POLÍCIA JUDICIÁRIA. ASSEMBLEIA DA REPUBLICA T.N. Act no. 73/2009 of 12 August 2009

Similar documents
First amendment to Organisational Law no. 2/2003 of 22 August 2003 (the Law governing Political Parties)

PROTECTION OF PERSONAL DATA AND SECURITY OF DATA IN THE SCHENGEN INFORMATION SYSTEM

ASSEMBLY OF THE REPUBLIC Law no. 40/2013 of 25 June 2013

Rules of Procedure of the Assembly of the Republic

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

Annex 1: Standard Contractual Clauses (processors)

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

DATA PROCESSING ADDENDUM. 1.1 The User and When I Work, Inc. ("WIW") have entered into the Terms of Service, for the provision of the Service.

CONSULTATIVE COMMITTEE OF THE CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA

Customer Data Annual Privacy Agreement

FUJITSU Cloud Service K5: Data Protection Addendum

9837/09 YV/ml 1 DG H 3B

The NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS

EXECUTIVE SUMMARY. 3 P a g e

Data Distribution Agreement of BME Market Data

***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)

EU STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

Working document 01/2014 on Draft Ad hoc contractual clauses EU data processor to non-eu sub-processor"

ASSEMBLEIA DA REPÚBLICA [PORTUGUESE PARLIAMENT]

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Opinion 07/2016. EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)

Processor Agreement SURF Model Agreement

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

Electronic Document and Electronic Signature Act Published SG 34/6 April 2001, effective 7 October 2001, amended SG 112/29 December 2001, effective 5

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

Attachment 1. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

REGULATIONS FOR THE BOARD OF DIRECTORS AND ITS COMMITTEES INDRA SISTEMAS, S.A.

CONSTITUTION OF THE PORTUGUESE REPUBLIC SEVENTH REVISION [2005]

Regulation of Interception of Act 18 Communications Act 2010

DECISION OF THE PLENARY SESSION OF THE BOARD. of 29 April 2015

Article 1. Federal Data Protection Act (BDSG)

Statutes. MVO Portugal Associação Portuguesa de Verificação de Medicamentos (Portuguese Medicines Verification Association)

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

CHAPTER I. Definitions

REN REDES ENERGÉTICAS NACIONAIS, SGPS, S.A.

Exhibit MC - Standard Contractual Clauses (processors)

closer look at Rights & remedies

Data Processing Agreement

FOR INFORMATION PURPOSES ONLY. SPANISH VERSION PREVAILS. REGULATIONS OF THE BOARD OF DIRECTORS OF INMOBILIARIA COLONIAL, S.A.

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

ACT of August 29, 1997 on the Protection of Personal Data

PUBLIC PROCUREMENT ACT (ZJN-1)

DATA PROCESSING ADDENDUM

PE-CONS 71/1/15 REV 1 EN

Data Protection Policy. Malta Gaming Authority

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

Telekom Austria Group Standard Data Processing Agreement

Pursuant to Article 95 item 3 of the Constitution of Montenegro, I hereby issue the DECREE

RULES OF PROCEDURE FOR THE SUPERVISORY BOARD of Grupa Azoty Spółka Akcyjna of Tarnów

AmCham EU Proposed Amendments on the General Data Protection Regulation

(Non-legislative acts) REGULATIONS

THE FINANCIAL SERVICES ACT ARRANGEMENT OF SECTIONS PART I PRELIMINARY PART II THE FINANCIAL SERVICES COMMISSION

The High Contracting Parties to the present Treaty, Member States of the European Union,

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

Presidential Decree No. 513 of 10 November 1997

THE FINANCIAL SERVICES ACT 2007

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

PROPOSAL OF RESOLUTION ITEM 7 OF THE AGENDA FOR THE ANNUAL GENERAL SHAREHOLDERS MEETING OF MAY 11 TH 2017

Council of the European Union Brussels, 18 March 2015 (OR. en)

THE REPRESENTATION OF THE PEOPLE ACT 1958

Code of conduct for identification service trust network

(a) Unless otherwise expressly stated to the contrary, terms used herein shall bear the following meanings:

Report on the national preparation for the implementation of the Eurodac Recast

FREEDOM OF INFORMATION

This unofficial translation is provided for information purposes only and has no legal force. Data Protection Act.

STATUTE OF THE BANK OF ITALY

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

THE LAW ON THE NATIONAL ASSEMBLY I. GENERAL PROVISIONS

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Financing of Political Parties and Election Campaigns

Template Commission pursuant to Section 11 BDSG

KfW Bylaws. Table of contents

Act XXXVI of on the National Assembly

Opinion of the Joint Supervisory Body of Eurojust regarding data protection in the proposed new Eurojust legal framework

ELECTION LAW OF BOSNIA AND HERZEGOVINA (Unofficial consolidated text 1 ) Article 1.1. Article 1.1a

Regulations of the Audit, Compliance and Related Party Transactions Committee of Siemens Gamesa Renewable Energy, S.A.

Bylaws of Special Education Employees of Grundy County Revised: November 13, 2014

Statistics Act. Chapter One GENERAL PROVISIONS

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. amending Regulation (EU) 2016/399 as regards the use of the Entry/Exit System

Opinion 3/2016. Opinion on the exchange of information on third country nationals as regards the European Criminal Records Information System (ECRIS)

Having regard to the opinion of the European Economic and Social Committee ( 1 ),

ELECTION LAW OF BOSNIA AND HERZEGOVINA. Last amended 4/3/2006. Chapter 1. General Provisions

Coordinated text from 10 August 2011 Version applicable from 1 September 2011

ORDINANCE N CONSTITUTING AN INSTITUTIONAL ACT ON THE CONSTITUTIONAL COUNCIL 1

BY-LAWS OF HRVATSKA BANKA ZA OBNOVU I RAZVITAK - consolidated version -

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

DocuSign Envelope ID: 93578C7C-0B BEE9-0536AB6EDE32

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

Instructions on the processing of personal data in the election process

Audit Committee Charter

SIX Group Ltd Rules of Organisation for the Regulatory Bodies of the Group's trading venues

BYLAWS CREDENTIAL COUNSELORS AND ANALYSTS OF CALIFORNIA

Personal Data Protection Act

The Police Complaints Authority Act, 2003

THE GENERAL ADMINISTRATIVE CODE OF GEORGIA

GENERAL CONDITIONS OF THE CONTRACT

Delegations will find in the Annex the above document, transmitted by the Commission services.

EUROPEAN UNION. Brussels, 11 October 2013 (OR. en) 2011/0427 (COD) PE-CONS 56/13 FRONT 86 COMIX 390 CODEC 1550

FORM OF CLASS LICENSE FOR VALUE ADDED SERVICES INTENDED TO BE GRANTED BY THE TELECOMMUNICATIONS REGULATORY AUTHORITY

Transcription:

ASSEMBLEIA DA REPUBLICA T.N. Act no. 73/2009 of 12 August 2009 establishes the conditions and procedures that shall apply to ensure interoperability between information systems of criminal police bodies. The Assembleia da República decrees, under article 161(c) of the Constitution, as follows: TITLE I Object and definitions Section 1 Object This act approves the conditions and procedures that shall apply to establish the criminal information integrated system, in accordance with the provisions set forth in section 11 of Act no. 49/2008 of 27 August 2008, through the implementation of a criminal information exchange platform aimed at ensuring an effective interoperability among information systems of criminal police bodies. T.N. : Portuguese Parliament.

Section 2 Criminal information exchange platform 1 The platform shall be created to electronically exchange criminal information among criminal police bodies, hereinafter referred to as platform. 2 - The aim of the platform is to guarantee a high level of security within criminal information exchange among criminal police bodies, for the purposes of carrying out crime prevention and criminal investigation actions with a view to enhancing crime prevention and suppression. Section 3 Principles 1 - Information systems of criminal police bodies are independent from one another and managed by each competent entity in accordance with the specifically applicable legal framework, however all necessary measures should be adopted to ensure the interoperability governed by this act so as to enable information sharing through the platform. 2 Duly authorised members of criminal police bodies and judicial authorities shall have access to criminal information contained in the information systems referred to in the preceding subsection with regard to such matters, within the scope of their respective powers and competencies, they may need to know.

3 The provision of information and intelligence must be limited to what is deemed relevant and necessary for successful crime prevention or criminal investigation, in the particular case. 4 Access to information systems and processing of matters collected in such systems shall be made in accordance with the provisions set out in this act and other applicable legislation. 5 Persons who, whilst performing their duties, have had access to information systems of criminal police bodies are bound to the obligation of professional secrecy, even after their term of office. TITLE II Information and intelligence exchange Section 4 Composition of the platform 1 The platform for the exchange of criminal information must ensure: a) the security component; b) a standardized access interface for each criminal police body; c) a technical support component for interfaces and for accessing information; d) an indexation, research and data relationship component.

2 The communications necessary to the regular functioning of the platform shall be carried out in a dedicated encrypted virtual network. Section 5 Responsibilities 1 The Secretary-General of the Internal Security System shall be responsible for guaranteeing the implementation and general coordination of the platform and, in particular, for ensuring the information exchange functionalities, as well as global supervision and security of the platform. 2 Each criminal police body must ensure the regular functioning of their information systems, as well as contribute to the operability of the platform. 3 The setting up and management of the dedicated encrypted virtual network, through which the secure data exchange must be carried out between users of the platform, falls under the combined responsibility of the information technology and communication services of criminal police bodies.

Section 6 Platform security 1 The entities referred to in the previous section shall adopt, in conjunction, the necessary measures, including a security plan, in order to: a) physically protect data, including by making contingency plans for the protection of critical infrastructures; b) deny unauthorised persons access to facilities in which personal data processing is being carried out (checks at facility entrance); c) prevent the unauthorised reading, copying, modification or removal of data media (control of data media); d) prevent the unauthorised introduction of data and the unauthorised search, modification or deletion of stored personal data (control of storage); e) prevent the automated data processing systems from being used by unauthorised persons by means of data transmission equipment (control of use); f) guarantee that persons authorised to use an automated data processing system shall have access only to the data covered by their access

authorisation, by means of individual and exclusive user identities and confidential access modes (control of data access); g) guarantee that all authorities with a right of access to the platform or to the data processing facilities, shall create profiles describing the functions and responsibilities of those persons who have access authorisation and are authorised to enter, update, delete and search data, and make these profiles available to the National Data Protection Commission without delay upon request (personnel profiles); h) ensure that it shall be possible to check and establish to which bodies personal data may be transmitted by means of data transmission equipment (control of data transmission); i) ensure that it shall be possible a posteriori to check and establish which personal data have been introduced into the automated data processing systems, when, by whom and for what purpose (control of data introduction); j) prevent, in particular, by means of appropriate encryption techniques, the unauthorised reading, copying, modification or deletion of data, during the transmission of personal data or during the transport of data media, (transport control);

k) monitor the effectiveness of the security measures referred to in this subsection and take the necessary organizational measures related to internal monitoring in order to ensure compliance with this act. Section 7 Control of use 1 All accesses to and all exchanges of personal data through the platform shall be duly recorded in order to check whether or not a search is lawful, to verify the lawfulness of data processing, to carry out self-monitoring and to ensure the proper functioning of the platform, as well as data integrity and security. 2 The records must obligatorily include the search history, the date and time of the data transmitted, the data used to perform a search, the reference to the data transmitted and the names of the competent authority and user. 3 It is up to the National Data Protection Commission to monitor the way in which the searches are conducted and how compliance is ensured with the legal provisions on data processing. Section 8 Criminal Information Integrated System Supervisory Board 1 The supervision of the Criminal Information Integrated System shall be ensured by the Criminal Information Integrated System Supervisory Board (CIISSB), without prejudice of the Assembleia da República s powers of

supervision, in accordance with constitutional terms, and the competencies of the National Data Protection Commission. 2 The Supervisory Board shall be composed of three citizens, of proven competence and enjoying their full civil and political rights, who shall be elected by the Assembleia da República by secret ballot and a two thirds majority of members present, provided that not less than the majority of members in full exercise of their office, and by two representatives appointed by the Superior Council of Magistracy and the Superior Council of the Public Prosecution Service, respectively. 3 The three citizens of proven competence of the Council shall be elected by list, with individual or multiple candidates, depending on whether there are one or more vacancies to fill. The election shall be valid for a period of four years. 4 Terms of office of the members appointed by the Superior Council of Magistracy and the Superior Council of the Public Prosecution Service shall be of four years. 5 The CIISSB follows and supervises the activity of the Secretary-General of the Internal Security System, as well as the activity of the criminal police bodies as regards information and intelligence exchange through the Criminal Information Integrated System (CIIS), ensuring compliance with the Constitution and, in particular, the legal framework on citizens fundamental rights, freedoms and guarantees.

6 The CIISSB is especially responsible for: a) assessing the reports related to the implementation and use of the CIIS by each criminal police body; b) obtaining from the Secretary-General of the Internal Security System, on a bi-monthly basis, information on the compliance of the legal regulations for the creation of the Criminal Information Exchange Platform, and may seek and obtain any further clarification and information as it deems necessary for an adequate performance of its supervising duties on the CIIS; c) carrying out inspection visits to collect elements concerning the CIIS way of functioning and activity from the Secretary-General of the Internal Security System, as well as from criminal police bodies; d) seeking information as it deems necessary for the performance of its duties or on account of its knowledge of possible irregularities or violations of law; e) delivering opinions to the Assembleia da República on the functioning of the CIIS at least once a year; f) proposing to the Government the carrying out of inspection, inquiry or sanctioning procedures, on account of incidents that are serious enough to justify it; g) giving its views on any legislative initiatives regarding the CIIS.

7 The Supervisory Body is attached to the Assembleia da República, ensuring the latter all necessary means required to fulfil its obligations and competencies. 8 To the CIISSB and respective members, as regards operating conditions, taking office and resignation, immunities, duties, rights and privileges, shall apply the provisions set forth in section 9 (4) and in sections 10, 11, 12 and 13 of Act no. 30/84, of 5 September 1984, in the version resulting from the Organic Law no. 4/2004, of 6 November 2004. Section 9 Provision of information and intelligence 1 Through the platform it shall be possible to: a) directly access, with due regard to the necessity principle enshrined in section 3 (2), information and intelligence that are not covered by investigation secrecy; b) request information and intelligence that are covered by investigation secrecy. 2 Each criminal police body shall ensure that the conditions applied to the provision of information and intelligence sought through the platform, shall not

be stricter than those applicable, at national level, to the provision of information and intelligence, in similar circumstances. 3 The exchange of information and intelligence, under the terms laid down herein, shall not be subject to an agreement or authorisation from the judicial authority, where the requested authority is able, under the terms of the applicable law, to access such data without such a requirement. 4 In such cases where access to information and intelligence legally requires an agreement or authorisation from a judicial authority, it must be sought by the requested authority to the competent judicial authority in order to be determined in accordance with such rules similar to those applied to the requested criminal police body. 5 Data that are accessible through the platform shall be solely introduced, updated and deleted by users of the systems of each criminal police body, according to the specific legislation which governs them. 6 Information and intelligence shall only be accessed electronically under the conditions authorised in this act. Section 10 Access profiles 1 Access to the platform shall be carried out according to the following profiles: a) Profile 1 reserved to the heads of each criminal police body;

b) Profile 2 reserved to the heads of criminal investigation units of each participating entity in the platform; c) Profile 3 reserved to users performing functions as analysts. 2 Horizontally structured profiles shall be simultaneously established allowing that access to the platform takes into account the different tasks and remits of criminal police bodies arising from Act no. 49/2008, of 27August 2008, and other applicable legislation. 3 The Coordinating Council of the Criminal Police Bodies shall approve the appropriate institutional mechanisms for the assignment of profiles, rules concerning records of usage and access audits, as well as other security procedures that ensure compliance with the provisions set out in section 6. 4 The competent judicial authorities may, at any moment, access information, concerning inquiries conducted by them, in the criminal information integrated system. Section 11 Time limit in case of indirect access 1 Where information cannot be obtained via direct access, the requested criminal police body shall set up procedures so that it is able to respond to information and intelligence requests within a maximum period of eight hours. 2 Should the criminal police body, holder of the information, be unable to respond within a period of eight hours, it must indicate the reasons for such

temporary impossibility, determining, in that case, the respective time limit to reply. Section 12 Information and intelligence requests 1 Information and intelligence may be requested for crime prevention and criminal investigation purposes where there are factual reasons to justify the request. The request shall set out those factual reasons and explain the purpose for which the information and intelligence is sought and the connection between the purpose and the person who is the subject of such information and intelligence. 2 - The requesting entity shall refrain from requesting more information or intelligence than necessary for the purpose of the request. 3 - Requests for information or intelligence shall include the items set out in the forms, pursuant to section 14 of Act no. 49/2008, of August 27, 2008, approved by the Coordinating Council of the Criminal Police Bodies. Section 13 Data protection 1 - Personal data processed in the context of the implementation of this act shall be protected in accordance with Act no. 67/2008, of 26 October 2008.

2 Whilst using the platform each entity shall ensure compliance with the legal framework and specific additional procedures approved by the Coordinating Council of the Criminal Police Bodies on data protection concerning data exchanged through the platform. 3 The use of information and intelligence obtained, under this act, through the platform, shall be also subject to the legal provisions in force concerning data protection. 4 Information and intelligence, including personal data, obtained under this act, may be used by the entities to which it has been provided solely for the purposes for which it has been supplied or for preventing an immediate and serious threat to internal security. Section 14 Confidentiality 1 - The authorities obtaining information and intelligence through the platform shall comply, in each specific case, with the requirements of investigation secrecy and shall guarantee the confidentiality of all provided information and intelligence classified as such. 2 The persons who, whilst performing their duties, have access to information and intelligence through the criminal information integrated system shall be bound to the obligation of professional secrecy pursuant to the provisions set forth in section 17 (1) of Act no. 67/98, of 26 October 1998.

TITLE III Final provisions Section 15 Planning and implementation 1 The Secretary-General of the Internal Security System shall submit for consideration and approval to the Coordinating Council of the Criminal Police Bodies: a) The design study of the platform for the exchange of criminal information between criminal police bodies, with all technical specifications of the project; b) The prototype illustrating the architecture, organization and functioning of the platform as provided for in this act; c) The specific additional procedures applicable to the platform aimed at strengthening the conditions related to data protection; d) The action plan that shall be carried out in order to develop a pilot-system and extend it to criminal police bodies. 2 - The Secretary-General of the Internal Security System shall submit to the Coordinating Council of Criminal Police Bodies the full list of all the existing and accessible information systems within each criminal police body by the date this act shall enter into force and periodically deliver updated information on new applications to be accessed through the platform.

3 The appropriate institutional mechanisms for the assignment of profiles, rules concerning records of usage and access audits, the forms referred to in section 12 (3), the specific additional procedures foreseen in section 13 (2), as well as all security procedures shall be submitted to the preliminary opinion of the National Data Protection Commission. Section 16 Effective date Pursuant to article 167 (2) of the Constitution of the Republic, the provisions laid down in section 8 (6) concerning matters with budgetary implications shall take effect after the date of entry into force of the State Budget for 2010. Approved on 25June 2009. The President of the Assembleia da República, Jaime Gama. Promulgated on 29 July 2009. To be published. The President of the Republic, ANÍBAL CAVACO SILVA. Countersigned on 30 July 2009. The Prime Minister, José Sócrates Carvalho Pinto de Sousa

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback