Key Benefits:
1
PROPOSED LAW NO. 161 /X
Exhibition of Motives
The protection of personal data, from the reservation of the intimacy of private life, of the
correspondence and telecommunications takes on a recognized relevance in the
Context of the safeguarding of fundamental rights, both in the internal plan of States
members of the European Union, as in the community plan.
At a juncture in which the boundaries between the material and the virtual have long been slugfed
and in which people and organisations act with a growing agility in the field
informatics and telecommunications, it is also recognized that new technologies
it substantiates a tool likely to be used for illicit purposes against the
which the community and the states cannot fail to apt themselves.
The need to provide the member states of the European Union of instruments
effective combatting crime and terrorism has led community instances to
opt for the harmonisation of the legal frameworks applicable in this matter, through the
creation of the obligation to preserve certain data concerning communications, by
part of the providers of electronic communications services publicly
available or from a public communications network, through Directive n.
2006 /24/CE, of the European Parliament and of the Council of May 15, 2006 on the
conservation of data generated or treated in the context of the provision of services of
publicly available electronic communications or public networks of
communications, amending Directive No 2002 /58/CE, of the European Parliament and of the
Council, of July 12, 2002.
The main purpose of this directive was, therefore, to oblige service providers
of publicly available electronic communications or from a public network of
communications to be kept a set of data set out in that directive, so to
that can be acheed for the purpose of combating serious crime. It is not in question
the conservation of the data relating to the content of communications, but rather the
named "traffic and location data", that is, data needed to, by
example, find the source of a communication, the date, time and duration of the same or the
location of the mobile communication equipment used.
2
This proposed Act is aimed at the transposition of the said Directive. Thus the
providers of publicly available electronic communications services or of
a public communications network go on to be required to conserve certain data
of communication specifically defined, so that they can be acheed by the
competent authorities, exclusively for the purposes of research, detection and
repression of serious crimes.
This proposed law recognizes the sensitivity of values in presence and of the
conservation of the data concerned. For that reason, special restrictions are adopted,
guarded and security measures in access and processing of the data and of
supervision and enforcement of the fulfilment of the obligations set out herein.
So, first of all, the conservation of data will only be able to have for purpose the
research, detection and criminal repression, being expressly vetted using
of the same for other purposes.
Second, access to the data can only be requested by the Ministry
Public or by certain criminal police authorities and depends always on the decision of the
judge.
Third, access to the data finds still two important limitations. By
one side, it is only admitted for the investigation, repression or detection of serious crimes,
that is, of those in which, under the criminal procedural law, it is possible to
interception and the recording of the contents of the communications. On the other hand, access to the
data is limited to the appropriate, necessary and proportional face to the concrete case.
Fourth, the data in question cannot be conserved eternally.
It is established that the period of conservation is one year, which corresponds to half of the
maximum conservation period allowed by the directive that now transposes.
Fifth, the people who, within the scope of the providers of services of
publicly available electronic communications or from a public network of
communications, they should perform tasks associated with the fulfillment of the obligations
provided in this proposal must be specially authorized and registered with the
National Commission for Data Protection (CNPD).
Sixth, exacting rules on the destruction of data are adopted.
conserved, ensuring that their use does not exceed the strict purposes of
research, detection and repression of serious crimes for which they have been retained.
3
Finally, it is committed to an independent administrative entity-the CNPD-a
monitoring function of the performance of this proposed Act. Thus, it's up
in particular to this entity to draw up a record of the extraction of the transmitted data
and the application of fines for failure to comply with the established rules.
The Higher Council of the Magistrature was heard, the Higher Council of the
Prosecutor's Office, the Order of Lawyers, the National Commission for Protection of
Data and the Institute of Communications of Portugal-National Authority of the
Communications.
Thus:
Under the terms of the paragraph d) of Article 197 (1) of the Constitution, the Government presents to the
Assembly of the Republic the following proposal for a law:
Article 1.
Subject
1-A This Law regulates the conservation and transmission of traffic data and
location relating to natural persons and legal persons as well as data
related necessary to identify the subscriber or registered user, for the purposes of
investigation, detection and repression of serious crimes by the authorities
competent, transposing to the internal legal order Directive No 2006 /24/CE, of the
European Parliament and of the Council of March 15, 2006 on the conservation of
data generated or treated in the context of the provision of communications services
publicly available electronic or public communications networks, and that
amenates Directive No 2002 /58/CE, of the European Parliament and of the Council, of 12 of
June 2002, concerning the processing of personal data and the protection of privacy in the
sector of electronic communications.
2-A The conservation of data revealing the content of communications is prohibited, without
prejudice to the provisions of Law No 41/2004 of August 18 and in procedural law
penal regarding the interception and recording of communications.
4
Article 2.
Definitions
1-For the purposes of this Law, it is understood by:
a) "Data", the traffic data and location data, as well as the data
related necessary to identify the subscriber or the user;
b) "telephone service", any of the following services:
i) The call services, including the vocal calls, the vocal mail,
the teleconference or the transmission of data;
ii) The supplementary services, including the forwarding and the
transfer of calls; and
iii) The messaging and multimedia services, including the services of
short messages (SMS), the improved messaging services (EMS)
and multimedia services (MMS).
c) "User identification code" (" user ID ") , a single code
assigned to people, when these become subscribers or enroll in a
access service to the Internet , or in a communication service by the Internet ;
d) "Cell Identifier" (" cell ID ") , the identification of the source cell and
of the destination of a telephone call in a mobile network;
e) "Missed telephone call", a communication in which the link
telephone was established, but that it did not get an answer, or in which there was
an intervention by the network manager;
f) "competent authorities" the judicial authorities and the authorities of
criminal police of the following entities:
i) The Judicial Police;
ii) The Republican National Guard;
iii) The Public Security Police;
iv) The Military Judicial Police;
v) The Office of Foreign and Border Protection;
vi) The Maritime Police;
5
vii) The Inspectorate for the Environment and Planning of the Territory
(IGAOT) and the entities which, in the terms of the applicable standards, are
competent for research, in the Autonomous Regions, of crimes in
qualified environmental incidence subjects, in the terms of the present
law, as serious crimes;
viii) The organs of the tax administration;
ix) The organs of the administration of social security.
g) 'Major Crime', the crimes for which the procedural legislation
penal offence admits the interception and recording of talks or communications.
2-For the purposes of this Law, they shall apply, without prejudice to the provisions of the number
previous, the constant definitions of Law No. 67/98, of October 26, and of the Law
n. 41/2004, of August 18.
Article 3.
Purpose of treatment
1-A The conservation and transmission of the data are for the sole purpose of
investigation, detection and repression of serious crimes by the authorities
competent.
2-A The transmission of the data to the competent authorities can only be ordered or
authorized by reasoned order of the judge pursuant to Rule 9 para.
3-The holder of the data cannot oppose the respective conservation and transmission.
Article 4.
Categories of data to be kept
1-The providers of publicly available electronic communications services
or of a public communications network shall retain the following categories of
data:
a) Data required to find and identify the source of a communication;
b) Data required to find and identify the target of a
communication;
6
c) Data required to identify the date, time, and duration of a
communication;
d) Data required to identify the type of communication;
e) Data required to identify the telecommunications equipment of the
users, or what considers themselves to be their equipment;
f) Data required to identify the location of the equipment of
mobile communication.
2-For the purposes of the provisions of the paragraph a) of the previous number, the required data
to find and identify the source of a communication are as follows:
a) With regard to telephone communications in the fixed and mobile networks:
i) The source phone number;
ii) The name and address of the subscriber or registered user.
b) With regard to access to the Internet , by electronic mail through the
Internet and telephone communications through the Internet :
i) The identification codes assigned to the user;
ii) The user identification code and the telephone number
assigned to any communication that between in the public telephone network;
iii) The name and address of the subscriber or registered user, to whom the
address of the IP protocol, the user identification code, or the
telephone number were assigned at the time of communication.
3-For the purposes of the provisions of the paragraph b) of paragraph 1, the data necessary to find
and identify the destination of a communication are as follows:
a) With regard to telephone communications in the fixed and mobile networks:
i) The numbers marked and, in cases involving supplementary services,
such as the rerouting or the transfer of calls, the number or
numbers for where the call was re-routed;
ii) The name and address of the subscriber, or of the registered user.
b) With regard to e-mail through the Internet and to the
telephone communications through the Internet :
i) The user identification code or the telephone number of the
intended recipient, or of a telephone communication through the
Internet ;
7
ii) The names and addresses of the underwriters, or of the users
registered, and the user identification code of the recipient
intended for communication.
4-For the purposes of the provisions of the paragraph c) of paragraph 1, the data required for
identify the date, time and duration of a communication are as follows:
a) With regard to telephone communications in the fixed and mobile networks, the
date and time of the beginning and end of the communication;
b) With regard to access to the Internet , by electronic mail through the
Internet and telephone communications through the Internet :
i) The date and time of the start ( log-in ) and of the end ( log-off ) of the link to
access service to the Internet on the basis of a certain time zone,
together with the address of the IP protocol, dynamic or static,
assigned by the provider of the access service to the Internet to a
communication, as well as the user identification code of the
underwriter or registered user;
ii) The date and time of the start and end of the connection to the courier service
electronic through the Internet or from communications through the Internet ,
on the basis of certain time zone.
5-For the purposes of the provisions of the paragraph d) of paragraph 1, the data required for
identifying the type of communication are as follows:
a) With regard to telephone communications in the fixed and mobile networks, the
telephone service used;
b) With regard to e-mail through the Internet and to the
telephone communications through the Internet , the service of Internet used.
6-For the purposes of the provisions of the paragraph e) of paragraph 1, the data required for
identify the telecommunications equipment of the users, or what they consider
be your equipment are as follows:
a) With regard to telephone communications in the fixed network, the numbers of
source and destination phone;
b) With regard to telephone communications on the mobile network:
i) The source and destination phone numbers;
ii) The International Identity of Mobile Subscriber ( International Mobile
Subscriber Identity , or IMSI) from whom phone;
8
iii) The International Identity Of Mobile Equipment ( International Mobile
Equipment Identity , or IMEI) from whom telephone;
iv) The IMSI of the recipient of the phone call;
v) The IMEI of the recipient of the phone call;
vi) In the case of the prepaid services of anonymous character, the date and time of the
initial activating of the service and the identifier of the cell from which the
service has been activated.
c) With regard to access to the Internet , by electronic mail through the
Internet and telephone communications through the Internet :
i) The telephone number requesting the access by telephone line;
ii) The digital subscriber line ( digital subscriber line , or DSL), or
any other terminal identifier of the author of the communication.
7-For the purposes of the provisions of the paragraph f) of paragraph 1, the data required to identify
the location of the mobile communication equipment are as follows:
a) The identifier of the cell at the beginning of the communication;
b) The data that identifies the geographical situation of the cells, taking as
reference the respective cell identifiers during the period in which
proceeds to the conservation of data.
Article 5.
Scope of the obligation to preserve data
1-The telephone and the Internet relative to failed telephone calls should
be conserved when they are generated or treated and stored by the entities
referred to in Article 4 (1) in the context of the provision of communication services.
2-Data regarding unestablished calls are not conserved.
Article 6.
Period of conservation
The entities referred to in Article 4 (1) shall retain the data provided for in the
same article for the period of one year from the date of the completion of the communication.
9
Article 7.
Protection and security of data
1-The entities referred to in Article 4 (1) shall:
a) Conserve the data referring to the categories provided for in Article 4 by form
to which they can be transmitted immediately, upon dispatch
reasoned from the judge, to the competent authorities;
b) Ensure that the conserved data is of the same quality and is
subject to the same protection and security as the data on the network;
c) Taking appropriate technical and organisational measures to the protection of data
provided for in Article 4 against accidental or unlawful destruction, loss or
accidental alteration and the storage, treatment, access or disclosure not
authorized or illicit;
d) Take appropriate technical and organisational measures to ensure that
only specially authorized persons have access to the data
referring to the categories provided for in Article 4;
e) Destroy the data at the end of the conservation period, except the data that
have been provided and preserved;
f) Destroy the data that has been provided and preserved, when such
be determined by the judge.
2-Data referring to the categories provided for in Article 4 shall remain
blocked from the beginning of their conservation, only being targeted for unlock to
effects of transmission, pursuant to this Act, to the competent authorities.
3-Are fixed, in joint poration of the members of the Government responsible for the
areas of internal administration, justice and communications, technical conditions
relating to the protection and security of data.
4-The provisions of the preceding paragraphs shall be without prejudice to the observation of the principles nor the
compliance with the rules regarding the quality and safeguarding of confidentiality and
data security, provided for in Law No. 67/98 of October 26, and in Law No. 41/2004,
of August 18.
5-A competent public authority for the control of the application of the provisions of the
this article is the National Data Protection Commission (CNPD).
10
Article 8.
Registration of specially authorized persons
1-A CNPD must keep a permanently updated electronic record of the
people specially authorized to access the data, under the terms of the ( d) of paragraph 1
of the previous article.
2-For the effects provided for in the preceding paragraph, the providers of services of
electronic communications or a public communications network should refer to the
CNPD, by exclusively electronic means, the data necessary for the identification of the
people specially authorized to access the data.
Article 9.
Transmission of the data
1-A The transmission of the data referring to the categories provided for in Article 4 may only be
authorized, by reasoned order of the judge, how much is required to be
investigation, detection and repression of serious crimes.
2-A authorization provided for in the preceding paragraph may only be required by the Ministry
Public or by the competent criminal police authority.
3-Only the transmission of relative data can be authorised:
a) To the suspect or defendants;
b) The person who serves as an intermediary, for which there are founded
reasons to believe that it receives or transmits targeted messages or
coming from suspect or defendants; or
c) The victim of crime, by the respective consent, effective or
presumed.
4-A The court decision to pass on the data shall respect the principles of suitability,
necessity and proportionality, in particular with regard to the definition of the
categories of data to be transmitted and the competent authorities with access to data.
5-The provisions of the preceding paragraphs shall be without prejudice to the achievement of data on the
cellular location required to ward off danger to life or from offense to integrity
serious physics, pursuant to Art. 252 of the Code of Criminal Procedure.
6-The entities referred to in Article 4 (1) shall draw up records of the extraction
of the data transmitted to the competent authorities and send them to the CNPD.
11
Article 10.
Technical conditions of the transmission of data
The transmission of the data referring to the categories provided for in Article 4 shall process
upon electronic communication, in the terms of technical and safety conditions
fixed in joint portery of the Government members responsible for the areas of the
internal administration, justice and communications.
Article 11.
Destruction of data
1-The judge determines, officiously or at the request of any interested party, the
destruction of the data in the possession of the competent authorities as well as the data
provided and preserved by the entities referred to in Article 4 (1), as soon as the
same cease to be strictly necessary for the purpose for which they are intended.
2-It is considered that the data cease to be strictly necessary for the purpose of which
are intended as soon as one of the following circumstances occurs:
a) Definitive archiving of the criminal procedure;
b) Acquiton, carried on trial;
c) Conviction, carried on trial;
d) Prescription of the criminal procedure;
e) Amnesty.
Article 12.
Counter-ordering
1-Without prejudice to the criminal liability to which there is a place under the law,
constitutes counterordinance:
a) The non-conservation of the categories of the data provided for in Article 4;
b) The failure to comply with the conservation period provided for in Article 6;
c) The non-transmission of the data to the competent authorities, when authorised
pursuant to the provisions of Article 9;
12
d) Failure to comply with any of the rules relating to protection and security
of the data provided for in Article 7;
e) The non-blocking of the data, in the terms set out in Article 7 (2);
f) The access to data per person not specially authorized under the terms of
n Article 8 (1);
g) The non-sending of the necessary data to the identification of persons especially
authorized, pursuant to Article 8 (2).
2-The counter-ordinations provided for in the preceding paragraph are punishable with fines of
€ 1500 a € 25000 or € 5000 a € 5000000 depending on the agent is a person
singular or collective.
3-A attempt and neglect are punishable.
Article 13.
Counterordinance processes and application of fines
1-Compete à CNPD the instruction of the counterordinance processes and the respective
application of fines relating to the conducts provided for in the previous article.
2-The amount of the importances charged, as a result of the application of the fines is
distributed as follows:
a) 60% for the State;
b) 40% for the CNPD.
Article 14.
Applicability of the sanctionatory regimes provided for in Law No. 67/98, 26 of
October, and in Law No. 41/2004, of August 18
The provisions of Articles 12 and 13 shall be without prejudice to the application of the provisions of Chapter VI
of Law No. 67/98 of October 26, and in Chapter III of Law No. 41/2004, 18 of
August.
13
Article 15.
Statistics for annual information to the Commission of the European Communities
1-A CNPD transmits annually to the Commission of the European Communities
statistics on the conservation of data generated or treated in the context of the supply of
publicly available electronic communications services or from a network
public of communications.
2-In view of the fulfilment of the provisions of the preceding paragraph, the entities
as referred to in Article 4 (1) shall, by March 1 of each year, refer to the CNPD as
following information, relating to the previous calendar year:
a) The number of cases in which information was transmitted to the authorities
competent national;
b) The period of time elapsed between the date from which the data was
conserved and the date on which the competent authorities requested their
transmission; and
c) The number of cases in which the authorities ' requests could not be
satisfied.
3-The information provided for in the preceding paragraph may not contain any data
personal.
Article 16.
Entry into force
This Law shall come into force on the day following that of its publication.
Seen and approved in Council of Ministers of September 6, 2007
The Prime Minister
The Minister of the Presidency
The Minister of Parliamentary Affairs