1

PROPOSED LAW NO. 278 /X

Exhibition of Motives

The new Criminal Investigation Organization Act (Law No. 49/2008 of August 27)

came to clarify that the integrated criminal information system, the creation of which was found

expected, from the beginning, in Law No. 21/2000 of August 10, it does not correspond to a base

of single data, resulting before the establishment, by the technological means

appropriate, of an effective interoperability between the information systems of the various

organs of criminal police.

It is simply a matter of ensuring the duty of mutual cooperation between the police bodies

criminal, specifically at the level of the sharing of information, according to the

needs and competences of each of them and always with safeguarding of the regimes of the

secret of justice and the secret of state.

It is now regulated, pursuant to Article 11 of the Criminal Investigation Organization Act,

sharing and access to information, by access levels, in the scope of each police body

criminal, adopting the necessary arrangements to legally frame the

implementation of a platform for the exchange of criminal information.

For this purpose, the technical architecture of the new working tool is defined

collaborative, as well as the responsibilities of the intervening entities, the rules to

adopt in the matter of data processing and guardia of the fundamental rights of persons

to whom they concern the data and information and the indispensable mechanisms of

supervision.

To the Secretary General of the Internal Security System fit, in accordance with point (s) c) from the

n. 2 and with Article 15 (4) of the Criminal Investigation Organization Act, velar

by sharing information, ensuring the functioning and access of all organs

2

of criminal police to the integrated criminal information system, without accessing prosecutions-

crime or the constant elements of these processes and of the databases themselves.

The National Data Protection Commission was heard.

Consultations should be triggered to the Higher Council of the Magistrature, to the Council

Superior of the Public Prosecutor's Office and the Order of Lawyers.

Thus:

Under the terms of the paragraph d) of Article 197 (1) of the Constitution, the Government presents to the

Assembly of the Republic the following proposal for a law:

Title I

Object and definitions

Article 1.

Subject

This Act approves the conditions and procedures to be applied to institute the system

integrated criminal information, in accordance with the provisions of Article 11 of the Law

n. 49/2008 of August 27 through the implementation of a platform for the

exchange of criminal information that ensures effective interoperability between

systems for information of the criminal police organs.

Article 2.

Platform for the exchange of criminal information

1-The platform for the exchange of criminal information by electronic means is created

between the criminal police organs, ahead abbreviately designated by platform.

2-A The platform is designed to ensure a high level of safety in the

exchange of criminal information between the criminal police bodies, for the purposes of

3

carrying out actions for prevention and criminal investigation with a view to strengthening the

prevention and criminal repression.

Article 3.

Principles

1-The information systems of the criminal police organs are independent of one

other and managed by each competent entity in accordance with the legal framework

specifically applicable, and shall, however, be adopted all measures

necessary to ensure the interoperability regulated by this Law, with a view to

enabling the sharing of information through the platform.

2-The elements of the criminal police bodies and the judicial authorities duly

authorized have access to criminal information contained in the information systems to

referring to the preceding paragraph in respect of the subjects which, by the way of

respective assignments and competencies, have, in each case, need to

meet.

3-Access to information systems and the processing of the subjects collected therein do

if in accordance with the provisions of this Law and in the other applicable legislation.

4-The persons who, in the exercise of their duties, have had access to the systems of

information from criminal police bodies are bound to professional secrecy, even

after the term of those.

Title II

Exchange of data and information

Article 4.

Composition of the platform

1-The platform for the exchange of criminal information is to ensure:

4

a) The safety component;

b) A uniform access interface for each criminal police organ;

c) A database of support for the interface and uniform access to information

criminal;

d) A component of indexing, research, and data relationship.

2-The communications necessary for the smooth operation of the platform are carried out

in a dedicated sci-free virtual network.

Article 5.

Responsibilities

1-Compete to the Secretary General of the Internal Security System guarantee the

implementation and overall coordination of the platform and, in particular, ensure the

information exchange functionalities, as well as supervision and security

global of the platform.

2-Each criminal police body shall ensure the smooth operation of its

information systems, as well as contribute to the operationality of the platform.

3-A creation and management of the dedicated cipher virtual network through which it is to be realized

the secure exchange of data among the users of the platform are from the

Responsibility of the National Network of Homeland Security, in articulation with the

computer services and communications from each criminal police body.

Article 6.

Security of the platform

The entities referred to in the preceding Article shall, in a conjugated manner, adopt the measures

required, including a safety plan, to:

a) Physically protect the data, including by drawing up emergency plans for

protect the essential infrastructure;

b) Prevent the access of any unauthorized person to the facilities used

5

for the processing of personal data (control of entry to the premises);

c) Preventing data supports from being able to be read, copied, changed or

removed without authorization (control of data supports);

d) Prevent the unauthorised introduction of data, as well as any consultation,

unauthorized alteration or deletion of personal data stored

(control of conservation);

e) Preventing automated data handling systems from being able to be

used by unauthorised persons through transmission facilities of

data (control of use);

f) Ensure that people authorized to use an automated system of

treatment of data only have access to the data covered by your

authorization to access through personal and unique user identities and to

confidential modes of access (control of access to data);

g) Ensure that all authorities with a right of access to the platform or the

data handling facilities create profiles that describe the functions and

responsibilities of persons authorised to have access, to introduce, to update,

suppress and consult the data, and put such profiles at the disposal of the Commission

National Data Protection without delay and at the request of this (profiles of the

staff);

h) Ensure the possibility to verify and determine what entities may be

transmitted the personal data by means of transmission equipment of

data (control of transmission);

i) Ensure that you can check and determine a posteriori which personal data

introduced in the automated data processing systems, when, by

who and with what purpose (control of the introduction);

j) Prevent, in particular by means of appropriate cipher techniques, which the

data can be read, copied, changed or suppressed without authorization

during the transmission of personal data or the transport of the data media

6

(control of transport);

l) To monitor the effectiveness of the security measures referred to in this paragraph and

take the necessary organisational measures related to internal control

in such a way as to ensure compliance with this law.

Article 7.

Control of use

1-All accesses and all exchanges of personal data through the platform are

duly registered, so as to verify the legality of the consultation and the legality of the

data processing, proceed to self-control and ensure the proper functioning of the

platform, as well as the integrity and security of the data.

2-Records obligatorily contain the history of the consultations, the date and time of the

transmission of the data, the data used to make a query, the reference

to the data transmitted and the names of the competent authority and the user.

3-Compete to the National Data Protection Commission proceed to the audit of the

how consultations are carried out and given compliance with the legal provisions on

the processing of data.

Article 8.

Provision of data and information

1-Through the platform can be:

a) Accepted directly data and information not covered by the secret of

justice;

b) Required data and information covered by the secret of justice.

2-Each criminal police body ensures that they are not applied to the supply of

data requested through the platform more restrictive conditions than those applied

to the provision of data and information at the internal level, in equal circumstances.

3-The exchange of data and information, pursuant to this Law, is not dependent on

7

agreement or judicial authorization when the requested authority can, in cases and

legally anticipated terms, have access to the data without such a requirement.

4-In cases where access to data or information is legally dependent on agreement or

of authorization of judicial authority, must the same be requested by the authority

required by the competent judicial authority, in order to be decided in accordance with

rules identical to those applicable to the required criminal police body.

5-Data accessible via the platform are introduced, updated and erased

solely by the users of the systems of each criminal police body, de

agreement with the specific legislation that regulates them.

6-Data and information are achedged through electronic means only in the

conditions authorized by this Law.

Article 9.

Access profiles

1-Access to the platform is done in accordance with the following profiles:

a) Profile 1-reserved to the maximum officers of each criminal police body;

b) Profile 2-reserved to the chefias of the criminal investigation units of each

participating entity on the platform;

c) Profile 3-reserved for users who perform functions of analysts.

2-They are established simultaneously structured profiles horizontally, so as to

that access to the platform takes into account the distinct attributions and competences of the

organs of criminal police arising from the Law No. 49/2008 of August 27, and too much

applicable legislation.

3-Are approved by the Coordinating Board of the Criminal Police Bodies the

appropriate institutional mechanisms of profiling, the rules of registration of the

use and audit of accesses, as well as the remaining safety procedures that

8

guarantee compliance with the provisions of Article 6.

4-The competent judicial authorities may, at all times and relatively to the

processes of which they are holders, access the constant information of the integrated system

of criminal information.

Article 10.

Deadlines in the event of indirect access

1-When obtaining the information may not occur upon direct access, the

criminal police body required to establish the mechanisms that allow to respond in the

maximum time limit of eight hours to requests for data and information.

2-If the criminal police body holder of the information is unable to respond on time

of eight hours, shall state the reasons for such temporary impossibility, in which case

fixed the respective response deadline.

3-The provision of data and information shall be limited to what is considered

relevant and necessary for the success of the prevention or criminal investigation in the case

concrete.

Article 11.

Requests for data and information

1-Data and information may be requested for prevention or research purposes

criminal when there are factual reasons justifying the application, owing in this being

indicated such factual reasons and spelled out the purposes for which the

data and information, as well as the relationship between those purposes and the person to which they say

respect the data and information.

2-A applicant entity shall refrain from requesting more data or information than

9

the necessary for the purposes for which the application is intended.

3-Data requests or information shall include the elements set out in

forms approved, pursuant to Article 14 of Law No. 49/2008 of August 27,

by the Coordinating Council of the Criminal Police Bodies.

Article 12.

Protection of data

1-Personal data processed in the context of the application of this Law shall be protected in

compliance with Law No. 67/98 of October 26.

2-Each platform's utilising entity shall ensure compliance with the legal rules

and of the specific supplementary procedures approved by the Council

Coordinator of the Criminal Police Organs in relation to data protection

interchangeable through the platform.

3-It shall also be subordinated to the legal provisions in force in respect of protection

of data the use of data and information that has been obtained, under the

present law, through the platform.

4-The data and information, including the personal data, obtained under the present

law can only be used by the entities that have obtained them for the purposes for which

have been provided, or to prevent serious and immediate threats to internal security.

Article 13.

10

Confidentiality

1-The entities that obtain data and information through the platform respect, in

each specific case, the requirements of secrecy of justice, ensuring the

confidentiality of all data and information provided with such classification.

2-The persons who, in the performance of their duties, obtain data and information through

of the integrated criminal information system become subject to professional secrecy, in the

terms of Article 17 (1) of the Law No 67/98 of October 26.

Title III

Final provisions

Article 14.

Planning and implementation

1-The Secretary General of the Internal Security System submits to the assessment and approval

of the Coordinating Council of the Criminal Police Bodies:

a) The design study of the platform for the exchange of criminal information

between criminal police organs, containing all the technological specifications of the

project;

b) The illustrative prototype of the architecture, organisation and operation of the platform

in the conditions laid down in this Law;

c) The specific supplementary procedures applicable to the platform with a view to

reinforcement of the conditions for data protection;

11

d) The plan of actions to be carried out for the development of a pilot system

as well as for the respective enlargement to the criminal police bodies.

2-The Secretary General of the Internal Security System presents to the Council

Coordinator of the Criminal Police Organs the integral list of the systems of

existing and accessible information in each criminal police body at the date of entry

in force of this Law, as well as, periodically, updated information on

new applications that may come to be acheed through the platform.

3-The appropriate institutional mechanisms of profiling, the rules of registration

of the use and audit of accesses, the forms provided for in Article 11 (3), the

specific supplementary procedures provided for in Article 12 (2), as well as

all safety procedures are submitted to the prior opinion of the CNPD.

Seen and approved in Council of Ministers of April 30, 2009

The Prime Minister

The Minister of the Presidency

The Minister of Parliamentary Affairs