Key Benefits:
1
PROPOSED LAW NO. 278 /X
Exhibition of Motives
The new Criminal Investigation Organization Act (Law No. 49/2008 of August 27)
came to clarify that the integrated criminal information system, the creation of which was found
expected, from the beginning, in Law No. 21/2000 of August 10, it does not correspond to a base
of single data, resulting before the establishment, by the technological means
appropriate, of an effective interoperability between the information systems of the various
organs of criminal police.
It is simply a matter of ensuring the duty of mutual cooperation between the police bodies
criminal, specifically at the level of the sharing of information, according to the
needs and competences of each of them and always with safeguarding of the regimes of the
secret of justice and the secret of state.
It is now regulated, pursuant to Article 11 of the Criminal Investigation Organization Act,
sharing and access to information, by access levels, in the scope of each police body
criminal, adopting the necessary arrangements to legally frame the
implementation of a platform for the exchange of criminal information.
For this purpose, the technical architecture of the new working tool is defined
collaborative, as well as the responsibilities of the intervening entities, the rules to
adopt in the matter of data processing and guardia of the fundamental rights of persons
to whom they concern the data and information and the indispensable mechanisms of
supervision.
To the Secretary General of the Internal Security System fit, in accordance with point (s) c) from the
n. 2 and with Article 15 (4) of the Criminal Investigation Organization Act, velar
by sharing information, ensuring the functioning and access of all organs
2
of criminal police to the integrated criminal information system, without accessing prosecutions-
crime or the constant elements of these processes and of the databases themselves.
The National Data Protection Commission was heard.
Consultations should be triggered to the Higher Council of the Magistrature, to the Council
Superior of the Public Prosecutor's Office and the Order of Lawyers.
Thus:
Under the terms of the paragraph d) of Article 197 (1) of the Constitution, the Government presents to the
Assembly of the Republic the following proposal for a law:
Title I
Object and definitions
Article 1.
Subject
This Act approves the conditions and procedures to be applied to institute the system
integrated criminal information, in accordance with the provisions of Article 11 of the Law
n. 49/2008 of August 27 through the implementation of a platform for the
exchange of criminal information that ensures effective interoperability between
systems for information of the criminal police organs.
Article 2.
Platform for the exchange of criminal information
1-The platform for the exchange of criminal information by electronic means is created
between the criminal police organs, ahead abbreviately designated by platform.
2-A The platform is designed to ensure a high level of safety in the
exchange of criminal information between the criminal police bodies, for the purposes of
3
carrying out actions for prevention and criminal investigation with a view to strengthening the
prevention and criminal repression.
Article 3.
Principles
1-The information systems of the criminal police organs are independent of one
other and managed by each competent entity in accordance with the legal framework
specifically applicable, and shall, however, be adopted all measures
necessary to ensure the interoperability regulated by this Law, with a view to
enabling the sharing of information through the platform.
2-The elements of the criminal police bodies and the judicial authorities duly
authorized have access to criminal information contained in the information systems to
referring to the preceding paragraph in respect of the subjects which, by the way of
respective assignments and competencies, have, in each case, need to
meet.
3-Access to information systems and the processing of the subjects collected therein do
if in accordance with the provisions of this Law and in the other applicable legislation.
4-The persons who, in the exercise of their duties, have had access to the systems of
information from criminal police bodies are bound to professional secrecy, even
after the term of those.
Title II
Exchange of data and information
Article 4.
Composition of the platform
1-The platform for the exchange of criminal information is to ensure:
4
a) The safety component;
b) A uniform access interface for each criminal police organ;
c) A database of support for the interface and uniform access to information
criminal;
d) A component of indexing, research, and data relationship.
2-The communications necessary for the smooth operation of the platform are carried out
in a dedicated sci-free virtual network.
Article 5.
Responsibilities
1-Compete to the Secretary General of the Internal Security System guarantee the
implementation and overall coordination of the platform and, in particular, ensure the
information exchange functionalities, as well as supervision and security
global of the platform.
2-Each criminal police body shall ensure the smooth operation of its
information systems, as well as contribute to the operationality of the platform.
3-A creation and management of the dedicated cipher virtual network through which it is to be realized
the secure exchange of data among the users of the platform are from the
Responsibility of the National Network of Homeland Security, in articulation with the
computer services and communications from each criminal police body.
Article 6.
Security of the platform
The entities referred to in the preceding Article shall, in a conjugated manner, adopt the measures
required, including a safety plan, to:
a) Physically protect the data, including by drawing up emergency plans for
protect the essential infrastructure;
b) Prevent the access of any unauthorized person to the facilities used
5
for the processing of personal data (control of entry to the premises);
c) Preventing data supports from being able to be read, copied, changed or
removed without authorization (control of data supports);
d) Prevent the unauthorised introduction of data, as well as any consultation,
unauthorized alteration or deletion of personal data stored
(control of conservation);
e) Preventing automated data handling systems from being able to be
used by unauthorised persons through transmission facilities of
data (control of use);
f) Ensure that people authorized to use an automated system of
treatment of data only have access to the data covered by your
authorization to access through personal and unique user identities and to
confidential modes of access (control of access to data);
g) Ensure that all authorities with a right of access to the platform or the
data handling facilities create profiles that describe the functions and
responsibilities of persons authorised to have access, to introduce, to update,
suppress and consult the data, and put such profiles at the disposal of the Commission
National Data Protection without delay and at the request of this (profiles of the
staff);
h) Ensure the possibility to verify and determine what entities may be
transmitted the personal data by means of transmission equipment of
data (control of transmission);
i) Ensure that you can check and determine a posteriori which personal data
introduced in the automated data processing systems, when, by
who and with what purpose (control of the introduction);
j) Prevent, in particular by means of appropriate cipher techniques, which the
data can be read, copied, changed or suppressed without authorization
during the transmission of personal data or the transport of the data media
6
(control of transport);
l) To monitor the effectiveness of the security measures referred to in this paragraph and
take the necessary organisational measures related to internal control
in such a way as to ensure compliance with this law.
Article 7.
Control of use
1-All accesses and all exchanges of personal data through the platform are
duly registered, so as to verify the legality of the consultation and the legality of the
data processing, proceed to self-control and ensure the proper functioning of the
platform, as well as the integrity and security of the data.
2-Records obligatorily contain the history of the consultations, the date and time of the
transmission of the data, the data used to make a query, the reference
to the data transmitted and the names of the competent authority and the user.
3-Compete to the National Data Protection Commission proceed to the audit of the
how consultations are carried out and given compliance with the legal provisions on
the processing of data.
Article 8.
Provision of data and information
1-Through the platform can be:
a) Accepted directly data and information not covered by the secret of
justice;
b) Required data and information covered by the secret of justice.
2-Each criminal police body ensures that they are not applied to the supply of
data requested through the platform more restrictive conditions than those applied
to the provision of data and information at the internal level, in equal circumstances.
3-The exchange of data and information, pursuant to this Law, is not dependent on
7
agreement or judicial authorization when the requested authority can, in cases and
legally anticipated terms, have access to the data without such a requirement.
4-In cases where access to data or information is legally dependent on agreement or
of authorization of judicial authority, must the same be requested by the authority
required by the competent judicial authority, in order to be decided in accordance with
rules identical to those applicable to the required criminal police body.
5-Data accessible via the platform are introduced, updated and erased
solely by the users of the systems of each criminal police body, de
agreement with the specific legislation that regulates them.
6-Data and information are achedged through electronic means only in the
conditions authorized by this Law.
Article 9.
Access profiles
1-Access to the platform is done in accordance with the following profiles:
a) Profile 1-reserved to the maximum officers of each criminal police body;
b) Profile 2-reserved to the chefias of the criminal investigation units of each
participating entity on the platform;
c) Profile 3-reserved for users who perform functions of analysts.
2-They are established simultaneously structured profiles horizontally, so as to
that access to the platform takes into account the distinct attributions and competences of the
organs of criminal police arising from the Law No. 49/2008 of August 27, and too much
applicable legislation.
3-Are approved by the Coordinating Board of the Criminal Police Bodies the
appropriate institutional mechanisms of profiling, the rules of registration of the
use and audit of accesses, as well as the remaining safety procedures that
8
guarantee compliance with the provisions of Article 6.
4-The competent judicial authorities may, at all times and relatively to the
processes of which they are holders, access the constant information of the integrated system
of criminal information.
Article 10.
Deadlines in the event of indirect access
1-When obtaining the information may not occur upon direct access, the
criminal police body required to establish the mechanisms that allow to respond in the
maximum time limit of eight hours to requests for data and information.
2-If the criminal police body holder of the information is unable to respond on time
of eight hours, shall state the reasons for such temporary impossibility, in which case
fixed the respective response deadline.
3-The provision of data and information shall be limited to what is considered
relevant and necessary for the success of the prevention or criminal investigation in the case
concrete.
Article 11.
Requests for data and information
1-Data and information may be requested for prevention or research purposes
criminal when there are factual reasons justifying the application, owing in this being
indicated such factual reasons and spelled out the purposes for which the
data and information, as well as the relationship between those purposes and the person to which they say
respect the data and information.
2-A applicant entity shall refrain from requesting more data or information than
9
the necessary for the purposes for which the application is intended.
3-Data requests or information shall include the elements set out in
forms approved, pursuant to Article 14 of Law No. 49/2008 of August 27,
by the Coordinating Council of the Criminal Police Bodies.
Article 12.
Protection of data
1-Personal data processed in the context of the application of this Law shall be protected in
compliance with Law No. 67/98 of October 26.
2-Each platform's utilising entity shall ensure compliance with the legal rules
and of the specific supplementary procedures approved by the Council
Coordinator of the Criminal Police Organs in relation to data protection
interchangeable through the platform.
3-It shall also be subordinated to the legal provisions in force in respect of protection
of data the use of data and information that has been obtained, under the
present law, through the platform.
4-The data and information, including the personal data, obtained under the present
law can only be used by the entities that have obtained them for the purposes for which
have been provided, or to prevent serious and immediate threats to internal security.
Article 13.
10
Confidentiality
1-The entities that obtain data and information through the platform respect, in
each specific case, the requirements of secrecy of justice, ensuring the
confidentiality of all data and information provided with such classification.
2-The persons who, in the performance of their duties, obtain data and information through
of the integrated criminal information system become subject to professional secrecy, in the
terms of Article 17 (1) of the Law No 67/98 of October 26.
Title III
Final provisions
Article 14.
Planning and implementation
1-The Secretary General of the Internal Security System submits to the assessment and approval
of the Coordinating Council of the Criminal Police Bodies:
a) The design study of the platform for the exchange of criminal information
between criminal police organs, containing all the technological specifications of the
project;
b) The illustrative prototype of the architecture, organisation and operation of the platform
in the conditions laid down in this Law;
c) The specific supplementary procedures applicable to the platform with a view to
reinforcement of the conditions for data protection;
11
d) The plan of actions to be carried out for the development of a pilot system
as well as for the respective enlargement to the criminal police bodies.
2-The Secretary General of the Internal Security System presents to the Council
Coordinator of the Criminal Police Organs the integral list of the systems of
existing and accessible information in each criminal police body at the date of entry
in force of this Law, as well as, periodically, updated information on
new applications that may come to be acheed through the platform.
3-The appropriate institutional mechanisms of profiling, the rules of registration
of the use and audit of accesses, the forms provided for in Article 11 (3), the
specific supplementary procedures provided for in Article 12 (2), as well as
all safety procedures are submitted to the prior opinion of the CNPD.
Seen and approved in Council of Ministers of April 30, 2009
The Prime Minister
The Minister of the Presidency
The Minister of Parliamentary Affairs