Key Benefits:
1
PROPOSED LAW NO. 289 /X/4ª
Exhibition of Motives
The expansion of communication networks has made the Internet an omnipresent reality. All
the activities of modern societies and economies use the Internet for their support.
Citizens take place from the Internet in their daily lives and the states support it as a
their traditional functions. In this context, it was natural for the emergence of illegal activities
associated with communication networks, using them and exploiting their vulnerabilities,
thereby creating risks for the everyday use of computer media. The
cybercrime has therefore become a threat from modern times.
States have been adopting measures aiming at preventing and countering illegal practices and
abusive in the communication networks. Portugal has, since 1991, on impulse from the
recommendation R (89) 9 of the Council of Europe, a normative framework that aims to punish
what it called the computer crimes: the Law No. 109/91 of August 17. This
diploma, appropriate to the reality that was intended to regulate on the date on which it came into force,
for the course of nearly two decades, it has become loss-making.
In the information and communication networks have meanwhile emerged new realities that have
coming to be described and considered to be a crime by many other European legislations and
by international instruments. It is, for example, the case of the production or diffusion of viruses and
other malicious programmes, realities not yet enshrined in national law: in fact, in the
current normative framework, who to produce and / or spread viruses and other devices from this
nature will not incur, for these facts, in the practice of no crime, nor will it be punished by
that performance. Notwithstanding, it is soberly known to the harmfulness that results from the
production and diffusion of computer viruses by the communications networks. That's the reason for the
which many other legislations have opted for the criminalization of this activity, in the sequence,
incidentally, of the provision of Article 6 of the Convention on Cybercrime of the Council of Europe.
Council Decision-Framework No 2005 /222/JAI of February 24, 2005 on the
attacks on information systems, describes behaviours that should be
qualified as a crime, also obliging the creation of related standards, related
with such behaviors, achieves at the instigation, aid, complicity and attempt,
liability of legal persons, territorial competence and still exchange of
information. The transposition of the Framework Decision supposes, for legal planning
2
portuguese, the amendment to the computer crime regime, today provided for in the call
Computer Crime Act (the already mentioned Law No. 109/91 of August 17).
On November 23, 2001, Portugal signed the Convention on Cybercrime of the Council
of Europe, whose ratification process is now under way. The Convention is the
first and most important international background work on crime in cyberspace.
It has a universal vocation and is intended to come to be accepted by the generality of the countries of the
World. It intends to harmonize the various national legislations on the subject, to propitiate and
facilitate international cooperation and facilitate investigations of a criminal nature. Focuses
on material criminal law (defining crimes against confidentiality, integrity and
availability of computer systems, crimes referring to contents and crimes
committed by way of computer processing), but also includes procedural and
international judicial cooperation. The reception of the legislative obligations arising
of the Convention will also impose the amendment of the scheme currently beholstered.
The appropriateness to the legal framework of the Convention will bring with it, in particular, a
special advantage of membership in a European cooperation space, with police projection and
judicial. In concrete, it will also bring the possibility of, in processes taking place, to use
new forms of research and new avenues of cooperation, when it becomes necessary
to resort to international cooperation. These new ways of investigating and cooperating can
use themselves as to crimes provided for in the Convention, but also to investigate others
crimes, as long as committed by means of computer systems and still for any
type of crimes, as long as there is proof of the same in electronic form.
In generality, in structural terms, with respect to material criminal law, it may
to assert that the transposition of the Framework Decision No 2005 /222/JAI and the consecration of the
legal obligations resulting from the Convention assume only adjustments to the current
legislation on computer crime. The new forms of crime are stressed,
some of which already referred to and in relation to which the Portuguese legislation has been
considered loss-making.
Already in the field of criminal procedural law standards, the unsuitability of the legal order
national to the new realities to be implemented is superior. The recent revision of the Code of
Criminal procedure has opted for the limitation, in the abstract, of the possibility of the realization of
interceptions of telephone and electronic communications, not having included standards
special for the area of cybercrime. Thus, it is not planned to obtain data from
3
traffic nor the realization of interception of electronic communications in the investigation of
crimes not provided for in Article 187 of the Code of Criminal Procedure. Among them, they find-
if crimes provided for in Law No. 109/91, of August 17, as well as crimes against the
intellectual property committed by means of computer networks. The realization of
interceptions of electronic communications and, above all, the obtaining of traffic data,
are essential procedural tools in the process-crime in which crimes are investigated
committed by way of the communications networks, having this concern stayed mirrored in the
diploma that obliges communications operators to keep traffic data from the
its clients, with a view to their eventual need in criminal investigation-Law n. para.
32/2008, of July 17, which regulates the conservation of data generated or treated in the
context of the provision of electronic communications services. It matters thus to overcome the
current regime, so as to provide the criminal procedural system with standards permitting the
getting traffic data and conducting interceptions of communications in
investigations of crimes practiced in the virtual environment. It is what you intend to do by way of
of the law that now proposes itself.
It has chosen to condense into this degree all the standards relating to cybercrime and
not by proceeding with the amendment of the various legislative sources on the matter-in addition to the
Computer Crime Law, the Criminal Code, the Code of Criminal Procedure and the Law of
International Judicial Cooperation (Law No. 144/99 of August 31, with its
changes). It appears to be this the most consistent legislative option with the Portuguese tradition,
where they exist, specifically in the penal area, other structuring diplomas of subjects in the
specialty: so it happens with criminality related to narcotics, with the
crimes against the economy or with tax crime, whose criminal and procedural frameworks
specific criminal cases are set out in their own diploma. With respect to the rules
procedural, militancy in favour of this solution, there are still two other reasons: by a
side, the general inconvenience of seeing in structuring diplomas of the penal planning rules
special ones, only applicable to a very restricted plot of the types of illicit; on the other, the
practical convenience, for the judicial operators, to see systematized all the
normative pertaining to a specific sector of crime.
4
In short, as to the material criminal law, in fulfillment of the obligations assumed in the
scope of the Framework Decision and the Convention, there are now legislative amendments to
adjustment of the current regime.
So it is as to the definitions, included in Article 2, in which the concept of
"computer data", in replacement of the most limited concept and today insufficient
of "computer program". Definitions, modern and non-existing ones are added in
1991, from "service provider" and from "traffic data". Is changed the concept of " system
informatics ", which goes on to be more comprehensive, including in it, for example, devices
like mobile phones. Suest-if, for no sense in the face of the latter, the concept
of "computer network".
The liability of legal persons and various other rules of punishment of
natural and legal persons, it has opted for the revocation of the specific scheme created in
1991 a this purpose. In its place, it refers to the general regime of accountability of
legal persons, provided for in the Criminal Code. In this way the commitments are met
assumed by the Framework Decision and the Convention, in the same way as it is simplified the
normative framework, eliminating a special regime of accountability, created in 1991
by the absence of a general scheme, but now no longer justified, after the introduction of that
same general regime in the amendment of the Criminal Code operated in 2007.
As to the types of crime of computer damage, computer sabotage, illegitimate access and
illegitimate interception, adjustments were made in the wording, with a view on the one hand,
to update the legal text and, on the other, to enshrine new modalities of typical action.
By the purpose of jurisdictional competence, the Convention provides for an innovation in the face of what already
results from articles 4 and 5 of the Criminal Code, translated into the obligation of States
signatories if they declare themselves competent to pursue criminally,
regardless of the place of the practice of the facts, its national citizens, if the
infringement is punishable in the place where it was committed or is not within the competence of any
State. Even though this solution is not previously enshrined in Portuguese law, already if
predicts, for certain crimes the universal competence of Portuguese law.
In the framework of the procedural provisions, the expedited preservation of
data stored in a computer and the expedited preservation and revelation of data from
traffic, in fulfillment of the obligations resulting from Articles 16 and 17 of the Convention.
The mechanism of the injunction was introduced (cfr. article 18 of the Convention) and adapted the
regimes of the searches and seizures, already largely provided for in the criminal procedural law,
5
to the investigations of crimes committed in the virtual environment. In fact, the essence of these
procedural measures coincides, in the environment of cyberspace, with the classic forms of
search and seizure, of the criminal process. However, the way in which the search and apprehension are
described in the Code of Criminal Procedure required some suitability for these new realities.
Similarly, it has been adapted for this degree the interception scheme of
communications, provided for in the Code of Criminal Procedure for telephone communications. In the
true, the Code already provides for an extension of the regime of telephone interceptions to others
communications, for electronic example. However, such an extension does not solve the problem of
research of computer crimes or related to informatics, because the scope
of application of this scheme, by way of extension, is the same of the telephone interceptions.
It becomes necessary to cover computer crimes in general, as well as those
committed by way of computers, thus motivating the creation of special standard. This
norm adopts in general the rules of the Code of Criminal Procedure, which is adapted in function
of the specificity of the crimes to which, by way of this new law, is applicable.
The adoption, for the investigation of computer crimes, of special procedural measures,
means necessarily a compression of the freedoms of citizens in cyberspace. Is
obvious to all the enormous advantage of the existence of a free space and practically
deregulated, where each can freely communicate, inform and inform, as well as
-and perhaps above all-, express yourself and express yourself without censorship or
embarrassments. The truth, however, is that no one is alhething to the emerging realities
criminal, opposing signal, which benefit from the massive, effective communication capacity
and of reduced cost, choosing its victims almost indiscriminately, by
the whole World, resguarding themselves from the authorities behind the border, anonymity and the
technical complexity. If it is true that the Internet is not owned by anyone, also the
is that no one is directly responsible for it or for what occurs in it. Don't have
seat, nor location, where they can locate their responsible. Modern laws have to
treat properly the new criminogenic realities, incriminating them and endowing them
competent entities of the tools necessary for their investigation and trial.
It is finally refirming that in the area of international cooperation it refers, as a rule, to
legal regimes already in place. In addition, it is assumed that the Portuguese authorities can
6
request international cooperation-and also receive and execute requests for cooperation
coming from foreign authorities-, under the same conditions and circumstances in which
would act if the criminal facts were being investigated in Portugal. Creates a
permanent point of contact 24 hours / 7dias, within the Judiciary Police, to which
compete to ensure, as to the matter to which respect this proposed law, an essential role
in the emerging international cooperation.
The Attorney General of the Republic, the Superior Council of Magistrature and
the National Data Protection Commission.
The hearing of the Order of Lawyers was promoted.
The hearing of the Higher Council of the Public Prosecutor's Office should be triggered.
Thus:
Under the terms of the paragraph d) of Article 197 (1) of the Constitution, the Government presents to the
Assembly of the Republic the following proposal for a law:
CHAPTER I
Object and definitions
Article 1.
Subject
This Law sets out the material and procedural criminal provisions as well as the
provisions relating to international cooperation in criminal matters, concerning the field of
cybercrime and the collection of proof in electronic support, by transposing into the legal order
internal to Council Decision-Table No 2005 /222/JAI of the Council of February 24, 2005,
on attacks on information systems, and by adapting domestic law to
Convention on Cybercrime of the Council of Europe.
Article 2.
Definitions
For the purposes of this Law, it shall be deemed to be:
a) "Computer system", any device or set of devices
interconnected or associated, in which one or more of between them develops, in
7
implementation of a programme, the automated processing of computer data,
as well as the network that supports the communication between them and the dataset
computer stored, processed, retrieved or transmitted by the one or
those devices, with a view to their operation, use, protection
and maintenance;
b) "computer data" means any representation of facts, information or
concepts in a susceptible form of processing in a system
informatics, including the programmes apt to make an informatics system
perform a function;
c) "Traffic data", the computer data related to a communication
carried out by means of an informatics system, generated by this system as
element of a communication chain, indicating the origin of the communication,
the destination, the path, the time, the date, size, duration or type of the service
underlying;
d) "Supplier of service", any entity, public or private, which provides the
users of their services the possibility to communicate by means of a
computer system, as well as any other entity that treats or stores
computer data in the name and on account of that entity supplier of
service or the respective users;
e) 'Interception', the act aimed at capturing information contained in a system
informatics, through electromagnetic, acoustic, mechanical devices or
others;
f) "Topography", a series of images among themselves linked, regardless of the
mode as they are fixed or encoded, which represent the configuration
three-dimensional of the layers that make up a semiconductor product and in which
each image reproduces the drawing or part of it from a surface of the product
semiconductor, regardless of the phase of the respective manufacture;
g) "Semiconductor product", the final or intermediate form of any product,
comprised of a substrate that includes a layer of semiconductor material and
made up of one or several layers of conductive materials, insulating or
semiconductor, second a provision as per a configuration
three-dimensional and intended to fulfill, exclusively or not, a function
electronics.
8
CHAPTER II
Material penal provisions
Article 3.
Computer falsity
1-Who, with the intention of causing deception in legal relations, to introduce, modify,
erase or suppress computer data or for any other way interfere with a
computer processing of data, producing data or non-genuine documents,
with the intention that these are considered or used for purposes
legally relevant as if they were, is punishable with imprisonment up to five
years or a fine of 120 a to 600 days.
2-When the actions described in the preceding paragraph incidirem on the recorded data
or incorporated into a payment bank card or any other device
that allows access to system or means of payment, the communications system or
the conditioned access service, the penalty is for one to five years in prison.
3-Who, acting with an intention to cause injury to be heard or to obtain a benefit
illegitimate, for you or third party, use document produced from data
computer which have been the subject of the acts referred to in paragraph 1 or card or other
device in which they are found to be registered or incorporated the data subject of the
acts referred to in the preceding paragraph, shall be punished with the penalties provided in one and another
number, respectively.
4-Who to import, distribute, sell or detain for commercial purposes any device
that allows access to system or means of payment, the communications system or
the conditioned access service, on which any of the
actions provided for in paragraph 2, is punish-punished with imprisonment of one to five years.
5-If the facts referred to in the preceding paragraphs are practiced by employee in the
exercise of their duties, the penalty is for imprisonment of two to five years.
Article 4.
Damage relating to programmes or other computer data
1-Who, without legal permission or without to so much be authorized by the owner, by
another holder of the right of the system or part of it, erase, alter, destroy, in the whole or
9
in part, damage, suppress or render non-usable or non-accessible programs or
other computer data alheios or by any way affect them the ability to
use, is punished with imprisonment for up to three years or penalty of fine.
2-On the same penalty incuri who illegitimately produce, sell, distribute or by
any other way to disseminate or introduce in one or more computer systems
devices, programmes or other computer data intended to produce the shares
unauthorized described in the previous number.
3-If the damage caused is of high value, the penalty is for imprisonment up to five years or of
fine up to 600 days.
4-If the damage caused is of considerably high value, the penalty is for the arrest of a
to 10 years.
5-With the exception of the cases provided for in paragraph 2, the attempt is punishable.
6-In cases provided for in paragraphs 1, 3 and 5 the criminal procedure depends on the complaint.
Article 5.
Computer sabotage
1-Who, without legal permission or without to so much be authorized by the owner, by
other proprietor of the right of the system or part of it, hinder, prevent, interrupt or
disrupt the operation of a computer system, through the introduction,
transmission, deterioration, damage, alteration, erasure, impediment of access
or deletion of programs or other computer data or in any other way
of interference in computer system, is punish-punished by up to five years
or with penalty of fine up to 600 days.
2-On the same penalty incuri who illegitimately produce, sell, distribute or by
any other way to disseminate or introduce in one or more computer systems
devices, programmes or other computer data intended to produce the shares
unauthorized described in the previous number.
3-A sentence is imprisonment of one to five years if the emerging damage of the disturbance is to
high value.
4-A The sentence is the one to 10 years imprisonment if:
a) The emerging damage of the disturbance is of considerably high value;
10
b) The disturbance caused to hit in a serious or lasting way a system
informatics that supports an activity aimed at ensuring social functions
criticism, particularly supply chains, health, safety and the
economic well-being of people, or the smooth functioning of services
public.
5-With the exception of the cases provided for in paragraph 2, the attempt is punishable.
Article 6.
Illegitimate access
1-Who, without legal permission or without to so much be authorized by the owner, by
another holder of the right of the system or part of it, in any way access to a
computer system, is punished with imprisonment for up to one year or with penalty of fine up to
120 days.
2-On the same penalty incuri who illegitimately produce, sell, distribute or by
any other way to disseminate or introduce in one or more computer systems
devices, programs, an executable set of instructions, a code or other
computer data intended to produce the unauthorised shares described in the number
previous.
3-A sentence is imprisonment up to three years or a fine if access is achieved through
violation of security rules.
4-A The sentence is the one to five years imprisonment when:
a) Through access, the agent has taken knowledge of commercial secrecy
or industrial or confidential data, protected by law; or
b) The earned benefit or advantage are of value
considerably high.
5-With the exception of the cases provided for in paragraph 2, the attempt is punishable.
6-In cases provided for in paragraph 1, 3 and 5 the criminal procedure depends on complaint.
Article 7.
Illegitimate interception
11
1-Who, without legal permission or without to so much be authorized by the owner, by
another holder of the right of the system or part of it, and through technical means,
intercept transmissions of computer data that ensue in the interior of a
computer system, to him intended or from it, is punish-punished
imprisonment up to three years or with penalty of fine.
2-A attempt is punishable.
3-It incurs the same penalty provided for in paragraph 1 who illegitimately produces, sells,
distribute or by any other way disseminate or introduce in one or more systems
computer devices, programmes or other computer data intended for
produce the unauthorised shares described in the same number.
Article 8.
Illegitimate reproduction of protected program
1-Who illegitimately reproduce, publicize, or communicate to the public a program
informatics protected by law is punished with imprisonment for up to three years or with penalty
of fine.
2-On the same penalty incurs who illegitimately reproduces topography of a product
semiconductor or to explore commercially or import, for these purposes, a
topography or a semiconductor product manufactured from that topography.
3-A attempt is punishable.
Article 9.
Criminal association
1-Who to promote or funten group, organization or association whose purpose or
activity is directed to the practice of one or more of the crimes to which the present law is
applicable, is punishable with a prison sentence of one to five years.
2-On the same penalty intakes who is part of such groups, organizations or associations or
who to support them, namely by providing weapons, ammunition, crime instruments,
guard or venues for meetings, or any aid for recruiting new ones
elements.
3-Who to head or direct the groups, organisations or associations referred to in the figures
previous is punish-punished with imprisonment of two to eight years.
12
4-The sentences referred to may be specially mitigated or not take place the punishment if the
agent to prevent or seriously strive to prevent the continuation of the groups,
organizations or associations, or communicate to the authority their existence in such a way
be able to avoid the practice of crimes.
5-For the purposes of this Article, it is considered that there is a group, organisation or
association when it is concerned a set of at least three persons acting
concertedly during a certain period of time.
Article 10.
Criminal liability of legal persons and equiparated entities
Legal persons and equipared entities are penally responsible for the crimes
provided for in this Act in the terms and limits of the Accountability Regime provided for in the
Penal code.
Article 11.
Loss of goods
1-Without prejudice to the provisions of the Criminal Code in relation to the loss of instruments,
products and perks related to a crime, are always declared lost to
state for the State the objects, materials, equipment or devices that have
served for the practice of the crimes provided for in this Law and belong to the person who
has been condemned for its practice.
2-To the assessment, use, disposal and compensation of goods seized by the organs of
criminal police who are likely to come to be declared lost in favour of the
State shall apply the provisions of the Decree-Law No. 11/2007 of January 19.
CHAPTER III
Procedural provisions
Article 12.
Scope of the procedural provisions
1-The provisions of this Chapter shall apply to proceedings relating to crimes:
a) Provided for in this Law; or
13
b) Committed by means of an informatics system.
2-The provisions of this Chapter shall also apply to proceedings relating to crimes in
relation to which it is necessary to proceed to the collection of proof in electronic support,
with the exception of Articles 13 and 20, which only apply to such crimes to the extent in
that the same if they find themselves provided for in Article 187 of the Code of Criminal Procedure.
Article 13.
Transmission of traffic and location data and related data
The transmission of data kept under the Act No. 32/2008 of July 17 may be
ordered under the terms, conditions and circumstances provided for in that diploma.
Article 14.
Expedited preservation of data
1-If in the course of the procedure is necessary for the production of proof, with a view to
discovery of the truth, obtain specific computer data stored in a
computer system, including traffic data, in relation to which there is fear of
that they may lose themselves, change or cease to be available, the judicial authority
competent orders to whom they have availability or control of such data,
specifically the service provider, which preserves the data in question.
2-A preservation can also be ordered by the criminal police body upon
authorization of the competent judicial authority or when there is urgency or danger in the
delay, and the latter shall, in the latter case, give immediate news of the fact to the authority
judicial and to pass on the report provided for in Article 253 of the Code of Procedure
Penal.
3-A The order of preservation discriminates, under penalty of nullity:
a) The nature of the data;
b) Their origin and fate, if they are known; and
c) The length of time by which they should be preserved, up to a maximum of three
14
months.
4-In fulfillment of preservation order that is directed to you, who has
availability or control over such data, specifically the supplier of
service, immediately preserves the data in question, protecting and conserving its
integrity for the time fixed, so as to enable the competent judicial authority
your getting.
5-A competent judicial authority, or the criminal police body upon
authorization from that authority, may order the renewal of the measure for periods
subject to the limit set out in paragraph c) of paragraph 3, provided that the respective
admissibility requirements, up to the maximum limit of one year.
6-Addressing order of expedited preservation of data conserved under the Act
n ° 32/2008 of July 17 applies to you the provisions of that degree.
Article 15.
Expedited revelation of traffic data
With a view to ensuring the preservation of traffic data relating to a particular
communication, regardless of the number of service providers that in it
have participated, the service provider to whom such preservation has been ordered in the
terms of the previous article indicate to the judicial authority or the criminal police body, soon
that know it, other service providers through which that communication has
been carried out, with a view to allowing to identify all service providers and the route
through which that communication was carried out.
Article 16.
Injunction for presentation or grant of access to data
1-If in the course of the procedure it becomes necessary for the production of proof, with a view to
discovery of the truth, obtain specific and determined computer data,
stored in a given informatic system, the judicial authority
competent orders to whom they have availability or control of such data as the
communicate to the process or to allow access to them, under penalty of punishment
for disobedience.
2-A The order referred to in the preceding paragraph identifies as much as possible the data in
cause.
3-In fulfillment of the order described in paragraphs 1 and 2, who has availability or
15
control of such data communicates such data to the competent judicial authority or
allows, under penalty of punishment for disobedience, access to the informatics system where
the same are stored.
4-The provisions of this Article shall apply to suppliers of service, to whom it may be
ordered to communicate to the process data relating to their customers or
subscribers, in them if including any information other than the data relating to the
traffic or content, contained in the form of computer data or under any
another form, held by the service provider, and which allows to determine:
a) The type of communication service used, the technical measures taken to that
respect and the period of service;
b) The identity, postal or geographical biting and the telephone number of the
subscriber, and any other number of access, the data relating to
invoicing and payment, available on the basis of a contract or agreement of
services; or
c) Any other information on the location of the equipment of
communication, available on the basis of a contract or service agreement.
5-A injunction provided for in this article shall not be directed to suspect or defendants
in that process.
6-It cannot also make use of the injunction provided for in this article as to systems
computer used for the exercise of advocacy and medical activities and
bank.
Article 17.
Research of computer data
1-When in the course of the procedure it becomes necessary for the production of proof, having in
view the discovery of the truth, obtain specific and determined computer data,
stored in a particular informatic system, the competent judicial authority
authorizes or orders by dispatching that to proceed to a search in that system
informatics, and shall, where possible, preside over the diligence.
2-The order provided for in the preceding paragraph has a maximum shelf life of 30 days,
16
under penalty of nullity.
3-The criminal police body may proceed to research, without prior authorization from the
judicial authority, when:
a) The same is voluntarily consented by whoever has the availability or
control of such data, provided that the consent provided stays, by any
shape, documented;
b) In the cases of terrorism, violent or highly organized crime,
when there is fundata hints of the imminent practice of crime that puts in serious
risk the life or integrity of any person.
4-When the criminal police body shall proceed to research pursuant to the preceding paragraph:
a) In the case set out in paragraph b ), the realization of the due diligence is, under penalty of nullity,
immediately communicated to the competent judicial authority and by this
appreciated in order to its validation;
b) In any case, it is drawn up and referred to the competent judicial authority the
report provided for in Article 253 of the Code of Criminal Procedure.
5-When, in the course of research, reasons may arise to believe that the data sought if
they find in another computer system, or in a different part of the researched system,
but that such data is legitimately accessible from the initial system, the research
may be extended upon authorization or order from the competent authority, in the
terms of the n. ºs 1 and 2.
6-To the research referred to in this article are applicable, with the necessary adaptations, the
rules for the implementation of searches provided for in the Code of Criminal Procedure.
Article 18.
Seizure of computer data
1-When, in the course of a computer research or other legitimate access to a
computer system, data or computer documents are found
necessary for the production of proof, with a view to the discovery of the truth, the authority
competent judicial officer authorizes or orders by order the seizure of the same.
2-The criminal police body may carry out seizures, without prior authorization from the
judicial authority, in the course of legitimately ordered informatics and
17
performed under the previous article, as well as when there is urgency or danger in the
takes.
3-In case data or computer documents are seized whose content is
capable of revealing personal or intimate data, which may call into question the
privacy of the respective holder or third party, under penalty of nullity such data or
documents are presented to the judge, who will ponder his joining the autos having in
tells the interests of the concrete case.
4-seizures carried out by criminal police body are always subject to validation
by the judicial authority, within a maximum of 72 hours.
5-Apprehensions concerning computer systems used for the exercise of advocacy
and of the medical and banking activities are subject, with the necessary adaptations, to
rules and formalities provided for in the Code of Criminal Procedure.
6-A seizure of computer data, depending on whether it is more appropriate and proportional,
taking into account the interests of the concrete case, can, inter alia, rewear the
following forms:
a) Apprehension of the support where is installed the system or seizure of the support
where the computer data, as well as the devices are stored
necessary to the respective reading;
b) Realization of a copy of the data, in autonomous support, which will be joined by
process;
c) Preservation, by technological means, of the integrity of the data, without realization
of copying or removal from the same; or
d) Non-reversible deletion or blocking of access to data.
7-In the case of the seizure carried out under the terms of the paragraph b) from the previous number, the copy is
carried out in duplicate, being one of the copies sealed and entrusted to the judicial secretary
of the services where the process runs its terms and, if this is technically possible,
the seized data are certified by means of digital signature.
Article 19.
Seizure of electronic mail and records of communications of nature
similar
When, in the course of a computer research or other legitimate access to a system
informatics, they are found, stored in that computer system or in another to which
18
it is allowed for legitimate access from the first, e-mail messages or
records of communications of a similar nature, the judge may authorize or order, by
dispatch, the apprehension of those who are afflicted to be of great interest to the discovery
of the truth or for the proof, by applying correspondingly the regime of the seizure of
correspondence provided for in the Code of Criminal Procedure.
Article 20.
Interception of communications
1-A interception and the registration of computer data transmissions can only be
authorized during the investigation if there is reason to believe that the diligence is
indispensable for the discovery of the truth or that the proof would otherwise be
impossible or very difficult to obtain, by reasoned order of the judge of instruction
and upon application by the Prosecutor's Office.
2-A interception may be intended for the registration of data relating to the content of the
communications or to target only the collection and registration of traffic data, and the
dispatcher referred to in the preceding paragraph shall specify the respective scope, according to
the concrete needs of the research.
3-In the rest, it is applicable to the interception and registration of computer data transmissions o
Regime of interception and recording of talks or telephone communications
constant of Articles 187, 188 and 190 of the Code of Criminal Procedure.
Article 21.
Covert actions
1-It is permissible to appeal to the covert actions provided for in Law No. 101/2001, 25 of
August, pursuant to that provided for, in the course of inquiry concerning the following crimes:
a) Those provided for in this Law;
b) Those committed by means of an informatics system, when they correspond,
in the abstract, prison sentence of a maximum of more than five years or, even if
Penalty to be inferior, and being doleful, the crimes against liberty and
sexual self-determination in cases in which the offending are minor or
incapable, the crimes provided for in articles 218, 221 and 240 of the Criminal Code,
as well as the crimes enshrined in Title IV of the Author's Code of Law and
of the Conc Rights.
2-Being necessary the recourse to means and computer devices are observed, in that
that is applicable, the rules laid down for the interception of communications.
19
CHAPTER IV
International cooperation
Article 22.
Scope of international cooperation
The competent national authorities cooperate with the foreign authorities
competent for the purposes of investigations or procedures relating to crimes
related to systems or computer data, as well as for the purpose of collection of
proof, in electronic support, of a crime.
Article 23.
Permanent point of contact for international cooperation
1-For purposes of international cooperation, with a view to providing assistance
immediate to the effects referred to in the previous article, the Police Judiciary assures
maintenance of a structure that guarantees a point of contact available at
stay, 24 hours a day, seven days a week.
2-This point of contact can be contacted by other points of contact, in the
terms of agreements, treaties or conventions to which Portugal find itself bound, or
in compliance with protocols of international cooperation with bodies
judicial or police officers.
3-A The immediate assistance provided by this permanent point of contact includes:
a) The provision of technical advice to other points of contact;
b) The expedited preservation of data in cases of urgency or danger in the delay,
in accordance with the provisions of the following article;
c) The collection of evidence for which it is competent in cases of urgency or danger
in the delay;
d) The location of suspects and the provision of information of a legal character,
in cases of urgency or danger in the delay;
e) The immediate transmission to the Public Prosecutor's Office of requests concerning the measures
referred to in points b ) a d ), out of the cases provided for therein, with a view to their
quick execution.
4-Where it acts under the paragraphs b ) a d ) of the previous number, the Police Judiciary
20
gives immediate news of the fact to the Public Prosecutor's Office and refers you to the report provided by us
terms of Article 253 of the Code of Criminal Procedure.
Article 24.
Preservation and expeditious revelation of computer data in cooperation
international
1-Can be requested from Portugal for expedited preservation of computer data
stored in informatics system here located, relating to crimes provided for in the
article 12 with a view to the submission of a request for legal aid for the purposes of
research, seizure and disclosure of the same.
2-A specific request:
a) The authority that calls for preservation;
b) The offence which is the subject of investigation or criminal procedure, as well as
a brief exposure of the related facts;
c) The computer data to be kept and its relation to the offence;
d) All available information that allows to identify the responsible for the
computer data or the location of the informatics system;
e) The need for the preservation measure; and
f) The intention to submit an application for legal aid for the purposes of
research, seizure and disclosure of the data.
3-In execution of request of competent foreign authority under the terms of the
previous figures, the competent judicial authority orders to whom it has
availability or control of such data, specifically the service provider,
that preserve them.
4-A preservation may also be ordered by the Police Judiciary upon authorization
of the competent judicial authority or when there is urgency or danger in the delay,
being applicable, in the latter case, the provisions of paragraph 4 of the preceding Article.
5-A specific preservation order, under penalty of nullity:
a) The nature of the data;
b) If they are known, the origin and fate of them; and
c) The length of time by which the data is to be preserved, up to a maximum
21
of three months.
6-In fulfillment of preservation order that is directed to you, who has
availability or control of such data, specifically the service provider,
immediately preserves the data in question for the specified time period,
protecting and conserving their integrity.
7-A competent judicial authority, or the Judicial Police upon authorization
of that authority, may order the renewal of the measure by periods subject to the
limit set out in paragraph c ) of paragraph 5, provided that the respective requirements are checked
of admissibility, up to the maximum limit of one year.
8-When the application for aid referred to in paragraph 1, the judicial authority is submitted
competent for him to decide determines the preservation of the data until the adoption of a
final decision on the application.
9-The data preserved under this article may only be provided:
a) To the competent judicial authority, in execution of the application for aid referred to
in paragraph 1, on the same terms in which they could be able to be, in national case
similar, under the articles 15 to 19;
b) To the national authority that issued the order of preservation, on the same terms
in which they could be, in a similar national case, under Article 15 para.
10-A national authority to which, in the terms of the preceding paragraph, are communicated
traffic data identifiers of service provider and via the via of which the
communication has been carried out, communicates them quickly to the requesting authority, by
form to allow this authority the presentation of new preservation request
expedite of computer data.
11-The provisions of paragraphs 1 and 2 apply, with due adaptations, to applications
formulated by the Portuguese authorities.
Article 25.
Grounds for refusal
1-A request for preservation or expedited disclosure of computer data is refused
when:
a) The computer data in question respecting the offence of a political nature or
contravention related to the conceptions of Portuguese law;
22
b) To act against the sovereignty, security, public order or other interests of the
Portuguese republic, constitutionally defined.
2-A request for expedited preservation of computer data may still be refused
when there are founded reasons to believe that the execution of request for legal aid
subsequent for the purposes of research, seizure and disclosure of such data will be refused
by absence of verification of the requirement of double jeoparding.
Article 26.
Access to computer data in international cooperation
1-In execution of the request of competent foreign authority, the judicial authority
competent may proceed to the research, seizure and dissemination of computer data
stored in informatics system located in Portugal, relating to crimes
provided for in Article 12, when it comes to the situation in which research and seizure are
permissible in a similar national case.
2-A The competent judicial authority carries out as soon as possible when
there are reasons to believe that the computer data in question is especially
vulnerable to loss or modification or when rapid cooperation is planned
in applicable international instrument.
3-The provisions of paragraph 1 shall apply, with due adaptations, to the applications formulated by the
Portuguese judicial authorities.
Article 27.
Cross-border access to computer data stored when publicly
available or with consent
The competent foreign authorities, without a need for prior request to the authorities
Portuguese, can:
a) Access computer data stored in localized informatics system
in Portugal, when publicly available;
b) Receive or access, through computer-based system located in its territory, the
computer data stored in Portugal, upon legal consent and
volunteer of person legally authorized to disclose them.
23
Article 28.
Interception of communications in international cooperation
1-In execution of the request of the competent foreign authority, it may be authorised
by the judge the interception of transmissions of computer data carried out by way of a
informatics system located in Portugal, provided that this is planned in agreement,
treaty or international convention and deal with situation in which such an interception is
permissible under the terms of Article 20 in a similar national case.
2-It is competent for the receipt of applications for interception to the Judicial Police, which the
will present to the Public Prosecutor's Office, to present them to the judge of criminal instruction
of the comarch of Lisbon for authorization.
3-The order of authorization referred to in the preceding article also allows the transmission
immediate communication for the requesting State, if such a procedure is
provided for in the agreement, treaty or international convention on the basis of which the
request.
4-The provisions of paragraph 1 shall apply, with due adaptations, to the applications formulated
by the Portuguese judicial authorities.
CHAPTER V
Final and transitional provisions
Article 29.
Application in the space of Portuguese criminal law and jurisdiction of the courts
Portuguese
1-In addition to the provisions of the Criminal Code on enforcement in the area of criminal law
Portuguese, and unless treated or international convention to the contrary, for the purposes of
present law, the Portuguese criminal law is still applicable to facts:
a) Practiced by Portuguese, if the same is not applicable to the criminal law of
no other State;
b) Committed for the benefit of legal persons based in territory
Portuguese;
c) Physically practiced in Portuguese territory, yet they target systems
24
informatics located outside of that territory; or
d) To aim for computer systems located in Portuguese territory,
regardless of where these facts are physically practiced.
2-If, depending on the applicability of the Portuguese criminal law, they are simultaneously
competent to know about one of the crimes provided for in this Law the courts
Portuguese and the courts of another member state of the European Union, and may in
any of them being validly instituted or pursued the criminal procedure
on the basis of the same facts, the competent judicial authority resorts to the organs and
mechanisms instituted within the European Union to facilitate cooperation between the
judicial authorities of the Member States and the coordination of their respective actions,
by way of deciding which of the two states to instaure or pursue the procedure
against the agents of the offence, with a view to centralizing it in one of them.
3-A Decision of acceptance or transmission of the procedure is taken by the authority
competent judicial officer, taking into account, successively, the following elements:
a) The place where the offence was practiced;
b) The nationality of the author of the facts; and
c) The place where the author of the facts has been found.
4-They shall apply to the crimes provided for in this Law the general rules of competence of the
tribunals provided for in the Code of Criminal Procedure.
5-In case of doubt as to the territorially competent court, specifically
for not coincing the place where physically the agent has acted and the place where it is
physically installed the computer system targeted with its performance, the competence
it is up to the court where first there has been news of the facts.
Article 30.
General scheme applicable
In everything that does not contravene the provisions of this Law, they apply to the crimes, to the measures
procedural and international cooperation in criminal matters laid down in it, respectively,
the provisions of the Criminal Code, the Code of Criminal Procedure and the Act No. 144/99, 31 of
August.
Article 31.
25
Jurisdiction of the Police Judiciary for international cooperation
The competence conferred by this Law to the Police Judiciary for the purpose of cooperation
international is performed by the organic unit to whom it is committed to
investigation of the crimes provided for in this Law.
Article 32.
Protection of personal data
The processing of personal data under this Act takes place in accordance with the
provisions of Law No. 67/98 of October 26, being applicable, with the necessary
adaptations, the provisions of Chapter VI of that diploma.
Article 33.
Abrogation standard
It is repealed the Act No 109/91 of August 17.
Article 34.
Entry into force
This Law shall come into force 30 days after its publication.
Seen and approved in Council of Ministers of May 14, 2009
The Prime Minister
The Minister of the Presidency
The Minister of Parliamentary Affairs
26