Advanced Search

Approves The Law Of Cybercrime, Transposing To The Internal Legal Order The Framework Decision No. 2005/222/jha Of 24 February Relating To Attacks Against Information Systems, And Adapting National Legislation To The Convention On Cybercrime Of The Cou...

Original Language Title: Aprova a Lei do Cibercrime, transpondo para a ordem jurídica interna a Decisão Quadro n.º 2005/222/JAI do Conselho, de 24 de Fevereiro, relativa a ataques contra sistemas de informação, e adapta o direito interno à Convenção sobre Cibercrime do Conselho d

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

1

PROPOSED LAW NO. 289 /X/4ª

Exhibition of Motives

The expansion of communication networks has made the Internet an omnipresent reality. All

the activities of modern societies and economies use the Internet for their support.

Citizens take place from the Internet in their daily lives and the states support it as a

their traditional functions. In this context, it was natural for the emergence of illegal activities

associated with communication networks, using them and exploiting their vulnerabilities,

thereby creating risks for the everyday use of computer media. The

cybercrime has therefore become a threat from modern times.

States have been adopting measures aiming at preventing and countering illegal practices and

abusive in the communication networks. Portugal has, since 1991, on impulse from the

recommendation R (89) 9 of the Council of Europe, a normative framework that aims to punish

what it called the computer crimes: the Law No. 109/91 of August 17. This

diploma, appropriate to the reality that was intended to regulate on the date on which it came into force,

for the course of nearly two decades, it has become loss-making.

In the information and communication networks have meanwhile emerged new realities that have

coming to be described and considered to be a crime by many other European legislations and

by international instruments. It is, for example, the case of the production or diffusion of viruses and

other malicious programmes, realities not yet enshrined in national law: in fact, in the

current normative framework, who to produce and / or spread viruses and other devices from this

nature will not incur, for these facts, in the practice of no crime, nor will it be punished by

that performance. Notwithstanding, it is soberly known to the harmfulness that results from the

production and diffusion of computer viruses by the communications networks. That's the reason for the

which many other legislations have opted for the criminalization of this activity, in the sequence,

incidentally, of the provision of Article 6 of the Convention on Cybercrime of the Council of Europe.

Council Decision-Framework No 2005 /222/JAI of February 24, 2005 on the

attacks on information systems, describes behaviours that should be

qualified as a crime, also obliging the creation of related standards, related

with such behaviors, achieves at the instigation, aid, complicity and attempt,

liability of legal persons, territorial competence and still exchange of

information. The transposition of the Framework Decision supposes, for legal planning

2

portuguese, the amendment to the computer crime regime, today provided for in the call

Computer Crime Act (the already mentioned Law No. 109/91 of August 17).

On November 23, 2001, Portugal signed the Convention on Cybercrime of the Council

of Europe, whose ratification process is now under way. The Convention is the

first and most important international background work on crime in cyberspace.

It has a universal vocation and is intended to come to be accepted by the generality of the countries of the

World. It intends to harmonize the various national legislations on the subject, to propitiate and

facilitate international cooperation and facilitate investigations of a criminal nature. Focuses

on material criminal law (defining crimes against confidentiality, integrity and

availability of computer systems, crimes referring to contents and crimes

committed by way of computer processing), but also includes procedural and

international judicial cooperation. The reception of the legislative obligations arising

of the Convention will also impose the amendment of the scheme currently beholstered.

The appropriateness to the legal framework of the Convention will bring with it, in particular, a

special advantage of membership in a European cooperation space, with police projection and

judicial. In concrete, it will also bring the possibility of, in processes taking place, to use

new forms of research and new avenues of cooperation, when it becomes necessary

to resort to international cooperation. These new ways of investigating and cooperating can

use themselves as to crimes provided for in the Convention, but also to investigate others

crimes, as long as committed by means of computer systems and still for any

type of crimes, as long as there is proof of the same in electronic form.

In generality, in structural terms, with respect to material criminal law, it may

to assert that the transposition of the Framework Decision No 2005 /222/JAI and the consecration of the

legal obligations resulting from the Convention assume only adjustments to the current

legislation on computer crime. The new forms of crime are stressed,

some of which already referred to and in relation to which the Portuguese legislation has been

considered loss-making.

Already in the field of criminal procedural law standards, the unsuitability of the legal order

national to the new realities to be implemented is superior. The recent revision of the Code of

Criminal procedure has opted for the limitation, in the abstract, of the possibility of the realization of

interceptions of telephone and electronic communications, not having included standards

special for the area of cybercrime. Thus, it is not planned to obtain data from

3

traffic nor the realization of interception of electronic communications in the investigation of

crimes not provided for in Article 187 of the Code of Criminal Procedure. Among them, they find-

if crimes provided for in Law No. 109/91, of August 17, as well as crimes against the

intellectual property committed by means of computer networks. The realization of

interceptions of electronic communications and, above all, the obtaining of traffic data,

are essential procedural tools in the process-crime in which crimes are investigated

committed by way of the communications networks, having this concern stayed mirrored in the

diploma that obliges communications operators to keep traffic data from the

its clients, with a view to their eventual need in criminal investigation-Law n. para.

32/2008, of July 17, which regulates the conservation of data generated or treated in the

context of the provision of electronic communications services. It matters thus to overcome the

current regime, so as to provide the criminal procedural system with standards permitting the

getting traffic data and conducting interceptions of communications in

investigations of crimes practiced in the virtual environment. It is what you intend to do by way of

of the law that now proposes itself.

It has chosen to condense into this degree all the standards relating to cybercrime and

not by proceeding with the amendment of the various legislative sources on the matter-in addition to the

Computer Crime Law, the Criminal Code, the Code of Criminal Procedure and the Law of

International Judicial Cooperation (Law No. 144/99 of August 31, with its

changes). It appears to be this the most consistent legislative option with the Portuguese tradition,

where they exist, specifically in the penal area, other structuring diplomas of subjects in the

specialty: so it happens with criminality related to narcotics, with the

crimes against the economy or with tax crime, whose criminal and procedural frameworks

specific criminal cases are set out in their own diploma. With respect to the rules

procedural, militancy in favour of this solution, there are still two other reasons: by a

side, the general inconvenience of seeing in structuring diplomas of the penal planning rules

special ones, only applicable to a very restricted plot of the types of illicit; on the other, the

practical convenience, for the judicial operators, to see systematized all the

normative pertaining to a specific sector of crime.

4

In short, as to the material criminal law, in fulfillment of the obligations assumed in the

scope of the Framework Decision and the Convention, there are now legislative amendments to

adjustment of the current regime.

So it is as to the definitions, included in Article 2, in which the concept of

"computer data", in replacement of the most limited concept and today insufficient

of "computer program". Definitions, modern and non-existing ones are added in

1991, from "service provider" and from "traffic data". Is changed the concept of " system

informatics ", which goes on to be more comprehensive, including in it, for example, devices

like mobile phones. Suest-if, for no sense in the face of the latter, the concept

of "computer network".

The liability of legal persons and various other rules of punishment of

natural and legal persons, it has opted for the revocation of the specific scheme created in

1991 a this purpose. In its place, it refers to the general regime of accountability of

legal persons, provided for in the Criminal Code. In this way the commitments are met

assumed by the Framework Decision and the Convention, in the same way as it is simplified the

normative framework, eliminating a special regime of accountability, created in 1991

by the absence of a general scheme, but now no longer justified, after the introduction of that

same general regime in the amendment of the Criminal Code operated in 2007.

As to the types of crime of computer damage, computer sabotage, illegitimate access and

illegitimate interception, adjustments were made in the wording, with a view on the one hand,

to update the legal text and, on the other, to enshrine new modalities of typical action.

By the purpose of jurisdictional competence, the Convention provides for an innovation in the face of what already

results from articles 4 and 5 of the Criminal Code, translated into the obligation of States

signatories if they declare themselves competent to pursue criminally,

regardless of the place of the practice of the facts, its national citizens, if the

infringement is punishable in the place where it was committed or is not within the competence of any

State. Even though this solution is not previously enshrined in Portuguese law, already if

predicts, for certain crimes the universal competence of Portuguese law.

In the framework of the procedural provisions, the expedited preservation of

data stored in a computer and the expedited preservation and revelation of data from

traffic, in fulfillment of the obligations resulting from Articles 16 and 17 of the Convention.

The mechanism of the injunction was introduced (cfr. article 18 of the Convention) and adapted the

regimes of the searches and seizures, already largely provided for in the criminal procedural law,

5

to the investigations of crimes committed in the virtual environment. In fact, the essence of these

procedural measures coincides, in the environment of cyberspace, with the classic forms of

search and seizure, of the criminal process. However, the way in which the search and apprehension are

described in the Code of Criminal Procedure required some suitability for these new realities.

Similarly, it has been adapted for this degree the interception scheme of

communications, provided for in the Code of Criminal Procedure for telephone communications. In the

true, the Code already provides for an extension of the regime of telephone interceptions to others

communications, for electronic example. However, such an extension does not solve the problem of

research of computer crimes or related to informatics, because the scope

of application of this scheme, by way of extension, is the same of the telephone interceptions.

It becomes necessary to cover computer crimes in general, as well as those

committed by way of computers, thus motivating the creation of special standard. This

norm adopts in general the rules of the Code of Criminal Procedure, which is adapted in function

of the specificity of the crimes to which, by way of this new law, is applicable.

The adoption, for the investigation of computer crimes, of special procedural measures,

means necessarily a compression of the freedoms of citizens in cyberspace. Is

obvious to all the enormous advantage of the existence of a free space and practically

deregulated, where each can freely communicate, inform and inform, as well as

-and perhaps above all-, express yourself and express yourself without censorship or

embarrassments. The truth, however, is that no one is alhething to the emerging realities

criminal, opposing signal, which benefit from the massive, effective communication capacity

and of reduced cost, choosing its victims almost indiscriminately, by

the whole World, resguarding themselves from the authorities behind the border, anonymity and the

technical complexity. If it is true that the Internet is not owned by anyone, also the

is that no one is directly responsible for it or for what occurs in it. Don't have

seat, nor location, where they can locate their responsible. Modern laws have to

treat properly the new criminogenic realities, incriminating them and endowing them

competent entities of the tools necessary for their investigation and trial.

It is finally refirming that in the area of international cooperation it refers, as a rule, to

legal regimes already in place. In addition, it is assumed that the Portuguese authorities can

6

request international cooperation-and also receive and execute requests for cooperation

coming from foreign authorities-, under the same conditions and circumstances in which

would act if the criminal facts were being investigated in Portugal. Creates a

permanent point of contact 24 hours / 7dias, within the Judiciary Police, to which

compete to ensure, as to the matter to which respect this proposed law, an essential role

in the emerging international cooperation.

The Attorney General of the Republic, the Superior Council of Magistrature and

the National Data Protection Commission.

The hearing of the Order of Lawyers was promoted.

The hearing of the Higher Council of the Public Prosecutor's Office should be triggered.

Thus:

Under the terms of the paragraph d) of Article 197 (1) of the Constitution, the Government presents to the

Assembly of the Republic the following proposal for a law:

CHAPTER I

Object and definitions

Article 1.

Subject

This Law sets out the material and procedural criminal provisions as well as the

provisions relating to international cooperation in criminal matters, concerning the field of

cybercrime and the collection of proof in electronic support, by transposing into the legal order

internal to Council Decision-Table No 2005 /222/JAI of the Council of February 24, 2005,

on attacks on information systems, and by adapting domestic law to

Convention on Cybercrime of the Council of Europe.

Article 2.

Definitions

For the purposes of this Law, it shall be deemed to be:

a) "Computer system", any device or set of devices

interconnected or associated, in which one or more of between them develops, in

7

implementation of a programme, the automated processing of computer data,

as well as the network that supports the communication between them and the dataset

computer stored, processed, retrieved or transmitted by the one or

those devices, with a view to their operation, use, protection

and maintenance;

b) "computer data" means any representation of facts, information or

concepts in a susceptible form of processing in a system

informatics, including the programmes apt to make an informatics system

perform a function;

c) "Traffic data", the computer data related to a communication

carried out by means of an informatics system, generated by this system as

element of a communication chain, indicating the origin of the communication,

the destination, the path, the time, the date, size, duration or type of the service

underlying;

d) "Supplier of service", any entity, public or private, which provides the

users of their services the possibility to communicate by means of a

computer system, as well as any other entity that treats or stores

computer data in the name and on account of that entity supplier of

service or the respective users;

e) 'Interception', the act aimed at capturing information contained in a system

informatics, through electromagnetic, acoustic, mechanical devices or

others;

f) "Topography", a series of images among themselves linked, regardless of the

mode as they are fixed or encoded, which represent the configuration

three-dimensional of the layers that make up a semiconductor product and in which

each image reproduces the drawing or part of it from a surface of the product

semiconductor, regardless of the phase of the respective manufacture;

g) "Semiconductor product", the final or intermediate form of any product,

comprised of a substrate that includes a layer of semiconductor material and

made up of one or several layers of conductive materials, insulating or

semiconductor, second a provision as per a configuration

three-dimensional and intended to fulfill, exclusively or not, a function

electronics.

8

CHAPTER II

Material penal provisions

Article 3.

Computer falsity

1-Who, with the intention of causing deception in legal relations, to introduce, modify,

erase or suppress computer data or for any other way interfere with a

computer processing of data, producing data or non-genuine documents,

with the intention that these are considered or used for purposes

legally relevant as if they were, is punishable with imprisonment up to five

years or a fine of 120 a to 600 days.

2-When the actions described in the preceding paragraph incidirem on the recorded data

or incorporated into a payment bank card or any other device

that allows access to system or means of payment, the communications system or

the conditioned access service, the penalty is for one to five years in prison.

3-Who, acting with an intention to cause injury to be heard or to obtain a benefit

illegitimate, for you or third party, use document produced from data

computer which have been the subject of the acts referred to in paragraph 1 or card or other

device in which they are found to be registered or incorporated the data subject of the

acts referred to in the preceding paragraph, shall be punished with the penalties provided in one and another

number, respectively.

4-Who to import, distribute, sell or detain for commercial purposes any device

that allows access to system or means of payment, the communications system or

the conditioned access service, on which any of the

actions provided for in paragraph 2, is punish-punished with imprisonment of one to five years.

5-If the facts referred to in the preceding paragraphs are practiced by employee in the

exercise of their duties, the penalty is for imprisonment of two to five years.

Article 4.

Damage relating to programmes or other computer data

1-Who, without legal permission or without to so much be authorized by the owner, by

another holder of the right of the system or part of it, erase, alter, destroy, in the whole or

9

in part, damage, suppress or render non-usable or non-accessible programs or

other computer data alheios or by any way affect them the ability to

use, is punished with imprisonment for up to three years or penalty of fine.

2-On the same penalty incuri who illegitimately produce, sell, distribute or by

any other way to disseminate or introduce in one or more computer systems

devices, programmes or other computer data intended to produce the shares

unauthorized described in the previous number.

3-If the damage caused is of high value, the penalty is for imprisonment up to five years or of

fine up to 600 days.

4-If the damage caused is of considerably high value, the penalty is for the arrest of a

to 10 years.

5-With the exception of the cases provided for in paragraph 2, the attempt is punishable.

6-In cases provided for in paragraphs 1, 3 and 5 the criminal procedure depends on the complaint.

Article 5.

Computer sabotage

1-Who, without legal permission or without to so much be authorized by the owner, by

other proprietor of the right of the system or part of it, hinder, prevent, interrupt or

disrupt the operation of a computer system, through the introduction,

transmission, deterioration, damage, alteration, erasure, impediment of access

or deletion of programs or other computer data or in any other way

of interference in computer system, is punish-punished by up to five years

or with penalty of fine up to 600 days.

2-On the same penalty incuri who illegitimately produce, sell, distribute or by

any other way to disseminate or introduce in one or more computer systems

devices, programmes or other computer data intended to produce the shares

unauthorized described in the previous number.

3-A sentence is imprisonment of one to five years if the emerging damage of the disturbance is to

high value.

4-A The sentence is the one to 10 years imprisonment if:

a) The emerging damage of the disturbance is of considerably high value;

10

b) The disturbance caused to hit in a serious or lasting way a system

informatics that supports an activity aimed at ensuring social functions

criticism, particularly supply chains, health, safety and the

economic well-being of people, or the smooth functioning of services

public.

5-With the exception of the cases provided for in paragraph 2, the attempt is punishable.

Article 6.

Illegitimate access

1-Who, without legal permission or without to so much be authorized by the owner, by

another holder of the right of the system or part of it, in any way access to a

computer system, is punished with imprisonment for up to one year or with penalty of fine up to

120 days.

2-On the same penalty incuri who illegitimately produce, sell, distribute or by

any other way to disseminate or introduce in one or more computer systems

devices, programs, an executable set of instructions, a code or other

computer data intended to produce the unauthorised shares described in the number

previous.

3-A sentence is imprisonment up to three years or a fine if access is achieved through

violation of security rules.

4-A The sentence is the one to five years imprisonment when:

a) Through access, the agent has taken knowledge of commercial secrecy

or industrial or confidential data, protected by law; or

b) The earned benefit or advantage are of value

considerably high.

5-With the exception of the cases provided for in paragraph 2, the attempt is punishable.

6-In cases provided for in paragraph 1, 3 and 5 the criminal procedure depends on complaint.

Article 7.

Illegitimate interception

11

1-Who, without legal permission or without to so much be authorized by the owner, by

another holder of the right of the system or part of it, and through technical means,

intercept transmissions of computer data that ensue in the interior of a

computer system, to him intended or from it, is punish-punished

imprisonment up to three years or with penalty of fine.

2-A attempt is punishable.

3-It incurs the same penalty provided for in paragraph 1 who illegitimately produces, sells,

distribute or by any other way disseminate or introduce in one or more systems

computer devices, programmes or other computer data intended for

produce the unauthorised shares described in the same number.

Article 8.

Illegitimate reproduction of protected program

1-Who illegitimately reproduce, publicize, or communicate to the public a program

informatics protected by law is punished with imprisonment for up to three years or with penalty

of fine.

2-On the same penalty incurs who illegitimately reproduces topography of a product

semiconductor or to explore commercially or import, for these purposes, a

topography or a semiconductor product manufactured from that topography.

3-A attempt is punishable.

Article 9.

Criminal association

1-Who to promote or funten group, organization or association whose purpose or

activity is directed to the practice of one or more of the crimes to which the present law is

applicable, is punishable with a prison sentence of one to five years.

2-On the same penalty intakes who is part of such groups, organizations or associations or

who to support them, namely by providing weapons, ammunition, crime instruments,

guard or venues for meetings, or any aid for recruiting new ones

elements.

3-Who to head or direct the groups, organisations or associations referred to in the figures

previous is punish-punished with imprisonment of two to eight years.

12

4-The sentences referred to may be specially mitigated or not take place the punishment if the

agent to prevent or seriously strive to prevent the continuation of the groups,

organizations or associations, or communicate to the authority their existence in such a way

be able to avoid the practice of crimes.

5-For the purposes of this Article, it is considered that there is a group, organisation or

association when it is concerned a set of at least three persons acting

concertedly during a certain period of time.

Article 10.

Criminal liability of legal persons and equiparated entities

Legal persons and equipared entities are penally responsible for the crimes

provided for in this Act in the terms and limits of the Accountability Regime provided for in the

Penal code.

Article 11.

Loss of goods

1-Without prejudice to the provisions of the Criminal Code in relation to the loss of instruments,

products and perks related to a crime, are always declared lost to

state for the State the objects, materials, equipment or devices that have

served for the practice of the crimes provided for in this Law and belong to the person who

has been condemned for its practice.

2-To the assessment, use, disposal and compensation of goods seized by the organs of

criminal police who are likely to come to be declared lost in favour of the

State shall apply the provisions of the Decree-Law No. 11/2007 of January 19.

CHAPTER III

Procedural provisions

Article 12.

Scope of the procedural provisions

1-The provisions of this Chapter shall apply to proceedings relating to crimes:

a) Provided for in this Law; or

13

b) Committed by means of an informatics system.

2-The provisions of this Chapter shall also apply to proceedings relating to crimes in

relation to which it is necessary to proceed to the collection of proof in electronic support,

with the exception of Articles 13 and 20, which only apply to such crimes to the extent in

that the same if they find themselves provided for in Article 187 of the Code of Criminal Procedure.

Article 13.

Transmission of traffic and location data and related data

The transmission of data kept under the Act No. 32/2008 of July 17 may be

ordered under the terms, conditions and circumstances provided for in that diploma.

Article 14.

Expedited preservation of data

1-If in the course of the procedure is necessary for the production of proof, with a view to

discovery of the truth, obtain specific computer data stored in a

computer system, including traffic data, in relation to which there is fear of

that they may lose themselves, change or cease to be available, the judicial authority

competent orders to whom they have availability or control of such data,

specifically the service provider, which preserves the data in question.

2-A preservation can also be ordered by the criminal police body upon

authorization of the competent judicial authority or when there is urgency or danger in the

delay, and the latter shall, in the latter case, give immediate news of the fact to the authority

judicial and to pass on the report provided for in Article 253 of the Code of Procedure

Penal.

3-A The order of preservation discriminates, under penalty of nullity:

a) The nature of the data;

b) Their origin and fate, if they are known; and

c) The length of time by which they should be preserved, up to a maximum of three

14

months.

4-In fulfillment of preservation order that is directed to you, who has

availability or control over such data, specifically the supplier of

service, immediately preserves the data in question, protecting and conserving its

integrity for the time fixed, so as to enable the competent judicial authority

your getting.

5-A competent judicial authority, or the criminal police body upon

authorization from that authority, may order the renewal of the measure for periods

subject to the limit set out in paragraph c) of paragraph 3, provided that the respective

admissibility requirements, up to the maximum limit of one year.

6-Addressing order of expedited preservation of data conserved under the Act

n ° 32/2008 of July 17 applies to you the provisions of that degree.

Article 15.

Expedited revelation of traffic data

With a view to ensuring the preservation of traffic data relating to a particular

communication, regardless of the number of service providers that in it

have participated, the service provider to whom such preservation has been ordered in the

terms of the previous article indicate to the judicial authority or the criminal police body, soon

that know it, other service providers through which that communication has

been carried out, with a view to allowing to identify all service providers and the route

through which that communication was carried out.

Article 16.

Injunction for presentation or grant of access to data

1-If in the course of the procedure it becomes necessary for the production of proof, with a view to

discovery of the truth, obtain specific and determined computer data,

stored in a given informatic system, the judicial authority

competent orders to whom they have availability or control of such data as the

communicate to the process or to allow access to them, under penalty of punishment

for disobedience.

2-A The order referred to in the preceding paragraph identifies as much as possible the data in

cause.

3-In fulfillment of the order described in paragraphs 1 and 2, who has availability or

15

control of such data communicates such data to the competent judicial authority or

allows, under penalty of punishment for disobedience, access to the informatics system where

the same are stored.

4-The provisions of this Article shall apply to suppliers of service, to whom it may be

ordered to communicate to the process data relating to their customers or

subscribers, in them if including any information other than the data relating to the

traffic or content, contained in the form of computer data or under any

another form, held by the service provider, and which allows to determine:

a) The type of communication service used, the technical measures taken to that

respect and the period of service;

b) The identity, postal or geographical biting and the telephone number of the

subscriber, and any other number of access, the data relating to

invoicing and payment, available on the basis of a contract or agreement of

services; or

c) Any other information on the location of the equipment of

communication, available on the basis of a contract or service agreement.

5-A injunction provided for in this article shall not be directed to suspect or defendants

in that process.

6-It cannot also make use of the injunction provided for in this article as to systems

computer used for the exercise of advocacy and medical activities and

bank.

Article 17.

Research of computer data

1-When in the course of the procedure it becomes necessary for the production of proof, having in

view the discovery of the truth, obtain specific and determined computer data,

stored in a particular informatic system, the competent judicial authority

authorizes or orders by dispatching that to proceed to a search in that system

informatics, and shall, where possible, preside over the diligence.

2-The order provided for in the preceding paragraph has a maximum shelf life of 30 days,

16

under penalty of nullity.

3-The criminal police body may proceed to research, without prior authorization from the

judicial authority, when:

a) The same is voluntarily consented by whoever has the availability or

control of such data, provided that the consent provided stays, by any

shape, documented;

b) In the cases of terrorism, violent or highly organized crime,

when there is fundata hints of the imminent practice of crime that puts in serious

risk the life or integrity of any person.

4-When the criminal police body shall proceed to research pursuant to the preceding paragraph:

a) In the case set out in paragraph b ), the realization of the due diligence is, under penalty of nullity,

immediately communicated to the competent judicial authority and by this

appreciated in order to its validation;

b) In any case, it is drawn up and referred to the competent judicial authority the

report provided for in Article 253 of the Code of Criminal Procedure.

5-When, in the course of research, reasons may arise to believe that the data sought if

they find in another computer system, or in a different part of the researched system,

but that such data is legitimately accessible from the initial system, the research

may be extended upon authorization or order from the competent authority, in the

terms of the n. ºs 1 and 2.

6-To the research referred to in this article are applicable, with the necessary adaptations, the

rules for the implementation of searches provided for in the Code of Criminal Procedure.

Article 18.

Seizure of computer data

1-When, in the course of a computer research or other legitimate access to a

computer system, data or computer documents are found

necessary for the production of proof, with a view to the discovery of the truth, the authority

competent judicial officer authorizes or orders by order the seizure of the same.

2-The criminal police body may carry out seizures, without prior authorization from the

judicial authority, in the course of legitimately ordered informatics and

17

performed under the previous article, as well as when there is urgency or danger in the

takes.

3-In case data or computer documents are seized whose content is

capable of revealing personal or intimate data, which may call into question the

privacy of the respective holder or third party, under penalty of nullity such data or

documents are presented to the judge, who will ponder his joining the autos having in

tells the interests of the concrete case.

4-seizures carried out by criminal police body are always subject to validation

by the judicial authority, within a maximum of 72 hours.

5-Apprehensions concerning computer systems used for the exercise of advocacy

and of the medical and banking activities are subject, with the necessary adaptations, to

rules and formalities provided for in the Code of Criminal Procedure.

6-A seizure of computer data, depending on whether it is more appropriate and proportional,

taking into account the interests of the concrete case, can, inter alia, rewear the

following forms:

a) Apprehension of the support where is installed the system or seizure of the support

where the computer data, as well as the devices are stored

necessary to the respective reading;

b) Realization of a copy of the data, in autonomous support, which will be joined by

process;

c) Preservation, by technological means, of the integrity of the data, without realization

of copying or removal from the same; or

d) Non-reversible deletion or blocking of access to data.

7-In the case of the seizure carried out under the terms of the paragraph b) from the previous number, the copy is

carried out in duplicate, being one of the copies sealed and entrusted to the judicial secretary

of the services where the process runs its terms and, if this is technically possible,

the seized data are certified by means of digital signature.

Article 19.

Seizure of electronic mail and records of communications of nature

similar

When, in the course of a computer research or other legitimate access to a system

informatics, they are found, stored in that computer system or in another to which

18

it is allowed for legitimate access from the first, e-mail messages or

records of communications of a similar nature, the judge may authorize or order, by

dispatch, the apprehension of those who are afflicted to be of great interest to the discovery

of the truth or for the proof, by applying correspondingly the regime of the seizure of

correspondence provided for in the Code of Criminal Procedure.

Article 20.

Interception of communications

1-A interception and the registration of computer data transmissions can only be

authorized during the investigation if there is reason to believe that the diligence is

indispensable for the discovery of the truth or that the proof would otherwise be

impossible or very difficult to obtain, by reasoned order of the judge of instruction

and upon application by the Prosecutor's Office.

2-A interception may be intended for the registration of data relating to the content of the

communications or to target only the collection and registration of traffic data, and the

dispatcher referred to in the preceding paragraph shall specify the respective scope, according to

the concrete needs of the research.

3-In the rest, it is applicable to the interception and registration of computer data transmissions o

Regime of interception and recording of talks or telephone communications

constant of Articles 187, 188 and 190 of the Code of Criminal Procedure.

Article 21.

Covert actions

1-It is permissible to appeal to the covert actions provided for in Law No. 101/2001, 25 of

August, pursuant to that provided for, in the course of inquiry concerning the following crimes:

a) Those provided for in this Law;

b) Those committed by means of an informatics system, when they correspond,

in the abstract, prison sentence of a maximum of more than five years or, even if

Penalty to be inferior, and being doleful, the crimes against liberty and

sexual self-determination in cases in which the offending are minor or

incapable, the crimes provided for in articles 218, 221 and 240 of the Criminal Code,

as well as the crimes enshrined in Title IV of the Author's Code of Law and

of the Conc Rights.

2-Being necessary the recourse to means and computer devices are observed, in that

that is applicable, the rules laid down for the interception of communications.

19

CHAPTER IV

International cooperation

Article 22.

Scope of international cooperation

The competent national authorities cooperate with the foreign authorities

competent for the purposes of investigations or procedures relating to crimes

related to systems or computer data, as well as for the purpose of collection of

proof, in electronic support, of a crime.

Article 23.

Permanent point of contact for international cooperation

1-For purposes of international cooperation, with a view to providing assistance

immediate to the effects referred to in the previous article, the Police Judiciary assures

maintenance of a structure that guarantees a point of contact available at

stay, 24 hours a day, seven days a week.

2-This point of contact can be contacted by other points of contact, in the

terms of agreements, treaties or conventions to which Portugal find itself bound, or

in compliance with protocols of international cooperation with bodies

judicial or police officers.

3-A The immediate assistance provided by this permanent point of contact includes:

a) The provision of technical advice to other points of contact;

b) The expedited preservation of data in cases of urgency or danger in the delay,

in accordance with the provisions of the following article;

c) The collection of evidence for which it is competent in cases of urgency or danger

in the delay;

d) The location of suspects and the provision of information of a legal character,

in cases of urgency or danger in the delay;

e) The immediate transmission to the Public Prosecutor's Office of requests concerning the measures

referred to in points b ) a d ), out of the cases provided for therein, with a view to their

quick execution.

4-Where it acts under the paragraphs b ) a d ) of the previous number, the Police Judiciary

20

gives immediate news of the fact to the Public Prosecutor's Office and refers you to the report provided by us

terms of Article 253 of the Code of Criminal Procedure.

Article 24.

Preservation and expeditious revelation of computer data in cooperation

international

1-Can be requested from Portugal for expedited preservation of computer data

stored in informatics system here located, relating to crimes provided for in the

article 12 with a view to the submission of a request for legal aid for the purposes of

research, seizure and disclosure of the same.

2-A specific request:

a) The authority that calls for preservation;

b) The offence which is the subject of investigation or criminal procedure, as well as

a brief exposure of the related facts;

c) The computer data to be kept and its relation to the offence;

d) All available information that allows to identify the responsible for the

computer data or the location of the informatics system;

e) The need for the preservation measure; and

f) The intention to submit an application for legal aid for the purposes of

research, seizure and disclosure of the data.

3-In execution of request of competent foreign authority under the terms of the

previous figures, the competent judicial authority orders to whom it has

availability or control of such data, specifically the service provider,

that preserve them.

4-A preservation may also be ordered by the Police Judiciary upon authorization

of the competent judicial authority or when there is urgency or danger in the delay,

being applicable, in the latter case, the provisions of paragraph 4 of the preceding Article.

5-A specific preservation order, under penalty of nullity:

a) The nature of the data;

b) If they are known, the origin and fate of them; and

c) The length of time by which the data is to be preserved, up to a maximum

21

of three months.

6-In fulfillment of preservation order that is directed to you, who has

availability or control of such data, specifically the service provider,

immediately preserves the data in question for the specified time period,

protecting and conserving their integrity.

7-A competent judicial authority, or the Judicial Police upon authorization

of that authority, may order the renewal of the measure by periods subject to the

limit set out in paragraph c ) of paragraph 5, provided that the respective requirements are checked

of admissibility, up to the maximum limit of one year.

8-When the application for aid referred to in paragraph 1, the judicial authority is submitted

competent for him to decide determines the preservation of the data until the adoption of a

final decision on the application.

9-The data preserved under this article may only be provided:

a) To the competent judicial authority, in execution of the application for aid referred to

in paragraph 1, on the same terms in which they could be able to be, in national case

similar, under the articles 15 to 19;

b) To the national authority that issued the order of preservation, on the same terms

in which they could be, in a similar national case, under Article 15 para.

10-A national authority to which, in the terms of the preceding paragraph, are communicated

traffic data identifiers of service provider and via the via of which the

communication has been carried out, communicates them quickly to the requesting authority, by

form to allow this authority the presentation of new preservation request

expedite of computer data.

11-The provisions of paragraphs 1 and 2 apply, with due adaptations, to applications

formulated by the Portuguese authorities.

Article 25.

Grounds for refusal

1-A request for preservation or expedited disclosure of computer data is refused

when:

a) The computer data in question respecting the offence of a political nature or

contravention related to the conceptions of Portuguese law;

22

b) To act against the sovereignty, security, public order or other interests of the

Portuguese republic, constitutionally defined.

2-A request for expedited preservation of computer data may still be refused

when there are founded reasons to believe that the execution of request for legal aid

subsequent for the purposes of research, seizure and disclosure of such data will be refused

by absence of verification of the requirement of double jeoparding.

Article 26.

Access to computer data in international cooperation

1-In execution of the request of competent foreign authority, the judicial authority

competent may proceed to the research, seizure and dissemination of computer data

stored in informatics system located in Portugal, relating to crimes

provided for in Article 12, when it comes to the situation in which research and seizure are

permissible in a similar national case.

2-A The competent judicial authority carries out as soon as possible when

there are reasons to believe that the computer data in question is especially

vulnerable to loss or modification or when rapid cooperation is planned

in applicable international instrument.

3-The provisions of paragraph 1 shall apply, with due adaptations, to the applications formulated by the

Portuguese judicial authorities.

Article 27.

Cross-border access to computer data stored when publicly

available or with consent

The competent foreign authorities, without a need for prior request to the authorities

Portuguese, can:

a) Access computer data stored in localized informatics system

in Portugal, when publicly available;

b) Receive or access, through computer-based system located in its territory, the

computer data stored in Portugal, upon legal consent and

volunteer of person legally authorized to disclose them.

23

Article 28.

Interception of communications in international cooperation

1-In execution of the request of the competent foreign authority, it may be authorised

by the judge the interception of transmissions of computer data carried out by way of a

informatics system located in Portugal, provided that this is planned in agreement,

treaty or international convention and deal with situation in which such an interception is

permissible under the terms of Article 20 in a similar national case.

2-It is competent for the receipt of applications for interception to the Judicial Police, which the

will present to the Public Prosecutor's Office, to present them to the judge of criminal instruction

of the comarch of Lisbon for authorization.

3-The order of authorization referred to in the preceding article also allows the transmission

immediate communication for the requesting State, if such a procedure is

provided for in the agreement, treaty or international convention on the basis of which the

request.

4-The provisions of paragraph 1 shall apply, with due adaptations, to the applications formulated

by the Portuguese judicial authorities.

CHAPTER V

Final and transitional provisions

Article 29.

Application in the space of Portuguese criminal law and jurisdiction of the courts

Portuguese

1-In addition to the provisions of the Criminal Code on enforcement in the area of criminal law

Portuguese, and unless treated or international convention to the contrary, for the purposes of

present law, the Portuguese criminal law is still applicable to facts:

a) Practiced by Portuguese, if the same is not applicable to the criminal law of

no other State;

b) Committed for the benefit of legal persons based in territory

Portuguese;

c) Physically practiced in Portuguese territory, yet they target systems

24

informatics located outside of that territory; or

d) To aim for computer systems located in Portuguese territory,

regardless of where these facts are physically practiced.

2-If, depending on the applicability of the Portuguese criminal law, they are simultaneously

competent to know about one of the crimes provided for in this Law the courts

Portuguese and the courts of another member state of the European Union, and may in

any of them being validly instituted or pursued the criminal procedure

on the basis of the same facts, the competent judicial authority resorts to the organs and

mechanisms instituted within the European Union to facilitate cooperation between the

judicial authorities of the Member States and the coordination of their respective actions,

by way of deciding which of the two states to instaure or pursue the procedure

against the agents of the offence, with a view to centralizing it in one of them.

3-A Decision of acceptance or transmission of the procedure is taken by the authority

competent judicial officer, taking into account, successively, the following elements:

a) The place where the offence was practiced;

b) The nationality of the author of the facts; and

c) The place where the author of the facts has been found.

4-They shall apply to the crimes provided for in this Law the general rules of competence of the

tribunals provided for in the Code of Criminal Procedure.

5-In case of doubt as to the territorially competent court, specifically

for not coincing the place where physically the agent has acted and the place where it is

physically installed the computer system targeted with its performance, the competence

it is up to the court where first there has been news of the facts.

Article 30.

General scheme applicable

In everything that does not contravene the provisions of this Law, they apply to the crimes, to the measures

procedural and international cooperation in criminal matters laid down in it, respectively,

the provisions of the Criminal Code, the Code of Criminal Procedure and the Act No. 144/99, 31 of

August.

Article 31.

25

Jurisdiction of the Police Judiciary for international cooperation

The competence conferred by this Law to the Police Judiciary for the purpose of cooperation

international is performed by the organic unit to whom it is committed to

investigation of the crimes provided for in this Law.

Article 32.

Protection of personal data

The processing of personal data under this Act takes place in accordance with the

provisions of Law No. 67/98 of October 26, being applicable, with the necessary

adaptations, the provisions of Chapter VI of that diploma.

Article 33.

Abrogation standard

It is repealed the Act No 109/91 of August 17.

Article 34.

Entry into force

This Law shall come into force 30 days after its publication.

Seen and approved in Council of Ministers of May 14, 2009

The Prime Minister

The Minister of the Presidency

The Minister of Parliamentary Affairs

26