicable standards, are

competent for research, in the Autonomous Regions, of crimes in

qualified environmental incidence subjects, in the terms of the present

law, as serious crimes;

viii) The organs of the tax administration;

ix) The organs of the administration of social security.

g) 'Major Crime', the crimes for which the procedural legislation

penal offence admits the interception and recording of talks or communications.

2-For the purposes of this Law, they shall apply, without prejudice to the provisions of the number

previous, the constant definitions of Law No. 67/98, of October 26, and of the Law

n. 41/2004, of August 18.

Article 3.

Purpose of treatment

1-A The conservation and transmission of the data are for the sole purpose of

investigation, detection and repression of serious crimes by the authorities

competent.

2-A The transmission of the data to the competent authorities can only be ordered or

authorized by reasoned order of the judge pursuant to Rule 9 para.

3-The holder of the data cannot oppose the respective conservation and transmission.

Article 4.

Categories of data to be kept

1-The providers of publicly available electronic communications services

or of a public communications network shall retain the following categories of

data:

a) Data required to find and identify the source of a communication;

b) Data required to find and identify the target of a

communication;

6

c) Data required to identify the date, time, and duration of a

communication;

d) Data required to identify the type of communication;

e) Data required to identify the telecommunications equipment of the

users, or what considers themselves to be their equipment;

f) Data required to identify the location of the equipment of

mobile communication.

2-For the purposes of the provisions of the paragraph a) of the previous number, the required data

to find and identify the source of a communication are as follows:

a) With regard to telephone communications in the fixed and mobile networks:

i) The source phone number;

ii) The name and address of the subscriber or registered user.

b) With regard to access to the Internet , by electronic mail through the

Internet and telephone communications through the Internet :

i) The identification codes assigned to the user;

ii) The user identification code and the telephone number

assigned to any communication that between in the public telephone network;

iii) The name and address of the subscriber or registered user, to whom the

address of the IP protocol, the user identification code, or the

telephone number were assigned at the time of communication.

3-For the purposes of the provisions of the paragraph b) of paragraph 1, the data necessary to find

and identify the destination of a communication are as follows:

a) With regard to telephone communications in the fixed and mobile networks:

i) The numbers marked and, in cases involving supplementary services,

such as the rerouting or the transfer of calls, the number or

numbers for where the call was re-routed;

ii) The name and address of the subscriber, or of the registered user.

b) With regard to e-mail through the Internet and to the

telephone communications through the Internet :

i) The user identification code or the telephone number of the

intended recipient, or of a telephone communication through the

Internet ;

7

ii) The names and addresses of the underwriters, or of the users

registered, and the user identification code of the recipient

intended for communication.

4-For the purposes of the provisions of the paragraph c) of paragraph 1, the data required for

identify the date, time and duration of a communication are as follows:

a) With regard to telephone communications in the fixed and mobile networks, the

date and time of the beginning and end of the communication;

b) With regard to access to the Internet , by electronic mail through the

Internet and telephone communications through the Internet :

i) The date and time of the start ( log-in ) and of the end ( log-off ) of the link to

access service to the Internet on the basis of a certain time zone,

together with the address of the IP protocol, dynamic or static,

assigned by the provider of the access service to the Internet to a

communication, as well as the user identification code of the

underwriter or registered user;

ii) The date and time of the start and end of the connection to the courier service

electronic through the Internet or from communications through the Internet ,

on the basis of certain time zone.

5-For the purposes of the provisions of the paragraph d) of paragraph 1, the data required for

identifying the type of communication are as follows:

a) With regard to telephone communications in the fixed and mobile networks, the

telephone service used;

b) With regard to e-mail through the Internet and to the

telephone communications through the Internet , the service of Internet used.

6-For the purposes of the provisions of the paragraph e) of paragraph 1, the data required for

identify the telecommunications equipment of the users, or what they consider

be your equipment are as follows:

a) With regard to telephone communications in the fixed network, the numbers of

source and destination phone;

b) With regard to telephone communications on the mobile network:

i) The source and destination phone numbers;

ii) The International Identity of Mobile Subscriber ( International Mobile

Subscriber Identity , or IMSI) from whom phone;

8

iii) The International Identity Of Mobile Equipment ( International Mobile

Equipment Identity , or IMEI) from whom telephone;

iv) The IMSI of the recipient of the phone call;

v) The IMEI of the recipient of the phone call;

vi) In the case of the prepaid services of anonymous character, the date and time of the

initial activating of the service and the identifier of the cell from which the

service has been activated.

c) With regard to access to the Internet , by electronic mail through the

Internet and telephone communications through the Internet :

i) The telephone number requesting the access by telephone line;

ii) The digital subscriber line ( digital subscriber line , or DSL), or

any other terminal identifier of the author of the communication.

7-For the purposes of the provisions of the paragraph f) of paragraph 1, the data required to identify

the location of the mobile communication equipment are as follows:

a) The identifier of the cell at the beginning of the communication;

b) The data that identifies the geographical situation of the cells, taking as

reference the respective cell identifiers during the period in which

proceeds to the conservation of data.

Article 5.

Scope of the obligation to preserve data

1-The telephone and the Internet relative to failed telephone calls should

be conserved when they are generated or treated and stored by the entities

referred to in Article 4 (1) in the context of the provision of communication services.

2-Data regarding unestablished calls are not conserved.

Article 6.

Period of conservation

The entities referred to in Article 4 (1) shall retain the data provided for in the

same article for the period of one year from the date of the completion of the communication.

9

Article 7.

Protection and security of data

1-The entities referred to in Article 4 (1) shall:

a) Conserve the data referring to the categories provided for in Article 4 by form

to which they can be transmitted immediately, upon dispatch

reasoned from the judge, to the competent authorities;

b) Ensure that the conserved data is of the same quality and is

subject to the same protection and security as the data on the network;

c) Taking appropriate technical and organisational measures to the protection of data

provided for in Article 4 against accidental or unlawful destruction, loss or

accidental alteration and the storage, treatment, access or disclosure not

authorized or illicit;

d) Take appropriate technical and organisational measures to ensure that

only specially authorized persons have access to the data

referring to the categories provided for in Article 4;

e) Destroy the data at the end of the conservation period, except the data that

have been provided and preserved;

f) Destroy the data that has been provided and preserved, when such

be determined by the judge.

2-Data referring to the categories provided for in Article 4 shall remain

blocked from the beginning of their conservation, only being targeted for unlock to

effects of transmission, pursuant to this Act, to the competent authorities.

3-Are fixed, in joint poration of the members of the Government responsible for the

areas of internal administration, justice and communications, technical conditions

relating to the protection and security of data.

4-The provisions of the preceding paragraphs shall be without prejudice to the observation of the principles nor the

compliance with the rules regarding the quality and safeguarding of confidentiality and

data security, provided for in Law No. 67/98 of October 26, and in Law No. 41/2004,

of August 18.

5-A competent public authority for the control of the application of the provisions of the

this article is the National Data Protection Commission (CNPD).

10

Article 8.

Registration of specially authorized persons

1-A CNPD must keep a permanently updated electronic record of the

people specially authorized to access the data, under the terms of the ( d) of paragraph 1

of the previous article.

2-For the effects provided for in the preceding paragraph, the providers of services of

electronic communications or a public communications network should refer to the

CNPD, by exclusively electronic means, the data necessary for the identification of the

people specially authorized to access the data.

Article 9.

Transmission of the data

1-A The transmission of the data referring to the categories provided for in Article 4 may only be

authorized, by reasoned order of the judge, how much is required to be

investigation, detection and repression of serious crimes.

2-A authorization provided for in the preceding paragraph may only be required by the Ministry

Public or by the competent criminal police authority.

3-Only the transmission of relative data can be authorised:

a) To the suspect or defendants;

b) The person who serves as an intermediary, for which there are founded

reasons to believe that it receives or transmits targeted messages or

coming from suspect or defendants; or

c) The victim of crime, by the respective consent, effective or

presumed.

4-A The court decision to pass on the data shall respect the principles of suitability,

necessity and proportionality, in particular with regard to the definition of the

categories of data to be transmitted and the competent authorities with access to data.

5-The provisions of the preceding paragraphs shall be without prejudice to the achievement of data on the

cellular location required to ward off danger to life or from offense to integrity

serious physics, pursuant to Art. 252 of the Code of Criminal Procedure.

6-The entities referred to in Article 4 (1) shall draw up records of the extraction

of the data transmitted to the competent authorities and send them to the CNPD.

11

Article 10.

Technical conditions of the transmission of data

The transmission of the data referring to the categories provided for in Article 4 shall process

upon electronic communication, in the terms of technical and safety conditions

fixed in joint portery of the Government members responsible for the areas of the

internal administration, justice and communications.

Article 11.

Destruction of data

1-The judge determines, officiously or at the request of any interested party, the

destruction of the data in the possession of the competent authorities as well as the data

provided and preserved by the entities referred to in Article 4 (1), as soon as the

same cease to be strictly necessary for the purpose for which they are intended.

2-It is considered that the data cease to be strictly necessary for the purpose of which

are intended as soon as one of the following circumstances occurs:

a) Definitive archiving of the criminal procedure;

b) Acquiton, carried on trial;

c) Conviction, carried on trial;

d) Prescription of the criminal procedure;

e) Amnesty.

Article 12.

Counter-ordering

1-Without prejudice to the criminal liability to which there is a place under the law,

constitutes counterordinance:

a) The non-conservation of the categories of the data provided for in Article 4;

b) The failure to comply with the conservation period provided for in Article 6;

c) The non-transmission of the data to the competent authorities, when authorised

pursuant to the provisions of Article 9;

12

d) Failure to comply with any of the rules relating to protection and security

of the data provided for in Article 7;

e) The non-blocking of the data, in the terms set out in Article 7 (2);

f) The access to data per person not specially authorized under the terms of

n Article 8 (1);

g) The non-sending of the necessary data to the identification of persons especially

authorized, pursuant to Article 8 (2).

2-The counter-ordinations provided for in the preceding paragraph are punishable with fines of

€ 1500 a € 25000 or € 5000 a € 5000000 depending on the agent is a person

singular or collective.

3-A attempt and neglect are punishable.

Article 13.

Counterordinance processes and application of fines

1-Compete à CNPD the instruction of the counterordinance processes and the respective

application of fines relating to the conducts provided for in the previous article.

2-The amount of the importances charged, as a result of the application of the fines is

distributed as follows:

a) 60% for the State;

b) 40% for the CNPD.

Article 14.

Applicability of the sanctionatory regimes provided for in Law No. 67/98, 26 of

October, and in Law No. 41/2004, of August 18

The provisions of Articles 12 and 13 shall be without prejudice to the application of the provisions of Chapter VI

of Law No. 67/98 of October 26, and in Chapter III of Law No. 41/2004, 18 of

August.

13

Article 15.

Statistics for annual information to the Commission of the European Communities

1-A CNPD transmits annually to the Commission of the European Communities

statistics on the conservation of data generated or treated in the context of the supply of

publicly available electronic communications services or from a network

public of communications.

2-In view of the fulfilment of the provisions of the preceding paragraph, the entities

as referred to in Article 4 (1) shall, by March 1 of each year, refer to the CNPD as

following information, relating to the previous calendar year:

a) The number of cases in which information was transmitted to the authorities

competent national;

b) The period of time elapsed between the date from which the data was

conserved and the date on which the competent authorities requested their

transmission; and

c) The number of cases in which the authorities ' requests could not be

satisfied.

3-The information provided for in the preceding paragraph may not contain any data

personal.

Article 16.

Entry into force

This Law shall come into force on the day following that of its publication.

Seen and approved in Council of Ministers of September 6, 2007

The Prime Minister

The Minister of the Presidency

The Minister of Parliamentary Affairs