All posts by José Cuervo

13Jul/17

Law of the Republic of Azerbaijan September 30, 2009, on approval of Convention “On Cybercrime”

Law of the Republic of Azerbaijan on approval of Convention “On Cybercrime”

 

The National Assembly of the Republic of Azerbaijan decides:

To approve the Convention “On Cybercrime” signed in the city of Budapest on November 23, 2001 with corresponding statements and reservations.

Ilham Aliyev,

President of the Republic of Azerbaijan

Baku city, September 30, 2009

 

Convention “On Cybercrime”

 

Budapest, 23 November 2001

 

Preamble

The member States of the Council of Europe and the other States signatory hereto,

Considering that the aim of the Council of Europe is to achieve a greater unity between its members;

Recognising the value of fostering co-operation with the other States parties to this Convention;

Convinced of the need to pursue, as a matter of priority, a common criminal policy aimed at the protection of society against cybercrime, inter alia, by adopting appropriate legislation and fostering international co-operation;

Conscious of the profound changes brought about by the digitalisation, convergence and continuing globalisation of computer networks;

Concerned by the risk that computer networks and electronic information may also be used for committing criminal offences and that evidence relating to such offences may be stored and transferred by these networks;

Recognising the need for co-operation between States and private industry in combating cybercrime and the need to protect legitimate interests in the use and development of information technologies;

Believing that an effective fight against cybercrime requires increased, rapid and well-functioning international co-operation in criminal matters;

Convinced that the present Convention is necessary to deter action directed against the confidentiality, integrity and availability of computer systems, networks and computer data as well as the misuse of such systems, networks and data by providing for the criminalisation of such conduct, as described in this Convention, and the adoption of powers sufficient for effectively combating such criminal offences, by facilitating their detection, investigation and prosecution at both the domestic and international levels and by providing arrangements for fast and reliable international co-operation;

Mindful of the need to ensure a proper balance between the interests of law enforcement and respect for fundamental human rights as enshrined in the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights and other applicable international human rights treaties, which reaffirm the right of everyone to hold opinions without interference, as well as the right to freedom of expression, including the freedom to seek, receive, and impart information and ideas of all kinds, regardless of frontiers, and the rights concerning the respect for privacy;

Mindful also of the right to the protection of personal data, as conferred, for example, by the 1981 Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data;

Considering the 1989 United Nations Convention on the Rights of the Child and the 1999 International Labour Organization Worst Forms of Child Labour Convention;

Taking into account the existing Council of Europe conventions on co-operation in the penal field, as well as similar treaties which exist between Council of Europe member States and other States, and stressing that the present Convention is intended to supplement those conventions in order to make criminal investigations and proceedings concerning criminal offences related to computer systems and data more effective and to enable the collection of evidence in electronic form of a criminal offence;

Welcoming recent developments which further advance international understanding and co-operation in combating cybercrime, including action taken by the United Nations, the OECD, the European Union and the G8;

Recalling Committee of Ministers Recommendations nº R (85) 10 concerning the practical application of the European Convention on Mutual Assistance in Criminal Matters in respect of letters rogatory for the interception of telecommunications, nº R (88) 2 on piracy in the field of copyright and neighbouring rights, nº R (87) 15 regulating the use of personal data in the police sector, nº R (95) 4 on the protection of personal data in the area of telecommunication services, with particular reference to telephone services, as well as nº R (89) 9 on computer-related crime providing guidelines for national legislatures concerning the definition of certain computer crimes and nº R (95) 13 concerning problems of criminal procedural law connected with information technology;

Having regard to Resolution nº 1 adopted by the European Ministers of Justice at their 21st Conference (Prague, 10 and 11 June 1997), which recommended that the Committee of Ministers support the work on cybercrime carried out by the European Committee on Crime Problems (CDPC) in order to bring domestic criminal law provisions closer to each other and enable the use of effective means of investigation into such offences, as well as to Resolution nº 3 adopted at the 23rd Conference of the European Ministers of Justice (London, 8 and 9 June 2000), which encouraged the negotiating parties to pursue their efforts with a view to finding appropriate solutions to enable the largest possible number of States to become parties to the Convention and acknowledged the need for a swift and efficient system of international co-operation, which duly takes into account the specific requirements of the fight against cybercrime;

Having also regard to the Action Plan adopted by the Heads of State and Government of the Council of Europe on the occasion of their Second Summit (Strasbourg, 10 and 11 October 1997), to seek common responses to the development of the new information technologies based on the standards and values of the Council of Europe;

Have agreed as follows:

 

Chapter I .- Use of terms

 

Article 1 .- Definitions

For the purposes of this Convention:

a    “computer system” means any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data;

b    “computer data” means any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function;

c    “service provider” means:

i    any public or private entity that provides to users of its service the ability to communicate by means of a computer system, and

ii     any other entity that processes or stores computer data on behalf of such communication service or users of such service.

d    “traffic data” means any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.

 

Chapter II .- Measures to be taken at the national level

 

Section 1 .- Substantive criminal law

 

Title 1 .- Offences against the confidentiality, integrity and availability of computer data and systems

 

Article 2 .- Illegal access

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system.

 

Article 3 .- Illegal interception

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system.

 

Article 4 .- Data interference

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the damaging, deletion, deterioration, alteration or suppression of computer data without right.

2    A Party may reserve the right to require that the conduct described in paragraph 1 result in serious harm.

 

Article 5 .- System interference

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data.

 

Article 6 .- Misuse of devices

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:

a     the production, sale, procurement for use, import, distribution or otherwise making available of:

i    a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5;

ii    a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and

b     the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches.

2    This article shall not be interpreted as imposing criminal liability where the production, sale, procurement for use, import, distribution or otherwise making available or possession referred to in paragraph 1 of this article is not for the purpose of committing an offence established in accordance with Articles 2 through 5 of this Convention, such as for the authorised testing or protection of a computer system.

3    Each Party may reserve the right not to apply paragraph 1 of this article, provided that the reservation does not concern the sale, distribution or otherwise making available of the items referred to in paragraph 1 a.ii of this article.

 

Title 2 .- Computer-related offences

 

Article 7 .- Computer-related forgery

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible. A Party may require an intent to defraud, or similar dishonest intent, before criminal liability attaches.

 

Article 8 .- Computer-related fraud

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the causing of a loss of property to another person by:

a     any input, alteration, deletion or suppression of computer data,

b     any interference with the functioning of a computer system, with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person.

 

Title 3 .- Content-related offences

 

Article 9 .- Offences related to child pornography

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the following conduct:

a     producing child pornography for the purpose of its distribution through a computer system;

b     offering or making available child pornography through a computer system;

c     distributing or transmitting child pornography through a computer system;

d     procuring child pornography through a computer system for oneself or for another person;

e     possessing child pornography in a computer system or on a computer-data storage medium.

2    For the purpose of paragraph 1 above, the term “child pornography” shall include pornographic material that visually depicts:

a     a minor engaged in sexually explicit conduct;

b     a person appearing to be a minor engaged in sexually explicit conduct;

c     realistic images representing a minor engaged in sexually explicit conduct.

3    For the purpose of paragraph 2 above, the term “minor” shall include all persons under 18 years of age. A Party may, however, require a lower age-limit, which shall be not less than 16 years.

4    Each Party may reserve the right not to apply, in whole or in part, paragraphs 1, sub-paragraphs d. and e, and 2, sub-paragraphs b. and c.

 

Title 4 .- Offences related to infringements of copyright and related rights

 

Article 10 .- Offences related to infringements of copyright and related rights

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of copyright, as defined under the law of that Party, pursuant to the obligations it has undertaken under the Paris Act of 24 July 1971 revising the Bern Convention for the Protection of Literary and Artistic Works, the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Copyright Treaty, with the exception of any moral rights conferred by such conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system.

2    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of related rights, as defined under the law of that Party, pursuant to the obligations it has undertaken under the International Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organisations (Rome Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Performances and Phonograms Treaty, with the exception of any moral rights conferred by such conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system.

3    A Party may reserve the right not to impose criminal liability under paragraphs 1 and 2 of this article in limited circumstances, provided that other effective remedies are available and that such reservation does not derogate from the Party’s international obligations set forth in the international instruments referred to in paragraphs 1 and 2 of this article.

 

Title 5 .- Ancillary liability and sanctions

 

Article 11 .- Attempt and aiding or abetting

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, aiding or abetting the commission of any of the offences established in accordance with Articles 2 through 10 of the present Convention with intent that such offence be committed.

2    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, an attempt to commit any of the offences established in accordance with Articles 3 through 5, 7, 8, and 9.1.a and c. of this Convention.

3    Each Party may reserve the right not to apply, in whole or in part, paragraph 2 of this article.

 

Article 12 .- Corporate liability

1    Each Party shall adopt such legislative and other measures as may be necessary to ensure that legal persons can be held liable for a criminal offence established in accordance with this Convention, committed for their benefit by any natural person, acting either individually or as part of an organ of the legal person, who has a leading position within it, based on:

a     a power of representation of the legal person;

b     an authority to take decisions on behalf of the legal person;

c     an authority to exercise control within the legal person.

2    In addition to the cases already provided for in paragraph 1 of this article, each Party shall take the measures necessary to ensure that a legal person can be held liable where the lack of supervision or control by a natural person referred to in paragraph 1 has made possible the commission of a criminal offence established in accordance with this Convention for the benefit of that legal person by a natural person acting under its authority.

3    Subject to the legal principles of the Party, the liability of a legal person may be criminal, civil or administrative.

4    Such liability shall be without prejudice to the criminal liability of the natural persons who have committed the offence.

 

Article 13 .- Sanctions and measures

1    Each Party shall adopt such legislative and other measures as may be necessary to ensure that the criminal offences established in accordance with Articles 2 through 11 are punishable by effective, proportionate and dissuasive sanctions, which include deprivation of liberty.

2    Each Party shall ensure that legal persons held liable in accordance with Article 12 shall be subject to effective, proportionate and dissuasive criminal or non-criminal sanctions or measures, including monetary sanctions.

 

Section 2 .- Procedural law

 

Title 1 .- Common provisions

 

Article 14 .- Scope of procedural provisions

1    Each Party shall adopt such legislative and other measures as may be necessary to establish the powers and procedures provided for in this section for the purpose of specific criminal investigations or proceedings.

2    Except as specifically provided otherwise in Article 21, each Party shall apply the powers and procedures referred to in paragraph 1 of this article to:

a    the criminal offences established in accordance with Articles 2 through 11 of this Convention;

b    other criminal offences committed by means of a computer system; and

c    the collection of evidence in electronic form of a criminal offence.

3

a.    Each Party may reserve the right to apply the measures referred to in Article 20 only to offences or categories of offences specified in the reservation, provided that the range of such offences or categories of offences is not more restricted than the range of offences to which it applies the measures referred to in Article 21. Each Party shall consider restricting such a reservation to enable the broadest application of the measure referred to in Article 20.

b    Where a Party, due to limitations in its legislation in force at the time of the adoption of the present Convention, is not able to apply the measures referred to in Articles 20 and 21 to communications being transmitted within a computer system of a service provider, which system:

i    is being operated for the benefit of a closed group of users, and

ii    does not employ public communications networks and is not connected with another computer system, whether public or private, that Party may reserve the right not to apply these measures to such communications. Each Party shall consider restricting such a reservation to enable the broadest application of the measures referred to in Articles 20 and 21.

 

Article 15 .- Conditions and safeguards

1    Each Party shall ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law, which shall provide for the adequate protection of human rights and liberties, including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights, and other applicable international human rights instruments, and which shall incorporate the principle of proportionality.

2    Such conditions and safeguards shall, as appropriate in view of the nature of the procedure or power concerned, inter alia, include judicial or other independent supervision, grounds justifying application, and limitation of the scope and the duration of such power or procedure.

3    To the extent that it is consistent with the public interest, in particular the sound administration of justice, each Party shall consider the impact of the powers and procedures in this section upon the rights, responsibilities and legitimate interests of third parties.

 

Title 2 .- Expedited preservation of stored computer data

 

Article 16 .- Expedited preservation of stored computer data

1    Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data, that has been stored by means of a computer system, in particular where there are grounds to believe that the computer data is particularly vulnerable to loss or modification.

2    Where a Party gives effect to paragraph 1 above by means of an order to a person to preserve specified stored computer data in the person’s possession or control, the Party shall adopt such legislative and other measures as may be necessary to oblige that person to preserve and maintain the integrity of that computer data for a period of time as long as necessary, up to a maximum of ninety days, to enable the competent authorities to seek its disclosure. A Party may provide for such an order to be subsequently renewed.

3    Each Party shall adopt such legislative and other measures as may be necessary to oblige the custodian or other person who is to preserve the computer data to keep confidential the undertaking of such procedures for the period of time provided for by its domestic law.

4    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

 

Article 17 .- Expedited preservation and partial disclosure of traffic data

1    Each Party shall adopt, in respect of traffic data that is to be preserved under Article 16, such legislative and other measures as may be necessary to:

a    ensure that such expeditious preservation of traffic data is available regardless of whether one or more service providers were involved in the transmission of that communication; and

b    ensure the expeditious disclosure to the Party’s competent authority, or a person designated by that authority, of a sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted.

2    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

 

Title 3 .- Production order

 

Article 18 .- Production order

1    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order:

a    a person in its territory to submit specified computer data in that person’s possession or control, which is stored in a computer system or a computer-data storage medium; and

b    a service provider offering its services in the territory of the Party to submit subscriber information relating to such services in that service provider’s possession or control.

2    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

3    For the purpose of this article, the term “subscriber information” means any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which can be established:

a    the type of communication service used, the technical provisions taken thereto and the period of service;

b    the subscriber’s identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement;

c    any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement.

 

Title 4 .- Search and seizure of stored computer data

 

Article 19 .- Search and seizure of stored computer data

1    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to search or similarly access:

a    a computer system or part of it and computer data stored therein; and

b    a computer-data storage medium in which computer data may be stored in its territory.

2    Each Party shall adopt such legislative and other measures as may be necessary to ensure that where its authorities search or similarly access a specific computer system or part of it, pursuant to paragraph 1.a, and have grounds to believe that the data sought is stored in another computer system or part of it in its territory, and such data is lawfully accessible from or available to the initial system, the authorities shall be able to expeditiously extend the search or similar accessing to the other system.

3    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to seize or similarly secure computer data accessed according to paragraphs 1 or 2. These measures shall include the power to:

a    seize or similarly secure a computer system or part of it or a computer-data storage medium;

b    make and retain a copy of those computer data;

c    maintain the integrity of the relevant stored computer data;

d    render inaccessible or remove those computer data in the accessed computer system.

4    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data therein to provide, as is reasonable, the necessary information, to enable the undertaking of the measures referred to in paragraphs 1 and 2.

5    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

 

Title 5 .- Real-time collection of computer data

 

Article 20 .- Real-time collection of traffic data

1    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to:

a    collect or record through the application of technical means on the territory of that Party, and

b    compel a service provider, within its existing technical capability:

i    to collect or record through the application of technical means on the territory of that Party; or

ii    to co-operate and assist the competent authorities in the collection or recording of, traffic data, in real-time, associated with specified communications in its territory transmitted by means of a computer system.

2    Where a Party, due to the established principles of its domestic legal system, cannot adopt the measures referred to in paragraph 1.a, it may instead adopt legislative and other measures as may be necessary to ensure the real-time collection or recording of traffic data associated with specified communications transmitted in its territory, through the application of technical means on that territory.

3    Each Party shall adopt such legislative and other measures as may be necessary to oblige a service provider to keep confidential the fact of the execution of any power provided for in this article and any information relating to it.

4    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

 

Article 21 .- Interception of content data

1    Each Party shall adopt such legislative and other measures as may be necessary, in relation to a range of serious offences to be determined by domestic law, to empower its competent authorities to:

a    collect or record through the application of technical means on the territory of that Party, and

b    compel a service provider, within its existing technical capability:

i    to collect or record through the application of technical means on the territory of that Party, or

ii    to co-operate and assist the competent authorities in the collection or recording of, content data, in real-time, of specified communications in its territory transmitted by means of a computer system.

2    Where a Party, due to the established principles of its domestic legal system, cannot adopt the measures referred to in paragraph 1.a, it may instead adopt legislative and other measures as may be necessary to ensure the real-time collection or recording of content data on specified communications in its territory through the application of technical means on that territory.

3    Each Party shall adopt such legislative and other measures as may be necessary to oblige a service provider to keep confidential the fact of the execution of any power provided for in this article and any information relating to it.

4    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

Section 3 .- Jurisdiction

 

Article 22 .- Jurisdiction

1    Each Party shall adopt such legislative and other measures as may be necessary to establish jurisdiction over any offence established in accordance with Articles 2 through 11 of this Convention, when the offence is committed:

a    in its territory; or

b    on board a ship flying the flag of that Party; or

c    on board an aircraft registered under the laws of that Party; or

d    by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State.

2    Each Party may reserve the right not to apply or to apply only in specific cases or conditions the jurisdiction rules laid down in paragraphs 1.b through 1.d of this article or any part thereof.

3    Each Party shall adopt such measures as may be necessary to establish jurisdiction over the offences referred to in Article 24, paragraph 1, of this Convention, in cases where an alleged offender is present in its territory and it does not extradite him or her to another Party, solely on the basis of his or her nationality, after a request for extradition.

4    This Convention does not exclude any criminal jurisdiction exercised by a Party in accordance with its domestic law.

5    When more than one Party claims jurisdiction over an alleged offence established in accordance with this Convention, the Parties involved shall, where appropriate, consult with a view to determining the most appropriate jurisdiction for prosecution.

Chapter III .- International co-operation

 

Section 1 .- General principles

 

Title 1 .- General principles relating to international co-operation

 

Article 23 .- General principles relating to international co-operation

The Parties shall co-operate with each other, in accordance with the provisions of this chapter, and through the application of relevant international instruments on international co-operation in criminal matters, arrangements agreed on the basis of uniform or reciprocal legislation, and domestic laws, to the widest extent possible for the purposes of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.

 

Title 2 .- Principles relating to extradition

 

Article 24 .- Extradition

1

a.   This article applies to extradition between Parties for the criminal offences established in accordance with Articles 2 through 11 of this Convention, provided that they are punishable under the laws of both Parties concerned by deprivation of liberty for a maximum period of at least one year, or by a more severe penalty.

b.      Where a different minimum penalty is to be applied under an arrangement agreed on the basis of uniform or reciprocal legislation or an extradition treaty, including the European Convention on Extradition (ETS No. 24), applicable between two or more parties, the minimum penalty provided for under such arrangement or treaty shall apply.

2    The criminal offences described in paragraph 1 of this article shall be deemed to be included as extraditable offences in any extradition treaty existing between or among the Parties. The Parties undertake to include such offences as extraditable offences in any extradition treaty to be concluded between or among them.

3    If a Party that makes extradition conditional on the existence of a treaty receives a request for extradition from another Party with which it does not have an extradition treaty, it may consider this Convention as the legal basis for extradition with respect to any criminal offence referred to in paragraph 1 of this article.

4    Parties that do not make extradition conditional on the existence of a treaty shall recognise the criminal offences referred to in paragraph 1 of this article as extraditable offences between themselves.

5    Extradition shall be subject to the conditions provided for by the law of the requested Party or by applicable extradition treaties, including the grounds on which the requested Party may refuse extradition.

6    If extradition for a criminal offence referred to in paragraph 1 of this article is refused solely on the basis of the nationality of the person sought, or because the requested Party deems that it has jurisdiction over the offence, the requested Party shall submit the case at the request of the requesting Party to its competent authorities for the purpose of prosecution and shall report the final outcome to the requesting Party in due course. Those authorities shall take their decision and conduct their investigations and proceedings in the same manner as for any other offence of a comparable nature under the law of that Party.

7

a.   Each Party shall, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, communicate to the Secretary General of the Council of Europe the name and address of each authority responsible for making or receiving requests for extradition or provisional arrest in the absence of a treaty.

b.   The Secretary General of the Council of Europe shall set up and keep updated a register of authorities so designated by the Parties. Each Party shall ensure that the details held on the register are correct at all times.

 

Title 3 .- General principles relating to mutual assistance

 

Article 25 .- General principles relating to mutual assistance

1    The Parties shall afford one another mutual assistance to the widest extent possible for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.

2    Each Party shall also adopt such legislative and other measures as may be necessary to carry out the obligations set forth in Articles 27 through 35.

3    Each Party may, in urgent circumstances, make requests for mutual assistance or communications related thereto by expedited means of communication, including fax or e-mail, to the extent that such means provide appropriate levels of security and authentication (including the use of encryption, where necessary), with formal confirmation to follow, where required by the requested Party. The requested Party shall accept and respond to the request by any such expedited means of communication.

4    Except as otherwise specifically provided in articles in this chapter, mutual assistance shall be subject to the conditions provided for by the law of the requested Party or by applicable mutual assistance treaties, including the grounds on which the requested Party may refuse co-operation. The requested Party shall not exercise the right to refuse mutual assistance in relation to the offences referred to in Articles 2 through 11 solely on the ground that the request concerns an offence which it considers a fiscal offence.

5    Where, in accordance with the provisions of this chapter, the requested Party is permitted to make mutual assistance conditional upon the existence of dual criminality, that condition shall be deemed fulfilled, irrespective of whether its laws place the offence within the same category of offence or denominate the offence by the same terminology as the requesting Party, if the conduct underlying the offence for which assistance is sought is a criminal offence under its laws.

 

Article 26 .- Spontaneous information

1    A Party may, within the limits of its domestic law and without prior request, forward to another Party information obtained within the framework of its own investigations when it considers that the disclosure of such information might assist the receiving Party in initiating or carrying out investigations or proceedings concerning criminal offences established in accordance with this Convention or might lead to a request for co-operation by that Party under this chapter.

2    Prior to providing such information, the providing Party may request that it be kept confidential or only used subject to conditions. If the receiving Party cannot comply with such request, it shall notify the providing Party, which shall then determine whether the information should nevertheless be provided. If the receiving Party accepts the information subject to the conditions, it shall be bound by them.

 

Title 4 .- Procedures pertaining to mutual assistance requests in the absence of applicable international agreements

 

Article 27 .- Procedures pertaining to mutual assistance requests in the absence of applicable international agreements

1    Where there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and requested Parties, the provisions of paragraphs 2 through 9 of this article shall apply. The provisions of this article shall not apply where such treaty, arrangement or legislation exists, unless the Parties concerned agree to apply any or all of the remainder of this article in lieu thereof.

2

a.   Each Party shall designate a central authority or authorities responsible for sending and answering requests for mutual assistance, the execution of such requests or their transmission to the authorities competent for their execution.

b.   The central authorities shall communicate directly with each other;

c.    Each Party shall, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, communicate to the Secretary General of the Council of Europe the names and addresses of the authorities designated in pursuance of this paragraph;

d.    The Secretary General of the Council of Europe shall set up and keep updated a register of central authorities designated by the Parties. Each Party shall ensure that the details held on the register are correct at all times.

3    Mutual assistance requests under this article shall be executed in accordance with the procedures specified by the requesting Party, except where incompatible with the law of the requested Party.

4    The requested Party may, in addition to the grounds for refusal established in Article 25, paragraph 4, refuse assistance if:

a    the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence, or

b    it considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

5    The requested Party may postpone action on a request if such action would prejudice criminal investigations or proceedings conducted by its authorities.

6    Before refusing or postponing assistance, the requested Party shall, where appropriate after having consulted with the requesting Party, consider whether the request may be granted partially or subject to such conditions as it deems necessary.

7    The requested Party shall promptly inform the requesting Party of the outcome of the execution of a request for assistance. Reasons shall be given for any refusal or postponement of the request. The requested Party shall also inform the requesting Party of any reasons that render impossible the execution of the request or are likely to delay it significantly.

8    The requesting Party may request that the requested Party keep confidential the fact of any request made under this chapter as well as its subject, except to the extent necessary for its execution. If the requested Party cannot comply with the request for confidentiality, it shall promptly inform the requesting Party, which shall then determine whether the request should nevertheless be executed.

9

a.   In the event of urgency, requests for mutual assistance or communications related thereto may be sent directly by judicial authorities of the requesting Party to such authorities of the requested Party. In any such cases, a copy shall be sent at the same time to the central authority of the requested Party through the central authority of the requesting Party.

b.   Any request or communication under this paragraph may be made through the International Criminal Police Organisation (Interpol).

c.    Where a request is made pursuant to sub-paragraph a. of this article and the authority is not competent to deal with the request, it shall refer the request to the competent national authority and inform directly the requesting Party that it has done so.

d.   Requests or communications made under this paragraph that do not involve coercive action may be directly transmitted by the competent authorities of the requesting Party to the competent authorities of the requested Party.

e.   Each Party may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, inform the Secretary General of the Council of Europe that, for reasons of efficiency, requests made under this paragraph are to be addressed to its central authority.

 

Article 28 .- Confidentiality and limitation on use

1    When there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and the requested Parties, the provisions of this article shall apply. The provisions of this article shall not apply where such treaty, arrangement or legislation exists, unless the Parties concerned agree to apply any or all of the remainder of this article in lieu thereof.

2    The requested Party may make the supply of information or material in response to a request dependent on the condition that it is:

a    kept confidential where the request for mutual legal assistance could not be complied with in the absence of such condition, or

b    not used for investigations or proceedings other than those stated in the request.

3    If the requesting Party cannot comply with a condition referred to in paragraph 2, it shall promptly inform the other Party, which shall then determine whether the information should nevertheless be provided. When the requesting Party accepts the condition, it shall be bound by it.

4    Any Party that supplies information or material subject to a condition referred to in paragraph 2 may require the other Party to explain, in relation to that condition, the use made of such information or material.

 

Section 2 .- Specific provisions

 

Title 1 .- Mutual assistance regarding provisional measures

 

Article 29 .- Expedited preservation of stored computer data

1    A Party may request another Party to order or otherwise obtain the expeditious preservation of data stored by means of a computer system, located within the territory of that other Party and in respect of which the requesting Party intends to submit a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of the data.

2    A request for preservation made under paragraph 1 shall specify:

a    the authority seeking the preservation;

b    the offence that is the subject of a criminal investigation or proceedings and a brief summary of the related facts;

c    the stored computer data to be preserved and its relationship to the offence;

d    any available information identifying the custodian of the stored computer data or the location of the computer system;

e    the necessity of the preservation; and

f    that the Party intends to submit a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of the stored computer data.

3    Upon receiving the request from another Party, the requested Party shall take all appropriate measures to preserve expeditiously the specified data in accordance with its domestic law. For the purposes of responding to a request, dual criminality shall not be required as a condition to providing such preservation.

4    A Party that requires dual criminality as a condition for responding to a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of stored data may, in respect of offences other than those established in accordance with Articles 2 through 11 of this Convention, reserve the right to refuse the request for preservation under this article in cases where it has reasons to believe that at the time of disclosure the condition of dual criminality cannot be fulfilled.

5    In addition, a request for preservation may only be refused if:

a    the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence, or

b    the requested Party considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

6    Where the requested Party believes that preservation will not ensure the future availability of the data or will threaten the confidentiality of or otherwise prejudice the requesting Party’s investigation, it shall promptly so inform the requesting Party, which shall then determine whether the request should nevertheless be executed.

7    Any preservation effected in response to the request referred to in paragraph 1 shall be for a period not less than sixty days, in order to enable the requesting Party to submit a request for the search or similar access, seizure or similar securing, or disclosure of the data. Following the receipt of such a request, the data shall continue to be preserved pending a decision on that request.

 

Article 30 .- Expedited disclosure of preserved traffic data

1    Where, in the course of the execution of a request made pursuant to Article 29 to preserve traffic data concerning a specific communication, the requested Party discovers that a service provider in another State was involved in the transmission of the communication, the requested Party shall expeditiously disclose to the requesting Party a sufficient amount of traffic data to identify that service provider and the path through which the communication was transmitted.

2    Disclosure of traffic data under paragraph 1 may only be withheld if:

a    the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence; or

b    the requested Party considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

 

Title 2 .- Mutual assistance regarding investigative powers

 

Article 31 .- Mutual assistance regarding accessing of stored computer data

1    A Party may request another Party to search or similarly access, seize or similarly secure, and disclose data stored by means of a computer system located within the territory of the requested Party, including data that has been preserved pursuant to Article 29.

2    The requested Party shall respond to the request through the application of international instruments, arrangements and laws referred to in Article 23, and in accordance with other relevant provisions of this chapter.

3    The request shall be responded to on an expedited basis where:

a    there are grounds to believe that relevant data is particularly vulnerable to loss or modification; or

b    the instruments, arrangements and laws referred to in paragraph 2 otherwise provide for expedited co-operation.

 

Article 32 .- Trans-border access to stored computer data with consent or where publicly available

A Party may, without the authorisation of another Party:

a    access publicly available (open source) stored computer data, regardless of where the data is located geographically; or

b    access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.

 

Article 33 .- Mutual assistance regarding the real-time collection of traffic data

1    The Parties shall provide mutual assistance to each other in the real-time collection of traffic data associated with specified communications in their territory transmitted by means of a computer system. Subject to the provisions of paragraph 2, this assistance shall be governed by the conditions and procedures provided for under domestic law.

2    Each Party shall provide such assistance at least with respect to criminal offences for which real-time collection of traffic data would be available in a similar domestic case.

 

Article 34 .- Mutual assistance regarding the interception of content data

The Parties shall provide mutual assistance to each other in the real-time collection or recording of content data of specified communications transmitted by means of a computer system to the extent permitted under their applicable treaties and domestic laws.

 

Title 3 .- 24/7 Network

 

Article 35 .- 24/7 Network

1    Each Party shall designate a point of contact available on a twenty-four hour, seven-day-a-week basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence. Such assistance shall include facilitating, or, if permitted by its domestic law and practice, directly carrying out the following measures:

a    the provision of technical advice;

b    the preservation of data pursuant to Articles 29 and 30;

c    the collection of evidence, the provision of legal information, and locating of suspects.

2

a.    A Party’s point of contact shall have the capacity to carry out communications with the point of contact of another Party on an expedited basis.

b.    If the point of contact designated by a Party is not part of that Party’s authority or authorities responsible for international mutual assistance or extradition, the point of contact shall ensure that it is able to co-ordinate with such authority or authorities on an expedited basis.

3    Each Party shall ensure that trained and equipped personnel are available, in order to facilitate the operation of the network.

 

Chapter IV .- Final provisions

 

Article 36 .- Signature and entry into force

1    This Convention shall be open for signature by the member States of the Council of Europe and by non-member States which have participated in its elaboration.

2    This Convention is subject to ratification, acceptance or approval. Instruments of ratification, acceptance or approval shall be deposited with the Secretary General of the Council of Europe.

3    This Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date on which five States, including at least three member States of the Council of Europe, have expressed their consent to be bound by the Convention in accordance with the provisions of paragraphs 1 and 2.

4    In respect of any signatory State which subsequently expresses its consent to be bound by it, the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of the expression of its consent to be bound by the Convention in accordance with the provisions of paragraphs 1 and 2.

 

Article 37 .- Accession to the Convention

1    After the entry into force of this Convention, the Committee of Ministers of the Council of Europe, after consulting with and obtaining the unanimous consent of the Contracting States to the Convention, may invite any State which is not a member of the Council and which has not participated in its elaboration to accede to this Convention. The decision shall be taken by the majority provided for in Article 20.d. of the Statute of the Council of Europe and by the unanimous vote of the representatives of the Contracting States entitled to sit on the Committee of Ministers.

2    In respect of any State acceding to the Convention under paragraph 1 above, the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of deposit of the instrument of accession with the Secretary General of the Council of Europe.

 

Article 38 .- Territorial application

1    Any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, specify the territory or territories to which this Convention shall apply.

2    Any State may, at any later date, by a declaration addressed to the Secretary General of the Council of Europe, extend the application of this Convention to any other territory specified in the declaration. In respect of such territory the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of receipt of the declaration by the Secretary General.

3    Any declaration made under the two preceding paragraphs may, in respect of any territory specified in such declaration, be withdrawn by a notification addressed to the Secretary General of the Council of Europe. The withdrawal shall become effective on the first day of the month following the expiration of a period of three months after the date of receipt of such notification by the Secretary General.

 

Article 39 .- Effects of the Convention

1    The purpose of the present Convention is to supplement applicable multilateral or bilateral treaties or arrangements as between the Parties, including the provisions of:

– the European Convention on Extradition, opened for signature in Paris, on 13 December 1957 (ETS No. 24);

– the European Convention on Mutual Assistance in Criminal Matters, opened for signature in Strasbourg, on 20 April 1959 (ETS No. 30);

– the Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters, opened for signature in Strasbourg, on 17 March 1978 (ETS No. 99).

2    If two or more Parties have already concluded an agreement or treaty on the matters dealt with in this Convention or have otherwise established their relations on such matters, or should they in future do so, they shall also be entitled to apply that agreement or treaty or to regulate those relations accordingly. However, where Parties establish their relations in respect of the matters dealt with in the present Convention other than as regulated therein, they shall do so in a manner that is not inconsistent with the Convention’s objectives and principles.

3    Nothing in this Convention shall affect other rights, restrictions, obligations and responsibilities of a Party.

 

Article 40 .- Declarations

By a written notification addressed to the Secretary General of the Council of Europe, any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, declare that it avails itself of the possibility of requiring additional elements as provided for under Articles 2, 3, 6 paragraph 1.b, 7, 9 paragraph 3, and 27, paragraph 9.e.

 

Article 41 .- Federal clause

1    A federal State may reserve the right to assume obligations under Chapter II of this Convention consistent with its fundamental principles governing the relationship between its central government and constituent States or other similar territorial entities provided that it is still able to co-operate under Chapter III.

2    When making a reservation under paragraph 1, a federal State may not apply the terms of such reservation to exclude or substantially diminish its obligations to provide for measures set forth in Chapter II. Overall, it shall provide for a broad and effective law enforcement capability with respect to those measures.

3    With regard to the provisions of this Convention, the application of which comes under the jurisdiction of constituent States or other similar territorial entities, that are not obliged by the constitutional system of the federation to take legislative measures, the federal government shall inform the competent authorities of such States of the said provisions with its favourable opinion, encouraging them to take appropriate action to give them effect.

 

Article 42 .- Reservations

By a written notification addressed to the Secretary General of the Council of Europe, any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, declare that it avails itself of the reservation(s) provided for in Article 4, paragraph 2, Article 6, paragraph 3, Article 9, paragraph 4, Article 10, paragraph 3, Article 11, paragraph 3, Article 14, paragraph 3, Article 22, paragraph 2, Article 29, paragraph 4, and Article 41, paragraph 1. No other reservation may be made.

 

Article 43 .- Status and withdrawal of reservations

1    A Party that has made a reservation in accordance with Article 42 may wholly or partially withdraw it by means of a notification addressed to the Secretary General of the Council of Europe. Such withdrawal shall take effect on the date of receipt of such notification by the Secretary General. If the notification states that the withdrawal of a reservation is to take effect on a date specified therein, and such date is later than the date on which the notification is received by the Secretary General, the withdrawal shall take effect on such a later date.

2    A Party that has made a reservation as referred to in Article 42 shall withdraw such reservation, in whole or in part, as soon as circumstances so permit.

3    The Secretary General of the Council of Europe may periodically enquire with Parties that have made one or more reservations as referred to in Article 42 as to the prospects for withdrawing such reservation(s).

 

Article 44.-– Amendments

1    Amendments to this Convention may be proposed by any Party, and shall be communicated by the Secretary General of the Council of Europe to the member States of the Council of Europe, to the non-member States which have participated in the elaboration of this Convention as well as to any State which has acceded to, or has been invited to accede to, this Convention in accordance with the provisions of Article 37.

2    Any amendment proposed by a Party shall be communicated to the European Committee on Crime Problems (CDPC), which shall submit to the Committee of Ministers its opinion on that proposed amendment.

3    The Committee of Ministers shall consider the proposed amendment and the opinion submitted by the CDPC and, following consultation with the non-member States Parties to this Convention, may adopt the amendment.

4    The text of any amendment adopted by the Committee of Ministers in accordance with paragraph 3 of this article shall be forwarded to the Parties for acceptance.

5    Any amendment adopted in accordance with paragraph 3 of this article shall come into force on the thirtieth day after all Parties have informed the Secretary General of their acceptance thereof.

 

Article 45 .- Settlement of disputes

1    The European Committee on Crime Problems (CDPC) shall be kept informed regarding the interpretation and application of this Convention.

2    In case of a dispute between Parties as to the interpretation or application of this Convention, they shall seek a settlement of the dispute through negotiation or any other peaceful means of their choice, including submission of the dispute to the CDPC, to an arbitral tribunal whose decisions shall be binding upon the Parties, or to the International Court of Justice, as agreed upon by the Parties concerned.

 

Article 46 .- Consultations of the Parties

1    The Parties shall, as appropriate, consult periodically with a view to facilitating:

a    the effective use and implementation of this Convention, including the identification of any problems thereof, as well as the effects of any declaration or reservation made under this Convention;

b    the exchange of information on significant legal, policy or technological developments pertaining to cybercrime and the collection of evidence in electronic form;

c    consideration of possible supplementation or amendment of the Convention.

2    The European Committee on Crime Problems (CDPC) shall be kept periodically informed regarding the result of consultations referred to in paragraph 1.

3    The CDPC shall, as appropriate, facilitate the consultations referred to in paragraph 1 and take the measures necessary to assist the Parties in their efforts to supplement or amend the Convention. At the latest three years after the present Convention enters into force, the European Committee on Crime Problems (CDPC) shall, in co-operation with the Parties, conduct a review of all of the Convention’s provisions and, if necessary, recommend any appropriate amendments.

4    Except where assumed by the Council of Europe, expenses incurred in carrying out the provisions of paragraph 1 shall be borne by the Parties in the manner to be determined by them.

5    The Parties shall be assisted by the Secretariat of the Council of Europe in carrying out their functions pursuant to this article.

 

Article 47 .- Denunciation

1    Any Party may, at any time, denounce this Convention by means of a notification addressed to the Secretary General of the Council of Europe.

2    Such denunciation shall become effective on the first day of the month following the expiration of a period of three months after the date of receipt of the notification by the Secretary General.

 

Article 48 .- Notification

The Secretary General of the Council of Europe shall notify the member States of the Council of Europe, the non-member States which have participated in the elaboration of this Convention as well as any State which has acceded to, or has been invited to accede to, this Convention of:

a    any signature;

b    the deposit of any instrument of ratification, acceptance, approval or accession;

c    any date of entry into force of this Convention in accordance with Articles 36 and 37;

d    any declaration made under Article 40 or reservation made in accordance with Article 42;

e    any other act, notification or communication relating to this Convention.

In witness whereof  the undersigned, being duly authorised thereto, have signed this Convention.

Done at Budapest, this 23rd day of November 2001, in English and in French, both texts being equally authentic, in a single copy which shall be deposited in the archives of the Council of Europe. The Secretary General of the Council of Europe shall transmit certified copies to each member State of the Council of Europe, to the non-member States which have participated in the elaboration of this Convention, and to any State invited to accede to it.

 

Statement of the Republic of Azerbaijan on semi paragraph “a” of paragraph 7 of Article 24 of the Convention “On Cybercrime”

According to subparagraph “a” of paragraph 7 of Article 24 of the Convention, in case of the absence of an extradition treaty, the Republic of Azerbaijan designates the Ministry of Justice as a responsible authority for receiving inquiries regarding extradition and temporary arrest.

 

Statement of the Republic of Azerbaijan on semi paragraph “c” of paragraph 2 of Article 27 of the Convention “On Cybercrime”

According to subparagraph “c” of paragraph 2 of Article 27 of the Convention, the Republic of Azerbaijan designates the Ministry of National Security  as a responsible authority for sending and answering requests for mutual assistance and the execution of such requests.

 

Statement of the Republic of Azerbaijan on semi paragraph “e” of paragraph 9 of Article 27 of the Convention “On Cybercrime”

According to subparagraph “e” of paragraph 9 of Article 27 of the Convention, the Republic of Azerbaijan informs the Secretary General that, for reasons of efficiency, requests made under this paragraph are to be addressed to its central authority.

 

Statement of the Republic of Azerbaijan on paragraph 1 of Article 35 of the Convention “On Cybercrime”

According to paragraph 1 of Article 35 of the Convention, the Republic of Azerbaijan designates the Ministry of National Security as a point of contact available on a twenty-four hour, seven-day-a-week basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or collection of evidence in electronic form of a criminal offence.

 

Statement of the Republic of Azerbaijan on Article 38 of the Convention “On Cybercrime”

According to Article 38 of the Convention, the Republic of Azerbaijan declares that it is unable to guarantee implementation of the Convention in the territories of the Republic of Azerbaijan, which have been occupied by the Republic of Armenia, until the liberation of those territories from occupation.

 

Reservation of the Republic of Azerbaijan on semi paragraph “b” of paragraph 1 of Article 6 of the Convention “On Cybercrime”

In accordance with subparagraph “b” of paragraph 1 of Article 6 of the Convention, the Republic of Azerbaijan declares that when acts are not considered dangerous crimes for the general public, they will be evaluated not as criminal offences, but as punishable acts regarded as a breach of law. In case the deliberate perpetration of acts subject to the penalty risk which are not treated as dangerous crimes for the general public (action or inaction) generates a serious harm, then they are treated as crime.

 

Reservation of the Republic of Azerbaijan on paragraph 3 of Article 6 of the Convention “On Cybercrime”

In relation to paragraph 3 of Article 6 of the Convention, the Republic of Azerbaijan appraises the acts indicated in paragraph 1 of Article 6 of the Convention not as criminal offences, but as punishable acts regarded as a breach of law in case these acts are not considered dangerous crimes for general public and stipulates that the given acts be subjected to criminal charge only at the event of incurrence of serious harm.

 

Reservations of the Republic of Azerbaijan on Article 42 and paragraph 2 of Article 4 of the Convention “on Cybercrime”

In accordance with Article 42 and Article 4, paragraph 2, of the Convention, the Republic of Azerbaijan declares that criminal liability occurs if the acts described in Article 4 of the Convention result in serious harm.

 

Reservations of the Republic of Azerbaijan on Article 42 and paragraph 4 of Article 29 of the Convention “on Cybercrime”

In accordance with Article 42 and Article 29, paragraph 4, of the Convention, the Republic of Azerbaijan reserves the right to refuse the request for preservation under this article in cases where it has reasons to believe that at the time of disclosure the condition of dual criminality cannot be fulfilled.

13Jul/17

The Law of the Azerbaijan Republic, 9 march 2004, on Digital Electronic Signature

The Law of the Azerbaijan Republic, 9 march 2004, on Digital Electronic Signature.

This law sets organizational, legal grounds for use of Electronic signature and Electronic document, their application in Electronic document circulation and rights of related subjects, regulates disputes among them.

 

Chapter I.- General provisions

 

Article 1.- Main ideas

1.1.- The following main ideas have been used in this law:

1.1.1.- Data .- information available for development by information technology means;

1.1.2.- Database .- material object set for storage and use of data;

1.1.3.- Information notice .- form of information written in database;

1.1.4.- Electronic signature .- data added to another data or logically linked to them, admitting identification of signature holder;

1.1.5.- Strengthened Electronic signature (hereinafter – strengthened signature) .- Electronic signature created by Electronic signature means controlled by signature holder and belonging only to signature holder, identifying it, admitting to identify the information notice to which it is linked is integral, stable, not distorted and faked;

1.1.6.- Electronic signature holder (hereinafter signature holder).- physical person speaking on behalf of itself or person empowering it in legal manner;

1.1.7.- Electronic signature means (hereinafter – signature means) .- programs and technical means used for creation and verification of Electronic signature, creating signature and verification information;

1.1.8.- Electronic signature creation information .- unrepeatable data consisted of code or cryptographic key known by signature holder only and used to create Electronic signature;

1.1.9.- Electronic signature verification information .- unrepeatable data consisted of code or cryptographic key, fitting Electronic signature creation information and used to verify Electronic signature authenticity;

1.1.10.- Electronic signature authenticity .- confirming that Electronic signature verified by Electronic signature verification information belongs to Electronic signature holder, information notice linked to signature is integral, not
changed and distorted;

1.1.11.- Certificate .- paper or Electronic document for identification of signature holder, granted by certificate services center on relationship of Electronic signature verification information to signature holder;

1.1.12.- Perfect certificate .- certificate granted by certificate services center accredited on strengthened signature verification information;

1.1.13.- Certificate services center (hereinafter – center) .- legal person granting certificate for Electronic signature and doing other services set by this law on use of signatures, or physical person dealing with entrepreneurship not founding legal person;

1.1.14.- Accredited certificate services center (hereinafter – accredited center) .- certificate services center right of which to grant perfect certificate has been approved by corresponding executive power body;

1.1.15.- Electronic document .- document submitted in Electronic version for use in information system and confirmed by Electronic signature;

1.1.16.- Electronic document circulation .- information processes linked to signed traffic of Electronic document in information system;

1.1.17.- Electronic document circulation means .- programs, technical means and techs used in Electronic document circulation;

1.1.18.- Certified Electronic signature means .- Electronic signature means compliance of which with requirements set is confirmed upon certification rules;

1.1.19.- Certified Electronic document circulation means .- Electronic document circulation means compliance of which with requirements set is confirmed upon certification rules;

1.1.20.- Electronic document sender (hereinafter – sender) .- except Electronic document circulation mediator, physical or legal person by which or on behalf of which Electronic document is sent;

1.1.21.- Electronic document receiver (hereinafter – receiver) .- except Electronic document circulation mediator, physical or legal person to which Electronic document is addressed;

1.1.22.- Electronic document circulation mediator (hereinafter – mediator) .- physical or legal person doing Electronic document circulation services between sender and receiver;

1.1.23.- Electronic document authenticity .- confirmation of integrity (possession of necessary details) and entirety (lack of technical faults and distortions during transmission) of Electronic document via Electronic signature authenticity verification;

1.1.24.- Corporate information  system .- information system set by owner or agreed among participants upon contract with limited users;

1.1.25.- Information on signature holder .- information stated by signature holder while getting certificate and collected on it during operation of system;

1.1.26.- Time indicator .- Electronic note of accredited center on receiving the information notice in certain time.

1.2.- Notion ‘centers’ that will further be used in this law will reflect the certificate services center and accredited center, and ‘signatures’ Electronic signature and strengthened signature.

 

Article 2.- Areas of use of Electronic signature and Electronic document
Except cases set by legislation of the Republic of Azerbaijan, Electronic signature and Electronic document can be used in all fields of activity where corresponding means are applied. Via Electronic document official and unofficial correspondences, exchange of documents and information causing legal responsibility and liabilities can be implemented.

 

Article 3.- Validity of Electronic signature and Electronic document

3.1.- Electronic signature cannot be considered invalid because it is in Electronic version or has no certificate, created by signature means nor certified.

3.2.- Except cases set by legislation of the Republic of Azerbaijan, signature created by certified signature means with strengthened perfect valid certificate is equal to the manual signature.

3.3.- If information on authorities of signature holder is shown in perfect certificate, strengthened signature according to Article 3.2 of this law is equal to manual signature on paper, confirmed with seal.

3.4.- If written form of document is required by legislation of the Republic of Azerbaijan, Electronic document signed according to Articles 3.2, 3.3 of this law is considered the one meeting these terms.

3.5.- Except cases when notarized confirmation and (or) state registration of the document is required by legislation of the Republic of Azerbaijan, Electronic document is equal to one on paper.

3.6.- If notarized confirmation or state registration of the document is required by legislation of the Republic of Azerbaijan, Electronic document or its copy meeting requirements of Article 25.1 of this law is registered or confirmed by legislation of the Republic of Azerbaijan.

3.7.- Use of information notice and Electronic document is regulated by this law and other legal acts.

 

Article 4.- Legislation of the Republic of Azerbaijan on Electronic signature and Electronic document

Legislation of the Republic of Azerbaijan on Electronic signature and Electronic document consists of Constitution of the Republic of Azerbaijan, international treaties supported by of the Republic of Azerbaijan, Civil Code of the Republic of Azerbaijan, this law, laws of the Republic of Azerbaijan ‘On state secret’, ‘On information and protection of information’ and other legal acts.

 

Chapter II.- Electronic signature

 

Article 5.- Use of Electronic signature

5.1.- Electronic signature created by signature means using Electronic signature creation information belongs to its holder only.

5.2.- Signature holder can have a few signature creation information and they are used in relations stated in certificates.

5.3.- Signature is verified to confirm authenticity of Electronic signature and Electronic document and identify signature holder. Verification is implemented in base of Electronic signature verification information using signature means.

5.4.- Rule of verification of Electronic signature is set by corresponding executive power body.

5.5.- Using Electronic signature not certified the signature holder must warn the opposite side.

 

Article 6.- Use of Electronic signature in state management

6.1.- Only strengthened signature and certified signature means are used for Electronic document exchange in information systems of state power and local self governing bodies.

6.2.- State power and local self governing bodies must use services of center accredited for the field.

6.3.- Information notice sent by physical or legal person to the state power or local self governing bodies must be confirmed with its strengthened signature.

6.4.- Rule of use of Electronic signature by state power and local self governing bodies is set by corresponding executive power body.

 

Article 7.- Use of Electronic signature in corporate information system

7.1.- Use of Electronic signature in corporate information system is regulated upon internal normative acts of system or contract among participants.

7.2.- Internal normative acts of corporate information system or contract among its participants must include rights and duties of persons while using signature, as well provisions on regulation of damage caused to participants
because of disobedience to rules of use of signature.

7.3.- Centers serving the corporate information system are formed upon decision of the system owner or agreement of participants.

7.4.- Activity of centers serving the corporate information system, contents of certificates, doing certificate services, implementation of certificate register, rules of storage of certificate is regulated by internal normative acts of
system.

7.5.- If certificate system center of corporate information system serves users of information system beyond the system the center must comply with and function according to the provisions of this law.

 

Chapter III.- Certificate services, certification

 

Article 8.- Electronic signature services subjects

Legal relations between signature holder, certificate services center or accredited center and corresponding executive power body during use of Electronic signature are regulated upon legislation of the Republic of Azerbaijan, this law and contract signed between parts.

 

Article 9.- Registration and accreditation of certificate services center

9.1.- 30 days before starting to function the center must inform corresponding executive power body and be registered.

9.2.- Information must contain address, legal status, financial, technical, personnel possibilities and features of activity of the person claiming to function as center.

Legal person must add to this information the state registration certificate and copy of charter, and physical person documents on its entrepreneurship activity by not creating legal person. List of documents submitted is set by
registration rules.

9.3.- Corresponding executive power body within 30 days verifies documents submitted by the center and makes decision on its registration.

9.4.- To do perfect certificate services the center is accredited at corresponding executive power body and perfect certificate is granted that.

9.5.- Number of accredited centers is not limited.

9.6.- Center can start to function only after inclusion of registration information in register of certificate services center by corresponding executive power body.

9.7.- Corresponding executive power body can deny registering the center in following cases:

9.7.1.- if applicant does not meet requirements of this law;

9.7.2.- if information and documents do not meet requirements of this law;

9.7.3.- if false information is submitted by applicant;

9.7.4.- if upon results of audit of information system security functioning of applicant as center is impossible;

9.7.5.- if activity considered by applicant on certification or registration of time indicators does not meet requirements of this law and other legal acts;

9.7.6.- if applicant has tax debt to state;

9.7.7.- other cases set by legislation of the Republic of Azerbaijan.

9.8.- Rules of registration and accreditation of the center are set by corresponding executive power body.

 

Article 10.- Certificate services

10.1.- Concerning use of signature centers can do following services:

10.1.1.- granting certificate;

10.1.2.- stopping, restoring validity of certificate and annulling certificate;

10.1.3.- upon queries, providing information set on certificate by this law and legislation of the Republic of Azerbaijan;

10.1.4.- noting time indicators;

10.1.5.- creating Electronic signature;

10.1.6.- providing advices on use of signature;

10.2.- Rules of doing certificate services are set by corresponding executive power body.

 

Article 11.- Granting the certificate

11.1.- Certificate is granted in base of written contract concluded between applicant and center.

11.2.- Physical person wanting to get certificate must submit its ID card and other documents set by rules.

11.3.- The accredited center is applied to get perfect certificate.

11.4.- After granting the certificate the center can according to this law stop, restore and annul its validity.

11.5.- Until certificate comes into force the center includes information on that in register and records in register next changes in state of certificate.

11.6.- Rules to grant certificate and conduct registration, contents of information inserted in that is set by corresponding executive power body.

 

Article 12.- Contents of certificate

12.1.- Following information is mainly included in certificate:

12.1.1.- title and address of center granting certificate (country);

12.1.2.- serial number of certificate;

12.1.3.- name, patronymic, surname of signature holder or its pseudonym shown for use;

12.1.4.- validity of certificate (time, date of beginning and ending of term);

12.1.5.- signature verification information of signature holder;

12.1.6.- title of signature means in which signature verification information will be used.

12.2.- If certificate is granted on paper it is made in official form of center, confirmed by manual signature of authorized person and seal. If certificate is granted on Electronic version it is confirmed by strengthened signature
of the body granting that.

12.3.- If the information submitted admits exact identification of signature holder, pseudonym can be used as person indicator. In this case use of pseudonym by the signature holder is clearly noted in the certificate.

12.4.- Perfect certificate granted to physical persons contain the following additionally:

12.4.1.- title and address of accredited center granting certificate (country);

12.4.2.- note on existence of perfect certificate;

12.4.3.- certificate use fields and limits;

12.5.- Perfect certificate granted to physical persons is confirmed by strengthened signature of accredited center granting that.

12.6.- Perfect certificate granted to accredited center must contain the following:

12.6.1.- title and address of body granting certificate (country);

12.6.2.- note on existence of perfect certificate;

12.6.3 certificate use fields and limits;

12.7.- Perfect certificate granted to accredited center is confirmed by strengthened signature of body granting that.

12.8.- Other information included in certificate is stated in contract signed between center and signature holder.

12.9.- In following cases certificate is invalid:

12.9.1.- if it is not granted in legal manner;

12.9.2.- if validity term is over;

12.9.3.- if strengthened signature of center granting certificate is not authentic;

12.9.4.- if validity of certificate is ceased or annulled;

12.9.5.- if it is not used in relations stated in that.

 

Article 13.- Stopping and restoring validity of certificate

13.1.- Validity of certificate is stopped by center in following cases:

13.1.1.- if signature holder applies;

13.1.2.- if authorized person (body) applies according to legislation or contract;

13.1.3.- if center has valid doubts in correctness of information that is base for granting certificate or in security of signature creation information of signature holder.

13.2.- Center immediately informs signature holder, authorized person (body) applying on stopping validity of certificate and conducts registration in register of certificates.

13.3.- In the event stated in Article 13.1.3 of this law validity of certificate cannot be stopped for more than 48 hours.

13.4.- Validity of certificate is restored in following cases:

13.4.1.- if signature holder demanding to stop validity of certificate applies or authorized person (body) applying gives permission;

13.4.2.- if valid doubts are removed as a result of actions taken by center;

13.4.3.- if term for stopping validity of certificate is over.

13.5.- Appeals for stopping or restoring validity of certificate must be in written form and well-established with corresponding documents.

13.6.- Disputes connected with stopping or restoring validity of certificate are regulated by legislation of the Republic of Azerbaijan.

 

Article 14.- Annulment of certificate

14.1.- Certificate can be annulled by center in following cases:

14.1.1.- upon appeal of signature holder;

14.1.2.- if validity term of certificate is over;

14.1.3.- upon decision or appeal of authorized person (body);

14.1.4.- if signature holder dies or considered disabled in legal manner;

14.1.5.- if documents and information submitted to center for granting certificate are fake, incorrect or invalid;

14.1.6.- if center finds out that signature holder has lost control on signature creation information;

14.1.7.- if not used in relations stated in that;

14.1.8.- if signature holder breaks requirements of legal acts regulating use of signature or contract signed with center;

14.1.9.- if certificate of signature means used has lost validity;

14.1.10.- in other cases set by legislation.

14.2.- Center informs signature holder, authorized person (body) applying on annulment of validity of certificate and conducts registration in register of certificates on amendments.

14.3.- Disputes because of annulment of certificate are settled by court.

 

Article 15.- Storage of documents on certificate services

15.1.- Certificates that are valid within time set by legislation of the Republic of Azerbaijan on fields of use given, validity of which is stopped or annulled, as well other documents and information related to that are stored at center.

15.2.- While certificate is stored the center assures free and permanent appeal of information system users to certificate, replies to inquiries related to that.

15.3.- Center assures storage of following documents:

15.3.1.- documents on assurance of security of certificate services;

15.3.2.- contracts signed with signature holders;

15.3.3.- copies of documents given upon certificates of center;

15.3.4.- documents of signature holder confirming its instruction;

15.3.5.- documents on stopping, restoring and annulling validity of certificate.

15.4.- After term for storage at center is over certificate is removed from register and given to archive. Term for storage in archive, rule of giving copies of certificates and other information on them within this time is regulated by
legislation of the Republic of Azerbaijan.

 

Article 16.- Recognition of certificates given in foreign countries

16.0.- Certificates given in foreign countries are valid in the Republic of Azerbaijan in following cases:

16.0.1.- if center granting certificate has undertaken accreditation in the Republic of Azerbaijan;

16.0.2.- if certificate meets security requirements set by this law and other legal acts of the Republic of Azerbaijan;

16.0.3.- if certificate is guaranteed by center accredited in the Republic of Azerbaijan or corresponding executive power body;

16.0.4.- if certificate has been granted by foreign centers stated in interstate contracts supported by the Republic of Azerbaijan.

 

Article 17.- Rights, duties and responsibilities of centers

17.1.- Centers are entitled to the following:

17.1.1.- to assure and regulate its activity according to legislation of the Republic of Azerbaijan;

17.1.2.- to do certificate services stated in this law;

17.1.3.- to undertake accreditation in corresponding executive power body for doing services related to perfect certificates;

17.1.4.- to apply to corresponding state bodies related to is activity;

17.1.5.- to put an end to its activity according to legislation of the Republic of Azerbaijan;

17.1.6.- to complain according to legislation of the Republic of Azerbaijan to the court from decisions on annulment of registration or accreditation of center, stopping or annulling validity of certificate;

17.1.7.- to do paid certificate services;

17.1.8.- to set fields and limits for use of certificates according to legislation of the Republic of Azerbaijan;

17.2.- Before signing contract with signature holder to give certificate center must inform it of rules of use of certificate and signature means, center’s legal status and state of accreditation.

17.3.- Centers fulfill following duties:

17.3.1.- assures security of activity and protection of information on signature holder;

17.3.2.- studies documents submitted by signature holder and in necessary cases applies to corresponding state body for verification of them;

17.3.3.- conducts registration of certificates, assures its importance and necessary conditions to provide free and permanent appeal to that;

17.3.4.- gives information on certificates;

17.3.5.- stores documents and information on certificate services;

17.3.6.- in cases stated in Articles 13 and 14 of this law stops, restores or annuls validity of certificates, informs signature holder and authorized person (body) on this.

17.3.7.- submits information on its activity to corresponding executive power body and replies to its queries;

17.3.8.- considering the term of start of activity, assures yearly audit of information system security and submits the result to corresponding executive power body within 30 days;

17.3.9.- promotes control on its activity by corresponding executive power body;

17.3.10.- implements other duties stated in legislation of the Republic of Azerbaijan and contract between parts.

17.4.- Centers bear responsibility for the following:

17.4.1.- security of its activity, protection of signature creation information and information on signature holder;

17.4.2.- entirety and correctness of information in certificate;

17.4.3.- quality and exactness of certificate services;

17.4.4.- illegal stopping or annulling validity of certificate;

17.4.5.- causing financial damage to signature holder by activity of center;

17.4.6.- delay in delivery of information to affect use of certificate to the signature holder.

17.5.- Accredited center implements granting the perfect certificates according to legislation of the Republic of Azerbaijan, this law and rules set by corresponding executive power body, and shows in certificate fields and limits
for its use.

17.6.- Accredited center guaranteeing certificate of perfect certificate and foreign certificate centers bears responsibility by legislation of the Republic of Azerbaijan for damage caused to signature user.

17.7.- Centers bear no responsibility for damage caused to signature user by violation of contract terms by signature holder, disobedience to purpose of certificate.

 

Article 18.- Requirements for certificate services

18.1.- While functioning centers must possess technical, personnel and financial opportunities, as well financial opportunities to reimburse damage that can be caused to users, do reliable and uninterrupted service.

18.2.- Centers must use certified signature means to give certificates, Electronic signature creation and verification information.

18.3.- Before starting to operate and yearly after registration centers must audit information system, apply technique and techs ensuring reliable use of system.

18.4.- Centers must possess educated, experienced and competent personnel to assure activity.

 

Article 19.- Putting an end to activity of certificate services center

19.1.- Putting an end to activity of center is implemented by civil legislation of the Republic of Azerbaijan.

19.2.- At least 30 days before putting an end to activity the center posts notices on mass media and other means, warns signature holders possessing valid certificates, certificate services centers certificates of which are guaranteed by that and with which guarantee contracts are signed, and corresponding executive power body.

19.3.- 30 days after the notice is given the centers implements annulment of valid certificates.

19.4.- 30 days after the notice is given on putting an end to activity of accredited center it must hand upon consent of signature holder the perfect certificates, information on them and inquires of signature users to another accredited center or corresponding executive power body. Certificates not handed are annulled and according to Article 15 of this law given to corresponding executive power body to be stored.

19.5.- In following cases corresponding executive power body can by legislation of the Republic of Azerbaijan annul registration, accreditation of centers and make a suit on putting an end to their activity:

19.5.1.- if documents and information submitted for registration are incorrect or invalid;

19.5.2.- if offences are regularly admitted in activity.

19.6.- Activity of center serving corporate information system can be ended upon decision of system owner or agreement of participants.

 

Article 20.- Rights, duties and responsibilities of signature holder

20.1.- Signature holder has following rights:

20.1.1.- to get detailed information on centers, their services, signatures, use of signature means and security rules;

20.1.2.- to be familiarized with information on that collected at centers;

20.1.3.- to complain by legislation of the Republic of Azerbaijan on decisions on stopping, restoring or annulling validity of certificate, other issues concerning activity of centers.

20.2.- Signature holder must be capable to create signature and use corresponding means.

20.3.- Signature holder bears responsibility for protection of signature creation information and signature means and must not admit use of them by another person. If control on these is lost or there is danger to this, signature holder
must immediately inform the respective center and demand to stop validity of certificate.

20.4.- While using strengthened signature the signature holder must obey the relations of use stated in perfect certificate.

20.5.- Applying to centers to sign contract the signature holder bears responsibility for integrity and correctness of information it submits.

20.6.- Signature holder bears responsibility by legislation of the Republic of Azerbaijan for damage caused by disobedience to terms stated in Article 20 of this law.

 

Chapter IV.- Electronic document

 

Article 21.- Requirements for Electronic document

21.1.- Electronic document must meet the following requirements:

21.1.1.- must be created, stored, developed, transmitted and received due to support of technical and program means;

21.1.2.- must have structure stated in Article 22 of this law;

21.1.3.- must have details promoting identification;

21.1.4.- must be submitted due to support of technical and program means in visual form.

21.2.- List of necessary details for identification of Electronic document and its authenticity is set by legislation of the Republic of Azerbaijan.

 

Article 22.- Structure of Electronic document

22.1.- Electronic document has structure consisted of general and special segments.

22.2.- Information on contents of Electronic document and the person it is addressed is stated in general segment of that.

22.3.- Electronic signature (signatures) and time indicator (indicators) enclosed to Electronic document are noted in special segment of Electronic document.

 

Article 23.- Forms of submission of Electronic document

23.1.- Electronic document has internal and external forms of submission.

23.2.- Image of Electronic document recorded in database is its internal form of submission.

23.3.- Reflection of Electronic document in visual form in another material object (display, paper etc) differed from database is its external form of submission.

 

Article 24.- Original of Electronic document

24.1.- Original of Electronic document is possible in internal form of submission only.

24.2.- All the same copies of Electronic document in its internal form of submission are considered original and equal.

24.3.- Electronic document can have no copy in Electronic version.

24.4.- Each of documents of the same contents made by the same person in paper and Electronic version is independent and has equal right. In this case document on paper is not copy of the one in Electronic version.

 

Article 25.- Copy of Electronic document and rule to confirm that

25.1.- Copy of Electronic document is made by confirmation of its external form of submission reflected on paper in a manner set by legislation of the Republic of Azerbaijan.

25.2.- There must be note in copy of Electronic document on paper that it is copy of corresponding Electronic document.

25.3.- Copy of Electronic document in another material object differed from paper or on paper but not confirmed properly is not considered its copy.

25.4.- Origin of Electronic document and its copy on paper meeting requirements of Article 25.1 of this law have equal validity.

 

Chapter V.- Electronic document circulation

 

Article 26.- Bases of formation of Electronic document circulation

26.1.- Use and circulation of Electronic document is implemented upon legislation of the Republic of Azerbaijan or contracts signed between Electronic document circulation subjects.

26.2.- Legislation of the Republic of Azerbaijan or contract signed set rule of exchange of Electronic documents and technical and organizational requirements (form of exchange of documents, procedure of verification of them, time, form etc considered acceptable for confirming the acceptance of document) related to that.

26.3.- Documentation of Electronic document circulation is implemented upon clerical standards and rules set by legislation of the Republic of Azerbaijan.

26.4.- Use and circulation of Electronic document in corporate information system is regulated by internal normative acts of the system.

 

Article 27.- Sending and receiving Electronic document

27.1.- Electronic document sent personally, as well by person empowered to act on behalf of another person or automatically transmitted by information system operating on self-programmed manner is considered sent by
sender.

27.2.- If contract between parts does not set other cases, as a result of confirmation of authenticity of Electronic document received the receiver makes sure that it is sent by sender and informs the sender in a way unambiguously confirming the acceptance by any means, including automatically.

27.3.- In following cases receiver must consider Electronic document not sent by sender:

27.3.1.- if it receives notice that Electronic document has not been sent;

27.3.2.- if Electronic document authenticity is not confirmed;

27.3.3.- as a result of verification of Electronic document authenticity the receiver knew or had to know that Electronic document received is automatic repeat of another document.

27.4.- If contract between parts does not set other cases, Electronic document is considered not received until sender receives confirmation by receiver. Confirmation must include note on compliance of Electronic document with
technical requirements agreed between parts.

27.5.- If confirmation is not received within time shown by sender or set by contract signed between parts, sender informs receivers of this and sets time for sending confirmation.

27.6.- Article 27 of this law does not regulate relations linked to contents of Electronic document and confirmation of acceptance, except relations concerning sending or receiving Electronic document.

 

Article 28.- Time of sending and receiving the Electronic document

28.1.- If contract between parts does not set other cases, the moment when Electronic document enters the information system out of control of sender or person acting on behalf of that is the time (date and time) of sending the Electronic document.

28.2.- If contract between parts does not set other cases, the moment when Electronic document enters the information system shown by receiver is the time (date and time) of sending the Electronic document.

28.3.- Time indicator registration services may be used if time of sending and receiving causes dispute.

 

Article 29.- Storage of Electronic document

29.1.- Rule of storage of Electronic document is set by legislation of the Republic of Azerbaijan considering following terms:

29.1.1.- Electronic document must keep structure that it was created, transmitted or received;

29.1.2.- Electronic document must be available for identification of its sender, receiver, time of sending and receiving;

29.1.3.- information in Electronic document must be available for use in next reference;

29.1.4.- term for storage of Electronic document must not be less than term for storage of paper document;

29.1.5.- must comply with other terms set by legislation and upon agreement of parts.

29.2.- Article 29.1 of this law does not concern the Electronic documents storage of which is not necessary.

29.3.- Services of other legal and physical persons can be used by legislation of the Republic of Azerbaijan for storage of Electronic documents.

 

Article 30.- Protection of Electronic document

30.1.- Programs and technical means must be used by legislation of the Republic of Azerbaijan to protect Electronic document during circulation of Electronic document.

30.2.- Required level of protection actions in information systems and nets used in Electronic document circulation is assured by owner of these systems and nets.

30.3.- Required level of protection actions in corporate information systems is assured by owner of this system by legislation of the Republic of Azerbaijan or upon agreement of participants.

 

Article 31.- Rights, duties and responsibilities of mediator

31.1.- Services of mediator can be used while storing, transmitting and receiving Electronic documents.

31.2.- To ensure its activity mediator must have the following:

31.2.1.- technique and techs assuring reliable use of system;

31.2.2.- educated, experienced and competent personnel;

31.2.3.- facilities admitting identification of time and source of Electronic documents served;

31.2.4.- reliable system to store information stated in Article 31.2.3 of this law.

31.3.- Mediator must assure storage of information stated in Article 31.2.3 of this law for 6 months.

31.4.- Mediator must be registered in corresponding executive power body to function.

31.5.- Mediator serves users upon contract.

31.6.- Mediator that violates requirements of Article 31.2 of this law bears responsibility by legislation of the Republic of Azerbaijan.

31.7.- Mediator assures security of its activity and bears no responsibility for contents of documents stored, transmitted and received.

 

Article 32.- Electronic documents containing confidential information

32.1.- Rule of use and actions of protection of Electronic documents containing state, commercial, bank secrets and other confidential information is set by legislation of the Republic of Azerbaijan.

32.2.- For exchange of Electronic documents containing state secret only certified Electronic signature and Electronic document circulation means must be used.

32.3.- Expertise of information systems used for making, development and exchange of Electronic documents containing state secret is carried out in the way set by corresponding executive power body.

32.4.- Persons with access to work with Electronic documents stated in Article 32.1 of this law must assure implementation of actions required for protection of these documents by legislation of the Republic of Azerbaijan.

32.5.- Subjects implementing Electronic document circulation upon contract signed between parts set by themselves ways of appeal to Electronic documents containing confidential information and their protection by legislation of the Republic of Azerbaijan.

 

Chapter VI.- Special provisions

 

Article 33.- Implementation of state regulation

33.1.- Regulation of Electronic signature application and use processes, activity of certificate services centers and control on that is realized by corresponding executive power body.

33.2.- Corresponding executive power bodies fulfill following duties in field of regulation of Electronic signature use:

33.2.1.- sets rules of creation and verification of signature;

33.2.2.- makes rules of use of Electronic signature and Electronic document;

33.2.3.- makes rules of granting the certificate and conducting registration, sets contents of information included in that and list of other information;

33.2.4.- makes requirements and standards for Electronic signature, signature means and Electronic document circulation;

33.2.5.- sets requirements and rules for registration of centers, mediators and formation  of their activity;

33.2.6.- registers centers, mediators and annuls registration;

33.2.7.- sets rule of accreditation of center;

33.2.8.- carries out accreditation of centers, as well of foreign certificate services centers in the Republic of Azerbaijan and annulment of accreditation;

33.2.9.- records registered centers and perfect certificates granted to them;

33.2.10.- assures informing the public of list of centers, as well of foreign centers registered in the Republic of Azerbaijan;

33.2.11.- makes general rules and requirements, recommendations and gives advices on doing the certificate services;

33.2.12.- implements by legislation of the Republic of Azerbaijan contacts with foreign organizations concerning use of signatures;

33.2.13.- replies to inquires on certificates given to registered centers;

33.2.14.- sets rule of expertise of information systems.

33.3.- Corresponding executive power bodies has following rights in field of supervision on activity of certificate services centers:

33.3.1.- to get information from centers on their activity;

33.3.2.- to get exact information on centers, get direct familiarization with their activity in necessary cases;

33.3.3.- to monitor observation of technical security and certification rules by centers;

33.3.4.- if illegalities are found out in centers’ activities, to take administrative actions stated in this law on them, make a suit on putting an end to their activity.

 

Article 34.- Requirements for Electronic signature and Electronic document circulation means

34.1.- In order to carry out safe Electronic document circulation via information systems owned or used by state bodies, expertise of these systems must be implemented according to the rule set by the corresponding executive
power body.

34.2.- Certified protection means containing state secret and other confidential information are used in Electronic document circulation according to the rule set by the corresponding executive power body.

34.3.- Electronic signature and Electronic document circulation means in use are certified according to legislation of the Republic of Azerbaijan on certification.

 

Article 35.- Protection of information on signature holder

35.1.- While operating the centers, mediators cannot use information they possess, also information on signature holder for goals not linked to fulfillment of their duties.

35.2.- Centers can give the users only the information included in certificate and concerning that.

35.3.- Employees of the centers, mediators or other related persons must protect information on signature holder and signature creation information they know during their activity.

 

Chapter VII.- Final provisions

 

Article 36.- Responsibility for violation of legislation on Electronic signature and document

36.1.- Persons accused of violation of this law bear responsibility in the manner set by legislation of the Republic of Azerbaijan.

36.2.- Users bear individual responsibility for using Electronic signature and Electronic document circulation means not certified.

36.3.- Owner of information system bears responsibility for assurance of security of this system, conducting expertise in the manner set.

 

Article 37.- Validation of law

This law comes into force from the day of publication.

 

Ilham Aliyev, President of the Republic of Azerbaijan.
Baku city, 9 March 2004.

 

 

12Jul/17

Act nº 8, 2015. Intellectual Property Laws Amendment Act 2015

Act nº 8, 2015. Intellectual Property Laws Amendment Act 2015

An Act to amend legislation relating to intellectual property, and for related purposes (Assented to 25 February 2015)

The Parliament of Australia enacts:

 

1.- Short title

This Act may be cited as the Intellectual Property Laws Amendment Act 2015.

 

2.- Commencement

(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in acordance with column 2 of the table. Any other statment in column 2 has effect according to its terms.

Commencement Information

Column 1—————-Column 2—————————–Column 3

Provision(s)————-Commencement——————–Date/Details

1.- Section 1 to———The day this Act receives——–25 February 2015

3 and anything in——the Royal Assent

this Act not

elsewhere covered

by this table

 

2.- Schedule 1———–The start of the day—————-25 August 2015

——————————-after the end of the period

——————————-of 6 month beginning on

——————————-the day this Act receives the

——————————-Royal Assent

 

3.- Schedule 2———–The later of:————————–23 January 2017

——————————a) inmediately after the———–(F201 7N000010)

——————————end of the period of 6————-(paragraph (b)

——————————months begining  on the———-applies)

——————————day this Act receives the

——————————Royal Assent; and

——————————b) inmediately after Article

——————————31 bis of the Agreement

——————————on Trade-Related Aspects

——————————of Intellectual Property

——————————Rights set our in Annex

——————————IC to the Marrakesh

——————————Agreement Establising the

——————————World Trade Organization,

——————————done at Marrakesh on 15

——————————April 1994, comes into force

——————————for Australia.

—————————–However, the provision(s) do

—————————–not commence at all if the

—————————–event mentioned in paragraph

—————————–(b) does not occur.

—————————–The Minister administering the

—————————–Patents Act 1990 must announce

—————————–by notice in the Gazete the day the

—————————–event mentioned in paragraph (b)

—————————–occurs.

 

4.- Schedule 3 ——-The day after the end of the period——25 August 2015

—————————of 6 months beginning on the day

—————————this Act receives the Royal Assent.

 

5.- Schedule 4——A single day to be fixed by——————–24 February 2017

————————-Proclamation. However, if the provisin(s)—(F2016N00044)

————————-do not commence within the period of

————————-24 months beginning on the day this

————————-Act receives the Royal Assent, the

————————-provision(s) are repealed on the day

————————-after the end of the period.

 

6.- Schedule 5—–The day after this Act receives—————26 February 2015

Part 1—————-the Royal Assent.

 

7.- Schedule 5,—-Inmediately after the commencement——-15 April 2013

item 8—————-of item 32 of Schedule 6 to the

————————Intellectual Property Laws Amendment

————————(Raising the Bar) Act 2012.

 

8.- Schedule 5,—-A single day to be fixed by   Proclamation.- 25 August 2015

items 9 to 17——However, if the provision(s) do not

———————–commence within the period of 6 month

———————–begining on the day this Act receives

———————–the Royal Assent, they commence

———————–on the day after the end of that period.

 

9.- Schedule 5,–Inmediately after the commencemet———–15 April 2013

items 18———–of item 32 of Schedule 6 to the Intellectual

———————-Property Laws Amendment (Raising the Bar)

———————-Act 2012

 

10.- Schedule 5,-A single day to be fixed by Proclamation.

items 19 to 21—-However, if the provison(s) do not commence

———————–within the period of 6 months begining on

———————–the day this Act receives the Royal Assent,

———————–they commence on the day after the end of

———————–that period.

 

11.-Schedule 5,–The day this Act receives the Royal ———25 February 2015

———————-Assent

 

Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.

 

(2)  Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.

 

3.-  Schedule(s)
Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.

 

Schedule 1.- TRIPS Protocol interim waiver

 

Part 1.- Amendments

 

Patents Act 1990

 

1 Section 3 (list of definitions)

Omit “compulsory licence”.

 

2 Section 3 (list of definitions)

Insert “eligible importing country”.

 

3 Section 3 (list of definitions)

Insert “patented pharmaceutical invention”.

 

4 Section 3 (list of definitions)

Insert “pharmaceutical product”.

 

5 Section 3 (list of definitions)

Insert “PPI”.

 

6 Section 3 (list of definitions)

Insert “PPI compulsory licence”.

 

7 Section 3 (list of definitions)

Insert “PPI order”.

 

8 Section 3 (list of definitions)

Insert “PPI order applicant”.

 

9 Section 3 (list of definitions)

Insert “TRIPS Agreement”.

 

10 Section 3 (list of definitions)

Insert “WTO General Council decision of 30 August 2003”.

 

11 Before subsection 70(5)

Insert:

Meaning of first regulatory approval date

 

12 After subsection 70(5)

Insert:

(5A) For the purposes of paragraph (5)(a), disregard an inclusion in the
Australian Register of Therapeutic Goods of goods that contain, or consist of, a pharmaceutical substance if the inclusion was sought for the sole purpose of exporting the goods from Australia to address a public health problem in an eligible importing country:

(a) in circumstances of national emergency or other circumstances of extreme urgency; or

(b) by the public non-commercial use of the goods.

Note: This subsection also applies in relation to an application for an  extension of the term of a standard patent (see paragraph 71(2)(b)).

Meaning of pre-TGA marketing approval

 

13 At the end of paragraph 71(2)(b)

Add “, as worked out under subsection 70(5A) (if applicable)”.

 

14 Before section 133

Insert:

 

Part 1.- Introduction

 

132A Simplified outline of this Chapter

This Chapter provides for court orders requiring the grant of compulsory licences in respect of patented inventions.

Special provision is made for compulsory licences to exploit patented pharmaceutical inventions. This is to enable the manufacture of a pharmaceutical product in Australia for export to an eligible importing country, to address public health problems in that country.

This Chapter also provides generally for the surrender of patents, and for court orders revoking patents.

 

Part 2.- Compulsory licences (general)

 

132B  Simplified outline of this Part

The Federal Court may make an order under this Part requiring the grant of a compulsory licence to work a patented invention.

The court may order a compulsory licence to be granted if the reasonable requirements of the public are not being met with respect to a patented invention.

The reasonable requirements of the public relate, broadly speaking, to whether Australian trade or industry is unreasonably affected by the actions of the patentee in relation to the manufacture or licensing of the invention (or the carrying on of a patented process).

The court may also order a compulsory licence to be granted if the patentee has engaged in restrictive trade practices in connection with the patent under the Competition and Consumer Act 2010 or under an application law (within the meaning of that Act).

The court may order a patent to be revoked after an order for a compulsory licence has been made (on the same grounds that apply to an order for a compulsory licence).

The patentee must be paid an agreed amount of remuneration, or an amount of remuneration determined by the court.

 

15  Section 133 (heading)

Repeal the heading, substitute:

 

133  Compulsory licences.- general

 

16  At the end of subsection 133(1)

Add:

Note: For compulsory licences for the manufacture and export of patented pharmaceutical inventions to eligible importing countries, see Part 3. However, Part 3 does not prevent a compulsory licence from being ordered under this Part in relation to such an invention (see section 136C).

 

17  Section 134 (heading)

Repeal the heading, substitute:

 

134  Revocation of patent after grant of compulsory licence under section 133

 

18  Subsection 134(1)

After “compulsory licence”, insert “ordered under section 133”.

 

19  After section 136A

Insert:

 

Part 3.- Patented pharmaceutical invention compulsory licences (for manufacture and export to eligible importing countries)

 

Division 1.- Introduction

 

136B  Simplified outline of this Part

The Federal Court may make an order under this Part requiring the grant of a compulsory licence to exploit a patented pharmaceutical invention for manufacture and export to an eligible importing country.

The court may order a compulsory licence to be granted if the proposed use of the pharmaceutical product is to address a public health issue in the eligible importing country:

(a) in a national emergency (or other extremely urgent circumstances); or

(b) by the public non‑commercial use of the product.

The order may be amended or revoked by another order of the court.

The patentee must be paid an agreed amount of remuneration, or an amount of remuneration determined by the court.

 

136C  Relationship between Parts 2 and 3

This Part does not prevent a compulsory licence from being ordered under Part 2 in relation to a patented pharmaceutical invention.

 

Division 2.- Patented pharmaceutical invention compulsory licences

 

136D  PPI compulsory licences—applications for orders

Application for order

(1)  A person (the PPI order applicant) may apply to the Federal Court for an order (the PPI order) under section 136E requiring the patentee of a patented pharmaceutical invention to grant the PPI order applicant a licence (a PPI compulsory licence) to exploit the invention to the extent necessary for the purposes of manufacturing a pharmaceutical product in Australia for export to an eligible importing country.

Note 1: A patented pharmaceutical invention may be a patented product or a patented process: see the definition of patented pharmaceutical invention in Schedule 1.

Note 2: For remuneration in respect of a licence, see section 136J.

(2)  However, a person cannot apply for an order in respect of an innovation patent unless the patent has been certified.

Statement—eligible importing country

(3)  An application must include a copy of a statement made by or on behalf of, and with the authorisation of, the eligible importing country to the effect that it will take reasonable measures within its means, proportionate to its administrative capacities and to the risk of trade diversion, to prevent re‑exportation from its territory of a pharmaceutical product imported into its territory in accordance with a PPI compulsory licence.

Statement—importer

(4)  If the pharmaceutical product is to be imported on behalf of, and with the authorisation of, the eligible importing country, an application must also include a copy of a statement made by the importer to the effect that it will take reasonable measures within its means to prevent the pharmaceutical product from being used other than in accordance with a PPI compulsory licence.

Parties

(5)  The following are parties to proceedings on an application under this section:

(a)  the PPI order applicant;

(b)  the patentee;

(c)  any person claiming an interest in the patent as exclusive licensee or otherwise;

(d)  at the option of the eligible importing country—that country.

 

136E  PPI compulsory licences—orders

(1)  After hearing an application for a PPI order under section 136D, the Federal Court may, subject to this Part, make the order sought if the court is satisfied of all of the following matters:

(a)  the application is made in good faith;

(b)  the pharmaceutical product is to be imported:

(i)  by the eligible importing country; or

(ii)  by a person (the third party importer) on behalf of, and with the authorisation of, the eligible importing country;

(c)  the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country:

(i)  in circumstances of national emergency or other circumstances of extreme urgency; or

(ii)  in other circumstances—by the public non‑commercial use of the pharmaceutical product;

(d)  exploiting the patented pharmaceutical invention is necessary to enable the import and proposed use of the pharmaceutical product as mentioned in paragraphs (b) and (c);

(e)  if subparagraph (c)(ii) applies:

(i)  the PPI order applicant has given the patentee a notice in the approved form seeking from the patentee an authorisation to exploit the patented pharmaceutical invention for public non‑commercial use; and

(ii)  during the 30 days beginning when the notice was given, the PPI order applicant has tried, without success, to obtain such an authorisation from the patentee on reasonable terms and conditions;

(f)  the notification requirements prescribed by regulation in relation to the importation of the pharmaceutical product into the eligible importing country have been complied with;

(g)  the PPI order applicant, the eligible importing country and, if there is a third party importer, that importer, will take reasonable measures to prevent a pharmaceutical product that is exported from Australia in accordance with a PPI compulsory licence from being used for a purpose other than the purpose of addressing the public health problem mentioned in paragraph (c).

(2)  Without limiting the matters that the court may take into account in deciding whether it is satisfied of a matter mentioned in subsection (1), the court must take into account any matters prescribed by regulation.

(3)  A regulation made for the purposes of paragraph (1)(f) may:

(a)  without limiting subsection 33(3A) of the Acts Interpretation Act 1901, prescribe different notification requirements for the importation of pharmaceutical products into eligible importing countries of different kinds; and

(b)  despite subsection 14(2) of the Legislative Instruments Act 2003, refer to eligible importing countries (or different kinds of eligible importing countries) by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time.

 

136F  PPI compulsory licences – terms

(1)  A PPI order must direct that the PPI compulsory licence is granted on the following terms:

(a)  no more than the quantity of the pharmaceutical product that is determined by the Federal Court to be necessary to meet the needs of the eligible importing country is manufactured;

(b)  the entirety of the pharmaceutical product manufactured for that purpose is exported to that country;

(c)  the pharmaceutical product is labelled and marked in accordance with the regulations;

(d)  before shipment of the pharmaceutical product begins, the shipment information prescribed by regulation is made available on a website by, or on behalf of, the licensee for a minimum period prescribed by regulation;

(e)  the duration of the licence is only for the period of time determined by the Federal Court to be necessary to address the public health problem concerned;

(f)  the licence does not give the licensee, or a person authorised by the licensee, the exclusive right to exploit the patented pharmaceutical invention;

(g)  the licence is to be assignable only in connection with an enterprise or goodwill in connection with which the licence is used;

(h)  the licensee must give the Commissioner the information prescribed by regulation in relation to the licence in accordance with the regulations.

(2)  A PPI order may also direct that the licence is to be granted on any other terms specified in the order, including terms covering:

(a)  other requirements relating to the labelling and marking of the pharmaceutical product; and

(b)  other information to be made available by the licensee and the way in which it is to be made available.

(3)  However, a term specified in a PPI order must not be inconsistent with any regulations prescribed for the purposes of paragraph (1)(c), (d) or (h).

 

136G  PPI compulsory licences- amendment

Application for order

(1)  A person may apply to the Federal Court for an order amending any of the following terms of a PPI compulsory licence:

(a)  the quantity of the pharmaceutical product concerned;

(b)  how the pharmaceutical product is labelled and marked;

(c)  the duration of the licence;

(d)  the information that is to be made available by the licensee and the way it is to be made available.

Note: For remuneration in respect of the licence as amended, see section 136J.

Order

(2)  The court may make the order sought in relation to a term if it is satisfied that:

(a)  it is just to do so in all the circumstances; and

(b)  the legitimate interests of the following are not likely to be adversely affected by the amendment of the term:

(i)  the patentee;

(ii)  any person claiming an interest in the patent as exclusive licensee or otherwise;

(iii)  the licensee;

(iv)  the eligible importing country.

(3)  However, an amended term must not be inconsistent with any regulations prescribed for the purposes of paragraph 136F(1)(c), (d) or (h).

Parties

(4)  The following are parties to any proceedings under this section:

(a)  the applicant under subsection (1);

(b)  the patentee;

(c)  any person claiming an interest in the patent as exclusive licensee or otherwise;

(d)  the licensee;

(e)  at the option of the eligible importing country—that country.

 

136H  PPI compulsory licences -revocation

Application

(1)  A person may apply to the Federal Court for an order revoking a PPI compulsory licence.

Note: For remuneration in respect of the use of a PPI compulsory licence while it is in force, see section 136J.

Federal Court may revoke licence

(2)  The Federal Court may make the order sought if the court is satisfied that:

(a)  one or more of the following applies:

(i)  the substantive circumstances that justified the grant of the licence have ceased to exist and are unlikely to recur;

(ii)  the licensee has not complied with the terms of the licence;

(iii)  if an amount of remuneration has been agreed or determined under section 136J—the amount has not been paid within the time agreed or determined; and

(b)  the legitimate interests of the licensee or the eligible importing country are not likely to be adversely affected by the revocation.

Parties

(3)  The following are parties to any proceedings under this section:

(a)  the applicant for revocation;

(b)  the licensee;

(c)  at the option of the eligible importing country—that country.

 

Division 3.- Remuneration

 

136J  PPI compulsory licences -remuneration

Working out amount of remuneration

(1)  The patentee is to be paid an amount agreed or determined under subsection (3) in respect of the use of a patented pharmaceutical invention authorised by a PPI compulsory licence.

(2)  For the purposes of subsection (1), the use of a patented pharmaceutical invention authorised by the PPI compulsory licence is:

(a)  while it is in force.- the use authorised by the licence as granted and as amended (from time to time) under section 136G; or

(b)  if it has ceased to be in force (whether because it was revoked or otherwise).- the actual use of the patented pharmaceutical invention under the licence while it was in force.

(3)  For the purposes of subsection (1), the amount is:

(a)  an amount agreed between the patentee and the PPI order applicant, licensee or former licensee (as the case requires); or

(b)  if paragraph (a) does not apply.- an amount determined by the Federal Court to be adequate remuneration taking into account the economic value to the eligible importing country of the use of the patented pharmaceutical invention authorised by the PPI compulsory licence.

Application to make or amend a determination

(4)  A person may apply to the Federal Court:

(a)  to make a determination under paragraph (3)(b); or

(b)  to amend a determination made under that paragraph.

Note: Grounds for an application under paragraph (b) may include the fact that the terms of the PPI compulsory licence have been amended, or the licence has been revoked.

Parties

(5)  The following are parties to any proceedings under this section:

(a)  the applicant for the determination or the amendment of the determination;

(b)  the PPI order applicant;

(c)  the licensee;

(d)  the patentee of the patented pharmaceutical invention;

(e)  any person claiming an interest in the patent as exclusive licensee or otherwise.

Can PPI be exploited if remuneration is not agreed or determined?

(6)  To avoid doubt, if the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country in circumstances of national emergency or other circumstances of extreme urgency, the licensee may exploit a patented pharmaceutical invention under a PPI compulsory licence, as granted or amended (as the case may be), whether or not an amount has been agreed or determined under this section.

(7)  However, if the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country in other circumstances, by the public non‑commercial use of the pharmaceutical product, the licensee must not exploit a patented pharmaceutical invention under a PPI compulsory licence unless an amount has been agreed or determined under this section.

Can PPI compulsory licence be revoked if remuneration is not agreed or determined?

(8)  To avoid doubt, a PPI compulsory licence may be revoked whether or not an amount has been agreed or determined under this section.

 

Division 4.- General

 

136K  PPI compulsory licences.- nature of orders

Without prejudice to any other method of enforcement, a PPI order operates as if it were embodied in a deed granting or amending a licence and executed by the patentee and all other necessary parties.

 

136L  PPI compulsory licences.- consistency of orders with international agreements

A PPI order must not be made that is inconsistent with a treaty between the Commonwealth and a foreign country.

 

136M  PPI compulsory licences.- applications heard together

Nothing in this Part prevents the Federal Court from dealing with the following applications together:

(a)  applications for different PPI orders, or for the amendment or revocation of such orders;

(b)  applications for determinations under paragraph 136J(3)(b) for remuneration in relation to different PPI compulsory licences, or for the amendment of such determinations.

 

Part 4.- Surrender and revocation of patents

 

136N  Simplified outline of this Part

A patentee may offer to surrender a patent by giving the Commissioner written notice.

The Commissioner may accept the offer of surrender, and revoke the patent, after hearing all interested parties. If court proceedings are pending in relation to the patent, leave of the court, or the consent of the parties, is required. The Commissioner must not accept the offer if a compulsory licence ordered under Part 2 is in force in relation to the patent.

In addition, a court may revoke a patent on the following grounds:

(a)     the patentee is not entitled to the patent;

(b)     the invention is not a patentable invention;

(c)     the patent was (broadly speaking) improperly obtained;

(d)     the patent was (broadly speaking) obtained on the basis of a non‑compliant specification.

 

20  Subsection 137(5)

Omit “compulsory licence”, substitute “licence ordered under Part 2”.

 

21  After section 138

Insert:

 

Part 5.- Other matters

 

138A  Simplified outline of this Part

This Part deals with the parties to proceedings under this Chapter (other than proceedings under Part 3).

This Part also enables the Commissioner to appear and be heard in all proceedings under this Chapter.

 

22  At the end of subsection 139(1)

Add:

Note: See Part 3 for details of parties to proceedings under that Part.

 

23  Subsection 139(2)

Omit “section 133, 134 or 138”, substitute “this Chapter”.

 

24  At the end of subsection 228(1)

Add:

; and (f)  for the purpose of carrying out or giving effect to the WTO General Council decision of 30 August 2003.

 

25  After subsection 228(4)

Insert:

(5)  Despite subsection 14(2) of the Legislative Instruments Act 2003, regulations made for the purposes of the definition of eligible importing country in Schedule 1 may make provision in relation to a matter by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time.

 

26  Schedule 1 (definition of compulsory licence)

Repeal the definition.

 

27  Schedule 1

Insert:

eligible importing country means a foreign country of a kind prescribed by regulation.

Note: A regulation made for the purposes of this definition may make provision in relation to a matter by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time (see subsection 228(5)).

 

28  Schedule 1

Insert:

patented pharmaceutical invention, in relation to a pharmaceutical product, means:

(a)  if the product is a patented product—the patented product; or

(b)  if the product results from the use of a patented process—the patented process.

 

29  Schedule 1

Insert:

pharmaceutical product means any patented product, or product manufactured through a patented process, of the pharmaceutical sector.

Example: Examples of a pharmaceutical product include:

(a)    active ingredients necessary for manufacturing such a product; and

(b)    diagnostic kits needed for using such a product.

 

30  Schedule 1

Insert:

PPI is short for patented pharmaceutical invention.

 

31  Schedule 1

Insert:

PPI compulsory licence has the meaning given by section 136D.

 

32  Schedule 1

Insert:

PPI order has the meaning given by section 136D.

 

33  Schedule 1

Insert:

PPI order applicant has the meaning given by section 136D.

 

34  Schedule 1

Insert:

TRIPS Agreement means the Agreement on Trade‑Related Aspects of Intellectual Property Rights set out in Annex 1C to the Marrakesh Agreement establishing the World Trade Organization, done at Marrakesh on 15 April 1994, as Annex 1C is in force for Australia from time to time.

Note: The WTO Agreement is in Australian Treaty Series 1995 No. 8 ([1995] ATS 8) and could in 2015 be viewed in the Australian Treaties Library on the AustLII website (http://www.austlii.edu.au).

 

35  Schedule 1

Insert:

WTO General Council decision of 30 August 2003 means the decision of the World Trade Organization General Council of 30 August 2003 (including the Annex to the decision) on the implementation of paragraph 6 of the Doha Declaration on the TRIPS Agreement and public health.

Note: The decision could in 2015 be viewed on the World Trade Organization website (http://www.wto.org).

 

Part 2.- Application

 

36  Application of amendments

(1)       The amendments of the Patents Act 1990 made by this Schedule apply in relation to patents granted before, on and after the commencement of this Schedule.

(2)       The amendments of sections 70 and 71 of the Patents Act 1990 made by this Schedule apply in relation to an application that is made on or after the commencement of this Schedule to include a pharmaceutical substance in the Australian Register of Therapeutic Goods.

 

Schedule 2.-TRIPS Protocol: later commencing amendments

 

Patents Act 1990

 

1  Section 3 (list of definitions)

Omit “WTO General Council decision of 30 August 2003”.

 

2  Paragraph 228(1)(f)

Omit “WTO General Council decision of 30 August 2003”, substitute “TRIPS Agreement”.

 

3  Schedule 1 (definition of WTO General Council decision of 30 August 2003)

Repeal the definition.

 

Schedule 3.- Plant Breeder’s Rights Act 1994: Federal Circuit Court

 

Plant Breeder’s Rights Act 1994

 

1  Subsection 3(1) (definition of Court)

Repeal the definition.

 

2  Subsection 3(1)

Insert:

Federal Circuit Court means the Federal Circuit Court of Australia.

 

3  Subsection 3(1)

Insert:

Federal Court means the Federal Court of Australia.

 

4  Subsection 39(5)

Repeal the subsection, substitute:

(5)  Nothing in this section affects the power of:

(a)  the Federal Court, or a Judge of that Court, under subsection 44A(2) of the AAT Act; or

(b)  the Federal Circuit Court, or a Judge of that Court, under subsection 44A(2A) of that Act;

where an appeal is begun in that court from a decision of the AAT.

 

5  Subsection 50(7)

Repeal the subsection, substitute:

(7)  Nothing in this section affects the power of:

(a)  the Federal Court, or a Judge of that Court, under subsection 44A(2) of the AAT Act; or

(b)  the Federal Circuit Court, or a Judge of that Court, under subsection 44A(2A) of that Act.

 

6  Subsection 54(1)

Omit “Court”, substitute “Federal Court or the Federal Circuit Court”.

 

7  Subsections 54(3) and (4)

Omit “Court” (wherever occurring), substitute “court”.

 

8  Subsection 55(1)

Omit “Court”, substitute “Federal Court or the Federal Circuit Court”.

 

9  Subsections 55(3) and (4)

Omit “Court”, substitute “court”.

 

10  Section 56 (heading)

Repeal the heading, substitute:

 

56  Jurisdiction of the Federal Court

 

11  Subsection 56(1)

Omit “Court” (wherever occurring), substitute “Federal Court”.

 

12  At the end of subsection 56(1)

Add:

Note: A matter may also be transferred to the Federal Court from the Federal Circuit Court: see section 39 of the Federal Circuit Court of Australia Act 1999.

 

13  Subsection 56(2)

Repeal the subsection, substitute:

(2)  That jurisdiction is exclusive of the jurisdiction of all other courts other than the jurisdiction of:

(a)  the Federal Circuit Court under subsection 56A(2); and

(b)  the High Court under section 75 of the Constitution.

 

14  Subsection 56(3)

Omit “Court” (wherever occurring), substitute “Federal Court”.

 

15  Subsection 56(4)

Omit “Court”, substitute “Federal Court”.

 

16  Subsection 56(5)

Omit “the Court”, substitute “the Federal Court”.

 

17  Subsection 56(5)

Omit “rules”, substitute “Rules”.

Note: This item fixes a typographical error.

 

18  After section 56

Insert:

 

56A  Jurisdiction of Federal Circuit Court

(1)  The Federal Circuit Court has jurisdiction with respect to matters in which actions may, under this Part, be begun in the Federal Circuit Court.

Note: A matter may also be transferred to the Federal Circuit Court from the Federal Court: see section 32AB of the Federal Court of Australia Act 1976.

(2)  That jurisdiction is exclusive of the jurisdiction of all other courts, other than the jurisdiction of:

(a)  the Federal Court under subsection 56(2) of this Act; and

(b)  the High Court under section 75 of the Constitution.

(3)  The relief that the Federal Circuit Court may grant in an action or proceeding for infringement of PBR includes an injunction (subject to such terms, if any, as the Federal Circuit Court thinks fit) and, at the option of the plaintiff, either damages or an account of profits.

(4)  The regulations may make provision in relation to the practice and procedure of the Federal Circuit Court in actions under this Act, including provision prescribing the time within which any action may be begun, or any other act or thing may be done, and providing for the extension of any such time.

(5)  Subsection (4) does not limit the power of the Judges of the Federal Circuit Court, or a majority of them, to make Rules of Court under section 81 of the Federal Circuit Court of Australia Act 1999 that are consistent with the regulations referred to in that subsection.

 

19  Subsection 57(1)

Omit “The Court”, substitute “A court”.

 

20  Subsection 57(1)

Omit “the Court”, substitute “the court”.

 

21  Section 72

Omit “the High Court Rules and the Federal Court Rules”, substitute “Rules of Court of the High Court, the Federal Court or the Federal Circuit Court”.

 

Schedule 4.- Australia New Zealand Single Economic Market

 

Part 1.- Amendments

 

Designs Act 2003

 

1  Section 145

Before “Where”, insert “(1)”.

 

2  Section 145

After “Australia”, insert “or New Zealand”.

 

3  Section 145

Omit “post”, substitute “a prescribed means”.

 

4  At the end of section 145

Add:

(2)  After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(3)  The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4)  For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(5)  For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

 

Patents Act 1990

 

5  Section 3 (list of definitions)

Insert “Board”.

 

6  Section 3 (list of definitions)

Insert “Director‑General of IP Australia”.

 

7  Section 3 (list of definitions)

Insert “New Zealand Assistant Commissioner of Patents”.

 

8  Section 3 (list of definitions)

Insert “New Zealand Commissioner of Patents”.

 

9  Section 3 (list of definitions)

Insert “New Zealand delegate”.

 

10  Section 3 (list of definitions)

Insert “New Zealand Patents Minister”.

 

11  Section 3 (list of definitions)

Insert “New Zealand patents official”.

 

12  Section 3 (list of definitions)

Omit “Professional Standards Board”.

 

13  Section 3 (list of definitions)

Insert “Registrar of Companies of New Zealand”.

 

14  Subsection 20(2)

Omit “or an employee,”, substitute “an employee, or a New Zealand delegate,”.

 

15  At the end of section 20

Add:

(3)  For the purposes of this section, it is immaterial whether an act was done in New Zealand.

 

16  At the end of section 183

Add:

(3)  The Designated Manager may disclose to the Registrar of Companies of New Zealand information (including personal information within the meaning of the Privacy Act 1988) that is:

(a)  relevant to the functions conferred on the Registrar of Companies of New Zealand by or under the Companies Act 1993 of New Zealand; and

(b)  obtained by the Designated Manager as a result of the performance of functions and duties, or the exercise of powers, in relation to incorporated patent attorneys.

(4)  For the purposes of subsection (3), it is immaterial whether the disclosure takes place in New Zealand.

(5)  The Commissioner may disclose to a New Zealand delegate information (including personal information within the meaning of the Privacy Act 1988) that is relevant to the exercise of the powers, or the performance of the functions, delegated to the New Zealand delegate under subsection 209(1A).

(6)  For the purposes of subsection (5), it is immaterial whether the disclosure takes place in New Zealand.

 

17  Paragraph 198(4)(a)

Repeal the paragraph.

 

18  Subsection 198(5)

Omit “Professional Standards Board”, substitute “Board”.

 

19  Subsections 198(7) and (8)

Repeal the subsections, substitute:

(7)  A reference in this section to conviction of an offence includes a reference to:

(a)  the making of an order under section 19B of the Crimes Act 1914 in relation to the offence; or

(b)  the making of an order under a corresponding provision of a law of:

(i)  a State; or

(ii)  a Territory; or

(iii)  New Zealand;

in relation to the offence.

 

20  At the end of section 198

Add:

New Zealand

(12)  It is immaterial whether a matter mentioned in:

(a)  paragraph (4)(b), (c), (d), (e), (f) or (g); or

(b)  subsection (5); or

(c)  paragraph (9)(a), (b) or (c); or

(d)  paragraph (11)(b);

concerns something that happened in New Zealand.

 

21  Section 199

Before “The name”, insert “(1)”.

 

22  At the end of section 199

Add:

(2)  It is immaterial whether the prescribed grounds concern something that happened in New Zealand.

 

23  Before subsection 209(1)

Insert:

Delegation to employees

 

24  After subsection 209(1)

Insert:

Delegation to New Zealand patents officials

(1A)  The Commissioner may, by instrument, signed by him or her, delegate all or any of the Commissioner’s powers or functions under this Act to a New Zealand patents official.

(1B)  A function or power delegated under subsection (1A) may be performed or exercised by the delegate in New Zealand.

 

25  Before subsection 209(2)

Insert:

Direction or supervision

 

26  Section 214

Before “A document”, insert “(1)”.

 

27  At the end of section 214

Add:

(2)  For the purposes of this Act, a prescribed document is taken to have been filed with the Patent Office if the document is delivered or given to:

(a)  the New Zealand Commissioner of Patents; or

(b)  a New Zealand Assistant Commissioner of Patents; or

(c)  a person who, under a law of New Zealand, is a delegate of the New Zealand Commissioner of Patents;

in a prescribed manner.

(3)  The regulations may provide that a document filed with the Patent Office because of subsection (2) is taken to have been so filed at the time ascertained in accordance with the regulations.

 

28  Section 221

Before “Where”, insert “(1)”.

 

29  Section 221

After “Australia”, insert “or New Zealand”.

 

30  Section 221

Omit “post”, substitute “a prescribed means”.

 

31  At the end of section 221

Add:

(2)  After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(3)  The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4)  For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(5)  For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

 

32  After paragraph 223(1)(b)

Insert:

(ba)  a New Zealand delegate; or

 

33  After subsection 223(1)

Insert:

(1A)  For the purposes of subsection (1), it is immaterial whether a relevant act took place, or is to take place, in New Zealand.

(1B)  For the purposes of subsection (1), it is immaterial whether an error or omission took place in New Zealand.

 

34  After subsection 224(3)

Insert:

(3A)  For the purposes of this section, it is immaterial whether a decision was made in New Zealand.

 

35  Section 227 (heading)

Repeal the heading, substitute:

 

227  Fees payable under this Act

 

36  At the end of section 227

Add:

(6)  For the purposes of this Act, if:

(a)  a fee is declared by the regulations to be a fee to which this subsection applies; and

(b)  the fee is paid to:

(i)  the New Zealand Commissioner of Patents; or

(ii)  a New Zealand Assistant Commissioner of Patents; or

(iii)  a person who, under a law of New Zealand, is a delegate of the New Zealand Commissioner of Patents; and

(c)  the New Zealand Commissioner of Patents, the New Zealand Assistant Commissioner of Patents, or the delegate, as the case may be, is authorised to receive the fee on behalf of the Commonwealth; and

(d)  the fee is paid in New Zealand currency;

then:

(e)  the liability to pay the fee is discharged; and

(f)  this Act has effect as if the fee had been paid in accordance with the regulations.

(7)  For the purposes of subsection (6), the amount of the fee in New Zealand currency is to be ascertained in accordance with the regulations.

 

37  After section 227

Insert:

 

227AA  Receipt of fees payable under New Zealand law

The regulations may make provision for and in relation to authorising:

(a)  the Commissioner; or

(b)  a Deputy Commissioner; or

(c)  an employee;

to receive, on behalf of New Zealand, a specified fee payable under a specified law of New Zealand that relates to patents for inventions, so long as:

(d)  the fee is paid in Australian currency; and

(e)  the amount of the fee in Australian currency is ascertained in accordance with the regulations.

 

227AB  Application of administrative law regime to decisions made in New Zealand

Judicial review

(1)  For the purposes of the application of the Administrative Decisions (Judicial Review) Act 1977 to a decision under this Act, it is immaterial whether the decision was made in New Zealand.

Note: See also the Trans‑Tasman Proceedings Act 2010.

(2)  For the purposes of subsection (1), decision has the same meaning as in the Administrative Decisions (Judicial Review) Act 1977.

Merits review

(3)  For the purposes of the application of the Administrative Appeals Tribunal Act 1975 to a decision under this Act, it is immaterial whether the decision was made in New Zealand.

Note: See also the Trans‑Tasman Proceedings Act 2010.

(4)  For the purposes of subsection (3), decision has the same meaning as in the Administrative Appeals Tribunal Act 1975.

 

38  Section 227A (heading)

Repeal the heading, substitute:

 

227A  Trans‑Tasman IP Attorneys Board

 

39  Subsection 227A(1)

Repeal the subsection, substitute:

(1)  The body known immediately before the commencement of this subsection as the Professional Standards Board for Patent and Trade Marks Attorneys is continued in existence as the Trans‑Tasman IP Attorneys Board.

Note 1: In this Act, Board means the Trans‑Tasman IP Attorneys Board—see Schedule 1.

Note 2: See also section 25B of the Acts Interpretation Act 1901.

 

40  Subsection 227A(2)

Omit “Professional Standards Board” (wherever occurring), substitute “Board”.

 

41  After subsection 227A(2)

Insert:

Membership of the Board

(2A)  The Board consists of the following members:

(a)  a Chair;

(b)  the Director‑General of IP Australia;

(c)  the New Zealand Commissioner of Patents;

(d)  at least 2 members nominated by the New Zealand Patents Minister to represent the New Zealand patent attorney profession;

(e)  at least 2 other members.

(2B)  The total number of members of the Board must not exceed 10.

Appointment of members of the Board

(2C)  Each member of the Board mentioned in paragraph (2A)(a), (d) or (e) is to be appointed by the Minister by written instrument.

Note: For reappointment, see the Acts Interpretation Act 1901.

(2D)  A person is not eligible for appointment as a member of the Board mentioned in paragraph (2A)(a), (d) or (e) unless the Minister is satisfied that the person has:

(a)  substantial experience or knowledge; and

(b)  significant standing;

in at least one of the following fields:

(c)  Australian patent attorney practice;

(d)  New Zealand patent attorney practice;

(e)  Australian trade mark attorney practice;

(f)  the regulation of persons engaged in a prescribed occupation;

(g)  public administration;

(h)  academia.

(2E)  A member of the Board holds office on a part‑time basis.

Period of appointment for members of the Board

(2F)  A member of the Board mentioned in paragraph (2A)(a), (d) or (e) holds office for the period specified in the instrument of appointment. The period must not exceed:

(a)  in the case of the member mentioned in paragraph (2A)(a)—3 years; or

(b)  otherwise—5 years.

Note: For reappointment, see the Acts Interpretation Act 1901.

Appointment of deputy of Director‑General of IP Australia

(2G)  The Director‑General of IP Australia may appoint an APS employee to be his or her deputy for the purpose of attendance at one or more specified meetings of the Board.

(2H)  If:

(a)  a person is the deputy of the Director‑General of IP Australia for the purpose of attendance at a particular meeting of the Board; and

(b)  the Director‑General of IP Australia is absent from the meeting;

the person is entitled to attend the meeting and, when so attending, is taken to be a member of the Board.

(2J)  A deputy of the Director‑General of IP Australia is not entitled to any remuneration or allowances for attending a meeting of the Board (other than remuneration or allowances payable to the deputy in his or her capacity as an APS employee).

Appointment of deputy of New Zealand Commissioner of Patents

(2K)  The New Zealand Commissioner of Patents may appoint a New Zealand patents official to be his or her deputy for the purpose of attendance at one or more specified meetings of the Board.

(2L)  If:

(a)  a person is the deputy of the New Zealand Commissioner of Patents for the purpose of attendance at a particular meeting of the Board; and

(b)  the New Zealand Commissioner of Patents is absent from the meeting;

the person is entitled to attend the meeting and, when so attending, is taken to be a member of the Board.

(2M)  A deputy of the New Zealand Commissioner of Patents is not entitled to any remuneration or allowances for attending a meeting of the Board (other than remuneration or allowances payable to the deputy in his or her capacity as a New Zealand patents official).

 

42  Paragraph 227A(3)(a)

Repeal the paragraph, substitute:

(a)  the terms and conditions on which members of the Board mentioned in paragraph (2A)(a), (d) or (e) hold office; and

(aa)  the manner in which members of the Board mentioned in paragraph (2A)(a), (d) or (e) may resign their appointments; and

(ab)  the termination of the appointment of members of the Board mentioned in paragraph (2A)(a), (d) or (e); and

 

43  Paragraphs 227A(3)(b) and (c)

Omit “Professional Standards Board”, substitute “Board”.

 

44  Subsections 227A(4) and (5)

Omit “Professional Standards Board”, substitute “Board”.

 

45  At the end of section 227A

Add:

(7)  The Board may perform its functions in Australia or New Zealand.

 

46  Subparagraph 228(2)(r)(ia)

Omit “Professional Standards Board”, substitute “Board”.

 

47  After subsection 228(4)

Insert:

(4A)  If the regulations confer a function on a person or body, the regulations may provide that the function may be performed in Australia or New Zealand.

(4B)  If the regulations confer a power on a person or body, the regulations may provide that the power may be exercised in Australia or New Zealand.

(4C)  If the regulations provide that application may be made to the Administrative Appeals Tribunal for review of a decision, the regulations may provide that it is immaterial whether the decision was made in New Zealand.

(4D)  The regulations may provide that it is immaterial whether an act or omission mentioned in the regulations took place in New Zealand.

(4E)  The regulations may provide that it is immaterial whether a matter mentioned in the regulations concerns something that took place in New Zealand.

 

48  Schedule 1

Insert:

Board means the Trans‑Tasman IP Attorneys Board continued in existence by section 227A.

 

49  Schedule 1 (definition of company)

Repeal the definition, substitute:

company means:

(a)  a company registered under the Corporations Act 2001; or

(b)  a company registered under the Companies Act 1993 of New Zealand.

 

50  Schedule 1

Insert:

Director‑General of IP Australia means the SES employee who holds or performs the duties of the position of Director‑General of IP Australia.

 

51  Schedule 1 (at the end of the definition of file)

Add:

Note: See also section 214.

 

52  Schedule 1

Insert:

New Zealand Assistant Commissioner of Patents means a person who holds or performs the duties of an office or position of Assistant Commissioner of Patents under or in accordance with a law of New Zealand.

 

53  Schedule 1

Insert:

New Zealand Commissioner of Patents means the person who holds or performs the duties of the office or position of Commissioner of Patents under or in accordance with a law of New Zealand.

 

54  Schedule 1

Insert:

New Zealand delegate means a New Zealand patents official who is a delegate under subsection 209(1A).

 

55  Schedule 1

Insert:

New Zealand Patents Minister means the Minister of New Zealand who:

(a)  under the authority of a warrant; or

(b)  with the authority of the Prime Minister of New Zealand;

is responsible for the administration of a law of New Zealand relating to the regulation of patent attorneys.

 

56  Schedule 1

Insert:

New Zealand patents official means a person:

(a)  who is an employee in any part of the State services of New Zealand; and

(b)  whose functions or duties relate to the administration of a law of New Zealand relating to patents for inventions.

 

57  Schedule 1 (definition of Professional Standards Board)

Repeal the definition.

 

58  Schedule 1

Insert:

Registrar of Companies of New Zealand means the person who holds or performs the duties of the office or position of Registrar of Companies under or in accordance with the Companies Act 1993 of New Zealand.

 

Plant Breeder’s Rights Act 1994

 

59  Subsection 3(1)

Insert:

address has a meaning affected by subsection (2).

 

60  Subsection 3(2)

Repeal the subsection, substitute:

Electronic address

(2)  After the time specified in the regulations, a reference in this Act to an address includes a reference to an electronic address.

(3)  The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4)  Subsection (2) of this section does not apply to the following references to an address:

(a)  a reference in subsection 26(2);

(b)  the first reference in subsection 26(3).

(5)  For the purposes of this Act, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(6)  For the purposes of this Act, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

 

61  After subsection 19(5)

Insert:

(5A)  An address given under paragraph (5)(c) must be an address in Australia or New Zealand.

 

62  Subsection 21(5)

After “Australia”, insert “or New Zealand”.

 

63  Subsection 26(3)

After “overseas”, insert “in a country other than New Zealand”.

 

64  Subsection 26(3)

After “Australia” (first occurring), insert “or New Zealand”.

 

65  Subsection 26(3)

Omit “a postal address in Australia”, substitute “an address in Australia or New Zealand”.

 

66  Subsection 31(3)

After “Australia”, insert “or New Zealand”.

 

67  Section 73

Repeal the section, substitute:

 

73  Service of documents

If:

(a)  this Act provides for a document to be served on, or given or sent to, a person; and

(b)  the person has given the Secretary or the Registrar an address in Australia or New Zealand for service;

the document may be served on, or given or sent to, the person by a prescribed means to that address.

 

Trade Marks Act 1995

 

68  Readers guide (list of terms defined in section 6)

Insert the following term in its appropriate alphabetical position:

“Board”.

 

69  Readers guide (list of terms defined in section 6)

Omit “Professional Standards Board”.

 

70  Subsection 6(1)

Insert:

Board has the same meaning as in the Patents Act 1990.

 

71  Subsection 6(1) (definition of Professional Standards Board)

Repeal the definition.

 

72  At the end of subsection 215(5)

Add “or New Zealand”.

 

73  Paragraph 215(6)(a)

Repeal the paragraph, substitute:

(a)  if the person has an address for service .-the document may be served on, or given or sent to, the person by a prescribed means to that address; or

 

74  Paragraph 215(6)(b)

After “Australia” (first occurring), insert “or New Zealand”.

 

75  Paragraph 215(6)(b)

Omit “post”, substitute “a prescribed means”.

 

76  Paragraph 215(6)(b)

After “Australia” (second occurring), insert “or New Zealand”.

 

77  At the end of section 215

Add:

(8)  After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(9)  The time specified under subsection (8) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(10)  For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(11)  For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

 

78  Subsection 228A(5)

Omit “the Professional Standards Board”, substitute “the Board”.

 

79  Subsection 228A(5) (note)

Omit “Professional Standards Board”, substitute “Board”.

 

80  Subparagraph 231(2)(ha)(ia)

Omit “Professional Standards Board”, substitute “Board”.

 

Part 2.- Transitional provisions

 

81  Transitional.- registration as a patent attorney

(1)       The Designated Manager must:

(a)  register as a patent attorney an individual who, immediately before the commencement of this item:

(i)  was registered as a patent attorney under a law of New Zealand; and

(ii)  was not a registered patent attorney (within the meaning of the Patents Act 1990); and

(b)  do so as soon as practicable after the commencement of this item.

(2)  The registration is to consist of entering the individual’s name in the Register of Patent Attorneys.

(3)  For the purposes of the Patents Act 1990, the registration is taken to be under that Act.

 

82  Transitional.- qualification for registration as a patent attorney

(1) A qualification specified in, or ascertained in accordance with, regulations made for the purposes of paragraph 198(4)(b) of the Patents Act 1990 may consist of passing examinations conducted in New Zealand, so long as:

(a)  the examinations are specified in those regulations; and

(b)  at least one of those examinations was passed before the commencement of this item; and

(c)  the remaining examinations are passed before the end of the 4‑year period beginning at the commencement of this item.

(2)  Regulations authorised by subitem (1) do not apply to examinations passed by an individual unless the individual applies for registration as a patent attorney under section 198 of the Patents Act 1990 within 6 months after the completion of the last of those examinations.

(3)  Subitem (1) does not limit paragraph 198(4)(b) of the Patents Act 1990.

 

83  Transitional.- conduct of patent attorneys

(1) Grounds prescribed for the purposes of section 199 of the Patents Act 1990 may relate to conduct that took place in New Zealand before the commencement of this item.

(2) Subitem (1) does not limit section 199 of the Patents Act 1990.

 

84  Transitional.- registration as a trade marks attorney

(1)  If:

(a)  immediately before the commencement of this item, an individual:

(i)  was registered as a patent attorney under a law of New Zealand; and

(ii)  was not a registered trade marks attorney (within the meaning of the Trade Marks Act 1995); and

(b)  within 12 months after the commencement of this item, the individual applies to the Designated Manager to be registered as a trade marks attorney; and

(c)  the application is in accordance with the regulations; and

(d)  the individual satisfies the Designated Manager, in accordance with the regulations, that the individual’s level of competency in trade marks law and practice is sufficient to warrant the individual becoming a registered trade marks attorney; and

(e)  the individual has not been convicted of a prescribed offence during the 5‑year period ending when the application was made; and

(f)  the individual is not under sentence of imprisonment for a prescribed offence;

the Designated Manager must register the individual as a trade marks attorney.

(2) The registration is to consist of entering the individual’s name in the Register of Trade Marks Attorneys.

(3)  For the purposes of the Trade Marks Act 1995, the registration is taken to be under that Act.

(4) The Governor‑General may make regulations for the purposes of this item.

(5) It is immaterial whether a matter mentioned in paragraph (1)(d), (e) or (f) concerns something that happened in New Zealand.

(6) A reference in this item to conviction of an offence includes a reference to:

(a)  the making of an order under section 19B of the Crimes Act 1914 in relation to the offence; or

(b)  the making of an order under a corresponding provision of a law of:

(i)  a State; or

(ii)  a Territory; or

(iii)  New Zealand;

in relation to the offence.

 

Schedule 5.- Other amendments

 

Part 1.- Document retention

 

Division 1.- Amendments

 

Designs Act 2003

 

1  Paragraph 69(3)(b)

Omit “design; and”, substitute “design.”

 

2  Paragraph 69(3)(c)

Repeal the paragraph.

 

3  Paragraph 149(2)(o)

Omit “fit; and”, substitute “fit.”.

 

4  Paragraph 149(2)(p)

Repeal the paragraph.

 

Patents Act 1990

 

5  Paragraph 228(2)(u)

Repeal the paragraph.

 

Trade Marks Act 1995

 

6  Paragraph 231(2)(h)

Repeal the paragraph.

 

Division 2.- Application of amendments

 

7  Application of amendments

The amendments made by this Part apply in relation to material and documents provided or filed before, on or after the commencement of this Part.

 

Part 2.- Technical amendments

 

Division 1.- Amendments

 

Patents Act 1990

 

8  Section 24 (heading)

Repeal the heading, substitute:

 

24.- Validity not affected by making information available in certain circumstances

 

9  Section 29A (note)

Repeal the note.

 

10  At the end of section 29A

Add:

(6)  An applicant is not entitled to ask that any action be taken, or that he or she be allowed to take any action, under this Act in relation to a PCT application unless the following requirements of subsection (5) have been met (if applicable):

(a)  a translation of the application into English has been filed;

(b)  the prescribed documents have been filed;

(c)  the prescribed fees have been paid.

Note: A failure to comply with subsection (5) may also result in the PCT application lapsing: see paragraph 142(2)(f).

 

11  Subsection 29B(2)

Omit “within the prescribed period”.

 

12  Subsection 29B(6)

Omit “subsection (1)”, substitute “the definition of Convention country in subsection (5)”.

 

13  Before subsection 40(2)

Insert:

Requirements relating to complete specifications

 

14  Before subsection 41(1)

Insert:

Provisional specifications

(1A)  A specification is taken to comply with subsection 40(1), so far as it requires a description of a micro‑organism, if:

(a)  the micro‑organism is deposited with a prescribed depository institution in accordance with such provisions of the Budapest Treaty as are applicable; and

(b)  the prescribed circumstances apply.

Complete specifications

 

15  Paragraph 43(2A)(b)

After “discloses”, insert “, or a prescribed set of prescribed documents considered together disclose”.

 

16  After subsection 43(2A)

Insert:

(2B)  A prescribed document, or a prescribed set of prescribed documents considered together, is taken to disclose the invention in a claim as mentioned in paragraph (2A)(b) so far as such disclosure requires a description of a micro‑organism, if:

(a)  the micro‑organism is deposited with a prescribed depository institution in accordance with such provisions of the Budapest Treaty as are applicable; and

(b)  the prescribed circumstances apply.

 

17  At the end of subparagraph 101E(1)(a)(ix)

Add “and”.

 

18  Paragraph 119(3)(b)

Omit “through any publication or use of the invention”.

 

19  Subsection 178(4)

Omit “subsection (1) or (2)”, substitute “this section”.

 

20  Subsection 191A(4)

Omit “a declaration, or rectify the Register, under this section”, substitute “a declaration under subsection (2), or rectify the Register under subsection (3)”.

 

21  Paragraph 224(1)(a)

Omit “or 142(2)(b)”.

 

Division 2.- Application of amendments

 

22  Application of amendments

(1) The amendments made by items 8 and 18 apply in relation to information that is made publicly available at or after the time those items commence.

(2) The amendments made by items 9, 10 and 11 apply in relation to applications made at or after the time those items commence.

(3) The amendment made by item 14 applies in relation to provisional applications made at or after the time that item commences.

(4) The amendments made by items 15 and 16 apply in relation to:

(a)  patents for which the complete application is made at or after the time those items commence; and

(b)  standard patents for which the application had been made before the time those items commence, if the applicant had not asked for an examination of the patent request and specification for the application under section 44 of the Patents Act 1990 before that time; and

(c)  innovation patents granted at or after the time those items commence, if the complete application to which the patent relates had been made before that time; and

(d)  complete patent applications made at or after the time those items commence; and

(e)  complete applications for standard patents made before the time those items commence, if the applicant had not asked for an examination of the patent request and specification for the application under section 44 of the Patents Act 1990before that time; and

(f)  complete applications for innovation patents made before the time those items commence, if a patent had not been granted in relation to the application on or before that time; and

(g)  innovation patents granted before the time those items commence, if:

(i)  the Commissioner had not decided to examine the complete specification relating to the patent under section 101A of the Patents Act 1990 before that time; and

(ii)  the patentee or any other person had not asked the Commissioner to examine the complete specification relating to the patent under section 101A of the Patents Act 1990 before that time.

(5) The amendment made by item 20 applies on and after the day that item commences in relation to patents granted before, on or after that commencement.

 

 

 

 

(Minister’s second reading speech made in House of Representatives on 19 March 2014, Senate on 25 November 2014)

12Jul/17

Law of the Republic of Armenia on freedom of information of September 23, 2003

Article 1. The Subject Regulated by the Following Law and the Sphere of its Operation

1. The law regulates the relations connected with freedom of information, defines the powers of persons holding (possessing) information, as well as the procedures, ways and conditions to get information.

2. This law applies to the activity of the state and local self-government bodies, state offices, organizations financed from the state budget, as well as private organizations of public importance and their state officials.

 

Article 2. Legislation on Freedom of Information

1. Legislation of Freedom of information is comprised of the Republic of Armenia Constitution, the following law, and other laws and legal acts.

2. If the norms defined by the Republic of Armenia’s international treaties differ from those in the following law, than the international treaty norms supersede.

 

Article 3. Main Concepts Used in the Following Law

Main concepts used in the following law include:

Freedom of Information – exercise of the right to seek and get information from its holder, as defined by legislation.

Information – records/data of facts, people, subjects, events, phenomena, processes that are received and formed as defined by legislation, despite of the way those are possessed or their material carrier (electronic or hard copy
documents, records, videos, films, photos, drawings, schemes, notes, maps, etc.)

Information holder – state bodies, local self-government bodies, state offices, state budget sponsored organizations as well as organizations of public importance and their officials.

Organization of public importance – private organizations that have monopoly or a leading role in the goods market, as well as those providing services to public in the sphere of health, sport, education, culture, social security,
transport, communication and communal services.

Inquiry – a written or oral application to the information holder with a view of seeking or getting information as defined by the following law.

Publication – making the information available for population via printed media and other means of mass media, via World Wide Web, as well as by other ways as defined by legislation.

 

Article 4. Main Principles of Securing Information Freedom

Main principles of securing information freedom are:

a) definition of unified procedures to record, classify and maintain information

b) insurance of freedom to seek and get information

c) insurance of information access

d) publicity.

 

Article 5. Recording, Classifying and Maintaining Information

The recording, classification and maintenance of elaborated or delivered data on the part of the information holder is implemented as defined by the Government of the Republic of Armenia.

 

Article 6. Exercising the Right to Freedom of Information

1. Each person has the right to address an inquiry to information holder to get acquainted with and/or get the information sought by him as defined by the law.

2. Foreign citizens can enjoy the rights and freedoms foreseen by the following law as defined by the Republic of Armenia Law and/or in cases defined by international treaties.

3. Freedom of information can be limited in cases foreseen by the Republic of Armenia Constitution and the Law.

 

Article 7. Ensuring Information Access and Publicity

1. Information holder works out and publicizes the procedures according to which information is provided on its part, as defined by legislation, which he places in his office space, conspicuous for everyone.

2. Information holder urgently publicizes or via other accessible means informs the public about the information that he has, the publication of which can prevent dangers facing state and public security, public order, public health and morals, others’ rights and freedoms, environment, person’s property.

3. If it is not otherwise foreseen by the Constitution and/or the Law, information holder at least once a year publicize the following information related to his activity and or changes to it,

a) activities and services provided (to be provided) to public;

b) budget;

c) forms for written enquiries and the instructions for filling those in;

d) lists of personnel, as well as name, last name, education, profession, position, salary rate, business phone numbers and e-mails of officers;

e) recruitment procedures and vacancies;

f) influence on environment;

g) public events’ program;

h) procedures, day, time and place for accepting citizens;

i) policy of cost creation and costs in the sphere of work and services;

j) list of held (maintained) information and the procedures of providing it;

j 1. statistical and complete data on inquiries received, including grounds for refusal to provide information;

j 2. sources of elaboration or obtainment of information mentioned in this clause;

j 3. information on person entitled to clarify the information defined in this clause.

4. Changes made to information mentioned in the 2nd clause of the proceeding Article are publicized within 10 days.

5. Information mentioned in the 2nd and 3rd clauses of the proceeding Article is publicized via means accessible for public, and in cases when the information holder has an internet page, also via that page.

6. Organization of public importance can decline to publicize the information mentioned in 3b, 3c and 3e sub clauses of the proceeding Article or changes to that information.

 

Article 8. Limitations on Freedom of Information

1. Information holder, with the exception of cases defined in the 3rd clause of the proceeding Article, refuses to provide information if:

a. contains state, official, bank or trade secret;

b. infringes the privacy of a person and his family, including the privacy of correspondence, telephone conversations, post, telegraph and other transmissions;

c. contains pre-investigation data not subject to publicity;

d. discloses data that require accessibility limitation, conditioned by professional activity (medical, notary, attorney secrets).

e. infringes copy right and associated rights.

2. If a part of the information required contains data, the disclosure of which is subject to denial, than information is provided concerning the other part.

3. Information request can not be declined, if:

a. it concerns urgent cases threatening public security and health, as well as natural disasters (including officially forecasted ones) and their aftermaths;

b. it presents the overall economic situation of the Republic of Armenia, as well as the real situation in the spheres of nature and environment protection, health, education, agriculture, trade and culture;

c. if the decline of the information request will have a negative influence on the implementation of state programs of the Republic of Armenia directed to socio-economic, scientific, spiritual and cultural development.

 

Article 9. Procedures of Information Inquiry Application and Discussion

1. A written inquiry must be signed to include applicant’s name, last name, citizenship, place of residence, work or study (in case of legal persons: name, physical address).

2. A written inquiry is registered and processed as defined by the relevant legislation of processing civilian’s applications and appeals, separately from other types of administration.

3. A written inquiry remains unanswered if;

a) it does not contain all the information mentioned in the 1st clause of the following Article;

b) it is discovered that the information about the identity of the author are false;

c) it is the second request on the part of the same person within the last 6 months for the same information, with the exception of the case foreseen by the 4th clause of the Article 10 of the following law.

4. The applicant does not have to justify the inquiry.

5. In case of oral inquiry, the applicant must in advance tell his name and last name. Oral inquiry is given an answer when:

a) The disposal of the inquired information can prevent to state and public security, public order, public health and morals, other’s rights and freedoms, environment and person’s property.

b) It is important to make sure that the given information holder has the relevant information.

c) It is important to clarify the procedure according which the information holder processes the written inquiries.

6. The answer to the oral inquiry is given immediately after listening to the inquiry or within the shortest possible time frame. If the person making the oral inquiry is not telling his name, last name and/or the oral inquiry does not
correspond to the conditions defined in the sub clauses a, b and c of the 5th clause of the following Article, then the information holder can decline the oral inquiry.

7. The answer to written inquiry is given in the following deadlines:

a) If the information required by the written inquiry is not publicized, than the copy of that information is given tot the applicant within 5 days after the application is filed.

b) If the information required by the written inquiry is publicized, than information on the means, place and time framework of that publication is given within 5 days after the application is filed.

c) If additional work is needed to provide the information required, than the information is given to the applicant within 30 days after the application is filed, about which a written notice is being provided within 5 days after the application submission, highlighting the reasons for delay and the final deadline when the information will be provided.

8. The answer to written inquiry is given on the material carrier mentioned in that application. If the material carrier is not mentioned and it is impossible to clarify that within the time limits foreseen by the following law, than the answer
to the written inquiry is given by the material carrier that is the most suitable for the information holder.

9. In the cases foreseen by the 7 a sub clause of the following Article, the person submitting inquiry can by his wish, as defined by legislation, get acquainted with the information within the premises of the information holder, getting back his written inquiry.

10. If the information holder does not possess the information sought or if the disclosure of that information is beyond its powers, than within 5 days after the written inquiry is filed, it must inform the applicant about that in a written form,
and if it possible, also point out the information on the place and body, including archive, that holds that information.

11. If the information holder does not possess all the data on the inquired information, than it gives the applicant the part of the data, that it possesses and in case of possibility also points out in the written answer the information on the place and body, including archive that holds that information.

 

Article 10. Conditions of Providing Information

1. Providing information or its copy from state and local self-government bodies is realized according to the Government Regulation of the Republic of Armenia.

2. The payment defined in the 1st clause of the current Article is not paid in the following cases:

a) response to oral inquiries;

b) for up to 10 pages of printed or copied information;

c) for information via e-mail (internet);

d) responding the written information inquiries mentioned in the 2nd clause of the Article 7;

e) providing information about the changes of the deadline in the cases foreseen by the 7c sub clause and 10th clause of the Article 9;

f) declining the information request.

3. The organizations of public importance decide themselves the cost to be paid for information, which can not exceed the costs of providing that information.

4. Body or organization that has provided untruthful or incomplete information shall provide corrected information free of charge, as defined by this law, upon the written inquiry of the receiving party.

 

Article 11. Grounds and Procedure to Decline Information Request

1. Information request is declined according to the grounds mentioned in the Article 8 of the following law or in case the relevant payment is not made.

2. The information holder can decline the oral inquiry, if at the given moment this interferes with the main responsibilities of the information holder, with the exception of cases foreseen by the 2nd clause of the Article 7.

3. In case of declining a written information request, information holder inform the applicant about it within 5 days in a written form, by mentioning the ground for the refusal (relevant norm of the law), time frame within which the decision
of refusal was made, as well as the relevant appealing procedure.

4. The decision not to provide information can be appealed either in the state government body defined by Legislation or in the court.

 

Article 12. Responsibilities of Information Holders in the Sphere of Insuring Free Access to Information

As defined by the law, information holders are responsible to:

a) ensure information access and publicity;

b) record, categorize and maintain information possessed;

c) provide truthful and complete information (possessed by them) to the person seeking information;

d) define their procedures of providing oral and/or written information;

e) appoint an official responsible for information freedom.

 

Article 13. Person Responsible for Information Freedom

1. Official person responsible for information freedom can be the head of the information holder or an official appointed by it.

2. Person responsible for the Freedom of information according to the law:

a) ensures that the responsibilities of the information holder in the field of FOI are exercised;

b) explains thoroughly the procedures, conditions and forms of providing information to the person seeking information;

c) elaborates the statistical and complete data of inquiries received.

 

Article 14. Responsibility for the Infringement of Information Freedom

1. For illegal refusal to provide information, or for the incomplete information disposal, as well as for other infringements of the information freedom defined by this Law, the official persons responsible for information freedom are held responsible according to the Law.

2. In the cases foreseen by the 3rd clause of the Article 8 of the following law, the disclosure of information can not cause administrative or criminal responsibility.

 

Article 15. Entrance of the Following Law into Force

1. This Law enters into force on the 10th day after its official publication.

2. The 3rd and 4th clauses of the Article 7 of the Law enter into force from the 1st of January 2004.

12Jul/17

Act. nº 101 of April 4, 2000, on the Protection of Personal Data and on Amendent to Some Acts

Act. nº 101 of April 4, 2000, on the Protection of Personal Data and on Amendent to Some Acts.  As amended by the Act nº 227/2000 Coll., Act nº 177/2001 Coll., Act nº 450/2001 Coll., Act nº 107/2002 Coll., Act nº 310/2002 Coll., Act nº 517/2002 Coll., Act nº 439/2004 Coll., Act nº 480/2004 Coll., Act nº 626/2004 Coll., Act nº 413/2005 Coll., Act nº 444/2005 Coll., Act nº 109/2006 Coll., Act nº 112/2006 Coll., Act. nº 267/2006 Coll., Act nº 342/2006 Coll., Act nº 170/2007 Coll., Act nº 41/2009 Coll., Act nº 52/2009 Coll., Act nº 227/2009 Coll., Act. nº 281/2009 Coll., Act nº 375/2011 Coll., Act nº 468/2011 Coll., Act nº 64/2014 Coll., Act nº 250/2014 Coll. and nº 301/2016 Coll.

 

The Parliament has enacted the following Act of the Czech Republic:

 

Part One.- Personal Data Protection

 

Chapter I.- Introductory Provisions

 

Article 1.- Subject of the Act

This Act, in accordance with the law of the European Union, international agreements binding the Czech Republic, and to exercise everyone’s right to the protection from unauthorised interference with privacy, regulates the rights and obligations in processing of personal data and specifies the conditions under which personal data may be transferred to other countries.

 

Article 2

(1) The Office for Personal Data Protection is hereby established with seat in Prague (hereinafter referred to as the “Office”).

(2) The Office is a central administrative authority in the area of personal data protection in the scope provided by this Act, special legal regulation, international treaties which form part of the legal order, and directly applicable law of the European Union.

(3) The Office exercises the competence of a supervisory authority for the area of personal data protection following from international treaties which form part of the legal order.

 

Article 3.- Scope of the Act

(1) This Act shall apply to personal data that are processed by state authorities, territorial self-administration bodies, other public authority bodies, as well as natural and legal persons.

(2) This Act shall apply to all personal data processing, both by automatic or other means.

(3) This Act shall not apply to personal data processing carried out by a natural person for personal needs exclusively.

(4) This Act shall not apply to accidental personal data collection, unless these data are subject to further processing.

(5) Furthermore, this Act shall apply to personal data processing:

(a) if the law of the Czech Republic is applicable preferentially on the basis of the international public law, even if the controller is not established on the territory of the Czech Republic,

(b) if the controller who is established outside the territory of the European Union carries out processing on the territory of the Czech Republic, unless it is only a personal data transfer over the territory of the European Union. In this case the controller shall be obliged to authorize the processor on the territory of the Czech Republic  by way of the procedure laid down in Article 6.

If the controller carries out processing through its organization units established on the territory of the European Union, he must ensure that those organization units will process personal data in accordance with national law of the respective member state of the European Union.

(6) The provisions of Article 5(1) and Articles 11 and 12 of this Act shall not apply to processing of personal data necessary to fulfil obligations of the controller provided by special Acts to ensure:

(a) security of the Czech Republic,

(b) defence of the Czech Republic,

(c) public order and internal security,

(d) prevention, investigation, detection and prosecution of criminal offences,

(e) important economic interest of the Czech Republic or of the European Union,

(f) important financial interest of the Czech Republic or of the European Union, in particular the stability of financial market and currency, functioning of currency circulation and system of payments as well as budgetary and taxation measures,

(g) exercise of control, supervision, surveillance and regulation related to exercise of public authority in the cases under (c), (d), (e) and (f),

(h) activities related to disclosure of files of the former State Security, or

(i) activities related to keeping a central registry of accounts.

 

Article 4.- Definitions

For the purposes of this Act:

(a) “personal data” shall mean any information relating to an identified or identifiable data subject. A data subject shall be considered identified or identifiable if it is possible to identify the data subject directly or indirectly in particular on the basis of a number, code or one or more factors specific to his/her physical, physiological, psychical, economic, cultural or social identity;

(b) “sensitive data” shall mean personal data revealing nationality, racial or ethnic origin, political attitudes, trade-union membership, religious and philosophical beliefs, conviction of a criminal act, state of health and sexual life of the data subject and genetic data of the data subject; sensitive data shall also mean a biometric data permitting direct identification or authentication of the data subject;

(c) “anonymous data” shall mean such data that cannot be linked to an identified or identifiable data subject in their original form or following processing thereof;

(d) “data subject” shall mean a natural person to whom the personal data pertain;

(e) “personal data processing” shall mean any operation or set of operations that is systematically performed by a controller or a processor upon personal data by automatic or other means. Personal data processing shall mean, in particular, the collection of data, their storage on data carriers, disclosure, modification or alteration, retrieval, use, transfer, dissemination, publishing, preservation, exchange, sorting or combination, blocking and liquidation;

(f) “personal data collection” shall mean a systematic procedure or set of procedures, which aim is to obtain personal data for the purpose of their further storage on a data carrier for their immediate or subsequent processing;

(g) “personal data storage” shall mean keeping data in a manner that permits their further processing;

(h) “blocking” shall mean any operation or set of operations restricting the manner or means of personal data processing for a specified period of time, except for the necessary interventions;

(i) “personal data liquidation” shall mean physical destruction of the data carrier, physical deletion of data or their permanent exclusion from further processing;

(j) “controller” shall mean any entity that determines the purpose and means of personal data processing, carries out such processing and is responsible for such processing. The controller may empower or charge a processor to process personal data, unless a special Act provides otherwise;

(k) “processor” shall mean any entity processing personal data on the basis of a special Act or on behalf of the controller;

(l) “published personal data” shall mean personal data that are disclosed, in particular, by mass media, via other form of public communication, or as a part of a public list;

(m) “register or personal data file” (hereinafter referred to as “data file”) shall mean any set of personal data that is structured or can be made available according to common or specific criteria;

(n) “consent of data subject” shall mean a free and informed manifestation by which will of the data subject signifies his assent to personal data processing;

(o) “recipient” shall mean each subject to whom the personal data are disclosed. The entity processing personal data pursuant to Article 3(6)(g) is not considered a recipient.

 

Chapter II.- Rights and obligations in processing of personal data

 

Article 5

(1) The controller shall be obliged to:

(a) specify the purpose for which personal data are to be processed;

(b) specify the means and manner of personal data processing;

(c) process only accurate personal data, which he obtained in accordance with this Act. If necessary, the controller is obliged to update the data. If the controller finds that the processed data are not accurate as to the specified purpose, shall he take adequate measures without undue delay, in particular shall he block the processing and rectify or supplement the personal data, or liquidate them otherwise. Inaccurate personal data may be processed only within the limits of the provisions of Article 3(6) of this Act. Inaccurate personal data must be branded. The controller is obliged to provide all the recipients with the information about blocking, correction, supplementing or liquidation of personal data without undue delay;

(d) collect personal data corresponding exclusively to the specified purpose and in extent necessary to accomplish the specified purpose;

(e) store personal data only for a period necessary for the purpose of their processing. After expiry of this period, personal data may be retained only for purposes of the state statistical service, and for scientific and archival needs. When using personal data for these purposes, it is necessary to respect the right to protection of private and personal lives of the data subject from unauthorised interference and to make personal data anonymous as soon as possible;

(f) process personal data only in accordance with the purpose for which the data were collected. Personal data may be processed for some other purpose only within the limits of the provisions of Article 3(6) or if the data subject granted his consent herewith in advance;

(g) collect personal data only in an open manner. Collecting data under the pretext of some other purpose or activity shall be prohibited;

(h) ensure that personal data that were obtained for different purposes are not grouped.

(2) The controller may process personal data only with the consent of data subject. Without such consent, the controller may process the data:

(a) if he is carrying out processing which is essential to comply with legal obligation of the controller;

(b) if the processing is essential for fulfilment of a contract to which the data subject is a contracting party or for negotiations on conclusion or alteration of a contract negotiated on the data subject´s proposal;

(c) if it is essential for the protection of vitally important interests of the data subject. In this case, the consent of data subject must be obtained without undue delay. If the consent is not granted, the controller must terminate the processing and liquidate the data;

(d) if they were lawfully published in accordance with special legislation. However, this shall not prejudice the right to the protection of private and personal lives of the data subject, or

(e) if it is essential for the protection of rights and legitimate interests of the controller, recipient or other person concerned. However, such personal data processing may not be in contradiction with the data subject´s right to protection of his private and personal lives.

(f) if he provides personal data on a public figure, official or employee of public administration that reveals information on their public or administrative activity, their functional or working position, or

(g) if the processing relates exclusively to archival purposes pursuant to a special Act.

(3) If the controller processes personal data on the basis of a special Act, he shall be obliged to respect the right to protection of private and personal lives of the data subject.

(4) When giving his consent the data subject must be provided with the information about what purpose of processing, what personal data, which controller and what period of time the consent is being given for. The controller must be able to prove the consent of data subject to personal data processing during the whole period of processing.

(5) If the controller or processor carries out personal data processing for the purpose of offering business or services to the data subject, the data subject’s name, surname and address may be used for this purpose provided that the data were acquired from a public list or in relation to his activity of controller or processor. The controller or processor, however, may not further process the data specified above if the data subject has expressed his disagreement therewith. The disagreement with processing must be expressed in writing. No additional personal data may be added to the data specified above without the consent of data subject.

(6) The controller who processes personal data pursuant to paragraph 5 may transfer these data to other controller only under the following conditions:

(a) the data on the data subject were obtained in relation to activities of the controller or the personal data in question were made public;

(b) the data shall be used exclusively for the purpose of offering business and services;

(c) the data subject has been notified in advance of this procedure of the controller and the data subject has not expressed disagreement with this procedure.

(7) Other controller to whom data pursuant to paragraph 6 have been transferred may not transfer these data to any other person.

(8) Disagreement with processing pursuant to paragraph 6(c) must be expressed by the data subject in writing. The controller shall be obliged to notify each controller to whom he has transferred the name, surname and address of the data subject of the fact that the data subject has expressed disagreement with the processing.

(9) To eliminate the possibility that the name, surname and address of the data subject are repeatedly used for offering business and services, the controller shall be entitled to further process the subject’s name, surname and address in spite of the fact that the data subject expressed his/her disagreement therewith in accordance with paragraph 5.

 

Article 6

Where authorization does not follow from a legal regulation, the controller must conclude with the processor an agreement on personal data processing. The agreement must be made in writing. In particular, the agreement shall explicitly stipulate the scope, purpose and period of time for which it is concluded and must contain guarantees by the processor related to technical and organisational securing of the protection of personal data.

 

Article 7

The obligations specified in Article 5 shall similarly apply to the processor.

 

Article 8

If the processor finds out that the controller breaches the obligations provided by this Act, the processor shall be obliged to notify the controller of this fact without delay and to terminate personal data processing. If he fails to do so, the processor and the data controller shall be liable jointly and severally for any damage caused to the data subject. This shall in no way prejudice his responsibility pursuant to this Act.

 

Article 9.- Sensitive Data

Sensitive data may be processed only:

(a) if the data subject has given his express consent to the processing. When giving his consent, the data subject must be provided with the information about what purpose of processing, what personal data, which controller and what period of time the consent is being given for. The controller must be able to prove the existence of the consent of data subject to personal data processing during the whole period of processing. The controller is obliged to instruct in advance the data subject of his rights pursuant to Articles 12 and 21,

(b) if it is necessary in order to preserve life or health of the data subject or some other person or to eliminate imminent serious danger to their property, if his consent cannot be obtained, in particular, due to physical, mental or legal incapacity, or if the data subject is missing or for similar reasons. The controller shall be obliged to terminate data processing as soon as the above mentioned reasons cease to exist and must liquidate the data, unless the data subject gives his consent to further processing.

(c) if the processing in question is in relation with ensuring health services, public health protection, health insurance, and the exercise of public administration in the field of health sector pursuant to a special Act, or it is related to assessment of health in other cases provided by a special Act,

(d) if the processing is necessary to keep the obligations and rights of the controller responsible for processing in the field of labour law and employment provided by a special Act,

(e) if the processing pursue political, philosophical, religious or trade-union aims and is carried out within the scope of legitimate activity of a civil association, foundation or other legal person of non-profit nature (hereinafter referred to as the “association”), and which relates only to members of the association or persons with whom the association is in recurrent contact related to legitimate activity of the association, and the personal data are not disclosed without the consent of data subject,

(f) if the data processed pursuant to a special Act are necessary to employ sickness insurance, pension insurance (security), state social support and other state social security benefits, social services, social care, assistance in material need and social and legal protection of children, and if, at the same time, the protection of these data is ensured in accordance with the law,

(g) if the processing concerns personal data published by the data subject,

(h) if the processing is necessary to secure and exercise legal claims,

(ch) if they are processed exclusively for archival purposes pursuant to a special Act, or

(i) if it is the processing under special acts regulating prevention, investigation, detection of criminal activities, prosecution of criminal offences and search for persons.

 

Article 10

In personal data processing, the controller and processor shall ensure that the rights of the data subject are not infringed, in particular, the right to preservation of human dignity, and shall also ensure that the private and personal lives of the data subject are protected against unauthorized interference.

 

Article 11

(1) In collecting personal data the controller shall be obliged to inform the data subject of the scope in which and the purpose for which the personal data shall be processed, who and in what manner will process the personal data and to whom the personal data may be disclosed, unless the data subject is already aware of this information. The controller must inform the data subject about his right of access to personal data, the right to have his personal data rectified as well as other rights provided for in Article 21.

(2) In case when the controller processes personal data obtained from the data subject, he is obliged to instruct the data subject on whether the provision of the personal data is obligatory or voluntary. If the data subject is obliged pursuant to a special Act to provide personal data for the processing, the controller shall instruct him on this fact as well as on the consequences of refusal to provide the personal data.

(3) The controller shall not be obliged to provide the information and instruction pursuant to paragraph 1 in cases where the personal data were not obtained from the data subject, if

(a) he is processing personal data exclusively for the purposes of state statistical service, scientific or archival purposes and the provision of such information would involve a disproportionate effort or inadequately high costs; or if storage on data carriers or disclosure is expressly provided by a special Act. In these cases the controller shall be obliged to take all necessary measures against unauthorised interference with the data subject’s private and personal lives.

(b) the personal data processing is imposed on him by a special Act or such data are necessary to exercise the rights and obligations ensuing from special Acts.

(c) he is processing exclusively lawfully published personal data, or

(d) he is processing personal data obtained with the consent of data subject.

(4) The above provisions shall be without prejudice to the rights of the data subject to request information pursuant to special Acts.

(5) In processing the personal data pursuant to Article 5(2)(e) and Article 9(h), the controller shall be obliged to inform without undue delay the data subject about processing of his personal data.

(6) No decision of the controller or processor in consequence of which is an interference with the legal and legally protected interests of the data subject, may not be issued or made without verification solely on the basis of automated personal data processing. This shall not apply where such decision was made in favour of the data subject and upon his request.

(7) The information obligation regulated by Article 11 may be performed by the processor on behalf of the controller.

 

Article 12.- Data subject’s access to information

(1) If the data subject requests information on the processing of his personal data, the controller shall be obliged to provide him with this information without undue delay.

(2) The contents of the information shall always report on:

(a) the purpose of personal data processing;

(b) the personal data or categories of personal data that are subject of processing including all available information on their source;

(c) the character of the automated processing in relation to its use for decision-making, if acts or decisions are taken on the basis of this processing the content of which is an interference with the data subject’s rights and legitimate interests;

(d) the recipients or categories of recipients.

(3) For provision of this information the controller shall be entitled to require a reasonable reimbursement not exceeding the costs necessary for provision of information.

(4) The controller’s obligation to provide the data subject with information pursuant to Article 12 may be met by a processor on behalf of the controller.

 

Article 13.- Obligations of Persons concerning Personal Data Security

(1) The controller and the processor shall be obliged to adopt measures preventing unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transmission, other unauthorised processing, as well as other misuse of personal data. This obligation shall remain valid even after terminating personal data processing.

(2) The controller or the processor shall be obliged to develop and to document the technical and organisational measures adopted and implemented to ensure the personal data protection in accordance with the law and other legal regulations.

(3) In the framework of measures pursuant to paragraph 1, the controller or the processor shall perform a risk assessment concerning

(a) fulfilment of instructions for personal data processing by persons who have immediate access to the personal data,

(b) prevention of unauthorized persons’ access to personal data and to the means of their processing,

(c) prevention of unauthorized reading, creating, copying, transferring, modifying or deleting of records containing personal data, and

(d) measures enabling to determine and verify to whom the personal data were transferred.

(4) In the area of automatic processing of personal data, the controller or processor shall, in the framework of measures under paragraph 1, be obliged to

(a) ensure that the systems for automatic processing of personal data are used only by authorized persons,

(b) ensure that the natural persons authorized to use systems for automatic processing of personal data have access only to the personal data corresponding to their authorization, and this on the basis of specific user authorizations established exclusively for these persons,

(c) make electronic records enabling to identify and verify when, by whom and for what reason the personal data were recorded or otherwise processed, and

(d) prevent any unauthorized access to data carriers.

 

Article 14

Employees of the controller or processor and other persons who process personal data on the basis of an agreement with the controller or processor, may process personal data only under the conditions and in the scope specified by the controller or the processor.

 

Article 15

(1) Employees of the controller or processor, other natural persons who process personal data on the basis of an agreement concluded with the controller or processor and other persons who, in the scope of fulfilling rights and obligations provided by law, come into contact with personal data at the premises of the controller or processor, shall be obliged to maintain confidentiality of personal data and security measures whose publishing would endanger the security of personal data. The obligation to maintain confidentiality shall survive termination of employment or the relevant work.

(2) The provisions of the previous paragraph shall in no way prejudice the obligation to maintain confidentiality pursuant to special Acts.

(3) The obligation to maintain confidentiality shall not apply to information obligation pursuant to special Acts.

 

Article 16.- Notification Obligation

(1) Whoever intends to process personal data as a controller or alter the registered processing pursuant to this Act, with the exception of the processing mentioned pursuant to Article 18, shall be obliged to notify in writing the Office of this fact before carring out the personal data processing.

(2) The notification must include the following information:

(a) the identification data of the controller, i.e. in case of natural person who is not an entrepreneur his first name or names, surname, date of birth and address of permanent residence; in case of other subjects their trade, corporate or other name, seat and identification number if assigned, and name, eventually first names and surnames of persons that are their statutory representatives;

(b) the purpose or purposes of processing;

(c) the categories of data subjects and of personal data pertaining to these subjects;

(d) the sources of personal data;

(e) a description of the manner of personal data processing;

(f) the location or locations of personal data processing;

(g) the recipient or category of recipients;

(h) the anticipated personal data transfers to other countries;

(i) the description of measures adopted to ensure the protection of personal data pursuant to Article 13;

(3) If the notification includes all essentials pursuant to paragraph 2 and no proceeding pursuant to Article 17(1) has been initiated, the personal data processing may start after the expiration of 30 days from the delivery of the notification. In such case the Office records the information stated in the notification into the register.

(4) If the notification does not include all essentials pursuant to paragraph 2, the Office shall send without delay a reminder to the notifying subject in which he shall make reference to the missing or insufficient information and set a deadline for supplementing the notification. In case the notification is being supplemented, running out the time limit pursuant to paragraph 3 shall begin as of the day of delivery of the notification supplement. If the Office does not receive the notification supplement within the set deadline, the notification shall be regarded as if it has not been submitted.

(5) Upon the request from the controller the Office shall issue a certificate which includes date of issuance, reference number, first name, surname and signature of the person by whom the certificate has been issued, official stamp, identification data of the controller and purpose of processing.

(6) If, pursuant paragraph 1, the notification concerns a processing subjected to investigation, the Office refuses to enter it into the register. The Office shall do the entry as soon as the investigation is closed.

 

Article 17

(1) If a justified concern arises from the notification that this Act might be breached in processing of personal data, the Office shall initiate proceedings at its own instigation.

(2) If the Office finds that the controller does not breach by his notified processing the conditions specified by this Act, he shall suspend the proceedings and make a record pursuant to Article 16(3). The processing of personal data may start not earlier than the day following the day when the record was made. In case the notified processing does not meet conditions specified by this Act, the Office shall not permit the processing of personal data.

 

Article 17a

(1) If the Office finds that the controller whose notification has been registered breaches the conditions provided by this Act, it shall decide on revocation of the registration.

(2) If the purpose for which the processing was registered ceases to exist, the Office shall decide on revocation of the registration either on its own instigation or on the controller´s request.

 

Article 18

(1) The notification obligation pursuant to Article 16 shall not apply to processing of personal data:

(a) that are part of data files publicly accessible on the basis of a special Act,

(b) imposed on the controller by a special Act or when such personal data are needed for exercising rights and obligations following from a special Act, or

(c) in case of processing that pursues political, philosophical, religious or trade- union aims carried out within the scope of legitimate activity of an association and which relates only to members of the association or persons with whom the association is in recurrent contact related to legitimate activity of the association, and the personal data are not disclosed without the consent of data subject.

(2) The controller, who carries out processing pursuant to Article 18(1)(b), shall be obliged to ensure that the information concerning in particular the purpose of the processing, categories of personal data, categories of data subjects, categories of recipients and the period of preservation, which would otherwise be accessible by means of the register maintained by the Office pursuant to Article 35, is disclosed also through remote access or in other appropriate form.

 

Article 19

If the controller intends to terminate his activities, he shall be obliged to announce to the Office without delay how he handled personal data, if their processing was subject to the notification obligation.

 

Article 20.- Liquidation of Personal Data

(1) The controller or, on the basis of his instructions, the processor shall be obliged to carry out liquidation of personal data as soon as the purpose for which personal data were processed ceases to exist or on the basis of a request by the data subject pursuant to Article 21.

(2) A special Act shall provide exceptions relating to the preservation of personal data for archival purposes and to the exercising of rights in civil judicial proceedings, criminal proceedings and administrative proceedings.

 

Article 21.- Protection of Data Subjects’ Rights

(1) Each data subject who finds or presumes that the controller or the processor is carrying out processing of his personal data which is in contradiction with the protection of private and personal life of the data subject or in contradiction with the law, in particular if the personal data are inaccurate regarding the purpose of their processing, he may:

(a) ask the controller or processor for explanation;

(b) require from the controller or processor to remedy the arisen state of affairs. It can mean in particular blocking, correction, supplementing or liquidation of personal data.

(2) If the requirement of the data subject pursuant to paragraph 1 is found justified, the controller or processor is obliged to remove without delay the improper state of affairs.

(3) If the data subject incurred other than property damage as a result of personal data processing, the procedure pursuant to a special Act shall be followed when lodging a claim.

(4) If a breach of obligations provided by law occurs in the course of processing of personal data by the controller or by the processor, they shall be liable jointly and severally.

(5) The controller shall be obliged to inform without undue delay the recipient on the requirement of the data subject pursuant to paragraph 1 and on the blocking, correction, supplementing or liquidation of personal data. This shall not apply where informing the recipient is impossible or would involve disproportionate effort.

 

Article 22.- Repealed.

 

Article 23.- Repealed.

 

Article 24.- Repealed.

 

Article 25.- Indemnification

General regulation of liability for damage shall apply to matters not specified by this Act.

 

Article 26

The obligations pursuant to Articles 21 to 25 shall similarly apply to persons who have collected personal data without authorisation.

 

Chapter III.- TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES

 

Article 27

(1) Free flow of personal data shall not be restricted if data are transferred to a member state of the European Union.

(2) Personal data may be transferred to third countries if the prohibition to restrict the free movement of personal data is ensuing from an international treaty to the ratification of which the Parliament has given his assent and which is binding the Czech Republic, or if the personal data are transferred on the basis of decision of an institution of the European Union. The Office in the Official Journal publishes information about such decisions in the Official Journal.

(3) Where the condition pursuant to paragraphs 1 and 2 is not met, the transfer of personal data may be carried out if the controller proves that:

(a) the data transfer takes place with the consent of, or on the basis of an instruction by the data subject;

(b) in a third country, where personal data are to be processed, has been created sufficient specific guarantees for personal data protection, e.g. by other legal or professional regulations and security measures. Such guarantees may be specified in particular by a contract concluded between the controller and the recipient, if this contract ensures application of these requirements, or if the contract contains contractual clauses for personal data transfer to third countries published in the Official Journal of the Office;

(c) the personal data concerned are part of publicly accessible data files on the basis of a special Act or are, on the basis of a special Act accessible to someone who proves legal interest; in such case the personal data may be disclosed only in the scope and under conditions provided by a special Act;

(d) the transfer is necessary to exercise an important public interest following from a special Act or from an international treaty binding the Czech Republic;

(e) the transfer is necessary for negotiating the conclusion or change of a contract, carried out on the data subject´s incentive, or for the performance of a contract to which the data subject is a contracting party;

(f) the transfer is necessary to perform a contract between the controller and a third party, concluded in the interest of the data subject, or to exercise other legal claims, or

(g) the transfer is necessary for the protection of rights or important vital interests of the data subject, in particular for rescuing life or providing health services.

(4) Prior to the transfer of personal data to third countries pursuant to paragraph 3, the controller shall be obliged to apply to the Office for authorization to the transfer, unless provided otherwise by a special Act. When considering the application, the Office shall examine all circumstances related to the transfer of personal data, in particular the source, final destination and categories of personal data which are to be transferred, the purpose and period of the processing, with regard to available information about legal or other regulations governing the personal data processing in a third country. In the authorization to the transfer, the Office shall specify the period of time over which the controller may perform the data transfers. If a change of the conditions under which the authorization was issued occurs, in particular on the basis of a decision of an institution of the European Union, the Office shall alter or revoke this authorization.

 

Chapter IV.- POSITION AND COMPETENCE OF THE OFFICE

 

Article 28

(1) The Office is an independent body. In its activities, it shall act independently and shall observe only the laws and other legal regulations.

(2) The activities of the Office may be intervened on the basis of law only.

(3) The activities of the Office shall be covered from a special chapter of the state budget of the Czech Republic.

 

Article 29

(1) The Office shall:

(a) perform supervision over the observance of the obligations provided by law in personal data processing;

(b) keep the register of personal data processing operations;

(c) accept incentives and complaints concerning breach of obligations provided by law in personal data processing and inform of their settlement;

(d) compile and publish an annual report on its activities;

(e) exercise other competence specified by law;

(f) discuss misdemeanours and other administrative offences and impose fines pursuant to this Act;

(g) ensure fulfilment of requirements following from international treaties binding the Czech Republic, and from directly applicable law of the European Union,

(h) provide consultations in the area of personal data protection,

(i) co-operate with similar authorities in other countries, with institutions of the European Union and with bodies of international organizations operating in the area of personal data protection. In accordance with the law of the European Union the Office meets the obligation of notification towards the institutions of the European Union.

(2) Supervision in the form of inspection shall be performed pursuant to a special Act.

(3) Supervision over personal data processing performed by intelligence services shall be regulated by a special Act.

 

Article 29a

(1) The Ministry of Interior or the Police of the Czech Republic shall provide the Office for executing its competence pursuant to this Act and other legal regulations

  1. a) reference data from the basic register of population,
  2. b) data from the service-related population information system
  3. c) data from the service-related foreigners information system

(2) Data provided pursuant to paragraph (1)(a) are:

  1. a) surname,
  2. b) name or names,
  3. c) address of residence,
  4. d) date of birth.

(3)Data provided pursuant to paragraph (1)(b) are

  1. a) name or names, surname and name at birth if applicable,
  2. b) date of birth,
  3. c) address of permanent residence including previous addresses of permanent residence,d) commencement of permanent residence or date of annulment of permanent residence, or date of termination of permanent residence on the territory of the Czech Republic.

(4) Data provided pursuant to paragraph (1)(c) are

  1. a) name or names, surname and name at birth if applicable,
  2. b) date of birth,
  3. c) type of residence and address of residence,
  4. d) number and validity of the residence permit,
  5. e) commencement of residence or date of its termination if applicable.

(5) Data kept as reference data in the basic register of population may be collected from the service-related population information system or service-related foreigners information system only if they are in a format preceding the current state.

(6) Of the data provided only those data deemed necessary for satisfaction of a given task may be used in a particular case.

 

Chapter V.- ORGANISATION OF THE OFFICE

 

Article 30

(1) Employees of the Office shall consist of the President, inspectors and other employees.

(2) Supervisory activities of the Office shall be carried out by inspectors and authorised employees (hereinafter referred to as “the supervisory staff”).

(3) The President of the Office shall have the right to a salary, reimbursement of expenses and consideration in kind and golden handshake likewise the President of the Supreme Audit Office pursuant to a special Act.

(4) The inspectors of the Office shall have the right to a salary, reimbursement of expenses and consideration in kind as the members of the Supreme Audit Office pursuant to a special Act.

 

Article 31

Supervisory activities of the Office shall be performed on the basis of a supervision plan or on the basis of the incentives and complaints.

 

Article 32.- President of the Office

(1) The Office is managed by the President who shall be appointed and recalled by the President of the Czech Republic on the basis of a proposal of the Senate of the Parliament of the Czech Republic.

(2) The President of the Office shall be appointed for a period of 5 years. The President may be appointed for the maximum of two successive terms. The President shall be regarded as official body and entitled to issue orders to a civil servant as to the discharge of state service pursuant to the State Service Act.

(3) The President of the Office may be only a citizen of the Czech Republic who:

(a) enjoys legal capacity,

(b) is impeccable, meets the conditions prescribed by a special regulation and for whom it can be assumed in relation to his knowledge, experience and moral qualities that he will serve his position properly,

(c) has completed university education.

(4) For the purpose of this Act, a natural person shall be considered impeccable if he has not been lawfully sentenced for a wilful criminal offence or for an offence committed by negligence in relation to personal data processing.

(5) The position of the President of the Office cannot be exercised together with either of the positions of a Member of the Parliament or Senator, judge, state attorney, any position in the state administration, a position of a member of a territorial self-administration body and with the membership in political parties and movements.

(6) The President of the Office may not hold any other paid position, be in some other labour relationship, or perform any gainful activity, with the exception of administration of his own property and scientific, pedagogical, literal, journalistic and artistic activities, if such activities do not impair the dignity of the Office or threaten confidence in the independence and impartiality of the Office.

(7) The President of the Office shall be recalled from his position if he ceases to meet any of the conditions for his appointment.

(8) The President of the Office may also be recalled from his position if he fails to perform his position for a period of 6 months.

 

Article 33.- Inspectors of the Office

(1) An inspector shall be appointed and recalled by the President of the Czech Republic on the basis of a proposal of the Senate of the Parliament of the Czech Republic.

(2) An inspector shall be appointed for a period of 10 years. He may be appointed repeatedly.

(3) An inspector shall carry out inspections, direct inspections and perform other activities within the Office´s competence.

(4) The activities pursuant to paragraph 3 shall be carried out by 7 inspectors of the Office.

 

Article 34

(1) An inspector may be only a citizen of the Czech Republic who enjoys legal capacity, has no criminal record, meets the conditions prescribed by a special legal regulation and has completed professional university education.

(2) The position of an inspector cannot be exercised together with either the positions of a Member of Parliament or Senator, judge, state attorney, any position in the state administration, a position of a member of a territorial self-administration body and membership in political parties and movements. An inspector may not hold any other paid position, be in some other labour relationship, or perform any gainful activity, with the exception of administration of his own property and scientific, pedagogical, literal, journalistic and artistic activities, if such activity does not impair the dignity of the Office or threaten confidence in the independence and impartiality of the Office.

(3) An inspector shall be recalled from his position if he ceases to meet any of the conditions for his appointment.

 

Chapter VI.- ACTIVITIES OF THE OFFICE

 

Article 35.- Register

(1) Information following from notifications pursuant to Article 16(2) and the date of execution or cancellation of the registration shall be recorded beside the entities of controllers in the Register of permitted personal data processing.

(2) Information written into the register, except the information referred to in Article 16(2)(e) and (i), are publicly accessible especially in the manner enabling remote access.

(3) Cancellation of registration pursuant to Article 17(a) shall be notified by the Office in the Official Journal of the Office.

 

Article 36.- Annual Report

(1) The annual report of the Office shall contain, in particular, information on performed supervisory activities and evaluation thereof, information on and evaluation of the state of affairs in the area of processing and protection of personal data in the Czech Republic and assessment of other activities of the Office.

(2) The President of the Office shall lay the annual report for information purposes before the Chamber of the Deputies and the Senate of the Parliament of the Czech Republic and before the Government of the Czech Republic within 2 months of the end of the budgetary year, and it shall be published.

 

Article 37.- Rights of the Supervisory Staff to Access Information

When performing inspection, the supervisory staff shall be entitled to get acquainted with every piece of information, including sensitive data, necessary to achieve the investigation purpose.

 

Article 38.- Licence of the Supervisory Staff

The supervisory staff is obliged to prove his identity before the investigated subject with an identity card, the sample of which is specified in a Government regulation and which represents authorization to perform supervision.

 

Article 39.- Repealed

 

Article 40.- Measures for Remedy

(1) If during the personal data processing an obligation provided by this Act or imposed on the basis thereof have been breached, the inspector shall specify measures that shall be adopted in order to eliminate the established shortcomings and set a deadline for their elimination.

 

Article 40a

Once the unlawful state remedied in accordance with the measures imposed or immediately after the breach of duty was detected, the Office may refrain from a fine.

 

Article 41.- Repealed

 

Article 42.- Repealed

 

Article 43.- Rights and Obligations in Supervision.- Repealed

 

Chapter VII.- ADMINISTRATIVE DELICTS

 

Article 44

(1) Natural person who

(a) is in a labour or similar relationship to the controller or processor;

(b) carries out activities for the controller or processor on the basis of an agreement, or who

(c) in the framework of fulfilling powers and obligations imposed by a special Act comes into contact with personal data at the controller or processor,

commits an offence by breaching the obligation to maintain confidentiality (Article 15).

(2) Natural person in the position of the controller or processor commits an offence in the course of personal data processing if he:

(a) fails to specify the purpose, means or manner of processing (Article 5(1)(a) and (b)) or breaches an obligation by the specified purpose of processing or exceeds his authority ensuing from a special Act,

(b) processes inaccurate personal data (Article 5(1)(c))

(c) collects or processes personal data in an extent or manner which does not correspond to the specified purpose (Article 5(1)(d),(f) thru (h))

(d) retains personal data for a period longer than necessary for the purpose of processing (Article 5(1)(e))

(e) processes personal data without the consent of data subject except for the cases provided by law (Article 5(2) and Article 9)

(f) fails to provide the data subject with information in the scope or in the manner provided by law (Article 11)

(g) refuses to provide the data subject with the requested information (Articles 12 and 21)

(h) fails to adopt or implement measures for ensuring security of personal data processing (Article 13)

(i) fails to fulfil the notification obligation pursuant to this Act (Articles 16 and 27)

(j) fails to implement imposed remedial measures in the fixed period.

(3) Natural person in the position of the controller or processor commits an offence if he in the course of personal data processing:

(a) jeopardises a substantial number of persons by unauthorized interference in the private and personal lives, or

(b) fails to fulfil obligations related to the processing of sensitive data (Article 9)

by some of the courses of action pursuant to paragraph 2.

(4) A fine up to CZK 100,000 may be imposed for an offence pursuant to paragraph 1.

(5) A fine up to CZK 1,000,000 may be imposed for an offence pursuant to paragraph 2.

(6) A fine up to CZK 5,000,000 may be imposed for an offence pursuant to paragraph 3.

 

Article 44a

(1) Natural person commits an offence by breaching prohibition to publish personal data provided by other legal regulation.

(2) A fine up to CZK 1,000,000 may be imposed for an offence pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 may be imposed for an offence pursuant to paragraph 1 committed by press, film, radio, television, publicly accessible computer network or by other equally effective way.

 

Article 45

(1) Legal or natural person doing business according to special regulations when processing personal data in the position of the controller or processor commits an administrative delict if he:

(a) fails to specify the purpose, means or manner of processing (Article 5(1)(a) and (b)) or breaches an obligation by the specified purpose of processing or exceeds his authority ensuing from a special Act;

(b) processes inaccurate personal data (Article 5(1)(c));

(c) collects or processes personal data in a scope or manner which does not correspond to the specified purpose (Article 5(1)(d), (f) thru (h));

(d) retains personal data for a period longer than necessary for the purpose of processing (Article 5(1)(e));

(e) processes personal data without the consent of data subject except for the cases provided by law (Article 5(2) and Article 9);

(f) fails to provide the data subject with information in the scope or in the manner provided by law (Article 11);

(g) refuses to provide the data subject with the requested information (Article 12 and Article 21);

(h) fails to adopt or implement measures for ensuring security of personal data processing (Article 13);

(i) fails to fulfil the notification obligation pursuant to this Act (Articles 16 and 27);

(j) don’t maintain an inventory of personal data breaches pursuant to Article 88 (7) of the Electronic Communications Act.

(k) fails to implement imposed remedial measures in the fiwed period.

(2) Legal person in the position of the controller or processor commits an administrative delict if he in the course of personal data processing:

(a) jeopardises a substantial number of persons by unauthorized interference in the private and personal lives, or

(b) fails to fulfil obligations related to the processing of sensitive data (Article 9)

by some of the courses of action pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 shall be imposed for an administrative offence pursuant to paragraph 1.

(4) A fine up to CZK 10,000,000 shall be imposed for an administrative offence pursuant to paragraph 2.

 

Article 45a

(1) Legal person or natural person doing business commits an administrative delict by breaching prohibition to publish of personal data provided by other legal regulation.

(2) A fine up to CZK 1,000,000 shall be imposed for an administrative delict pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 shall be imposed for an offence pursuant to paragraph 1 committed by press, film, radio, television, publicly accessible computer network or by other equally effective way.

 

Article 46

(1) Legal person shall not be liable for an administrative delict if he proves that he has made all reasonable effort to prevent the breach of a legal obligation.

(2) When deciding on the amount of the fine, especially the seriousness, manner, duration and consequences of the unlawful behaviour and the circumstances under which the unlawful behaviour was committed shall be taken into account.

(3) Liability of the legal person for an administrative delict becomes extinct, if the administrative body has not initiated proceedings within 1 year as of the day when it learned of it, but not later than within 3 years as of the day when the delict was committed.

(4) Administrative delicts pursuant to this act shall be dealt with in the first instance by the Office.

(5) The provisions on the liability of legal person and related sanctions applies on the liability for the behaviour of natural person that occurred when the natural person carried on business activities or in a direct relation to such business activities.

(6) The fine is payable within 30 days as of the day when the decision on imposing the fine came into force.

(7) The fine shall be collected by the Office. The revenue from fines shall be an income of the state budget.

 

Chapter VIII.- COMMON, TRANSITIONAL AND FINAL PROVISIONS

 

Article 47.- Measures for the Transitional Period

(1) Everyone who processes personal data by the date of entry into effect of this Act and who is subject to the notification obligation pursuant to Article 16 shall be obliged to fulfil this obligation at the latest within 6 months as of the date of entry into effect of this Act.

(2) Personal data processing carried out prior to the date of entry into effect of this Act shall be brought into accordance with this Act by December 31, 2001.

(3) In case the supervisory staff establishes a breach of obligations pursuant to paragraph 2, the provisions of Article 46(1) and (2) shall not be applied in such case prior to December 31, 2002

 

Article 48.- Repealing Provision

Act nº 256/1992 Coll., on the Protection of the Personal Data in Information Systems is hereby repealed.

 

Part TWO.- Repealed

 

Article 49.- Repealed

 

Part THREE

 

Article 50.- Amendment to the Act on Free Access to Information

Act nº 106/1999 Coll., on Free Access to Information, shall be amended as follows:

  1. Article 2 paragraph (3), including footnote nº 1 shall read:

“(3) The Act shall not apply to the provision of personal data and information pursuant to a special regulation.

  1. In Article 8, paragraphs (1) and (2), including the heading and footnote nº 5, shall be repealed.

 

Part FOUR.- Legal Force

 

Article 51

This Act comes into effect on June 1, 2000, with the exception of the provisions of Articles 16, 17 and 35, which come into effect on December 1, 2000.

 

 

 

 

Selected provisions of amandments

Article II of the Act nº 439/2004 Coll.

  1. Notifications and decisions on the registration of personal data processing pursuant to Articles 16, 17 and 17a of the Act nº 101/2000 Coll., on the Protection of Personal Data and on Amendment to Some Acts in wording of the Act nº 450/2001 Coll., submitted and issued prior to the day of entry into effect of this Act continue to be valid.
  2. Permissions for transfer or transfers of personal data to other state issued prior the day of entry into effect of this Act shall cease to have force on the day of entry into effect of this Act, if the state for which this permission was meant is a member state of the European Union or a state for which the prohibition to restrict the free movement of personal data ensues from a published international agreement, to the ratification of which the Parliament has given his assent and which is binding the Czech Republic. Permissions to transfer or transfers of personal data to a state not mentioned in the proceeding sentence issued before the Act has come into effect continue to be valid.
  3. Proceedings initiated and not terminated before the effective date of Act shall be completed pursuant to applicable legal regulations except of proceedings on the permission for transfer or transfers of personal data to a member state of the European Union or a state for which the prohibition to restrict the free movement of personal data ensues from a published international agreement, to the ratification of which the Parliament has given his assent and which is binding the Czech Republic, that will be discontinued.
  4. A controller performing the personal data processing for which no registration was needed pursuant to previous legal regulations and which underlies registration as of the day of entry into effect of this Act must notify such personal data processing to the Office for Personal Data Protection within 6 months as of the day of entry into effect of this Act.

 

12Jul/17

Act nº 13 of 17th June 2004. The Data Protection Act 2004

THE DATA PROTECTION ACT 2004

 

Act nº 13 of 2004

 

I assent

 

ANEROOD JUGNAUTH President of the Republic

17th June 2004

 

 

AN ACT

To provide for the protection of the privacy rights of individuals in view of the developments in the techniques used to capture, transmit, manipulate, record or store data relating to individuals

 

 

PART I .- PRELIMINARY

ENACTED by the Parliament of Mauritius, as follows :

 

1.- Short title

The Act may be cited as the Data Protection Act 2004.

 

2.- Interpretation

In this Act:

“adverse action”, in relation to a data subject, means any action that may adversely affect the person’s rights, benefits, privileges, obligations or interests;

“authorised officer” means an officer to whom the Commissioner has delegated his powers under section 9;

“blocking”, in relation to personal data, means suspending the modification of data, or suspending or restricting the provision of information to a third party where such provision is suspended or restricted in accordance with this Act;

“collect” does not include receipt of unsolicited information;

“Commissioner” means the Data Protection Commissioner referred to in section 4;

“consent” means any freely given specific and informed indication of the wishes of the data subject by which he signifies his agreement to personal data relating to him being processed;

“data” means information in a form which:

(a)

(i) is capable of being processed by means of equipment operating automatically in response to instructions given for that purpose; and

(ii) is recorded with the intent of it being processed by such equipment; or

(b) is recorded as part of a relevant filing system or intended to be part of a relevant filing system;

“data controller” means a person who, either alone or jointly with any other person, makes a decision with regard to the purposes for which and in the manner in which any personal data are, or are to be, processed;

“data matching procedure” means any procedure, whether manually or by means of any electronic or other device, whereby personal data collected for one or more purposes in respect of 10 or more data subjects are compared with personal data collected for any other purpose in respect of those data subjects where the comparison:

(a) is for the purpose of producing or verifying data that; or

(b) produces or verifies data in respect of which it is reasonable to believe that it is practicable that the data,

may be used, whether immediately or at any subsequent time, for the purpose of taking any adverse action against any of those data subjects;

“data processor” means a person, other than an employee of the data controller, who processes the data on behalf of the data controller;

“data protection principles” means the data protection principles specified in the First Schedule;

“data subject” means a living individual who is the subject of personal data;

“direct marketing” means the communication of any advertising or marketing material which is directed to any particular individual;

“document” includes:

(a) a disc, tape or any other device in which the data other than visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced from the disc, tape or other device; and

(b) a film, tape or other device in which visual images are embodied as to be capable, with or without  the aid of some other equipment, of being reproduced from the film, tape or other device;

“inaccurate”, in relation to personal data, means data which are incorrect, misleading, incomplete or obsolete;

“individual” means a living individual;

“information and communication network“ means a network for the transmission of messages and includes a telecommunication network;

“network” means a communication transmission system that provides interconnection among a number of local and remote devices;

“office” means the Data Protection Office established under section 4;

“personal data” means :

(a) data which relate to an  individual who can be identified from those data; or

(b) data or other information, including an opinion forming part of a database, whether or not recorded in a material form, about an individual whose identity is apparent or can reasonably be ascertained from the data, information or opinion;

“proceedings” :

(a) means any proceedings conducted by or under the supervision of a Judge, Magistrate or judicial officer; and

(b) includes:

(i) any inquiry or investigation into a criminal offence; and

(ii) any disciplinary proceedings;

“processing” means any operation or set of operations which is performed on the data wholly or partly by automatic means, or otherwise than by automatic means, and includes :

(a) collecting, organising or altering the data;

(b) retrieving, consulting, using, storing or adapting the data;

(c) disclosing the data by transmitting, disseminating or otherwise making it available; or

(d) aligning, combining, blocking, erasing or destroying the data;

“register” means the register referred to in section 33;

“relevant filing system” means a structured set of information relating to individuals that, although it is not in a form capable of being processed automatically, is structured, either by reference to any individual or by reference to criteria relating to the individual, in such a way that the structure allows ready accessibility to information relating to that individual;

“relevant function” means :

(a) any function conferred on any person by or under any enactment;

(b) any function of any Minister; or

(c) any other function which is of a public nature and is exercised in the public interest;

“relevant person”, in relation to a data subject, means :

(a) where the data subject is a minor, a person who has parental authority over the minor or has been appointed as his guardian by the Court;

(b) where the data subject is physically and mentally unfit, a person who has been appointed his guardian by the Court;

(c) in any other case, a person duly authorised in writing by the data subject to make a request under sections 41 and 44;

“sensitive personal data” means personal information concerning a data subject and consisting of information as to :

(a) the racial or ethnic origin;

(b) political opinion or adherence;

(c) religious belief or other belief of a similar nature;

(d) membership to a trade union;

(e) physical or mental health;

(f) sexual preferences or practices;

(g) the commission or alleged commission of an offence; or

(h) any proceedings for an offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings;

“telecommunication network” means a system, or a series of systems, operating within such boundaries as may be prescribed, for the transmission or reception of messages by means of guided or unguided electro-magnetic energy or both;

“third party” in relation to personal data, means any person other than :

(a) the data subject;

(b) a relevant person in the case of a data subject;

(c) the data controller; or

(d) a person authorised in writing by the data controller to collect, hold, process or use  the data :

(i) under the direct control of the data controller; or

(ii) on behalf of the data controller;

“traffic data” means any data relating to a communication by means of a computer system and generated by the system that form part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service;

“Tribunal” means the ICT Appeal Tribunal set up under section 36 of the Information and Communication Technologies Act 2001;

“underlying service” means the type of service that is used within the computer system;

“use” in relation to personal data, includes disclose or transfer the data.

 

3.- Application of Act

(1) This Act shall bind the State.

(2) For the purposes of this Act, each Ministry or Government department shall be treated as separate from any other Ministry or Government department.

(3) Subject to Part VII, this Act shall apply to a data controller :

(a) who is established in Mauritius and processes data in the context of that establishment; and

(b) who is not established in Mauritius but uses equipment in Mauritius for processing data, other than for the purpose of transit through Mauritius.

(4) A data controller, falling within subsection (3)(b) shall nominate for the purposes of this Act, a representative established in Mauritius.

(5) For the purposes of subsection (3)(a) any person who :

(a) is ordinarily resident in Mauritius;

(b) carries out data processing activities through an office, branch or agency in Mauritius,

shall be treated as being established in Mauritius.

(6) Subject to the provisions of this Act, every data controller shall comply with the data protection principles.

 

PART II .- DATA PROTECTION OFFICE

 

4.- Data Protection Office

(1) There is established for the purposes of this Act a Data Protection Office which shall be a public office.

(2) The head of the office shall be known as the Data Protection Commissioner.

(3) The Commissioner shall be a barrister with at least 5 years standing at the Bar.

(4) The Commissioner shall be assisted by such public officers as may be necessary.

(5) Every public officer referred to in subsection (4) shall be under the administrative control of the Commissioner.

 

5.- Functions of Commissioner

The Commissioner shall :

(a) ensure compliance with this Act, and any regulations made under the Act;

(b) issue or approve codes of practice or guidelines for the purposes of this Act;

(c) create and maintain a register of all data controllers;

(d) exercise control on all data processing activities, either of its own motion or at the request of a data subject, and verify whether the processing of data is in accordance of this Act or regulations made under the Act;

(e) promote self-regulation among data controllers;

(f) investigate any complaint or information which give rise to a suspicion that an offence, under this Act may have been, is being or is about to be committed;

(g) take such measures as may be necessary so as to bring to the knowledge of the general public the provisions of this Act;

(h) undertake research into, and monitor developments in, data processing and computer technology, including data-matching and data linkage, ensure that any adverse effects of such developments on the privacy of individuals are minimised, and report to the Prime Minister the results of such research and monitoring;

(i) examine any proposal for data matching or data linkage that may involve an interference with, or may otherwise have adverse effects on the privacy of individuals and, ensure that any adverse effects of such proposal on the privacy of individuals are minimised;

(j) do anything incidental or conducive to the attainment of the objects of, and to the better performance of his duties and functions under this Act.

 

6.- Confidentiality and oath

(1) The Commissioner, and every officer of the office shall take the oath specified in the Second Schedule.

(2) The Commissioner and every authorised officer shall not, except :

(a) in accordance with this Act or any other enactment;

(b) upon a Court order; or

(c) as authorised by the order of a Judge,

divulge any information obtained in the exercise of a power or in the performance of a duty under this Act.

(3) The Commissioner or any authorised officer, who otherwise than in the course of his duties, uses or records personal data or sensitive personal data, that comes to his knowledge or to which he has access by reason of his position as Commissioner or authorised officer, shall commit an offence.

(4) Any person, who without lawful excuse, contravenes subsection (2), shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

 

PART III .- POWERS OF COMMISSIONER

 

7.-  Powers of Commissioner

The Commissioner shall have power, for the purpose of carrying out his functions to do all such acts as appear to him to be requisite, advantageous or convenient for, or in connection with the carrying out of these functions.

 

8.- Powers to obtain information

(1) The Commissioner may, by notice in writing served on any person, request from that person, information as is necessary or expedient for the performance of his functions and exercise of his powers and duties under this Act.

(2) Where the information requested by the Commissioner is stored in a computer, disc, cassette, or on microfilm, or preserved by any mechanical or electronic device, the person named in the notice shall produce or give access to the information in a form in which it can be taken away and in which it is visible and legible.

 

9.- Delegation of powers by Commissioner

The Commissioner may delegate any of his investigating and enforcement powers conferred upon him by this Act to any officer of his office and to any police officer designated for that purpose by the Commissioner of Police.

 

10.- Contents of notice

(1) Subject to subsection (2) :

(a) the notice specified in section 8 shall state that the person to whom the notice is addressed has a right of appeal conferred under section 58; and

(b) the delay granted for compliance shall not be less than 21 days.

(2) Where a notice of appeal against a decision made under section 8, is lodged with the Commissioner, the information required need not be furnished, pending the determination or withdrawal of the appeal.

(3) Where the Commissioner considers that the information is required urgently for the proper performance of his functions and exercise of his powers under this Act, the Commissioner may apply to the Judge in Chambers for communication of the information.

(4) Any person, who without reasonable excuse, fails or refuses to comply with a requirement specified in a notice, or who furnishes to the Commissioner an information which he knows to be false or misleading in a material particular, shall commit an offence, and shall on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

 

11.- Complaints

Where a complaint is made to the Commissioner that this Act or any regulations made under it, has been, is being or is about to be contravened, the Commissioner shall :

(a) investigate the complaint or cause it to be investigated by an authorised officer, unless he is of the opinion that such complaint is frivolous or vexatious; and

(b) as soon as reasonably practicable, notify the complainant in writing of his decision in relation to the complaint and that the complainant may, if he is aggrieved by the Commissioner’s decision, appeal to the  Tribunal.

 

12.- Enforcement of notice

(1) Where the Commissioner is of opinion that a data controller or a data processor has contravened, is contravening or is about to contravene this Act, the Commissioner may serve an enforcement notice on the data controller or the data processor, as the case may be, requiring him to take such steps within such time as may be specified in the notice.

(2) Notwithstanding subsection (1), where the Commissioner is of the opinion that a person has committed an offence under this Act, he may investigate the matter or cause it to be investigated by an authorised officer.

(3) An enforcement notice shall :

(a) specify any provision of this Act which has been, is being or is likely to be contravened;

(b) specify the measures that shall be taken to remedy or eliminate the matter, as the case may be, which makes it likely that a contravention will arise;

(c) specify a time limit which shall not be less than 21 days within which those measures shall be implemented; and

(d) state the right of appeal conferred under section 58.

(4) In complying with an enforcement notice served under subsection (1), a data controller or a data processor, as the case may be, shall as soon as practicable and in any event not later than 21 days after such compliance, notify :

(a) the data subject concerned; and

(b) where such compliance materially modifies the data concerned, any person to whom the data was disclosed during the period beginning 12 months before the date of the service of the enforcement notice and ending immediately before such compliance, of any amendment.

(5) Where the Commissioner considers that any provision of the enforcement notice need not be complied with to ensure compliance with the data protection principles to which the notice relates, he may vary the notice and, where he does so, he shall notify in writing the person on whom the notice was served.

(6) Any person who, without reasonable excuse, fails or refuses to comply with an enforcement notice shall commit an offence, and shall, on conviction, be liable to fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

 

13.- Preservation Order

(1) The Commissioner may apply to a Judge in Chambers for an order for the expeditious preservation of data, including traffic data, where he has reasonable grounds to believe that such data is vulnerable to loss or modification.

(2) Where the Judge in Chambers is satisfied that an order may be made under subsection (1), he shall issue a preservation order specifying a period which shall not be more than 90 days during which the order shall remain in force.

(3) The Judge in Chambers may, on application made by the Commissioner, extend the period specified in subsection (2) for such time as the Judge thinks fit.

 

14.- Power to carry out prior security checks

(1) Where the Commissioner is of the opinion that the processing or transfer of data by a data controller entails specific risks to the privacy rights of data subjects, he may inspect and assess the security measures taken under section 27 prior to the beginning of the processing or transfer.

(2) The Commissioner may, at any reasonable time during working hours, carry out further inspection and assessment of the security measures imposed on a data controller under section 27.

 

15.- Compliance audit

The Commissioner may carry out periodical audits of the systems of data controllers to ensure compliance with data protection principles specified in the First Schedule.

 

16.- Powers to request assistance

(1) For the purposes of gathering information or for the proper conduct of any investigation concerning compliance with this Act, the Commissioner may seek the assistance of such persons or authorities, as he thinks fit and that person or authority may do such things as are reasonably necessary to assist the Commissioner in the performance of the Commissioner’s functions.

(2) Any person assisting the Commissioner pursuant to subsection (1), shall for the purposes of section 6 be deemed to an officer of the office.

 

17.- Powers of entry and search

(1) An authorised officer may, at any time, enter any premises other than a dwelling house, for the purpose of discharging any functions or duties under this Act or any regulations made under this Act.

(2) An authorised officer shall not enter a dwelling house unless he shows to the owner or occupier of the house, a warrant issued by a Magistrate authorising the officer to exercise his power under this Act in respect of the house.

(3) An authorised officer may, on entering any premises :

(a) request the owner or occupier to produce any document, record or data;

(b) examine any such document, record or data and take copies or extracts from them;

(c) request the owner of the premises entered into, or any person employed by him, or any other person on the premises, to give to the authorised officer all reasonable assistance and to answer all reasonable questions either orally or in writing.

(4) Where the information requested by the authorised officer pursuant to subsection (3) is stored in a computer, disc, cassette, or on microfilm, or preserved by any mechanical or electronic device, the person to whom the request is made shall be deemed to require the person to produce or give access to it in a form in which it can be taken away and in which it is visible and legible.

(5) For the purpose of carrying out his duties under this section, the authorised officer may be accompanied by such person as the Commissioner thinks fit.

 

18.- Warrant to enter and search dwelling house

(1) A Magistrate may, on being satisfied on an information upon oath, that the authorised officer has to exercise the powers and duties conferred upon him under section 17 in respect of a dwelling house, issue a warrant authorising the authorised officer to exercise those powers and duties.

(2) A warrant issued under subsection (1) shall be valid for the period stated in the warrant.

(3) The Magistrate may attach and specify any condition to a warrant.

 

19.- Obstruction of authorised officer

Any person who, in relation to the exercise of powers conferred by section 17 and 18 :

(a) obstructs or impedes an authorised officer in the exercise of any of his powers;

(b) fails to provide assistance or information requested by the authorised officer;

(c) refuses to allow an authorised officer to enter any premises or to take any person with him in the exercise of his functions;

(d) gives to an authorised officer any information which is false and misleading in a material particular,

shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to a term of imprisonment not exceeding 2 years.

 

20.- Referral to police

On completion of an investigation under this Act, the Commissioner shall, where the investigation reveals that an offence has been committed under this Act or any regulations made under the Act, refer the matter to the Police.

 

21.- Directions by Prime Minister

(1) Subject to subsection (2), the Prime Minister may give in writing such directions of a general character to the Commissioner, not inconsistent with this Act, which he considers to be necessary in the public interest, and the Commissioner shall comply with those directions.

(2) The Prime Minister shall not :

(a) give any direction in relation to any specific matter which is the subject of an investigation by the office; and

(b) question the Commissioner or an authorised officer, or otherwise enquire into, a matter which is under investigation by the office.

 

PART IV .- OBLIGATION ON DATA CONTROLLERS

 

22.- Collection of personal data

(1) Subject to Part VII, a data controller shall not collect personal data unless :

(a) it is collected for a lawful purpose connected with a function or activity of the data controller; and

(b) the collection of the data is necessary for that purpose.

(2) Where a data controller collects personal data directly from a data subject, the data controller shall at the time of collecting personal data ensure that the data subject concerned is informed of :

(a) the fact that the data is being collected;

(b) the purpose or purposes for which the data is being collected;

(c) the intended recipients of the data;

(d) the name and address of the data controller;

(e) whether or not the supply of the data by that data subject is voluntary or mandatory;

(f) the consequences for that data subject if all or any part of the requested data is not provided;

(g) whether or not the data collected shall be processed and whether or not the consent of the data subject shall be required for such processing; and

(h) his right of access to, the possibility of correction of and destruction of, the personal data to be provided.

(3) A data controller shall not be required to comply with  subsection (2) :

(a) in respect of a data subject where:

(i) compliance with subsection (2) in respect of a second or subsequent collection will be to repeat, without any material difference, what was done to comply with that subsection in respect of the first collection; and

(ii) not more than 12 months have elapsed between the first collection and this second or subsequent collection.

(b) where :

(i) compliance is not reasonably practicable at the time of collection, provided that the data controller makes available to the data subject all the relevant information specified in subsection (2) as soon as practicable; or

(ii) the data is used in a form in which the data subject concerned cannot or could not reasonably expect to be identified.

(4) Where data is not collected directly from the data subject concerned, the data controller or any person acting on his behalf shall ensure that the data subject is informed of the matters specified in subsection (2).

(5) Subsection (3) shall not operate to prevent a second or subsequent collection from becoming a first collection where the data controller has complied with subsection (2) in respect of the second or subsequent collection.

 

23.- Accuracy of personal data

A data controller shall take all reasonable steps to ensure that personal data within his possession is :

(a) accurate; and

(b) kept up to date where such data requires regular updating.

 

24.- Processing of personal data

(1) No personal data shall be processed, unless the data controller has obtained the express consent of the data subject.

(2) Notwithstanding subsection (1), personal data may be processed without obtaining the express consent of the data subject where the processing is necessary :

(a) for the performance of a contract to which the data subject is a party;

(b) in order to take steps required by the data subject prior to entering into a contract;

(c) in order to protect the vital interests of the data subject;

(d) for compliance with any legal obligation to which the data controller is subject;

(e) for the administration of justice; or

(f) in the public interest.

 

25.- Processing of sensitive personal data

(1) No sensitive personal data shall be processed unless the data subject has:

(a) given his express consent to the processing of the personal data; or

(b) made the data public.

(2) Subsection (1) shall not apply where the processing :

(a) is necessary :

(i) for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with his employment;

(ii) in order to protect the vital interests of the data subject or another person in a case where consent cannot be given by or on behalf of the data subject, or the data controller cannot reasonably be expected to obtain the consent of the data subject;

(iii) in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld;

(iv) for the performance of a contract to which the data subject is a party;

(v) in order to take steps required by the data subject prior to entering into a contract;

(vi) for compliance with a legal obligation to which the data controller is subject;

(b) is carried out by any entity or any association which exists for political, philosophical, religious or trade union purposes in the course of its legitimate activities and the processing :

(i) is carried out with the appropriate safeguards specified under sections 22, 23, 26 and 27;

(ii) is related only to individuals who are members of the charitable entity or association, and

(iii) does not involve disclosure of the personal data to a third party without the consent of the date subject;

(c) is in respect of the information contained in the personal data made public as a result of steps deliberately taken by the data subject;

(d) is required by law.

 

26.- Use of personal data

The data controller shall ensure that personal data is :

(a) kept only for one or more specified and lawful purposes for which such data has been collected and processed;

(b) not used or disclosed in any manner incompatible with the purposes for which such data has been collected and processed;

(c) adequate, relevant and not excessive in relation to the purposes for which such data has been collected and processed; and

(d) not kept for longer than is necessary for the purposes for which such data has been collected and processed.

 

27.- Security of personal data

(1) A data controller shall :

(a) take appropriate security and organisational measures for the prevention of unauthorised access to, alteration of, disclosure of, accidental loss, and destruction of the data in his control; and

(b) ensure that the measures provide a level of security appropriate to :

(i) the harm that might result from the unauthorised access to, alteration of, disclosure of, destruction of the data and its accidental loss; and

(ii) the nature of the data concerned.

(2) A data controller or a data processor shall take all reasonable steps to ensure that any person employed by him is aware of and complies with the relevant security measures.

(3) Where a data controller is using the services of a data processor, he shall choose a data processor providing sufficient guarantees in respect of security and organisational measures for the purposes of complying with subsection (1).

(4) Where the data controller is using the services of a data processor under subsection (3) the data controller and the data processor shall enter into a written contract which shall provide that :

(a) the data processor shall act only on instructions received from the data controller; and

(b) the data processor shall be bound by obligations devolving on the data controller under subsection (1).

(5) Without prejudice to subsection (1), in determining the appropriate security measures, in particular, where the processing involves the transmission of data over an information and communication network, a data controller shall have regard to :

(a) the state of technological development available;

(b) the cost of implementing any of the security measures;

(c) the special risks that exist in the processing of the data; and

(d) the nature of the data being processed.

 

28.- Duty to destroy personal data

(1) Where the purpose for keeping personal data has lapsed, the data controller shall :

(a) destroy such data as soon as reasonably practicable; and

(b) notify any data processor holding such data.

(2) Any data processor who receives a notification under subsection (1) (b) shall, as soon as reasonably practicable, destroy the data specified by the data controller.

 

29.- Unlawful disclosure of personal data

(1) Any data controller who, without lawful excuse, discloses personal data in any manner that is incompatible with the purposes for which such data has been collected shall commit an offence.

(2) Any data processor who, without lawful excuse, discloses personal data processed by him without the prior authority of the data controller on whose behalf such data is or has been processed shall commit an offence.

(3) Subject to subsection (4), any person who :

(a) obtains access to personal data, or obtains any information constituting such data, without prior authority of the data controller or data processor by whom such data is kept; and

(b) discloses the data or information to another person, shall commit an offence.

(4) Subsection (3) shall not apply to a person who is an employee or agent of a data controller or processor and is acting within his mandate.

(5) Any person who offers to sell personal data where such personal data has been obtained in breach of subsection (1) shall commit an offence.

(6) For the purposes of subsection (5), an advertisement indicating that personal data is or may be for sale, constitutes an offer to sell the personal data.

 

30.- Processing of personal data for direct marketing

(1) A person may, at any time, by notice in writing, request a data controller :

(a) to stop; or

(b) not to begin,

the processing of personal data in respect of which he is a data subject, for the purposes of direct marketing.

(2) Where the data controller receives a request under subsection (1)(a), he shall, as soon as reasonably practicable and in any event not more than 28 days after the request has been received :

(a) where the data are kept only for purposes of direct marketing, erase the data; and

(b) where the data are kept for direct marketing and other purposes, stop processing the data for direct marketing.

(3) Where the data controller receives a request under subsection (1)(b), he

(a) shall, where the data are kept only for the purpose of direct marketing, as soon as reasonably practicable and in any event not more than 28 days after the request has been received, erase the data; or

(b) shall not, where the data are kept for direct marketing and other purposes, process the data for direct marketing after the expiry of 28 days.

(4) The data controller shall notify the data subject in writing of any action taken under subsections (2) and (3) and, where appropriate, inform him of the other purposes for which the personal data is being processed.

(5) Where a data controller fails to comply with a notice under subsection (1), the data subject may appeal to the Tribunal.

(6) Where a data controller fails to comply with an order of the Tribunal, he shall commit an offence.

 

31.- Transfer of personal data

(1) Subject to subsection (2), no data controller shall, except with the written authorisation of the Commissioner, transfer personal data to a third country.

(2) The Eighth data protection principle specified in the First Schedule shall not apply where :

(a) the data subject has given his consent to the transfer;

(b) the transfer is necessary :

(i) for the performance of a contract between the data subject and the data controller, or for the taking of steps at the request of the data subject with a view to his entering into a contract with the data controller;

(ii) for the conclusion of a contract between the data controller and a person, other than the data subject, which is entered at the request of the data subject, or is in the interest of the data subject, or for the performance of such a contract;

(iii) in the public interest, to safeguard public security or national security.

(c) the transfer is made on such terms as may be approved by the Commissioner as ensuring the adequate safeguards for the protection of the rights of the data subject.

(3) For the purpose of subsection (2)(c), the adequacy of the level of protection of a country shall be assessed in the light of all the circumstances surrounding the data transfer, having regard in particular to :

(a) the nature of the data;

(b) the purpose and duration of the proposed processing;

(c) the country of origin and country of final destination;

(d) the rules of law, both general and sectoral, in force in the country in question; and

(e) any relevant codes of conduct or other rules and security measures which are complied with in that country.

 

32.- Data matching

(1) No data controller shall carry out a data matching procedure   unless :

(a)

(i) the data subject whose personal data is the subject to that procedure has given his consent to the procedure being carried out;

(ii) the Commissioner has consented to the procedure being carried out; and

(iii) is the procedure carried out in accordance with such conditions as the Commissioner may impose; or

(b) it is required or permitted under any other enactment.

(2) Subject to subsection (3), a data controller shall not take any adverse action against any data subject as a consequence of the carrying out of a data matching procedure :

(a) unless the data controller has served a notice in writing on the data subject:

(i) specifying the adverse action it proposes to take and the reasons therefor;

(ii) stating that the data subject has 7 days after the receipt of the notice to show cause why the adverse action should not be taken; and

(b) until the expiry of the 7 days specified in paragraph (a).

(3) Subsection (2) shall not preclude a data controller from taking any adverse action against any data subject if compliance with the requirements of that subsection shall prejudice any investigation into the commission of any offence which has been, is being or is likely, to be committed.

 

PART V .- THE DATA PROTECTION REGISTER

 

33.- Register of data controllers

(1) There shall be a register of data controllers to be known as the Data Protection Register, which shall be kept and maintained by the office.

(2) Subject to Part VII, a data controller shall register himself with the office.

 

34.- Application for registration

(1) An application for registration as a data controller shall be made in writing to the Commissioner and the person shall furnish such particulars as requested under section 35.

(2) Where a data controller intends to keep personal data for 2 or more purposes, he shall make an application for separate registration in respect of any of those purposes and, entries shall be made in accordance with any such applications.

(3) Subject to subsection (4), the Commissioner shall grant an application for registration, unless he reasonably believes that :

(a) the particulars proposed for inclusion in an entry in the register are insufficient or any other information required by the Commissioner either has not been furnished, or is insufficient;

(b) appropriate safeguards for the protection of the privacy of the data subjects concerned are not being, or will not continue to be, provided by the data controller; or

(c) the person applying for registration is not a fit and proper person.

(4) Upon registration of an application, the applicant shall pay such fee as may be prescribed.

(5) Where the Commissioner refuses an application for registration, he shall, as soon as reasonably practicable, notify in writing the applicant of the refusal:

(a) specifying the reasons for the refusal; and

(b) informing the applicant that he may appeal against the refusal under to section 58.

(6) The Commissioner may, at any time, at the request of the person to whom an entry in the register relates, remove his name from the register.

 

35.- Particulars to be furnished

(1) A data controller who wishes to be registered with the office shall provide the following particulars :

(a) his name and address;

(b) if he has nominated a representative for the purposes of this Act, the name and address of the representative;

(c) a description of the personal data being, or to be processed by or on behalf of the data controller, and of the category of data subjects, to which the personal data relate;

(d) a statement as to whether or not he holds, is likely to hold, sensitive personal data;

(e) a description of the purpose for which the personal data are being or are to be processed;

(f) a description of any recipient  to whom the data controller intends or may wish to disclose the personal data;

(g) the names, or a description of, any country to which the data controller directly or indirectly transfers, or intends or may wish, directly or indirectly to transfer the data; and

(h) the class of data subjects, or where practicable the names of data subjects, in respect of which the data controller holds personal data.

(2) Any data controller who, knowingly supplies false information under subsection (1), shall commit an offence and shall, on conviction, be liable to a fine not exceeding 100,000 rupees and to imprisonment for a term not exceeding 2 years.

(3) Where the data controller in respect of whom there is an entry in the register changes his address, he shall, within 15 days of the change in address, notify the Commissioner in writing.

 

36.- Contents of register

Each entry in the register shall contain the particulars provided under section 35.

 

37.- Inspection of register

(1) The register shall be kept in the office of the Commissioner and shall at all reasonable times be available for inspection by any person free of charge.

(2) Any person may, on payment of such fee as may be prescribed, obtain from the Commissioner a certified copy of, or of an extract from, any entry in the register.

 

38.- Duration of registration

(1) A registration shall be for a period not exceeding one year and on the expiry of such period, the relevant entry shall be cancelled unless the registration is renewed.

(2) The period specified under subsection (1) shall be calculated :

(a) in the case of a first registration, from the date on which the relevant entry was made in the register; and

(b) in the case of a registration which has been renewed, from the date on which it was renewed.

(3) The Commissioner may, subject to this Act, renew a registration upon application by the data controller, and on payment of such fee as may be prescribed.

 

39.- Failure to register or to renew registration

Any data controller, who without reasonable excuse, processes any personal data without being registered, shall commit an offence.

 

40.- Certificate issued by Commissioner

In any proceedings in which the registration of a person as a data controller or a data processor is in question, a certificate under the hand of the Commissioner that there is no entry in the register in respect of the person as a data controller or data processor, shall be conclusive evidence of that fact.

 

PART VI .- RIGHTS OF DATA SUBJECTS

 

41.- Access to personal data

(1) Subject to section 42, a data controller shall on the written request of a data subject or a relevant person :

(a) inform the data subject or the relevant person :

(i) whether the data kept by him include personal data relating to the data subject;

(ii) the purposes for which the data are being or are to be processed;

(iii) the recipients or classes of recipients to whom they are or may be disclosed; and

(b) supply the data subject or the relevant person with a copy of any data referred to in paragraph (a) on payment of the prescribed fee.

(2) A request under subsection (1)(a) and (b) shall be treated as a single request.

(3) Where any data referred to under subsection (1) is expressed in terms that are not intelligible without explanation, the data controller shall supply the information with an explanation of those terms.

(4) A fee paid by any person to a data controller under this section shall be returned to him where a request under subsection (1) is not complied with.

(5) The information to be supplied pursuant to a request under this section shall be supplied by reference to any personal data at the time when the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request.

 

42.- Compliance with request for access to personal data

(1) Subject to subsection (2) and section 43 and to the payment of the prescribed fee, a data controller shall comply with a request under section 41 not later than 28 days after the receipt of the request.

(2) Where a data controller is unable to comply with the request within the period specified in subsection (1), he shall :

(a) before the expiry of the specified period :

(i) inform the data subject or the relevant person who has made the request on behalf of the data subject, that he is unable to comply with the request and shall, if required, state the reasons therefor;

(ii) endeavour to comply with the request in such time reasonably practicable, and

(b) as soon as practicable after the expiry of the specified period, comply with the request.

 

43.- Denial of access to personal data

(1) A data controller may refuse a request under section 41 where :

(a) he is not supplied with such information as he may reasonably require in order to satisfy himself as to the identity of the person making the request, and to locate the information which the person seeks;

(b) compliance with such request will be in contravention with his confidentiality obligation imposed under any other enactment.

(2) Where a data controller cannot comply with a request under section 41 without disclosing personal data relating to another person, he may refuse the request unless :

(a) the other individual has consented to the disclosure of the his personal data to the person making the request; or

(b) he obtains the written approval of the Commissioner.

(3) In determining for the purposes of subsection (2)(b) whether it is reasonable for the Commissioner to approve a request without the consent of the other individual concerned, regard shall be had, in particular, to :

(a) any duty of confidentiality owed to the other individual;

(b) any steps taken by the data controller with a view to seeking the consent of the other individual;

(c) whether the other individual is capable of giving consent; and

(d) any express refusal of consent by the other individual.

(4)

(a) Where a data controller has previously complied with a request made under section 41 by a data subject, the data controller is not obliged to comply with a subsequent identical or similar request under that section by that data subject unless a reasonable interval has elapsed between compliance with the previous request and the making of the current request.

(b) In determining, for the purposes of paragraph (a), whether requests under section 41 are made at reasonable intervals, regard shall be had to :

(i) the nature of the data;

(ii) the purpose for which the data are processed; and

(iii) the frequency with which the data are altered.

(5) A data controller shall not comply with a request under section 41 where :

(a) he is being requested to disclose information given or to be given in confidence for the purposes of :

(i) the education, training or employment, or prospective education, training or employment, of the data subject;

(ii) the appointment, or prospective appointment, of the data subject to any office; or

(iii) the provision, or prospective provision, by the data subject of any service;

(b) the personal data requested consist of information recorded by candidates during an academic, professional or other examination;

(c) such compliance would, by revealing evidence of the commission of any offence other than an offence under this Act, expose him to proceedings for that offence.

 

44.- Inaccurate personal data

(1) A data controller shall, upon being informed as to the inaccurateness of personal data, by a data subject to whom such data pertains, cause such data to be rectified, blocked, erased or destroyed, as appropriate.

(2) Where a data controller is aware that a third party holds inaccurate personal data, he shall, as soon as reasonably practicable, require the third party to rectify, block, erase or destroy the data, as appropriate.

(3) Where the third party specified in subsection (2) fails to comply with the requirement under that subsection, he shall commit an offence.

(4) Where a data controller fails to rectify, block, erase or destroy inaccurate personal data, a data subject may apply to the Commissioner to have such data rectified, blocked, erased or destroyed, as appropriate.

(5) Upon being satisfied by an application under subsection (4) that the personal data is incorrect, the Commissioner shall, where he is satisfied, direct the data controller to rectify, block, erase or destroy those data and any other personal data in respect of which he is the data controller.

(6) Where the Commissioner :

(a) issues a direction under subsection (5); or

(b) is satisfied on the application by an individual that personal data of which the individual is the data subject were inaccurate and have been rectified, blocked, erased or destroyed,

he may direct the data controller to notify third parties to whom the data have been disclosed, of the rectification, blocking, erasure or destruction.

 

PART VII .- EXEMPTIONS

 

45.- National security

(1) Personal data are exempt from any provision of this Act where the nonapplication of such provision would, in the opinion of the Prime Minister be required for the purpose of safeguarding national security.

(2) In any proceedings in which the non-application of the provisions of this Act on grounds of national security is in question, a certificate under the hand of the Prime Minister referred in subsection (1) certifying that such is the case, shall be conclusive evidence of that fact.

 

46.- Crime and taxation

The processing of personal data for the purposes of :

(a) the prevention or detection of crime;

(b) the apprehension or prosecution of offenders; or

(c) the assessment or collection of any tax, duty or any imposition of a similar nature, shall be exempt from :

(i) the Second, Third, Fourth and Eighth data protection principles;

(ii) sections 23 to 26; and

(iii) Part VI of this Act in respect of blocking personal data,

to the extent to which the application of such provisions would be likely to prejudice any of the matters specified in paragraphs (a) to (c).

 

47.- Health and social work

(1) A data controller shall be exempt from the application of section 41 where the personal data to which access is being sought relates to the physical or mental health of the data subject and the application of that section is likely to cause serious harm to the physical or mental health of the data subject or of, any other person.

(2) The Prime Minister may, by notice in the Gazette or by regulations, waive the obligations imposed under section 41, on a public authority, voluntary organisations and any other similar body as may be prescribed, where such public authority, voluntary organisation or other body carries out social work in relation to a data subject or any other individual, and the application of that section is likely to prejudice the carrying out of the social work.

 

48.- Regulatory activities

The processing of personal data for the purpose of discharging any of the relevant functions :

(a) designed for protecting members of the public against :

(i) financial loss due to dishonesty, malpractice or other serious improper conduct, or by the unfitness or incompetence of, persons concerned in the provision of banking, insurance, investment or other financial services or in the management of bodies corporate;

(ii) financial loss due to the conduct of discharged or undischarged bankrupts; or

(iii) dishonesty, malpractice or other seriously improper conduct by, or the unfitness or incompetence of, persons authorised to carry on any profession or other activity;

(b) conferred on the Bank of Mauritius, the Financial Services Commission and the Financial Intelligence Unit, by or under any enactment;

(c) for protecting charitable trusts and other bodies involved in charitable work against misconduct or mismanagement in their administration;

(d) for protecting the property of charitable trusts and other bodies specified in paragraph (c) from loss or misapplication;

(e) for the recovery of the property of charitable trusts and other bodies specified in paragraph (c);

(f) for securing the health, safety and welfare of persons at work;

(g) for protecting persons other than persons at work against risk to health or safety arising out of or in connection with the actions of persons at work; or

(h) designed for:

(i) protecting members of the public against conduct which adversely affect their interests by persons carrying on a business;

(ii) regulating agreements or conduct which have as their object or effect the prevention, restriction or distortion of competition in connection with any commercial activity; or

(iii) regulating conduct on the part of one or more undertakings which amounts to the abuse of a dominant position in a market,

shall be exempt from the application of sections 23 to 26 to the extent that such an application would be likely to prejudice the proper discharge of such functions.

 

49.- Journalism, literature and art

(1) The processing of personal data for journalistic, literary and artistic purposes shall be exempt from the provisions specified in subsection (2) where :

(a) such processing is undertaken with a view to the publication  of any journalistic, literary or artistic material;

(b) the data controller involved in such processing reasonably believes that the publication would be in the public interest; and

(c) the data controller reasonably believes that compliance with any such provisions would be incompatible with such purposes.

(2) For the purposes of subsection (1), the processing of personal data shall be exempt from:-

(a) the Second, Third, Fifth and Eighth data protection principles;

(b) sections 23 to 27 and 32; and

(c) Part VI in respect of blocking personal data.

 

50.- Research, history and statistics

(1) Subject to subsections (2), (4), and (5), personal data which are processed only for research, historical or statistical purposes shall be exempt from the Fifth data protection principle.

(2) The exemption provided for under subsection (1) shall not be applicable where :

(a) such personal data are not processed to support measures or decisions with respect to particular individuals; and

(b) such personal data are not processed in such a way that such processing would substantially damage or substantially distress any data subject or will likely cause such damage or distress.

(3) For the purposes of :

(a) the Second data protection principle; and

(b) sections 23 and 27,

further processing of personal data only for research, historical or statistical purposes shall not be regarded as incompatible with the purposes for which such data was obtained provided that the conditions under subsection (2) are satisfied.

(4) The personal data processed for the purposes specified in subsection (1) shall also be exempt from the provisions of Part VI where :

(a) the conditions under subsection (2)(a) and (b) are satisfied; and

(b) the results of the research or any resulting statistics are not made available in a form which identifies any of the data subjects concerned.

 

51.- Information available to the public under an enactment

Where personal data consists of information which the data controller is obliged under an enactment to make available to the public, such data shall be exempt from :

(a) the Second, Third, Fourth, Fifth and Eighth data protection principles;

(b) sections 23 to 29; and

(c) Part VI in respect of blocking personal data.

 

52.- Disclosure required by law or in connection with legal proceedings

Personal data are exempt from :

(a) the Second, Third, Fourth and Fifth data protection principles;

(b) sections 23 to 29; and

(c) Part VI in respect of blocking personal data, where :

(i) the disclosure of such data is required under any enactment or by a Court order;

(ii) the disclosure of such data is necessary for the purpose of, or in connection with, any on-going or prospective legal proceedings;

(iii) the disclosure of such data is necessary for the purpose of obtaining legal advice; or

(iv) the disclosure is otherwise necessary for the purpose of establishing, exercising or defending legal rights.

 

53.- Legal professional privilege

Personal data are exempt from :

(a) the Second, Third, Fourth and Fifth data protection principles; and

(b) section 23,

where the data consist of information in respect of which a claim to legal professional privilege or confidentiality as between client and legal practitioner could be maintained in legal proceedings, including prospective legal proceedings.

 

54.- Domestic purposes

Personal data processed by an individual are exempt from :

(a) the data protection principles; and

(b) Part V and Part VI,

where such processing is only for the purposes of that individual’s personal, family or household affairs or for recreational purposes.

 

PART VIIl .- MISCELLANEOUS

 

55.- Annual report

(1) The Commissioner shall, not later than 3 months after the end of every calendar year, lay an annual report of the activities of the office before the National Assembly.

(2) Without limiting the generality of subsection (1), the report shall include :

(a) a statement about the operation of approved and issued codes of practice;

(b) any recommendations that the Commissioner thinks fit relating to the compliance with this Act, and in particular the data protection principles.

(3) The period starting from the commencement of this Act to the end of the year of such commencement shall be deemed to be the first calendar year.

 

56.- Codes and guidelines

(1) The Commissioner may, for the purposes of this Act or any regulations made under this Act, issue or approve codes of practice, or issue guidelines.

(2) Before issuing or approving any code of practice, or issuing any guidelines, the Commissioner may consult such person or authority as he thinks fit.

(3) Any code of practice :

(a) may be varied or revoked;

(b) shall, where the code is approved under subsection (1), come into operation on a day specified by the Commissioner.

(4) The Commissioner shall keep a register of approved codes and guidelines which shall be available for public inspection.

(5) The Commissioner may, on payment of such fee as may be prescribed, provide copies of, or extracts from, the register specified in subsection (4).

 

57.- Service of notice

(1) Any notice served by the Commissioner on an individual under this Act may be served by :

(a) delivering it to him;

(b) sending it to him by registered post addressed to him at his usual or last known place of residence or business.

(2) Any notice served by the Commissioner on a body corporate under this Act may be served by :

(a) sending it by post to the registered office of the body; or

(b) addressing it to and leaving it at the registered office of the body.

(3) Any notice served by the Commissioner on an unincorporated body of persons under this Act may be served by :

(a) sending it by post to the place where it ordinarily carries out its activities; or

(b) by addressing it to and leaving it at the place where it ordinarily carries out its activities.

 

58.- Right of appeal

Any person aggrieved by a decision of the Commissioner in respect of the performance of his duties and powers under this Act shall have a right of appeal within 21 days from the date when the decision is made known to that person to the Tribunal.

 

59.- Special jurisdiction of Tribunal

(1) Subject to subsections (2) and (3), the Tribunal shall hear and dispose of any appeal under this Act.

(2) Sections 40 to 44 of the Information and Communication Technologies Act 2001 shall, as far as appropriate, apply to an appeal made under this Act and to such decision as may be reached by the Tribunal on appeal under this Act.

(3) Sections 39 and 42(5) of the Information and Communication Technologies Act 2001 shall not apply to an appeal under this Act.

(4) Subject to subsection (5), every appeal under section 59 shall be in such form and be accompanied by such fees as may be prescribed.

(5) The Tribunal may entertain an appeal after the expiry of the period of 21 days where it is satisfied that there was sufficient cause for not lodging the appeal within that period.

(6) The Tribunal may, after giving the parties to the appeal an opportunity of being heard, pass such orders as it thinks fit, confirming, varying or setting aside the decision appealed against.

(7) The Tribunal shall send a copy of every order made by it to the parties to the appeal.

(8) Any appeal lodged with the Tribunal under this Act, shall be dealt with by it as expeditiously as possible and the Tribunal shall endeavour to dispose of the appeal within 6 weeks from the date the appeal was lodged.

(9) Any person who does not comply with an order issued by the Tribunal under subsection (6), shall commit an offence.

 

60.- Immunity

(1) Notwithstanding the Public Officers’ Protection Act, where any action has been entered before a Court pursuant to any act done by any authorised officer in the execution of his duties under this Act or any regulations made under it, and it appears to the Court that there was reasonable cause to do such act, the Court shall so declare and thereafter the authorised officer shall be immune from all proceedings, whether civil or criminal, on account of such act.

(2) No liability, civil or criminal shall attach to the Commissioner in respect of any act which he may have done or omitted to do in good faith in the execution or purported execution of his duties or powers under this Act or regulations made under it.

 

61.- Offences and penalties

(1) Any person who contravenes this Act shall commit an offence.

(2) Where no specific penalty is provided for an offence, the person shall, on conviction, be liable to a fine not exceeding 200,000 rupees and to imprisonment for a term not exceeding 5 years.

 

62.- Forfeiture

In addition to any penalty the Court may :

(a) order the forfeiture of any equipment or any article used or connected in any way with the commission an offence;

(b) order or prohibit the doing of any act to stop a continuing contravention.

 

63.- Prosecution and jurisdiction

(1) An authorised officer may swear an information in respect of any offence under this Act or any regulations made under this Act before a Magistrate.

(2) Notwithstanding any other enactment, the Intermediate Court shall have jurisdiction to try an offence under this Act or any regulations made under this Act.

(3) No prosecution shall be instituted under this Act except by, or with the consent, of the Director of Public Prosecutions.

 

64.- Consequential amendments

(1) The Criminal Code is amended by repealing section 300A.

(2) The Information and Communication Technologies Act 2001 is amended :

(a) in section 2, by deleting the definitions of “code of practice” and “personal data”;

(b) by repealing section 33;

(c) by repealing the Fourth Schedule.

(3) The National Computer Board Act is amended :

(a) In section 2, by deleting the definitions of “computer service person”, “data”, “data user”, and “personal data”;

(b) in section 4, by deleting paragraph (d); and

(c) by deleting the FIRST SCHEDULE.

 

65.- Regulations

(1) The Prime Minister may, after consultation with the Commissioner, make such regulations as he thinks fit for this Act.

(2) Any regulations made under subsection (1) may provide :

(a) for the requirements which are imposed on the data controller when processing data;

(b) for the contents a notification or application to a data controller should contain;

(c) for the information to be provided  to the data subject and how such information shall be provided;

(d) for the levying of fees and taking of charges;

(e) for the issuing, approval of codes and guidelines;

(f) that any person who contravenes them shall commit an offence and shall, on conviction, be liable to  a fine not exceeding 100,000 rupees and to imprisonment for a term not exceeding 2 years.

(3) The Prime Minister may, by regulations, amend the Schedules.

 

66.- Commencement

(1) Subject to subsection (2), this Act shall come into operation on a date to be fixed by Proclamation.

(2) Different dates may be fixed for the coming into operation of different sections of this Act.

 

Passed by the National Assembly on the first day of June two thousand and four.

 

André Pompon

 

Clerk of the National Assembly

 

 

FIRST SCHEDULE (section 2, 15 and 31)

DATA PROTECTION PRINCIPLES

 

First principle

Personal data shall be processed fairly and lawfully.

 

Second principle

Personal data shall be obtained only for any specified and lawful purpose, and shall not be further processed in any manner incompatible with that purpose.

 

Third principle

Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed.

 

Fourth principle

Personal data shall be accurate and, where necessary, kept up to date.

 

Fifth principle

Personal data processed for any purpose shall not be kept longer than is necessary for that purpose or those purposes.

 

Sixth principle

Personal data shall be processed in accordance with the rights of the data subjects under this Act.

 

Seventh principle

Appropriate security and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

 

Eighth principle

Personal data shall not be transferred to a third country, unless that country ensures an adequate level of protection for the rights of data subjects in relation to the processing of personal data.

 

 

SECOND SCHEDULE (section 6)

I, …………………………………………………………make oath/solemnly affirm/ declare that I will faithfully and honestly fulfill my duties as authorised officer/Commissioner in conformity with the Data Protection Act 2004 and that I shall not without the due authority in that behalf disclose or make known any matter or thing which comes to my knowledge by reason of my duties as such.

District Magistrate

Port Louis

 

 

 

 

11Jul/17

Act nº 44 of December 2001. The information and Communications Technologies Act 2001

Act nº 44 of December 2001. The information and Communications Technologies Act 2001. (Proclaimed by: Proclamation nº 6 of 2002 w.e.r. 11th February 2002 Section 1 and Part VII; Proclamation nº 27 w.e.f. 1st June 2002 Sections 2 and 3, Parts II to VI and Part IX; Proclamation nº 35 of 2003 w.e.f. 1st December 2003 Part VIII) (Amended, Deleted, Added, Repealed and Proclamation by: Act. nº 6 of 2002, Act. nº 27 of 2002, Act. nº 33 of 2002, Act. nº 35 of 2003, Act. nº Act nº 13 of 2004, Act. nº 1 of 2009, Act. nº 7 of 2009, Act nº 38 of 2011, Act. nº 7 of 2013, Act. nº 9 of 2015, Act. nº 21 of 2016

 

INFORMATION AND COMMUNICATION TECHNOLOGIES ACT 2001 Act 44/2001

Proclaimed by: (Proclamation nº 6 of 2002) w.e.f. 11th February 2002 Section 1 and Part VII (Proclamation nº 27 of 2002) w.e.f. 1st June 2002. Sections 2 and 3, Parts II to VI and Part IX (Proclamation nº 35 of 2003) w.e.f. 1st December 2003 Part VIII

An Act To establish the Information and Communication Technologies Authority, the Information and Communication Technologies Advisory Council, the Information and Communication Technologies Appeal Tribunal and to provide for the regulation and democratisation of information and communication technologies and related matters

 

ENACTED by the Parliament of Mauritius, as follows:

 

PART  I.- PRELIMINARY

 

1.-  Short title

This Act may be cited as the Information and Communication Technologies Act 2001.

 

2.- Interpretation In this Act :

“access” means access by a person to the facilities and services of a licensee excluding interconnection for the purpose of providing information and communication services.

“access agreements means an agreement which sets out the terms and conditions pursuant to which a licensee grants access to a person where the services operated by the letter do not require the interconnection of physical networks.

“allocation” means the entry of a given frequency band in the Mauritius Frequency Allocation Table to be used by one or more terrestrial or space radio communication service, or the radio astronomy services;

“authorised officer” means the officer designated as such under section 25;

“Authority” means the ICT Authority established under section 4;

“Board” means the ICT Board established under section 5;

“broadcasting” means the emission or transmission of sounds or images for reception by the public;

“certificate” means a document issued by a certification authority for the purpose of supporting digital signatures which purports to confirm the identity or other significant characteristics of the person who holds a particular key pair;

“certification authority” means a person duly authorised under the Electronic Transaction Act 2000 to issue a certificate;

“charging principles” means the principles that may be prescribed for use in determining the prices to be charged front or by a licensee under an access and an interconnection agreement;

“code of practice”  (Deleted by Act nº 13 of 2004)

“Competition Commission” means the Competition Commission established under section 4 of the Competition Act; (Added by Act nº 38 of 2011)

computer” means any device for storing and processing information whether or not the information is derived from other information by calculation, comparison or otherwise;

“computer service person”. (Deleted by Act nº 1 of 2009)

“computer system” means a device or combination of devices, including input and output support devices, but excluding calculators which are not programmable, and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

“Controller” means the Controller of Certification Authorities referred to in the Electronic Transactions Act; (Amended by Act nº 7 of 2009)

“Council” means the ICT Advisory Council set up under section 34;

“data” means information recorded in a form in which it can be processed by equipment operating automatically in response to instructions given for that purpose;

“data user”  (Deleted by Act nº 1 of 2009)

“domain name” means a unique alpha-numeric designation used to access a computer on the internet and all domain names located in the .mu name hierarchy;

“dominant operator” means a licensee who, by the terms of his licence or by reason of his share in the market or the availability to him of technological ability, infrastructure or capital, has a substantial degree of power in the market for the supply of an information and telecommunication services including a telecommunication service;

“electronic transaction” means any transaction conducted over a network, using computers, information and communication technologies, including telecommunications;

“Executive Director” means the Executive Director of the Authority appointed under section 14;

“facility” means :

(a) any part of the infrastructure of an information and communication network including a telecommunication network; or

(b) any line, cable, radio, equipment, antenna, tower, mast, tunnel, pit, pole or other structure or thing used, or included for use, in connection with an information and communication network including a telecommunication network;

“financial year” means the period extending from 1 July in any year to 30 June in the next ensuing year;

“frequency band” means a continuous frequency range of spectrum;

“information” means data, text, images, sounds, codes, computer, programmes, software, databases or the like;

“information and communication industry” means any entity :

(a) carrying on a business; or

(b) engaged in any commercial activity connected with information and communication technologies;

“information and communication network” means a network for the transmission of messages and includes a telecommunication network;

“information and communication service” means any service involving the use of information and communication technologies including telecommunication services;

“information and communication technologies” means technologies employed in collecting, storing, using or sending out information and include those involving the use of computers or any telecommunication system;

“intercept’ means intercept by listening or recording, by any means, a message passing over an information or communication network, including telecommunication network, without the knowledge of the person originating, sending or transmitting the message,

“interconnection” means the linking up of 2 information and communication networks, including telecommunication networks so that users of either network may communicate with users of, or utilise services provided by means of, the other network or any other information and communications network including telecommunication network;

“interconnection agreement” means an agreement made between 2 or more licensees which sets out the terms and conditions –

(a) for interconnection between the facilities in the information and communication networks, including telecommunication networks of 2 or more licensees; or

(b) upon which a licensee obtains interconnection to information and communication services, including telecommunication services supplied by another licensee;

“International Mobile Station Equipment Identity” or “IMEI” means a unique number which is allocated to every individual mobile station equipment in the Public Land Mobile Network and which shall unconditionally be implemented by the Mobile Station (MS) manufacturer;

“lnternet” means a publicly accessible system of global interconnected computer networks which uses the Internet Protocol as its communication protocol to provide a variety of information and communication facilities;

“Internet Protocol” or “IP” means a standard consisting of a set of rules governing digital data communication on the Internet;

“licence” means a licence issued under section 24,

“licensed certification authority” means a Certification Authority licensed by the Controller;

“licensee” means the holder of a licence;

“Mauritius Frequency Allocation Table” means the table where the spectrum plan for Mauritius is detailed:

“member” includes a chairperson;

“Minister” means:

(a) the Minister to whom responsibility for the subject of Information and Communication Technologies Authority is assigned; but

(b) in relation to sections 12, 34, 35 and 36, the Minister to whom responsibility for the subject of information technology and telecommunications is assigned;

“message” includes any communication whether in the form of speech, or other sound, data, text, visual image, signal or code, or in any other form or combination of forms;

“Multiplex Operator” has the same meaning as in the Independent Broadcasting Authority Act;

“network” means a communication transmission system that provides interconnection among a number of local or remote devices;

“personal data” (Deleted by Act nº 13 of 2004)

“public operator” means a licensee who :

(a)

(i) owns or operates a public information and communication network, including a telecommunication network; or

(ii) offers an information and communication service, including a telecommunication service to the public; or

(b) owns  or  operates  a  network  referred  to  in paragraph (a)(i), and offers a service referred to in paragraph (a)(ii); (Amended by Act nº 38 of 2011)

“radio communication” means any transmission, emission, or reception of signs, signals, writings, sounds or intelligence of any nature, of a frequency less than 3000 gigahertz, propagated in space without artificial guide;

“radio spectrum” means the portion of the electromagnetic spectrum which is below 3,000 gigahertz;

“service provider” means any person who provides an information and communication service, including telecommunication;

“significant market power”, in relation to a public operator, means the position of the operator who, either individually or jointly with any of its subsidiaries or others, enjoys a position equivalent to dominance in any specific market segment such that its position of economic strength affords it the power to behave to an appreciable extent independently of competitors, customers and ultimately consumers; (Added by Act nº 38 of 2011)

“tariff” means the rate of any fee or charge which a public operator offers to claim for a service which it supplies;

“telecommunication” means a transmission, emission or reception of signs, signals, writing, images sounds or intelligence of any nature by wire, radio, optical or other electromagnetic systems whether or not such signs, signals, writing, images, sounds or intelligence have been subjected to rearrangement, computation or other processes by any means in the course of their transmission, emission or reception;

“telecommunication equipment” means an electronic device intended for the purpose of

telecommunication; “telecommunication network” means a system, or a series of systems, operation within such boundaries as may be prescribed, for the transmission or reception of messages by means of guided or unguided electro-magnetic energy or both;

“telecommunication service”:

(a) means a service for carrying a message by means of guided or unguided electromagnetic energy or both;

(b)   subject to paragraph (c), includes radio-communication;

(c)   does not include public broadcasting;

“Tribunal”  means the Information and Communication Technologies Appeal Tribunal established under section 36;

“universal service’ means an information and communication service including a telecommunication service determined by the Authority as being a service to be provided by a licensee to an area or sector not served or adequately served by the service.

Amended by: (Act nº 7 of 2009); (Act nº 1 of 2009); (Act nº 38 of 2011); (Act nº 9 of 2015); (Act nº 21 of 2016)

 

3.- Application of the Act

(1) Subject to subsection (2), this Act shall bind the State.

(2) The Minister may on such terms and conditions as he may determine, exempt any Government department, statutory corporation, non-governmental organisation, or foreign governmental or foreign non-governmental agency acting pursuant to such international Convention or treaty as may be prescribed and to which both Mauritius and the government of that agency are signatories, from compliance with this Act in the interests of the sovereignty of the State, national security or public order.

(Amended by Act nº 21 of 2016)

 

Part II – ICT AUTHORITY

 

4.- Establishment of the ICT Authority

(1) There is established for the purpose of this Act, an Information and Communication Technologies Authority known as the ICT Authority.

(2) The Authority shall be a body corporate.

 

5.-  ICT Board

(1) There shall be an Information and Communication Technologies Board to be known as the ICT Board.

(2) The ICT Board shall be responsible for the administration and management of the Authority.

(3) The ICT Board shall consist of:

(a) a Chairperson. to be appointed by the Prime Minister, after consultation with the Leader of the Opposition;

(b) the Secretary for Home Affairs or his representative;

(c) a representative of the Ministry responsible for the subject of finance;

(d) a representative of the Ministry responsible for the subject of information technology and telecommunications;

(e) a representative of the Attorney-General’s Office:

(f) 4 other members, to be appointed by the Minister.

(4) The members referred to in subsection (3)(a) and (f) shall:

(a) be persons having sufficient knowledge and experience in the field of information and communication technologies, computer science. broadcasting and teIecommunication law, business and finance, internet or electronic commerce.

(b) hold office on such terms and conditions as the Prime Minister may determine.

(5) Any appointment made under the repealed section 5 shall, at the commencement of this section, lapse.

(Amended by Act nº 21 of 2016)

 

6.- Meetings of the Board

(1) The Board shall meet:

(a) at least once every month;

(b) whenever so decided by the Chairperson; or

(c) upon request of any 3 members.

(2) Five members shall constitute a quorum.

(3) The Board may co-opt such person as may be of assistance in relation to any matter before the Board.

(4) In the absence of the Chairperson at a meeting of the Board, the members present shall elect a member to act as Chairperson for that meeting.

(5) Any person co-opted under subsection (3) shall have no right to vote on any matter before the Board.

(6) Every member shall be paid such remuneration and allowances from the General Fund as may be determined by the Minister. (Amended by Act nº 21 of 2016)

 

7.-  Disqualification from membership

(1) No person shall be eligible to be appointed or to remain a member of the Authority if he –

(a) is a shareholder or director or employee of a public operator;

(b) is an undischarged bankrupt or has made any arrangement with his creditors;

(c) is incapacitated by physical or mental illness; or

(d) acts contrary to this Act.

(Amended by Act nº 21 of 2016)

(2)  (Repealed by Act nº 21 of 2016)

 

8.- Disclosure of interest A member who has a direct or indirect pecuniary or other interest in a matter being considered or about to be considered by the Board shall forthwith, or as soon as is practicable after the relevant facts have come to his knowledge, disclose on record or in writing the nature of his interests to the Board and shall not –

(a) be present during any deliberation of the Board with respect to that matter; and

(b) take part in any decision of the Board with respect to that matter.

 

9.-  Declaration of assets

(1) Every member, the Executive Director, and such other employees as the Board may decide, shall not later than 30 days after their appointment or after their vacation of office deposit with the Authority a declaration of assets and liabilities in relation to himself, his spouse and children.

(2) A declaration under this section shall be made by way of an affidavit, sworn before the Supreme Court in the form specified in the Second Schedule.

 

10.-  Delegation of powers Subject to such instructions and rules of a general nature as it may give or make, the Board may delegate to:

(a) a committee comprising the Chairperson and 2 other members; or

(b) the Executive Director,

such of its powers under this Act as may be necessary for the effective management of the Authority, other than the power to borrow money or to grant a licence.

 

11.-  Appointment of committees The Board may appoint such committees as it thinks fit to advise the Authority on such matters within the purview of this Act.

 

12.-  Internet Management Committee

(1) The Minister shall, after consultation with the Board, appoint an Internet Management Committee.

(2) The Committee under subsection (1) shall consist of a Chairperson and 10 members.

(3) The members shall hold office for a period of 3 years and shall be eligible for reappointment.

(4) Members under subsection (2) shall be selected from among representatives from the public sector, private sector, non- government organisation and academia, by virtue of their qualifications, expertise and experience in information and communication technologies, computer science, broadcasting and telecommunication law, business and finance, internet, electronic commerce and related educational and training services;

(5) Every member shall be paid such fee as may be determined by the Board.

 

13.-  Functions of the Internet Management Committee

(1) The functions of the Internet Management Committee shall be:

(a) to advise the Authority on Internet and related policies;

(b) to provide a forum for stake-holders to discuss issues relating to the administration of Internet;

(c) to administer domain names in the context of the development of the information and communication industry; and

(d) to make recommendations to the Board on any matter relating to Internet including the administration and management of domain names.

(2) The Committee may appoint such working groups as may be necessary in the discharge of its functions under the Act.

(3) The Committee shall regulate its meeting and proceedings in such manner as it thinks fit.

 

14.- The Executive Director

(1) There shall be a chief executive officer of the Authority who shall:

(a) be known as the Executive Director; and

(b) be appointed by the Board with the approval of the Minister on such terms and conditions as the Board thinks fit.

(2) The Executive Director shall be responsible for the execution of the policy and the control and management of the day-to-day business of the Authority.

(3) The Executive Director:

(a) shall attend every meeting of the Board;

(b) may take part in the deliberations of the Board;

(c) shall not be entitled to vote on any question before the Board.

(4) The Executive Director may, with the approval of the Board, delegate any of the functions or powers delegated to him under section 10 to an officer.

(5) In the exercise of his functions, the Executive Director shall act in accordance with such directions as he may receive from the Board.

 

15.-  Employment of staff

(1) The Authority may employ, on such terms and conditions as it thinks fit, such officers and other members of staff as may be necessary for the proper discharge of the functions of the Authority.

(2) Every employee shall be under the administrative control of the Executive Director.

(3) Every employee who has an interest in any contract with the authority or acquires an interest of any kind from a licensee shall make a declaration on the prescribed or approved form.

 

PART III – OBJECTS, POWERS AND FUNCTIONS OF THE AUTHORITY

 

16.-  Objects of the Authority

The objects of the Authority shall be:

(a) to democratise access to information taking into account the quality, diversity and plurality in the choice of services available through the use of information and communication technologies

(b) to create a level playing field for all operators in the interest of consumers in general;

(c) to license and regulate the information and communication services;

(d) to ensure that information and communication services including telecommunication services are reasonably accessible at affordable cost nationwide and are supplied as efficiently and economically as practicable and at performance standards that reasonably meet the social, educational, industrial, commercial and, other needs of Mauritius;

(e) to encourage the optimum use of information and communication technologies in business, industry and the country at large, the introduction of new technology and the investment in infrastructure and services;

(f) to promote the efficiency and international competitiveness of Mauritius in the information and communication sector;

(g)   to further the advancement of technology, research and development relating to information and communication technologies through modern and effective infrastructure taking into account the convergence of information technology, media, telecommunications and consumer electronics;

(h) to advise the Minister on all matters relating to information and communication technologies and on matters relating to the Authority generally.

 

17.-  Powers of the Authority

(1) The Authority, in addition to the powers it has under section 37 of the Interpretation and General Clauses Act, may:

(a) commission expert evaluations, conduct studies, collect data related to the information and communication industry;

(b) authorise any person to conduct such technical tests or evaluations relating to information and communication services including telecommunication as it thinks fit.

(2) For the purposes of subsection (1), the Authority may require a public operator who holds a licence granted under this Act to provide information on the use, area of coverage and means of access to his service.

(3) The Authority shall have the power to make such determinations, issue such directives and guidelines, and do such acts and things, as are incidental or conducive to the attainment of its objects and the discharge of its functions.

(Amended by Act nº 38 of 2011)

 

18.-  Functions of the Authority

(1) The Authority shall:

(a) implement the policy of government relating to the information and communication industry;

(b) provide economic and technical monitoring of the information and communication industry in accordance with recognized international standard practices, protocols and having regard to the convergence of technology;

(c) promote and maintain effective competition, fair and efficient market conduct between entities engaged in the information and communication industry in Mauritius and to ensure that this Act is implemented with due regard to the public interest and so as to prevent any unfair or anti-competitive practices by licensees;

(d) advise and assist in the formulation of national policies with respect to the regulation of the information and communication industry;

(e) act internationally as the national regulatory body of Mauritius in respect of information and communication technologies matters;

(f) exercise licensing and regulatory functions in respect of information and communication services in Mauritius including the determination of types and classes of licensees and the approval of prices, tariffs and alterations thereto;

(g) establish, for public operators, performance standards and linkage standards in relation to the provision of international and local telephone services, and monitor compliance with both of those standards;

(h)  report, in such manner as may be required, to the Minister or to any other person on any matter that lies within its purview, such as the performance of public operators, the quality of consumer service and consumer satisfaction, measured against the best available international standards of practice;

(i) ensure the fulfilment by public operators of their obligations under any enactment;

(j) (Repealed by Act nº 1 of 2009)

(k) develop and, where appropriate, revise, accounting requirements and draw up a cost allocation manual for use by public operators;

(l) regulate the security of data;

(Amended by Act nº 1 of 2009)

(m) take steps to regulate or curtail the harmful and illegal content on the Internet and other information and communication services;

(n) ensure the safety and quality of every information and communication services including telecommunication service and, for that purpose, determine technical standards for telecommunication network, the connection of customer equipment to telecommunication networks;

(o) entertain complaints from consumers in relation to any information and communication service in Mauritius and, where necessary, refer them to the appropriate authorities;

(p) allocate frequencies and manage, review, and, where appropriate, reorganise the frequency spectrum;

(q) determine the numbering system to be used for every information and communication services including telecommunication service, and manage, review, and, where appropriate, reorganise the numbering system;

(r)  set up a radio frequency management unit for the allocation, monitoring, control and regulation of radio frequencies and, with the approval of the Minister, participate in any regional monitoring system;

(s) monitor every access or interconnection agreement and assist in the resolution of any dispute relating thereto;

(t) monitor the use of information and communication services on any ship or aircraft;

(u)  control the importation of any equipment capable of being used to intercept a message;

(v)  regulate the conduct of examinations for, and the issue of, certificates of competency to persons wishing to operate any apparatus used for purposes of information and communication services including telecommunication;

(w) manage the Universal Service Fund set up under section 21;

(x) determine, whether as conditions of licences or otherwise, the universal service obligations and requirements;

(y)   authorise or regulate the registration, administration and management of domain names for Mauritius; and

(z) be the Controller of Certification Authorities.

(Amended by Act nº 7 of 2009)

(2)

(a) Notwithstanding subsection (1), the Authority shall allocate and regulate the use of any frequency to any licensed broadcaster in the case of analogue broadcasting and to the Multiplex Operator in the case of digital broadcasting.

(b) Subject to paragraph (c), the broadcaster or the Multiplex Operator shall pay to the Authority such fee as may be prescribed.

(c) The Multiplex Operator shall be exempt from payment of any fee referred to in paragraph (b) for the broadcast, through transmission stations operated by it, of the proceedings of the National Assembly under any access agreement between the Multiplex Operator and the National Assembly.

(3) The Authority shall furnish to the Minister:

(a) an annual report of its activities; and

(b) an annual report on the development of the information and communication industry in the country, as may be prescribed;

(c)  such reports and other information as may be required.

(4) The Minister shall at the earliest opportunity lay a copy of a report submitted under subsection 3(a) before the National Assembly.

Amended by: (Act nº 7 of 2009); (Act nº 1 of 2009); (Act nº 9 of 2015); (Act nº 21 of 2016)

 

19.-  Powers of the Minister The Minister may give such directions of a general character to the Board, not inconsistent with the objects of the Authority, which fie considers to be necessary in the public interest, and the Board shall comply with those directives.

 

PART IV.- FINANCIAL PROVISIONS

 

20.-  Establishment of the General Fund

(1) The Authority shall establish a General Fund:

(a) into which all money, dues, fees and charges received by the Authority shall be paid; and

(b) out of which:

(i) all payments required to be made by the Authority shall be effected;

(ii)  shall be paid into the Capital Fund established under the Finance and Audit Act, such surplus money not required for the purposes of subparagraph (i), as the Board may determine.

(2) The Authority may, in furtherance of its objects and in accordance with the terms and conditions upon which its funds may have been obtained or derived, charge to the General Fund all remuneration, allowances, salaries, grants, fees, pensions and superannuation fund contributions, gratuities, working expenses and all other charges properly arising, including any necessary capital expenditure.

(3) The Authority shall derive its income from:

(a) any charge or fee that may be prescribed;

(b) any sum appropriated from the Consolidated Fund; and

(c) such other source as may be approved by the Minister.

(4) The Authority shall, not later than 3 months before the commencement of every financial year, submit to the Minister for his approval a detailed estimate of its income and expenditure for that year.

(5) In signifying his approval, the Minister may make comments of a general policy nature regarding the estimate.

 

21.- Establishment of a Universal Service Fund

(1) The Authority shall establish a Universal Service Fund:

(a) into which shall be paid any contribution received from licensees in pursuance of subsection (2);

(b)   out of which payments may be made to any licensee required by the terms of his licence, or otherwise directed by the Authority, to provide a universal service.

(2) Every public operator shall, in addition to the licence fee payable, pay into the Universal Service Fund, such annual contributions is may be prescribed.

(3) The Minister may, on the recommendation of the Board, prescribe –

(a) the basis and manner of determination of such contributions;

(b)   the dates when such contributions shall become payable and the manner and, if he deems it appropriate, the period over which the contributions shall be paid.

 

22.-  Donations and exemptions

(1) Article 910 of the Code Napoleon shall not apply to the Authority.

(2) Notwithstanding any other enactment, the Authority shall be exempt from payment of all charges, duties, fees, rates or taxes.

 

PART V.- (Repealed by Act nº 21 of 2016)

 

PART VI.- LICENSING AND OTHER PROVISIONS

 

24.-  Licensing

(1) No person shall operate an information and communication network or service including telecommunication network or service unless he holds a licence from the Authority.

(2) Any person who wishes to obtain, transfer, renew, or vary the terms of, a licence for the operation of an information and communication network or service including a telecommunication network or service specified in the First Schedule shall make a written application to the Authority in the prescribed form.

(3) Upon receipt of an application referred to in subsection (2), the Authority:

(a) shall, in the case of such licences as may be prescribed, forthwith give public notice of the application in 2 daily newspapers and invite any interested person who wishes to object to the application to do so in writing within 14 days;

(b) may:

(i) require the applicant to furnish any additional information that it considers relevant;

(ii) inspect any installation, apparatus or premises relating to the application.

(4) The Authority shall, after hearing any objection that may be made pursuant to subsection (3) (a), determine whether to issue, transfer, renew, or vary the terms of, a licence.

(5) The Authority shall, in the exercise of its powers under subsection (4), have regard in particular to:

(a) the public interest and any likelihood of unfair practice;

(b)  any element of national security;

(c) the technical and electromagnetic compatibility of the application with any other licensed service;

(d)  any agreement between Mauritius or the Authority with any other State, or any national or international organization relating to information and communication technologies including telecommunication.

(6) Subject to subsection (5)(d), the Authority shall, within a period of 30 days from the date of receipt of the application, convey its decision to the applicant.

(7) Where the Authority agrees to issue, transfer, renew, or vary the terms of a licence –

(a) it may do so by imposing any term or condition that it thinks fit;

(b) it shall give written notice of its decision, and the reasons therefor, to any person objections who has raised an objection pursuant to subsection (3)(a).

(8) Where the Authority refuses to issue, transfer, renew or vary the terms of a licence, it shall gives written notice of its decision, and the reasons therefore, to the applicant and to any person who has raised an objection pursuant to subsection (3)(a).

(9) No licence shall be issued or renewed under this section unless the prospective licensee pays such fee as may be prescribed.

(10) Every licence shall specify:

(a) the name and business address of the licensee;

(b) the installation, apparatus and premises to which it relates;

(c)   the network or service to be provided by the licensee; and

(d) any term or condition imposed pursuant to subsection (7)(a).

(11) Subject to subsection (12), the authority may, of its own motion, vary the terms of, or revoke, a licence on the ground that the licensee has –

(a) contravened this Act; or

(b)   acted in breach of any term or condition imposed pursuant to subsection (7)(a).

(12) Where the Authority proposes to vary the terms of, or revoke, a licence pursuant to subsection (11), it shall have written notice of its intention to the licensee, stating –

(a) the reasons for which it proposes to do so; and

(b)   the time, being not less than 14 days, within which the licensee may make written representation to object to the proposal.

(13) The Authority shall, after considering any representations made pursuant to subsection (12), communicate its decision in writing, and the reasons therefore to the licensee.

(14) Where the urgency of the matter so requires, the Authority may forthwith suspend a licence on any ground specified in subsection (11).

(15) A suspension effected pursuant to subsection (14) shall, unless sooner revoked, lapse after 30 days.

(Amended by Act nº 13 of 2004)

 

25.- Special powers

(1) The Board may designate in writing any officer to act as an authorised officer who shall perform (lie duties specified in this section.

(2) An authorised officer may:

(a) require a licensee to produce his licence;

(b)   at all reasonable times inspect any installation, apparatus or premises relating to a licence.

(3) Where a Magistrate is satisfied, by information upon oath, that there is reasonable ground to suspect that a person is contravening this Act or any regulations made there under, he may grant a warrant to an authorised officer enabling him to-

(a) enter any premises named in the warrant and search those premises or any person found therein;

(b) inspect, remove and take copies of any document found which he considers relevant;

(c)   inspect and remove any installation or apparatus found therein which he has reason to suspect is operating in contravention of this Act.

(4) When a public operator contravenes this Act, the Authority may require the operator to remedy the default within a delay specified by it.

(5) Where a public operator fails to comply with a decision taken by the Authority under subsection (4), the Authority may:

(a) revoke or vary the terms of the licence;

(b) suspend the licence for a period not exceeding 30 days; or

(c) reduce the period, not exceeding one year, for which the licence was originally granted.

(6) Where it has come to the knowledge of the Authority that there has occurred a substantial change in the composition of the share capital of the public operator, the Authority may cancel the licence forthwith subject to the public operator being afforded all opportunity to be heard on why the licence should not be cancelled.

(7) Any matter dating back to more than 3 years shall not be the subject matter of consideration by the Authority unless an inquiry, verification or action has been initiated within that period.

(8) The Authority shall give reasons for its decision under this section and notify the interested party.

(9) Notwithstanding subsection (5), where a public operator fails to comply with a decision of the Authority under subsection (4), he commits an offence and shall be liable, on conviction, to a fine, the maximum of which shall be 3% of the net turnover of his preceding financial year or 5,000,000 rupees, whichever is the lesser.

 

26.-  Obligations of licensees

Every licensee shall:

(a) comply with every term and condition attached to his licence;

(b) maintain an installation, apparatus or premises relating to his licence in such condition as to enable him to provide a safe, adequate and efficient service;

(c) provide access thereto to an authorised officer;

(d) furnish to the Authority such reports, accounts and other information relating to his operations as the Authority relay require;

(e) comply with any written direction given to him by the Authority in relation to the exercise of his rights and obligations under a licence.

 

27.-  Public operators entering premises

(1) A public operator shall, subject to subsection (2), have authority to:

(a) enter any property for the purpose of exercising any of his powers under his licence;

(b) establish any installation or apparatus on, over, under or across any land or road.

(2)

(a) Before entering on any private property pursuant to subsection (1), a public operator shall give not less than 4 days written notice of his intention to the owner or occupier, stating the reasons for which lie proposes to do so.

(b) Any person who receives a notice issued pursuant to paragraph (a) may apply to the Authority forthwith for a review of the decision specifying the grounds of his objection.

(c) The Authority shall, after hearing the parties, determine every application under paragraph (b) within a reasonable delay.

(3) Where any person suffers any prejudice caused to his property or interest in the property through the acts or omissions of a public operator, he may apply for compensation to the Authority.

(4) The Authority shall, within 30 days, make an award on the claim for compensation and shall, within 7 days of the date of the award, communicate a copy to each of the parties.

(5) Nothing in this section shall prevent a public operator from entering on any property to do whatever may be required to remove any tree, branch, hedge or any other object that is likely to cause danger to any installation or apparatus relating to services provided by him.

(6) For the purpose of this section, establishing an information and communication installation or apparatus including telecommunication installation or apparatus shall include the setting up of poles, wires, stays or struts or other similar structure or any work performed either above or under the ground, in connection with the establishment, alteration, disconnection, modification or repair of the installation or apparatus.

(7) The Authority may, at the request of the owner or occupier of a property over which a public operator has established an information and communication installation including telecommunication installation, require the public operator to alter, modify or divert the installation and the expenses thereby incurred shall be borne by the person making the request.

 

28.-  Interconnection agreements

(1) Every network licensee or public operator shall grant access to his network in accordance with this section.

(2) A licensee may make a written application to a network licensee for access to its network with a copy of the application to the Authority.

(3)

(a) Where a network licensee receives an application he shall, unless the Authority otherwise determines, negotiate the terms of an interconnection agreement with the applicant in good faith.

(b) Either party to the proposed agreement may request the Authority to depute a representative to attend, and assist in the negotiations.

(4)

(a) Subject to paragraph (b), the rates for interconnection shall be determined in accordance with any charging principles in force.

(b) Where an interconnection agreement is negotiated before any charging principles have been prescribed, the agreement shall, where appropriate, be amended by the parties to comply with any charging principles that may subsequently be prescribed.

(5) Where the parties to a proposed interconnection agreement are unable to agree on the terms thereof within 60 clays front the date of an application under subsection (2), either party may request the Authority to act as an arbitrator in the matter.

(6) An arbitration made by the Authority pursuant to subsection (5) shall be deemed to be made under, and be regulated by the Code de Procedure Civile wherever applicable, subject to this Act.

(7) The award by the Authority on the dispute shall:

(a) be made within 60 days from the date of a request under subsection (5); and

(b) specify:

(i) the facilities and the network covered by the award;

(ii) the extent of any network over which one party is required to carry information and communication messages including telecommunications messages to enable another party to supply services;

(iii) the points of, and the technical standards for, interconnection

(iv)   the rates of interconnection

(v)    the effective date of the award.

(8) Each party to an interconnection agreement shall supply to the Authority:

(a) a copy of the agreement, and of any amendment to it, within 14 days of the execution of the agreement, or amendment, as the case may be;

(b) such information relating to the interconnection agreement as the Authority may require.

 

29.-  Access Agreement

(1) Any person may make an application to a public operator or network licensee for access to its facilities or services other than its network.

(2) Where the public operator or network licensee receives an application, he may, after consideration, grant the application, and negotiate the terms and conditions of the access with the applicant in good faith, or refuse the application.

(3) Where the application is not granted and the applicant has reasonable around to believe that the operator or network licensee has not acted in good faith, he may refer the matter to the Authority for its decision.

(4) Where the parties to a proposed access agreement are unable to agree on the terms thereof within 60 days front the date of the application under subsection (2) either party relay request the Authority to act as an Arbitrator in the matter.

(5) An arbitration made by the Authority pursuant to subsection (4) shall be deemed to be made under, and be regulated by the Code de Procedure Civile wherever applicable, subject to this Act.

(6) The award of the Authority on the dispute shall be made within 60 days from the date of the application.

 

30.- Market definition and determination of significant market power

(1) The Authority shall, at such times as it may determine, hold a public consultation and carry out a market analysis, to enable it to:

(a) identify information and communication service markets or market segments;

(b) designate every information and communication service market and market segment for which tariffs must be approved by the Authority before the service is offered to the public; (c) determine whether any public operator has significant market power in those information and communication service markets or market segments.

(2) The Authority   shall,   following   the   public consultation referred to in subsection (1), designate and give public notification of:

(a) every information  and  communication service market and market segment; and

(b) every   public   operator   which   has   a significant market power in an information and communication service market or market segment.

(3) Following the grant of the appropriate licences, every public operator shall, before the commercial launch of the relevant information and communication service, disclose to the Authority the relevant market or market segment in which it intends to operate.

(4) The Authority may, after consultation with the Competition Commission, issue such guidelines as are necessary for the purposes of determining which public operator has significant market power in an information and communication service market or market segment.

(5) Where a public operator has significant market power in a market or market segment, it may also be considered to have a significant market power in a closely related market or market segment, where the links between the two markets or market segments are such as to allow the market power held in one market or market segment to be leveraged into the other market or market segment, thereby strengthening the market power of the public operator.

(6) Where a public operator has significant market power in a market or market segment, and wishes to supply promotional offers, including discount practices, he shall submit the relevant cost breakdown for the said service and offers for determination by the Authority.

(7) Every public operator shall:

(a) before entering  into  a  new  market  or market segment, notify the Authority of its intention to do so; and

(b) furnish to the Authority such information relating to its operations as the Authority may require under this section.

(Amended by Act nº 38 of 2011)

 

30A.-  Significant market power conditions

(1) Where the Authority determines that a public operator has significant market power in a relevant market or market segment, it may impose such conditions as it considers appropriate on the public operator.

(2) Every public operator with significant market power shall comply with every condition imposed by the Authority under subsection (1).

(Added by Act nº 38 of 2011)

 

31.-  Tariffs

(1) Every public operator shall submit to the Authority, in such form and manner as the Authority may determine, a tariff for every information and communication service which it wishes to supply and every intended alteration to a tariff, at least 15 days before the implementation of the tariff or the alteration, as the case may be.

(2) Every tariff or alteration submitted to theAuthority under subsection (1) shall –

(a) be calculated  in  accordance  with  such guidelines as the Authority may issue;

(b) include information relating to:

(i) the term during which the tariff or alteration is to apply;

(ii) the description of the information and communication service;

(iii) the amount of all charges payable for each information and communication service, including the amount of any surcharge that may be imposed as a result of nonpayment of fees or charges and the cost-related computation thereof;

(iv) the breakdown of  cost  and  cost elements involved in supplying every information and communication service;

(v) the quantity in which the information and communication service is supplied;

(vi) the network configuration, including the capacity needed, to supply the information and communication service;

(vii)   the performance characteristics for the information and communication service supplied; and

(viii)  the terms and conditions on which the information and communication service is or is to be supplied, including the mode of payment.

(3) No public operator shall demand or receive from any person payment of any tariff which:

(a) has not been submitted to the Authority in accordance with subsections (1) and (2);

(b) is different from the tariff submitted to the Authority under this section; or

(c) has been disallowed by the Authority.

(4) Every public operator shall display the tariff or alteration applicable for every information and communication service it offers in a conspicuous place at every point of sale of such service.

(5) Where the Authority is provided with a tariff or alteration under subsection (1), it may, where the tariff or alteration has been provided by a public operator having a significant market power, require the public operator to provide such additional information as it considers necessary.

(6) On receipt of a request from the Authority under subsection (5), the public operator shall provide the additional information within 15 days of the date of the request.

(7)

(a) The Authority shall:

(i) in  the  case  of  a  public  operator having significant market power, within 30 days of the date on which it is provided with a tariff or alteration under subsection (1), or it receives additional information under subsection (5), whichever is the later; or

(ii) in the case of a public operator not having significant market power, within 15 days of the date on which it is provided with a tariff or alteration under subsection (1),

determine whether to allow, disallow, or amend the tariff or alteration and shall, by notice in writing, inform the public operator of its decision.

(b) Where the Authority allows or amends a tariff or alteration, it may impose such terms and conditions as it may determine.

(c) Where the Authority disallows or amends a tariff or alteration, it shall communicate, in writing, the reasons for its decision to the public operator.

(d) Where a tariff or an alteration has been allowed or amended by the Authority, the public operator shall forthwith give public notification of the tariff, alteration or amended tariff in 2 newspapers for 3 consecutive days.

(8)

(a) Subject to subsection (9), where a public operator does not receive any communication from the Authority within 15 days of the date the public operator has submitted its tariff to the Authority, the tariff shall be deemed to have been allowed by the Authority.

(b)Paragraph (a) shall not apply to a public operator having significant market power.

(9) The Authority may:

(a) in the case of an operator not having a significant market power, at any time after the specified period of 15 days referred to in subsection (8)(a); or

(b) in the  case  of  an  operator  having  a significant market power, at any time after its tariff or alteration has been allowed by the Authority,

disallow or amend the tariff or alteration where:

(i) the information  submitted  under subsection (2)(b) or (5), as the case may be, is found to be incorrect or misleading in a material particular;

(ii) the tariff or alteration:

(A) is not calculated in accordance with such guidelines as the Authority may issue;

(B) is not accompanied by information required to be submitted under subsection (2)(b); or

(C) is otherwise in contravention of the Act or a directive issued by the Authority.

(Amended by Act nº 38 of 2011)

 

32.-  Confidentiality

(1) Every member or officer of the Authority shall

(a) before he begins to perform his duties under this Act, take the oath set out in the Third Schedule;

(b)  maintain, and aid in maintaining, the secrecy of any matter which comes to his knowledge in the performance, or as a result, of his duties under this Act.

(2) Any person who, without legal cause or reasonable excuse, contravenes subsection (1)(b) shall commit an offence.

(3) Every licensee or his employees or agent shall treat as confidential any message or any information relating to a message which comes to his knowledge in the course of his duties.

(4) Any person who, otherwise than in the course of his duties, makes use of, or records, a message or any information relating to a message that comes to his knowledge, or to which he has access, by reason of his position is a licensee, or as an employee or agent of a licensee, shall comment an offence.

(5)

(a) Nothing in this Act shall prevent a public operator or any of his employees or agents from intercepting, withholding or otherwise dealing with a message which he has reason to believe is:

(i) indecent or abusive;

(ii) in contravention of this Act;

(iii) of a nature likely to endanger or compromise State’s defence, or public safety or public order.

(b) Where a message is withheld pursuant to paragraph (a), the operator shall forthwith refer it to the Authority for such written directions as the latter may think fit.

(6)

(a) Nothing in this Act shall prevent a Judge in Chambers, upon an application, whether ex parte or otherwise, being made to him, by the Police, from making an order authorising a public operator, or any of its employees or agents, to intercept or withhold a message, or disclose to the police a message or any information relating to a message.

(b) An order under paragraph (a) shall:

(i) not be made unless the Judge is satisfied that the message or information relating to the message is material to any criminal proceedings, whether pending or contemplated, in Mauritius;

(ii) remain valid for such period, not exceeding 60 days, as the Judge may determine;

(iii) specify the place where the interception or withholding shall take place.

(7)  In this section “information and communicationmessage” means a message passing over an information and communication network, including telecommunication network;

“message” includes an information and communication message.

(Amended by Act nº 21 of 2016)

 

33.-  (Deleted by Act nº 13 of 2004)

 

PART VII .- ICT ADVISORY COUNCIL

 

34.-  Establishment of the Council

(1) There is established for the purposes of this Act an information and Communication Technologies Advisory Council known as the ICT Advisory Council.

(2) The Council consists of

(a) a Chairperson;

(b) a representative of the Prime Minister’s Office;

(c)   a representative of the Ministry responsible for the subject of Information Technology and Telecommunications;

(d) a representative of the Ministry of Finance;

(e) a representative of the Ministry of Economic Development;

(f) a representative of the Joint Economic Council;

(g) a representative of the Mauritius Chamber of Commerce and Industry;

(h) 3 other persons representing the interests of consumers, purchasers and other users of information and communication services, including telecommunication services.

(3) The members of the Council, except the ex-officio members, shall be appointed by the Minister

(4) The Council may co-opt persons with specialized qualifications and experience to assist the Council at any of its meetings.

(5) Every member of the Council shall hold office on such terms and conditions as the Minister thinks fit.

(6)  The Council shall meet at least once every month or at such other time as the Chairman may decide.

(7)  Five members of the Council shall constitute a quorum.

 

35.-  Functions of the Council

The Council shall advise the Minister on any matter relating to:

(a) the promotion of the interests of consumers, purchasers and other users in respect of

(i) the  quality and variety of information and communication services including telecommunication services provided;

(ii) the information and communication equipment including telecommunication equipment and facilities supplied;

(iii) the effect of the tariff Policy adopted by the Authority;

(b) the promotion of research into, and the development and use of, new information and communication techniques including telecommunication techniques;

(c) the improvement of information and communication services including telecommunication services;

(d) information and communication technologies including telecommunications which, in its opinion, should be referred to the Minister;

(e) information and communication technologies including telecommunications which may be referred to it by the Minister or by the Authority.

 

PART VIII.-  ICT APPEAL TRIBUNAL

 

36.-  Establishment of the ICT Appeal Tribunal

(1) There is established for the purposes of this Act an Information Technologies Appeal Tribunal known as the ICT Appeal Tribunal which shall consist of :

(a) a Chairperson and a Deputy Chairperson, who shall be barristers of not less than 10 years standing, appointed by the Public Service Commission; and

(b) such other members, not exceeding 4 in number, as may be                       appointed by the Minister after consultation with the Prime Minister.

(2) Every member other than the Chairperson and Deputy Chairperson shall hold office on such terms and conditions as the Minister may determine.

(3) The members other than the Chairperson and Deputy Chairperson of the Tribunal shall hold office for a term of 3 years and may be eligible for reappointment.

(4) Where the Minister is of opinion that the state of business at the Tribunal requires that the number of members should be temporarily increased, he may, after consultation with the Prime Minister, appoint such members on an ad hoc basis and for such period as he considers necessary to serve on the Tribunal.

(5) The members other than the Chairperson and Deputy Chairperson shall be paid such fees as the Minister may approve.

 

37.-  Staff of the Tribunal

The Tribunal will be provided with such public officers as are necessary for the proper functioning of the Tribunal.

 

38.-  Disqualification from membership

No person shall be eligible to remain a member of the Tribunal if:

(a) he is found guilty of any misconduct or default in the discharge of his duties as a member which renders him unfit to be a member;

(b) he is convicted of an offence of such nature as renders it desirable that he should be removed from office; or

(c) he is suffering from such mental or physical infirmity as renders him unfit to discharge his duties as a member.

 

39.- Jurisdiction of the Tribunal

(1) The Tribunal shall hear and dispose of any appeal against a decision of the Authority regarding information and communication technologies.

(2) No appeal shall lie against any decision made by the Tribunal following a settlement reached with the consent of the parties or their representatives.

(3) Subject to subsection (4), every appeal under subsection (1) shall be lodged within a period of 21 days from the date of notification of the decision to the aggrieved person and it shall be in such form and be accompanied by such fee as may be prescribed.

(4) The Tribunal may entertain an appeal after the expiry of the said period of 21 days if it is satisfied that there was sufficient cause for not lodging it within that period.

(5) The Tribunal may, after giving the parties to the appeal an opportunity of being heard, pass such orders as it thinks fit, confirming, varying or setting aside the decision appealed against.

(6) The Tribunal shall send a copy of every order made by it to the parties to the appeal and to the Authority.

(7) Any appeal filed before the Tribunal under subsection (1) shall be dealt with by it as expeditiously as possible and the Tribunal shall endeavour to dispose of the appeal within 6 months from the date the appeal was lodged.

 

40.-  Procedure and powers of the Tribunal

(1) The Tribunal shall sit at such place and time as the Chairperson of the Tribunal may determine.

(2) Where the Tribunal adjourns any proceedings, it may resume them at such place and time as the Chairperson of the Tribunal may determine.

(3) Subject to any regulations made under section 48, all appeals before the Tribunal shall be instituted and conducted:

(a) as far as possible in the same manner as proceedings in a civil matter before a District Magistrate;

(b) in accordance with the law of evidence in force in Mauritius;

(c) in public, except where the Tribunal otherwise orders on the ground of public safety or public order or the privacy of persons concerned.

(4) The Tribunal may:

(a) make such orders for requiring the attendance of persons and the production of articles, documents or other electronic records, as it thinks necessary or expedient;

(b) take evidence on oath and may for that purpose administer oaths;

(c) on its own motion, call and hear any person as witness; and

(d) adopt such procedures as may be necessary for the proper functioning of the Tribunal.

(5) Any person who:

(a) fails to attend Tribunal after having been required to do so under subsection (4);

(b) refuses to take an oath before the Tribunal or to answer fully and satisfactorily to the best of his knowledge and belief any question lawfully put to him in any proceedings before the Tribunal or to produce any article or document when required to do so by this Tribunal;

(c) knowingly gives false evidence or evidence which he knows to be misleading before the Tribunal;

(d)  at any sitting of the Tribunal:

(i) wilfully insults any member thereof;

(ii)  wilfully interrupts the proceedings, or commits any contempt of the Tribunal, shall commit an offence.

 

41.-  Right to legal representation

The appellant may prosecute his appeal either in person or by a legal practitioner.

 

42.-  Determination of the Tribunal

(1) For the purpose of hearing and determining any cause or matter under this Act, the Tribunal shall be constituted of the Chairperson or Deputy Chairperson and at least any 2 of its members;

(2) Where the Tribunal is unable to reach a decision by unanimity, the Tribunal shall proceed to give its determination by a majority.

(3) A member of the Tribunal who has a direct interest in any cause or matter which is the subject of proceedings before the Tribunal shall not take part in those proceedings.

(4) Subject to section 43, a decision or finding of the Tribunal on any cause or matter before it shall be final and binding on the parties.

(5) On hearing an appeal, the Tribunal may confirm, amend, vary or cancel any decision referred to in section 24.

(6) Where a decision is confirmed or amended, the tribunal shall specify the delay within which it shall be complied with.

(7) Any person who fails to comply with a decision confirmed or amended by the Tribunal, shall commit an offence.

(8)

(a) The Tribunal may make such order as to costs as may be prescribed.

(b) An order made under paragraph (a) shall be enforced in the same manner as an order for costs in proceedings before a Magistrate.

(9) Proceedings before the Tribunal shall be exempt from registration dues.

 

43.-  Appeal to the Supreme Court

(1) Any party who is dissatisfied with the decision or findings of the Tribunal relating to an appeal as being erroneous in point of law may appeal to the Supreme Court.

(2) Any party wishing to appeal to the Supreme Court under subsection (1) shall within 21 days of the date of the decision of the Tribunal

(a) lodge with, or send by registered post to, the Chairperson of the Tribunal a written application requiring the Tribunal to state and sign a case for the opinion of the Supreme Court on the grounds stated therein;

(b) at the same time, forward a copy of his application by registered post to the other party.

(3) An appeal under this section shall be prosecuted in the manner provided by rules made by the Supreme Court.

 

44.-  Decision not suspended on appeal

No appeal to the Tribunal or the Supreme Court shall have for effect the suspension of any decision of the Authority.

 

PART IX .-  MISCELLANEOUS

 

45.-  Protection of members and officers

No liability, civil or criminal, shall attach to any member or officer of the Authority, or to the Authority, in respect of any loss arising from the exercise in good faith by a member or an officer or the Authority of his or its functions under this Act.

 

45A.-  Execution of documents

No deed or document relating to financial matters shall he executed or signed by or on behalf of the Authority unless it is signed by:

(a) the Chairperson or, in his absence, any other member designated by the Board; and

(b) the Executive Director or, in his absence, any other employee designated by the Executive Director.

(Added by Act nº 21 of 2016)

 

46.- Offences Any person who:

(a) by any form of emission, radiation, induction or other electromagnetic effect, harms the functioning of an information and communication service, including telecommunication service;

(b) with intent to defraud or to prevent the sending or delivery of a message, takes an information and communication message, including telecommunication message from the employee or agent of a licensee;

(c) with intent to defraud, takes a message from a place or vehicle used by a licensee in the performance of his functions;

(d) steals, secretes or destroys a message;

(e) wilfully or negligently omits or delays the transmission or delivery of a message;

(f) forges a message or transmits or otherwise makes use of a message knowing that it has been forged;

(g) knowingly sends, transmits or causes to be transmitted a false or fraudulent message;

(ga) uses telecommunication equipment to send, deliver or show a message which is obscene, indecent, abusive, threatening, false or misleading, or is likely to cause distress or anxiety;

(h) uses, in any manner other than that specified in paragraph (ga), an information and communication service, including telecommunication service,

(i) for the transmission or reception of a message which is grossly offensive, or of an indecent, obscene or menacing character; or

(ii) for the purpose of causing annoyance, inconvenience or needless anxiety to any person;

(iii) for the transmission of a message which is of a nature likely to endanger or compromise State defence, public safety or public order.

(i) dishonestly obtains or makes use of an information and communication service, including telecommunication service with intent to avoid payment of any applicable fee or charge;

(j) by means of an apparatus or device connected to an installation maintained or operated by a licensee:

(i) defrauds the licensee of any fee or charge properly payable for the use of a service;

(ii) causes the licensee to provide a service to some other person without payment by such other person of the appropriate fee or charge; or

(iii) fraudulently installs or causes to be installed an access to a telecommunication line;

(k) wilfully damages, interferes with, removes or destroys an information and communication installation or service including telecommunication installation or service maintained or operated by a licensee;

(ka) wilfully tampers or causes to be tampered the International Mobile Station Equipment (IMEI) of any mobile device;

(l) establishes, maintains or operates a network or service without a licence or in breach of the terms or conditions of a licence;

(m) without the prior approval of the Authority, imports any equipment capable of intercepting a message;

(n) discloses a message or information relating to such a message to any other person otherwise tan:

(i) in accordance with this Act;

(ii) with the consent of each of the sender of the message and each intended recipient of the message;

(iii) for the purpose of the administration of justice, or

(iv) as authorised by a Judge;

(na) knowingly provides information which is false or fabricated;

(o) except as expressly permitted by this Act or as authorized by a Judge, intercepts, authorises or permits another person to intercept, or does any act or thing that will enable him or another person to intercept, a message passing over a network;

(p) in any other manner contravenes this Act or any regulations made under this Act, shall commit an offence.

(Amended by Act nº 21 of 2016)

 

47.-  Penalties

(1) Any person who commits an offence under this Act, shall, on conviction, be liable to a fine not exceeding 1,000,000 rupees and to imprisonment for a term not exceeding 5 years.

(2) The Court before which a person is convicted of an offence under this Act may, in addition to any penalty imposed pursuant to subsection (1), order:

(a) the forfeiture of any installation or apparatus used in connection with the offence;

(b)  the cancellation of the licence held by the person convicted;

(c)   that the person convicted shall not be issued with a licence for such period as the Court thinks fit;

(d)   that a service provided to a person convicted of an offence under this Act shall be suspended for such period as the Court thinks fit.

(3) An offence under this Act shall:

(a) be triable by the Intermediate Court;

(b)   not be triable by a District Court.

 

48.- Regulations

(1) The Minister may, after consultation with the Board, make such regulations as he thinks fit for the purpose of this Act.

(2) Any regulation made under subsection (1) may provide:

(a) for the levying of fees and taking of charges;

(b)   for an amendment of the Schedules;

(c)   for the prescription of charging principles on the recommendation of the Board and such other matters as may be prescribed under this Act;

(d) that any person who contravenes them shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding one year.

(Amended by Act nº 21 of 2016)

 

49.-  Repeal

The following enactments are repealed:

(a) The Telecommunications Act 1998;

(b) Section 21A of the National Computer Board Act 1988.

 

50.-  Consequential amendments

(1) The Central Tender Board Act is amended in the First Schedule, in Part IV, by inserting in its appropriate alphabetical order, the following ítem:

The Information and Communication Technologies Authority.

(2) Subject to subsections (3) and (4), the Schedule to the Statutory Bodies (Accounts and Audit) Act is amended in Part II by adding the ítem:

The Information and Communication Technologies Authority.

(3) For the purposes of the Statutory Bodies (Accounts and Audit) Act, the period extending from the commencement of this Act to 30 June next following shall be deemed to be the first financial year of the Authority.

(4) Section 7(1) of the Statutory Bodies (Accounts and Audit) Act shall not apply in relation to the first financial year of the Authority.

(5) The auditor to be appointed under section 5(1) of the Statutory Bodies (Accounts and Audit) Act shall be the Director of Audit.

(6) The Independent Broadcasting Authority Act 2000 is amended in the First Schedule by inserting therein the following ítems:

Subscription Television Rebroadcasting Services Licence.

Subscription Television Direct to Home Satellite Broadcasting

Service Provider Licence”

 

51.-  Transitional provisions

(1) Every tariff allowed or amended by the Authority under the repealed section 31 shall cease to be valid 6 months after the coming into operation of section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions) (No.2) Act 2011.

(2) Every tariff submitted to the Authority under the repealed section 31, pending before the commencement of section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions nº 2 Act 2011), shall, on the commencement of that section, be dealt with in accordance with section 31.

(3) Every public operator shall, at least 15 days before the expiry of the period of 6 months referred to in subsection (1), submit to the Authority, in such form and manner as the Authority may determine, with a tariff for every information and communication service which he wishes to continue to supply, in accordance with section 31.

(4) Every tariff submitted to the Authority under subsection (3) shall be in conformity with section 31.

(5) In subsections (1) and (2):

“repealed section 31” means the section 31 repealed by section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions nº 2 Act 2011).

(Added by Act nº 38 of 2011)

 

SECTION (1 – 9) BELOW SPENT AS PER LEXIS NEXIS

(1) Every act done by, or in relation to, the Mauritius Telecommunication Authority established under section 4 of the Telecommunications Act 1998 shall be deemed to have been done, or commenced, as the case may be, by or in relation to the Authority.

(2)    Notwithstanding subsection (1), every person who has before the commencement of this Act been licensed under the Telecommunications Act 1998 for the operation of a telecommunication network or service shall

(a) be deemed to be licensed for a period not exceeding 3 months after the coming into operation of this Act, after which he shall surrender his licence or authority granted to him; and

(b) furnish to the Authority such further information as it may require concerning his operation under that licence or authority.

(3) Section 20(2) shall not apply to the first financial year of the Authority.

(4) Notwithstanding section 24 and subject to subsection (9), no public operator or any other person shall, in respect of the period commencing on the date of coming into operation of this Act and not extending beyond 31 December 2002, supply or offer to supply telecommunication services between places within Mauritius and places outside Mauritius otherwise than in accordance with an interconnection agreement with the Mauritius Telecom Ltd.

(Amended by Act nº 22 of 2002)

(5) A person who uses or provides a service otherwise than specified in subsection (4) shall commit an offence and shall be liable to a fine not exceeding 1,000,000 rupees and to imprisonment not exceeding 5 years.

(6) The Court may, in addition to the penalty imposed under subsection (5), order disconnection of any installation of apparatus used in the commission of the offence.

(7) It shall not be a defence to any prosecution under subsection (5) that the person prosecuted did not know of the non-existence of the interconnection agreement referred to in that subsection.

(8)   For the purposes of subsection (5)

(i) “a telecommunication service between places within Mauritius and places outside Mauritius” includes a “call back service”;

(ii)   “a call back service” includes a service permitting an international call to be made by a caller or subscriber in Mauritius whereby a foreign telecommunication service provider, or a reseller in a foreign country, initiates a return call or provides a dialling tone which enables the caller or subscriber to make an international call through the foreign telecommunication service provider or the reseller resulting in Mauritius Telecom Ltd being deprived of international call charges.

(9) Notwithstanding any other provision of this Act, the Mauritius Telecom Ltd shall be deemed to have, for period not extending beyond 31 December 2002, the exclusive right to supply, or to enter into an interconnection agreement or other appropriate agreement for the supply of telecommunication services between places within Mauritius and places outside Mauritius.

(10) The type of licences defined in the First Schedule shall continue until and unless the Authority determines otherwise.

(Amended by Act nº 33 of 2002)

 

52.-   Commencement

Proclaimed by:

(Proclamation nº 6 of 2002) w.e.f. 11th February 2002 (Section 1 and Part VII)

(Proclamation nº 27 of 2002) w.e.f. 1st June 2002 (Sections 2 and 3, PARTS II to VI and PART IX)

(Proclamation nº 35 of 2003) w.e.f. 1st December 2003 Part VIII

10Jul/17

Decision of the President of the Communications Regulatory Authority nº 7 of 2016,

Decision of the President of the Communications Regulatory Authority nº 7 of 2016, promulgating the Template Standard Access Offer (Passive Infrastructure)

The President of Communications Regulatory Authority,

Pursuant to the Telecommunications Law, promulgated by Law nº 34/2006 (especially Articles 18, 19, 45, 53, and 62),

Amiri Decision nº 42/2014 Establishing the Communications Regulatory Authority,

Decision of the Board of Supreme Council of Information and Communications Technology nº 1/2009 promulgating the Telecommunications by-law,

Council of Ministers Decision nº 51/2014 Establishing the Telecommunication Infrastructure Coordination Committee,

Decision of the President of the Communications Regulatory Authority nº 3 of 2015

Promulgating the Passive Civil Infrastructure Access Regulation, and Having consulted with stakeholders,

Has decided as follows:

Article 1

Access Providers must comply with the Template Standard Access Offer (Passive Civil Infrastructure) attached hereto when preparing a standard access offer for passive civil infrastructure.

Article 2

All competent authorities, each within its jurisdiction, shall implement this Decision, which shall take effect from publication in the official website of the Communications Regulatory Authority.

Mohammed Ali Al-Mannai
President of Communications Regulatory Authorit

10Jul/17

Decision of the Presidente of the Communications Regulatory Authority nº 3 of 2015, promulgating the Passive Civil Infrastructure Access Regulation

Decision of the Presidente of the Communications Regulatory Authority nº 3 of 2015, promulgating the Passive Civil Infrastructure Access Regulation

The President of Communications Regulatory Authority,

Pursuant to the Telecommunications Law, promulgated by Law nº 34/2006 (especially Articles 18, 19, 45, 53, and 62),

Amiri Decision nº 42/2014 Establishing the Communications Regulatory Authority,

Decision of the Board of Supreme Council of Information and Communications Technology nº 1/2009 promulgating the Telecommunications by-law,

Council of Ministers Decision nº 51/2014 Establishing the Telecommunication Infrastructure Coordination Committee, and

Having consulted with stakeholders,

Has decided as follows:

Article 1

The Passive Civil Infrastructure Access Regulation attached hereto shall come into force.

Article 2

All competent authorities, each within its jurisdiction, shall implement this Decision, which shall take effect three months after publication in the Official Gazette.

Mohammed Ali Al-Manai
President of Communications Regulatory Authority

 

Passive Civil Infrastructure Access Regulation

1. Definitions

For the purposes of this Regulation, unless the context otherwise requires:
Authority means the Communications Regulatory Authority.

[Access means Access]

Access Agreement means an agreement between the Access Provider and Access Seeker for the provision of access to Passive Civil Infrastructure.

Access Provider means any person who owns, builds, or directly controls access to Passive Civil Infrastructure.

Access Seeker means a Service Provider.

Access Request means a request for access made by an Access Seeker, based on an Access Agreement, for access to Passive Civil Infrastructure.

Bottleneck Facility means a facility that cannot feasibly be economically or technically substituted in order to provide a Telecommunications Service in a reasonable amount of time or which based on prevailing state of competition is necessary to enable fair competition in the State of Qatar.

Regulatory Framework means the Telecommunications Law (Decree nº 34 of 2006) and any decisions based on that law, including the Executive By-Law for the Telecommunications Law (Decree nº 1 of 2009), and individual icenses.

Passive Civil Infrastructure means physical facilities or supporting facilities that are considered a Bottleneck Facility.

Standard Access Offer means a set of binding minimum terms and conditions to be included in an Access Agreement between an Access Providers and an Access Seekers.

2. Purpose and Application

2.1 The objectives of this Regulation are:

(a) To establish the obligation for Access Providers to grant access to Access Seekers;

(b) To enable Service Providers to seek access to Passive Civil Infrastructure;

(c) To provide clarity and certainty in relation to the supply of access to Passive Civil Infrastructure by setting out minimum terms and conditions:

(i) on which an Access Provider will make the Passive Civil Infrastructure available to Access Seekers;

(ii) which an Access Seeker must meet in seeking access to the Passive Civil Infrastructure made available by the Access Provider; and

(d) To be sufficiently flexible to deal with change as it occurs.

2.2 This Regulation does not apply to the following:

(a) Real estate developments, unless they are of one hundred (100)
residential or twenty (20) commercial dwellings and above or buildings of five (5) stories high or above.

(b) Electronic transmission equipment or telecom cables

2.3 Access Providers include:

(a) Real estate developers;

(b) Service Providers;

(c) Government entities; and

(d) Other Non-Governmental Organizations (NGO) or private entities.

2.4 Passive Civil Infrastructure includes:

(a) drop and lead in ducts, conduits, manholes, hand holes, cable trays,
equipment mounting, riser shafts and overhead aerial;

(b) telecommunications towers, masts and rooftops;

(c) collocation spaces in telecommunications rooms and central offices, and cabinets, including ancillary collocation facilities, and any additional space which cannot be leased or otherwise disposed of, and which form part of the Telecommunications Network;

(d) equipment such as air conditioning units, back-up generators, and any
associated storage facilities for such equipment such as cabins, racks,
telecoms rooms or cupboards that are ancillary to the establishment of a
Telecommunications Network; and

(e) means to access electrical power connections and the capacity for the
required power.

3. Access Principles

3.1 An Access Provider must provide access:

(a) on reasonable terms and conditions;

(b) on a non-discriminatory basis, unless objectively justified;

(c) on terms and conditions proportionate to the request;

(d) on a timely basis in accordance with established processes;

(e) in accordance with transparent procedures;

(f) where it is technically feasible; and

(g) by negotiating in good faith for alternative solutions in cases of insufficient capacity.

4. Non-Discrimination Obligation

4.1 An Access Provider must not discriminate:

(a) between Access Seekers;

(b) in favour of any party;

(c) where the Access Provider supplies a service to itself, or in favour of itself; or

(d) on any basis including product, price, processes, quality and engineering rules.

4.2 An Access Provider is exempt from the obligation in previous paragraph if
differences are objectively justifiable, and as far as the Access Provider notifies in writing the Access Seeker and the Authority of such justifications, regardless of the ownership status of any entity.

5. Standard Access Offer

5.1 An Access Provider must only offer access to Passive Civil Infrastructure
through a Standard Access Offer that is compliant with this Regulation.

5.2 A Standard Access Offer must follow the templates issued by the Authority,
following consultations with stakeholders and the Passive Civil Infrastructure
Committee.

5.3 The Standard Access Offer must set out, as a minimum:

(a) a description of each access component and the related procedures for
seeking access, including forecasting, ordering, provisioning and billing
procedures as well as ongoing operations and maintenance;

(b) the process to enable Access Seekers to obtain information such as
diagrams, maps and other information showing the location and routes of the Passive Civil Infrastructure;

(c) the necessary technical specifications of access to any and all of the
components of the Passive Civil Infrastructure;

(d) processes for the reservation of capacity;

(e) the applicable charges for access to any and all of the components of the Passive Civil Infrastructure;

(f) the conditions related to service level agreements (SLAs), including the
relevant monitoring mechanisms and where relevant provision for
compensation should the service not be provided according to the SLAs;

(g) the financial security requirements to be imposed, set against the terms  and conditions of the facilities or services provided;

(h) conditions related to maintenance, site access, and safety standards;
and

(i) conditions related to decommissioning of services.

5.4 Access Providers must not offer access to Passive Civil Infrastructure through a new Standard Access Offer, or materially change a previously approved one, unless approved by the Authority, in accordance with the following:

(a) If the Authority does not issue a decision within (10) working days, the
Standard Access Offer is deemed approved.

(b) If the Authority determines that the Standard Access Offer is in violation of the Regulatory Framework, it may issue an Order requiring the Access Provider to amend the Standard Access Offer, and provide guiding templates for this purpose.

(c) If the Access Provider does not resubmit a compliant Standard Access
Offer within (20) working days of notice of an Order issued under the
previous paragraph, the amendment proposed by the Authority shall be
deemed made by the Access Provider and approved by the Authority.

5.5 An Access Provider must publicly disclose (on its website or any other suitable media) all Standard Access Offers approved by the authority under previous paragraph no later than twenty (20) Working Days after the approval.

6. Negotiation

6.1 When an Access Provider negotiates an Access Agreement with an Access Seeker:

(a) both parties must use their best endeavours to conclude the Access
Agreements within sixty (60) Working Days of a written request to
commence negotiations;

(b) negotiations must be conducted in good faith and a commercially
reasonable terms and conditions.

6.2 An Access Provider must register with the Authority any Access Agreement
within five (5) Working Days of its conclusion.

6.3 If negotiations are not completed within the sixty (60) Working Days, an Access Provider or Access Seeker may, at any time, request the Authority to intervene under the dispute resolution rules issued under Article 61 of the
Telecommunications Law.

7. Ordering

7.1 An Access Request must be in writing, reasonable and contain at least the
following information:

(a) the name and contact details of the Access Seeker;

(b) the timeline for access for when access is required;

(c) the facilities and/or services in respect of which access is sought setting
out the:

(i) Route Access Request (RAR): Defined start and end point of the
required route, and/or;

(ii) Area Access Request (AAR) a specific area or development site
as a whole or part;

(d) a forecast of the capacity the Access Seeker will require.

7.2 Access to Passive Civil Infrastructure may be requested in whole or in part.

7.3 The Access Provider must within ten (10) Working Days of receipt of an Access Request, respond to the Access Seeker in writing acknowledging receipt of the Access Request, and either accept or reject it.

7.4 If the Access Provider accepts the Access Request, the Access Provider must state reasonable timing for making available all schematics, diagrams and pertinent information detailing the passive Civil Infrastructure pertaining to the specifics of the Access Request.

7.5 If the access seeker does not provide information required with the Access
Request, or the information provided is irregular, the Access Provider must
inform the Access Seeker within (5) Working Days of the Access Request of
any steps that need to be taken to complete the information required to process the Access Request, and give the Access Seeker five (5) Working Days for that purpose. Once the information is received from the Access Seeker, the Access Provider must reconsider the Access Request in accordance with this Regulation.

7.6 Without limiting any other grounds that may be relied upon under law, an
Access Provider must not refuse an Access Request, except on the grounds
that:

(a) The Access Seeker has not provided all of the information required in
accordance with this Regulation after being given the opportunity to rectify the omissions in accordance with the procedures above;

(b) It is not technically feasible to provide access to the facilities or services
requested by the Access Seeker;

(c) The Access Provider has insufficient capacity to satisfy the request as the Passive Civil Infrastructure is already consumed to capacity or near full capacity, or reserved for future use by the Access Provider or another Access Seeker.

7.7 If a Passive Civil Infrastructure is reserved for use by another Access Seeker, such use must commence no later than six (6) months from the date such Access Seeker makes the Access Request; otherwise, it shall be considered available.

7.8 If access is refused due to capacity constraints, and without violating the
capacity constraints requirements set out in the this Regulation, the Access
Provider must offer alternative options to the Access Seeker within twenty (20)
Working Days from the rejection notice.

7.9 The Access Provider and the Access Seeker may define shorter timeframes in their Access Agreement, but cannot extend the timeframe without the approval of the Authority upon reasonable justification.

7.10 If the Access Provider does not respond to the Access Request within the
timeframe prescribed in this regulation, the parties may refer the dispute to:

(a) the Passive Civil Infrastructure Committee for an amicable solution within five (5) Working Days, or

(b) the Authority in accordance with dispute resolution rules issued under
Article 61 of the Telecommunications Law.

8. Access Provisioning

8.1 An Access Provider must provide access to the Passive Civil infrastructure
within twenty (20) Working Days of accepting an Access Request.

8.2 If an Access Provider cannot reasonably meet the accepted Access Request within the requested timeframe, the Access Provider must enter into good-faith negotiations with the Access Seeker in regard to an alternative reasonable timeframe for provisioning access to the Passive Civil Infrastructure.

9. Capacity Constraints

9.1 Where new Passive Civil Infrastructure is to be deployed by an Access
Provider, the Access Provider must offer to the Access Seeker the following:

(a) to enter into a joint-investment agreement to build and finance the new
Passive Civil Infrastructure, as far as the Access Seekers and the Access Provider are licensed Service Providers. The agreement shall be reciprocal and govern how both parties will build and share Passive Civil Infrastructure. The right of each party must be based on a percentage of the respective investments and corresponding capacity allocation.

(b) an Indefeasible Right of Use covering a minimum commitment period of
twenty (20) years; or

(c) a lease agreement upon a reasonable and proportionate minimum
commitment from an Access Seeker.

9.2 In order to foster investment in Passive Civil Infrastructure by Service
Providers, a “surcharge” may be applied to (b) and (c). The surcharge shall be
determined at the sole discretion of the Authority.

9.3 If an Access Provider is unable to provide access due to insufficient capacity in existing Passive Civil Infrastructure, it must offer the Access Seeker, if technically feasible, to:

(a) scale the Passive Infrastructure and offer the Access Seeker an
Indefeasible Right of Use covering a minimum commitment period of twenty (20) years; or

(b) scale the Passive Infrastructure and offer the Access Seeker to enter into a lease agreement upon minimum commitment from Access Seekers.

9.4 Access Providers and Access Seekers must abide by the following:

(a) Access Providers and Access Seekers must enter into confidentiality
agreements with rules governing how information about an Access
Provider’s roll-out plans are not used by Access Seekers to gain unfair
competitive advantage;

(b) an Access Provider must notify all Access Seekers in writing of any
planned construction work of a Passive Civil Infrastructure for purposes of developing an infrastructure sharing plan prior to the design and planning stages and no less than six (6) month prior to commencing the planned construction work;

(c) An Access Provider must consult with all Access Seekers on the design  and planning of the planned construction works; and

(d) Access Seekers must respond to the request to develop the infrastructure sharing plan within one (1) month from receipt of the build/change notification, subject to subsections (a) to (c) above.

10. Removal or Modification of Existing Physical Infrastructure

10.1 An Access Provider must issue a notice in writing to Access Seekers to whom access has been granted prior to conducting any civil works necessitating the removal or modification of any component of the Passive Infrastructure. The Access Provider must state in the notice the commencement date and duration of the removal or modification work. Except in cases of emergency, the notice must be issued no less than three months prior to the commencement of the planned works.

10.2 For any civil work carried out by an Access Provider which involves
modification of the Passive Infrastructure, the Access Provider must ensure
that the modified infrastructure is compliant with the Regulatory Framework,
through the following:

(a) Where the Passive Civil Infrastructure was compliant with the
Regulatory Framework, the Access Provider shall reinstate the Passive Civil Infrastructure to its original condition of compliance, and

(b) Where the Passive Civil Infrastructure was not compliant with the
Regulatory Framework, the Access Provider must proceed to do all the
necessary improvements to the Passive Civil Infrastructure to ensure compliance, subject to feasibility and long term commitment from
Access Seekers for use of the modified infrastructure.

11. Charging Principles

11.1 Access to existing and new Passive Civil Infrastructure must be charged based on the cost of efficient service provision, according with the following principles:

(a) an Access Provider must be capable of demonstrating that charges are
derived from cost;

(b) Charges must not be based on the position the Access Provider enjoys in the market or in the area;

(c) Only costs which are directly associated with the provision of the Passive Civil Infrastructure can be taken into account.; and

(d) Charges shall be claimed only for the access capacity made effectively
available by the Access Provider to the Access Seeker and no minimal
charge shall be claimable.

11.2 The charges may include a reasonable rate of return on investment, and the following cost elements:

(a) Depreciation of the relevant assets and cost of capital;

(b) Operating costs for the Passive Civil Infrastructure in direct relation to
the access effectively granted;

(c) Operating cost for maintenance in direct relation to the access effectively granted; and

(d) Wholesale cost management.

11.3 An Access Provider must submit all charges relating to access to Passive Civil Infrastructure, with justifications, to the Authority for approval at least thirty (30) Working Days prior to implementation date; and the Access Provider must adjust the charges as directed by the Authority.

11.4 The Authority may consult with the Access Provider and may rely on
international best practice in seeking any adjustments to the charges.

11.5 Access Providers must maintain a record of all applicable charges issued and payments received.

11.6 If the Access Provider’s charges are not in accordance with the Regulatory Framework, the Authority may, at any time, set the relevant charges to be applied by the Access Provider.

12. Confidentiality

12.1 Whenever any or all of the components of the Passive Civil Infrastructure is supplied to an Access Seeker the following provisions apply:

(a) An Access Provider will keep all Access Seeker confidential information in confidence and will not disclose Access Seeker confidential Information to any third party other than as necessary for the provision of the Access to that Access Seeker;

(b) An Access Seeker will not use the Access Provider confidential information other than for the stated purpose.

13. Financial Security

13.1 An Access Provider and an Access Seeker must require the other to provide a financial security of a reasonable amount set against the respective obligations in the Access Agreement.

13.2 The Access Provider and Access Seeker shall be entitled to draw down on the security payment in accordance with the terms and conditions set out in the Access Agreement.

14. Reporting

14.1 An Access Provider must:

(a) Supply at least on an annual basis to the Authority all information on
deployment of Passive Civil Infrastructure already underway or planned
over the next six (6) months;

(b) Provide a report to the Authority and to Access Seekers which signed an Agreement based on Standard or Reference Offers on the service level agreement as prescribed in accordance with the Standard Access Offer.

15. Monitoring

15.1 Where the Authority has reasonable grounds to believe that there has been a violation of this Regulation, or where the Authority has received a complaint from any Access Provider or Access Seeker concerning non-compliance with this Regulation, the Authority may request in writing such information as is relevant to support its investigation of non-compliance with this Regulation which must be submitted within a reasonable period of time.

15.2 All complaints made to the Authority shall be managed in accordance with Article 61 of the Telecommunications Law and the Dispute Resolution Process, which shall not limit any party’s recourse to other legal remedies, including using the administrative courts.

15.3 Access Providers and Access Seekers must enable their respective technical systems to interface with an automated infrastructure management system implemented and operated by the Authority no later than six (6) months after the Authority implements the relevant system.

16. Non Compliance Fee

16.1 The Authority may impose a non-compliance fee on an Access Provider or an Access Seeker for breach of any obligation prescribed in this Regulation of Ten Thousand (10,000) Qatari Riyals for each specified non-compliance.

16.2 In the case of a continuing breach, the Authority may impose a non-compliance fee on the Access Provider and/or Access Seeker of One Thousand (1,000) Qatari Riyals for each day, or part of a day during which the specified noncompliance continues after a finding of non-compliance.

16.3 In the case of repeated non-compliance incidences, the non-compliance fee may be doubled for each specified non-compliance incident.

16.4 The Authority shall assess the appropriate non-compliance fee based on the seriousness of the non- compliance and its effect, on a case by case basis.

16.5 Notwithstanding the above, the Authority may issue an injunction to require the Access Provider and/or Access Seeker to do, or refrain from doing specific acts related to the specified non-compliance.

17. Telecommunication Infrastructure Coordination Committee

17.1 The powers of the Telecommunication Infrastructure Coordination Committee under this regulation is limited to making recommendations, and does not extend to decision making or dispute resolution.

18. Third Party

18.1 The Access Agreement must be signed between the Access Provider and the Access Seeker, and if the Access Provider delegates the operation or
management of such Passive Civil Infrastructure to a third party, including
Service Providers, the third party must adhere to all the obligations pursuant to this Regulation and such third party delegation will not exempt the Access
Provider of any of its obligations under this Regulation.

 

10Jul/17

Decree-Law nº 34 of 2006, Promulgating the Telecommunications Law

We, Hamad Bin Khalifa Al-Thani, the Emir of the State of Qatar,

In accordance with the Constitution and with regard to the following:

Law nº 11 of 1997 establishing the Qatari General Authority for Radio and Television, as amended by Law nº 9 of 2004;

Law nº 21 of 1998 concerning the conversion of the Qatari Public Telecommunications Establishment to a Qatari Shareholding Company;

Decree Law nº 36 of 2004 concerning the establishment of the Supreme Council for Telecommunications and Information Technology;

The proposal of the Supreme Council for Telecommunications and Information Technology; and the draft Law submitted by the Council of Ministers

Have decided the following Law:

Article 1.- Introduction

The provisions of the Telecommunications Law attached to this Law shall apply.

Article 2.- Introduction

The provisions of the attached Law shall apply to all government agencies, public bodies, institutions and persons, to all those who may have been granted special concessions or provisions concerning the regulation of telecommunications prior to the application of this Law, especially those subject to the provisions of the aforesaid Law nº 21 of 1998, and the Law of the Qatar Financial Centre by Law nº 7 of 2005, and Law nº 34 of 2005 of Free Zones Investment, and Law nº 36 of 2005 of establishing Free Zone for Science and Technology Park.

Article 3.- Introduction

The provisions of the attached Law shall not apply to:

1.      The content of the video and audio broadcast services which are subject to other statutory provisions.

2.      The content transmitted through IP networks telecommunications.

3.      The wireless devices or terminals which are imported or used by the armed forces, the Ministry of Interior or other security organizations.

Such parties shall abide by registering the data and frequencies of these devices or terminals. Registration shall be free of charge.

Article 4.- Introduction

The concession granted to Qatar Telecom (Qtel) under the aforementioned Law nº 21 of 1998 shall be revoked from the date of enforcing this Law, and all the powers and prerogatives concerning the organization of telecommunications, which were prescribed to Qatar Telecom (Qtel), shall devolve to the Supreme Council. Until a competitor Service Provider who is licensed under the attached Law starts to provide its services to the public, the company shall be committed to pay the annual fee provided for in Article 4 of the aforementioned Law nº 21 of 1998, and to provide the services it is undertaking in accordance with its provisions.

Article 5.- Introduction

Whoever owns operates or manages a Telecommunications Network, or provides telecommunications services in the State, at the enforcement date of this Law, shall operate according to the provisions of the attached law, within six months from the date of its enforcement. The Supreme Council has the power to extend this period.

Article 6.- Introduction

The Board of Directors shall issue the implementing regulation of the attached Law and the Secretary-General shall issue such other regulations, and  the Board of Directors shall also issue the decisions, orders, rules, instructions and circulars necessary to implement the provisions of the attached Law.

Article 7.- Introduction

Any articles contrary to the provisions of the attached Law shall be revoked

Article 8.- Introduction

All competent authorities, each in its jurisdiction, shall implement this decree, which shall be published in the Official Gazette.

Chapter One.- Definitions

 Article 1
In the application of the provisions of this Law, the following words and terms shall have the meanings assigned to them, unless the context otherwise requires:

Supreme Council: The Supreme Council of Telecommunications and Information Technology (I.C.T-Qatar).Board: Board of Directors of the Supreme Council.

Secretariat-General: The Secretariat-General of the Supreme Council.

Secretary-General: The Secretary General of the Supreme Council.

Qtel: Qatar Telecom (Qtel).

Telecommunications: Transmitting, broadcasting or receiving writing, signals, symbols, images, sounds, data, texts or information of any kind, by means of wired or wireless, optical or other electromagnetic means, or by any other means of telecommunications.

Telecommunications Network: Any wired, wireless, or fiber-optic system or
Electromagnetic systems to pass, convert and transfer the Telecommunications services between the endpoints of the network, including terrestrial networks, fixed, mobile and satellite networks and power transmission systems or other systems (to the extent used for Telecommunications), and switch networks with circuit or package (including those used to serve Internet Protocol), and the networks used to provide Broadcasting Services (including cable TV networks).

Radio Telecommunications: Any transmission, broadcasting or receipt of symbols, signals, texts, images, sounds, data, texts or information of any kind through electromagnetic waves in the Frequency Spectrum.

Transmission Service: Broadcasting radio and television programmes to the public free of charge, for payment or on the basis of subscription or any other basis, through the use of any type of Telecommunications Networks.

Terms of Service: General terms and conditions based on which the Service Provider provides the Telecommunications services to customers in accordance with the provisions of this Law.

Universal service: The provision of Telecommunications services to the public in accordance with the policy of Universal Service approved in accordance with the provisions of this Law.

Client: The person subscribing or using Telecommunications services, whether these services are for its own use or for resale.

Service Provider: the person licensed to provide one or more Telecommunications services to the public, or licensed to own, establish or operate a Telecommunications network to provide Telecommunications services to the public. It includes information providers or content provided by the Telecommunications Network.

Dominance: The dominance exercised by any person over the decisions of another person in any way, by enjoying an economic power which creates the authority to behave to a certain extent independently of competitors or customers, either directly through the ownership of shares or bonds, or indirectly through any contracts or agreements.

Dominant Service Provider: The Service Provider who enjoys a strong marketing or Dominance over a market or markets of the Telecommunications services in accordance with the provisions of Chapter IX of this Law.

Strong Position in the Market: The strong economic situation in the market for the Service Provider, which allows him to work independently of customers or competitors, or which allows him Dominance over the market or markets related to Telecommunications services, by working alone or together with others, all in accordance with the provisions of Chapter IX of this Law.

Telecommunications Facilities: Any facility, device, or other item used or which can be used in the transmission of Telecommunications services or in any process directly associated with the transmission of Telecommunications services.

Telecommunications Equipment: The equipment which can be linked directly or indirectly to a Telecommunications Network in order to send, transmit or receive Telecommunications services.

Interconnection: Physical and logical linking of the Telecommunications Networks used by the Service Provider itself or by a number of Service Providers, to enable the agents of the Service Provider to communicate among themselves or with customers belonging to another Service Provider, or enable them access to the services provided by another Service Provider.

Access: Access to Telecommunications Facilities or Telecommunications services between Service Providers, making these facilities, services, or both, available by the Service Provider for use by another Service Provider, according to specific terms and conditions, and on grounds of exclusive or non-exclusive rights to supply Telecommunications services, provided that the Access concept does not include, or will be applied to, the facilities or services for end users.

License: Individual or Class License issued pursuant to the provisions of Chapter III of this Law, or License to use the Frequency Spectrum, according to the provision of Chapter IV of this Law.

Licensee: The person holding a License in accordance with the provisions of this Law.

Individual License: The License granted to a particular person, in accordance with the provisions of Chapter III of this Law.

Class License: The License granted in accordance with the provisions of Chapter III of this Law to a defined group of Service Providers, which applies to any person within this category, without having to request this License.

Permit: Approval granted  for using the frequency or the provision of  Telecommunications service.

Frequency Spectrum: Spectrum of frequency that can be used in wireless Telecommunications according to the versions of the International Telecommunications Union.

License To Use The Frequency Spectrum: A License to use Frequency Spectrum, according to the plan, distributions, allocations and conditions set forth in Chapter IV of this Law.

Internet Protocol: Any set of Telecommunications protocols that define the standards of operational overlap, transmission and related systems within the Internet network, including the Transmission Dominance Protocol (TCP) and the protocol set (TCP/IP).

Frequency Band: Part of the Frequency Spectrum which begins with a frequency and ends with another.

National Plan For Frequency Spectrum: The plan which is prepared for the allocation and use of Frequency Spectrum to the concerned authorities.

Numbering: A pattern of serial numbers which defines a final point in the Telecommunications Network, and includes the information necessary to terminate calls to this final point.

Number Portability: Any service through which the Client can keep any current number without discomfort or any influence on the quality or availability of the service, when changing its position or moving from a Service Provider to another Service Provider.

National Numbering Plan: The plan prepared by the Secretariat-General for determining, allocating and distributing the numbers used in all Telecommunications services, or for any other purpose related to numbering.

International Rules: Any rules, instructions, orders, regulations, recommendations, guidelines, provisions, limitations, terminology, definitions or any other matters provided for in the agreements of the International Telecommunications Union and the Arab Union of Telecommunications, or any other agreements ratified by the State.

Chapter One: The Supreme Council of Telecommunications and Information Technology (I.C.T-Qatar)

Article 2.- Objectives

In addition to the objectives the Supreme Council is charged to achieve in accordance with the provisions of Article 3 of the aforementioned Decree Law nº 36 of 2004, it shall also achieve the following objectives:
  1. Developing the Telecommunications sector in order to promote national, social and economic development.
  1. Improving the performance of the Telecommunications sector in the State, by encouraging competition and promoting reliance on Telecommunications services.
  1. Encouraging the introduction of information technology and advanced and innovative Telecommunications to meet the needs of customers and the public.
  1. Increasing the benefits to customers and protecting their interests.
  1. Encouraging sustainable investment in the Telecommunications sector.
  1. Relying as much as possible on market forces for the protection of the interests of customers and the public.
  1. Determining and addressing non-competitive practices in the Telecommunications sector.
  1. Establishing a fair, objective and transparent licensing system for the Service Providers.
  1. Developing a system that meets the requirements of a fair competitive market through the promotion of Interconnection and related procedures between the Service Providers.
  1. Promoting the right of universal use of Telecommunications services.
  1. Adopting an effective accreditation system for the Telecommunications Equipment.
  1. Maintaining the organization of the Telecommunications sector in line with international norms.
  1. Ensuring the systematic development and regulation of the Telecommunications sector.

Article 3.- The Powers and Functions of the Council

The Board shall assume the following powers and functions:

  1. Granting, modifying, renewing, suspending, revoking and determining the conditions and procedures for issuance of the Individual and Class Licenses.
  2. Determining the fees of the Individual and Class Licenses and the charges for the License To Use The Frequency Spectrum, and any other fees or expenses to be paid by the Service Providers.
  3.  Adopting national plans for the Frequency Spectrum, numbering and adopting the Universal Service policy.

Article 4.- The Powers and Functions of the Secretariat-General

The Secretariat-General shall assume the following powers and functions:
  1. Granting, modifying, renewing, suspending and revoking Class Licenses and Permits and Licenses To Use The Frequency Spectrum, and determining the conditions and procedures for their issuance.
  1. Monitoring the compliance of Licensees with the terms of Licenses and Permits issued to them.
  1. Developing and managing the Frequency Spectrum plan and other scarce resources, ensuring optimal use, and maximizing their revenues to the extent required by International Rules.
  1. Developing and implementing the appropriate measures to prevent Service Providers carrying out anti-competitive practices.
  1. Developing the necessary procedures for the adoption of Telecommunications Equipment or their types that are connected to the Telecommunications Networks in the State, including the accreditation of the equipment that had already been accredited by other organizations or countries.
  1. Drawing up the terms of Interconnection and Access between Service Providers.
  1. Drawing up and managing the National Numbering Plan, and allocating numbers to Service Providers.
  1. Protecting the interests of customers, including the drawing up of rules for tariff regulation and standards of service quality, and monitoring the terms and conditions for providing Telecommunications services.
  1. Implementing any Universal Service program.
  1. Requesting information that will enable them to exercise their powers and perform their functions, including plans for developing the network or services, and financial, technical and statistical information, accounting records and other information.
  1. Verifying compliance with the provisions of this Law and its implementing regulations, and the rules and decisions issued in the implementation procedure.
The Secretariat-General, in order to achieve this, may use the services of specialized agencies, and academic or technical institutions or qualified consultants, to help perform some tasks and functions and cooperate and coordinate with ministries and other government agencies, bodies and public institutions.

Article 5.-  Secretary-General

The Secretary-General shall undertake all the technical, administrative and financial tasks of the Supreme Council as well as issuing regulations, decisions, orders, rules, instructions and circulars related to the organization of the Telecommunications sector, as determined by this Law and its implementing regulations, or as authorized by the Supreme Council.
The Secretary General shall give the Council a detailed annual report on aspects of the activities of the Telecommunications organization sector.

Article 6.-  Transparency and Non-Discrimination

The regulations, decisions, orders, rules, instructions and circulars issued pursuant to this Law must be transparent and non-discriminating between all Service Providers and other participants in the market.
It is not discrimination to take any decisions in accordance with the provisions of this Law and its implementing regulations, which would have a different impact on any Service Providers or any other participant in the market, when it is attributed to the particular circumstances of the aforementioned.
Article 7.- Conflict of Interest
None of the members of the Council, the Secretary-General or the staff of the Supreme Council may have any personal interest, direct or indirect, in the contracts concluded with or for the Supreme Council, the projects carried out, or Permits, works or activities which are issued in accordance with the provisions of this Law, or any other activities that are incompatible with the proper exercise of their responsibilities. In particular, the following shall be deemed prohibited personal interest in the application of the provisions of this Law:
  1. The basic or participatory ownership of any kind of the Telecommunications Network operator, Telecommunications Services Provider, or the manufacturer or supplier of Telecommunications Equipment, provided that he possesses more than five percent (5%) of any class of shares, any ordinary shares or debt securities whose value exceeds that set in any circular issued by the Council.
  2. Material benefit, or basic or participation ownership prohibited in accordance with the above item, which is transferred to any party concerned by virtue of this Article, as a result of a will or inheritance, or which becomes prohibited in accordance with any declaration made by the Board.
Conflict of interest, when realized according to the provision of any of the foregoing items, shall only cease if the material benefit or substantial or participatory ownership is reduced, to the extent set out in this Article, within three months from the date of transfer of the will or inheritance, or by the effective date of the pertinent declaration, as the case may be.
Article 8
All License fees of all kinds, and other fees and costs that the Service Providers shall pay, are from the funds realized by the Supreme Council from exercising its activities, which fall within the components of its financial resources in accordance with the provisions of Article 20 of the aforementioned Decree Law nº 36 of 2004.

Chapter Three.- Telecommunications Licenses

Article 9.- License Requirements

No person may, without a License, exercise any of the following:

  1. The provision of Telecommunications services to the public for a fee, direct or indirect, whether services are provided partly or as a whole. This includes the resale of Telecommunications services that are obtained from third parties, even if the beneficiary of this service is one person.
  2. Owning or operating a Telecommunications Network that is used to provide Telecommunications service to the public for a fee, direct or indirect.
  3.  Owning or operating any other Telecommunications Network.

 

Article 10.- Types of License

Telecommunications Licenses shall be as follows:
  1. Individual Licenses.
  1. Class Licenses.
The Secretariat-General shall publish the instructions that set forth the Telecommunications services and related activities that require Individual or Class Licenses, as determined by the implementing regulations of this Law.
Article 11.- License Provisions and Compliance
The Secretariat-General shall determine the fair and objective terms, conditions, procedures and standards required for the granting and renewal of Telecommunications Licenses in accordance with the provisions of this Law. The Secretary-General shall issue the relevant decisions, directives, orders and circulars, which shall be published in the Official Gazette.
The Secretariat-General shall have the power to monitor the extent of compliance, and scrutinize the Licensees with regard to the terms of their Licenses. The Secretary-General shall implement the work of this Dominance.
The Licensee who has an Individual License may only relinquish it to others with the approval of the Board. Regarding the category Licenses and Licenses To Use The Frequency Spectrum, they may only be waived after the approval of the Secretary-General.

Article 12.- Non-Renewal, Modification, Suspension and Revocation of Licenses

The Council shall, based on the proposal of the Secretary-General, have the right not to renew, modify, suspend or revoke the Individual Licenses. The Secretary-General shall have the same right regarding the Class Licenses, in any of the following circumstances:

  1. Repeated violation of the provisions of the Law, its implementing regulations, rules, decisions, and orders implementing it or any of the terms of the License.
  1. Non-payment of the fees prescribed for the License or for its renewal, or any other financial amount in accordance with the provisions of this Law and its implementing decisions.
  1. Death, or the expiration of a legal licensed person for any reason.
  1. Assignment of the License without the consent of the Council or the Secretary-General.
The Secretariat-General, in the event that the License is not renewed, or is modified, suspended or revoked, shall take appropriate measures to mitigate the negative impact that may ensue on the service and customers.

Chapter Fourth.- Frequency Spectrum

Article 13.- Frequency Spectrum
The Frequency Spectrum shall be a limited natural resource that is owned by the State, and the Supreme Council shall be the body responsible for organizing and managing all affairs relating to its use.

Article 14.- Procedures for the Management of the Frequency Spectrum

The Secretariat-General shall be entrusted with the management, allocation and distribution of frequencies in the Frequency Spectrum, systematically and effectively in accordance with the provisions of this Law and the relevant international norms. To this end, it may perform the following:

  1. Drawing up and maintaining the National Plan For Frequency Spectrum, and managing, distributing and allocating frequencies in accordance with that plan.
  2. Monitoring the implementation of the use of radio frequencies and Frequency Spectrum according to the National Plan For Frequency Spectrum, pertinent distributions and allocations and applicable License terms, and the preparation of the National Register for Frequencies wherein all information relating to frequencies, distribution, allocation and use are recorded.
  3. The formation of and supervision over committees and over any committee or committees existing to coordinate the uses of frequencies, including civil, non-civil and commercial uses. The Secretariat-General may issue the regulations and rules necessary for the establishment and operation of these committees.

 

Article 15.- Licenses To Use The Frequency Spectrum
No person may operate any Telecommunications device or use frequencies until obtaining a License to Use the Frequency Spectrum, or a Permit to use the frequencies.
Article 16.- The Obligations of Licensees Using The Frequency Spectrum
The Licensee shall use the Frequency Spectrum according to the conditions set forth in this Law, its implementing regulations, rules and orders, in accordance with the conditions set forth in the License granted to him.
The Secretariat-General may monitor the use of Frequency Spectrum, detect the use of unlicensed frequencies and verify the commitment of Licensees with the terms of the License.

Article 17.- The Conditions of Non-renewing, Modifying, Suspending or Revoking the  Licenses To Use The Frequency Spectrum

The Secretary-General may not renew, modify, suspend or revoke the issued Licenses to Use the Frequency Spectrum, in any of the following circumstances:

Repeated violation of the provisions of the Law, its implementing regulations, rules, decisions, and orders relating to it or any of the terms set out in the License.

Misusing the licensed frequencies or using them other than for the allocated purposes.

Non-payment of the fees prescribed for the License or for its renewal, or any other financial amount in accordance with the provisions of this Law and its implementing regulations.

Death or the expiration of the legal licensed person for any reason.

Assignment of the License without the consent of the Secretary-General.

The Secretariat-General, in the event that the License to Use the Frequency Spectrum is not renewed, or is modified, suspended or revoked, shall take appropriate measures to mitigate the negative impact that may ensue on the service and customers.

Chapter Five.- Interconnection and Access

 

Article 18.- The Rights, Obligations and Conditions of Interconnection and Access
The Secretariat-General shall determine the rights, obligations and conditions for Interconnection and Access, and shall oversee and monitor compliance.  Each licensed Service Provider shall have the rights and obligations regarding Interconnection and Access as follows:

The right to engage in discussions, on the basis of good faith, with another Service Provider to reach an agreement on Interconnection and Access.

The right to Interconnection and Access to services or facilities of another Service Provider, according to the terms of Interconnection and Access.

The obligations set forth in Article 24 of this Law regarding the Dominant Service Provider for reasons of Interconnection and Access.

Abiding by the rules of Interconnection and Access as provided for in Article 21 of the Law.

The obligation to provide Interconnection and Access to services or facilities of another Service Provider, according to the terms of Interconnection and Access.

 

Article 19.- The Tasks and Duties of the Secretariat-General in the Field of Interconnection and Access
The Secretariat-General shall assume the following tasks and duties in the field of Interconnection and Access:

Promoting the appropriate, effective and low-cost Interconnection between the Telecommunications Networks, and promoting the Access of the Service Providers to the service facilities of the other Service Providers, to ensure the operational continuity of the Telecommunications services which begin or end in the State and to promote the growth of competitive markets for the Telecommunications services.

Establishing an open, transparent and commercially viable organizational structure that aims to facilitate regulatory procedures and eliminates or mitigates the effects of other barriers to entry into the Telecommunications market.

Facilitating negotiation between parties to reach agreements on Interconnection and Access.

Ensuring that the convention on Access and Interconnection meets the requirements of this Law and its implementing regulations and any regulations, rules or orders applicable to Interconnection and Access.

Determining which Service Provider is deemed a Dominant Service Provider in any Telecommunications market regarding Interconnection and Access.

Identifying the additional commitments on Interconnection and Access that apply to the Dominant Service Providers.
The obligations set forth in Articles 20, 22 and 24 of this Law, including those regarding Access to information and technical equipment, and related to requests for Interconnection and Access.

The obligations contained in or attached to the reference offer for Interconnection and which are specified by the Secretariat-General, in the case of a Dominant Service Provider and for the reasons of Interconnection and Access in accordance with the provisions of Article 24 of this Law.

Any obligations or requests for a Dominant Service Provider regarding Interconnection and Access as specified by the Secretariat-General, related to their charges, calculation of costs or the requirements of accounting separation in accordance with the provisions of Articles 24, 25 and 33 of this Law.

 

Article 20.- Interconnection Negotiations
Each Service Provider shall,  on receipt of a written request from another Service Provider for Interconnection or Access, proceed to negotiate in good faith with the applicant in order to reach an agreement on Interconnection or Access for:

1.- Linking their respective networks.

2.- Providing Access to the Telecommunications Facilities including the main offices and other locations of the devices, emergency, towers, columns, lines of Telecommunications and underground facilities, wherever necessary and reasonable to enable the Service Providers to provide the same to their customers.

 

Article 21.- Controls of Interconnection and Access
No Service Provider is obliged to enter into any agreement for Interconnection and Access based on conditions that would, in its reasonable opinion, cause physical damage or harm to any person or property, cause material injury to its network and Telecommunications Facilities or adversely affect the performance of any of them, or the Telecommunications services he is providing, or which are not reasonable in the light of the technical or economic data available.
Article 22.- Breach of the Obligation to Negotiate in Good Faith
The following acts and practices shall be deemed a breach of the obligation to negotiate in good faith on Interconnection and Access:

1.- Hindering or disrupting negotiations or failing to make reasonable efforts to resolve the existing differences.

2.- Refusing to provide data on the services or Telecommunications Networks of the Service Provider or its facilities which are required to arrange Interconnection and Access processes.

3.- Influence in any way the ability of the Service Provider to communicate with the Supreme Council.

4.- Refusing to amend the terms of Interconnection and Access, without reasonable justification to suit the changes in this Law or any regulations, rules or orders.

 

Article 23.- Identification of the Dominant Service Providers
The Secretariat-General may, for purposes of Interconnection or Access, decide to deem any Service Provider as a Dominant Service Provider in one or more Telecommunications markets, according to the competition policy and the principles and procedures set forth in Chapter IX of this Law.
Article 24.- The Obligations of the Dominant Service Provider Regarding
                       Interconnection and Access
In addition to the provisions of Article 20 of this Law, the Dominant Service Provider must respond to any reasonable request for Interconnection and Access to its Telecommunications Network, whenever technically feasible.
In similar circumstances, it must apply the same terms to all Service Providers for obtaining Interconnection or Access.
It must also be committed to provide Interconnection and Access to all Service Providers using the same conditions and quality  with which it provides its own connection services or those which belong to its subsidiaries.
Article 25.- The Rights and Obligations of the Dominant Service Providers
In addition to the provisions of this Chapter, the implementing regulations, rules and instructions issued in this regard shall set forth the rights and obligations of the Dominant Service Providers, including the following:

1.- Any requirements for obtaining prior approval from the Secretariat-General on the prices of Interconnection and Access, on calculating the cost or the accounting separation between the various costs.

2.- Any requirements relating to the preparation of a reference offer and the content of the offer.

3.- Any requirements relating to the deposition and publication of Interconnection and Access agreements.

 

Chapter Six.- Tariff Regulation for the Dominant Service Providers

 

Article 26.- Identification of the Elements of Tariff Offers
The Secretariat-General shall have the authority to define the elements necessary to provide tariff offers, and adopt and disseminate the same with regards to Telecommunications services. It may develop other rules for organizing prices and tariffs, including the application of any programme to restore balance in prices or define their ceilings.
Article 27.- Tariff Regulation for the Dominant Service Providers
The provisions regulating tariffs, as provided for in the following Articles, shall apply to the Service Providers who are classified by the Secretariat-General as Dominant Service Providers in one or more of the markets of Telecommunications service, according to competition policy, and the rules and regulations set forth in Chapter IX of this Law.
Article 28.- Presentation of Tariff Offers and their Pre-Approval
The Dominant Service Providers shall submit to the Secretariat-General tariffs offers, rates and fees for Telecommunications services in the markets where they have been classified as Dominant Service Providers and obtain pre-approval.
The Secretariat-General may exempt the Dominant Service Providers from providing their tariffs and obtaining a prior approval, if it considers that the competitive market forces alone are enough to protect the interests of customers, and the elimination of dangers harmful to competition.
Article 29.- Extra Fees
The tariff of the Telecommunications services provided by the Dominant Service Providers must be based on the cost of providing the service effectively, provided that the tariff does not contain any extra duties resulting from the position of Dominance enjoyed by the Service Provider. The Secretariat-General may issue substantiated resolutions to amend the tariff if it considers it is not commensurate with the cost of providing the service, provided that the ruling declares the new amount.
Article 30.- Approval of the Temporary Tariff
The Secretariat-General may issue an interim decision to adopt any temporary tariff until the completion of its evaluation, and it may amend that decision or make it final or revoked.
Article 31.- Compliance with the Tariff
No Dominant Service Provider may apply or change any tariff, rates, fees or any other payment that violates the tariff approved by the Secretariat-General. Any contrary agreement or arrangement between the Service Provider and any Client shall be prohibited.
Article 32.- Cost Studies
The Secretariat-General, at its expense, may assign any Dominant Service Provider to prepare or participate in a study on the cost of services provided, if the Secretariat-General deems that such a study is necessary to prevent any conduct that is harmful to competition or that is necessary to regulate the tariffs and prices.
Article 33.- Accounting Practices
If the Secretariat-General sees that some accounting practices or accounting separation, between the different types of activities and services, represent an effective and necessary tool to prevent  conduct that is harmful to competition, or to regulate the tariffs and prices, it will be entitled to ask any Dominant Service Provider to adopt such practices or any other accounting practices to determine the cost of its services, including the preparation of cost studies for each type of activity or service, or make an accounting separation between the different types.
Article 34.- National Numbering Plan
The Secretariat-General shall develop and maintain a National Numbering Plan and shall manage the distribution and allocation of numbers, E-addresses, capabilities and associated resources and control their use in accordance with the terms of Licenses, and take action to enforce compliance.  The National Numbering Plan must be in accordance with the International Rules. The Service Providers must ensure that the allocation, distribution and use of numbers and email addresses given to them, and related capabilities and resources, are compatible with the National Numbering Plan, regulations, orders, rules and declarations related to them.
Article 35.- Practicing Numbering
The distribution and allocation of numbers shall not gain any proprietary rights or private rights other than the right of use for the Service Provider or its customers, whether the distribution or allocation is in return for or without charge. The Secretariat-General may, where appropriate, re-distribute and allocate the numbers to the Service Providers. Furthermore, any Service Provider may change the number assigned to any customer on reasonable grounds and in accordance with the orders, decisions and circulars issued by the Secretariat-General in this regard. In the cases where the customer has obtained the number for a charge, the Service Provider shall be obliged to refund or compensate it fairly. The Secretariat-General may issue the orders, rules, decisions and circulars governing the distribution and allocation of numbers and re-distribution or allocation of the same, including the rules governing the collection of any fee or charge for  receiving those numbers.
Article 36.- Plans for the Application of Number Portability and Selection of Service Providers
The Secretariat-General, after consulting the concerned Service Providers and relevant parties, may issue the necessary decisions on the development of a plan for Number Portability and Service Provider selection. The development plan must include the Service Providers’ obligations in the operational and financial aspects of the facilities and systems necessary to implement this plan.

Chapter Eight.- Universal Service Policy

 

Article 37.- Application of Universal Service Policy
The Secretariat-General shall be responsible for the application of any Universal Service policy, including the following:

1.- Definition of the rights and duties of the Service Providers in the application of Universal Service initiatives.

2.- Identification of means of funding for any Universal Service initiatives.

 

Article 38.- The Obligation of the Service Provider to Provide Universal Service
Service Providers shall comply with the regulations, decisions and orders issued by the Secretariat-General to implement the Universal Service, including the obligations related to funding.
Article 39.- Universal Service Fund
The Council, after the adoption of the Universal Service policy, may establish a fund called the Universal Service Fund to support the costs of providing Universal Service. A decision shall be issued by the Secretary-General for regulating the fund, defining its powers, its procedures of payment and the Service Providers’ obligations to contribute to it.

Chapter Nine.- Competition Policy

Article 40.- Development and Application of Competition Policy
The Secretariat-General shall develop and apply the competition policy and the related regulations in the Telecommunications sector and in the Telecommunications markets defined in the State. To this end, it shall do the following:

1.- Review the state of competition in the Telecommunications markets in the State, exercise its powers, functions and authorities to promote competition in the provision of Telecommunications services.

2.- Update the competition policy and its related regulations to reflect the state of competition in those markets, provided that the aim  of relying on market forces is  consistent with protecting the interests of the customers and the public.

3.- Determine the criteria to be applied in the classification of Service Providers who have a Strong Position in the Market or who enjoy a Dominant position in specific Telecommunications markets, and the application of that criteria in any classification process.

4.- Control and prevent the misuse of the market power or Dominant position and anti-competitive practices, as defined under this Law.

5.- Determine the appropriate procedures and arrangements to address the misuse of market power and behavior specified as non-competitive, and apply the same to promote competition and to protect the interests of customers and the public.

Article 41.- The Prohibition of Anti-Competitive Practices
Service providers shall be prohibited from exercising non-competitive practices. Service providers who are classified as enjoying a Strong Position in the Market, or who are Dominant in a market or several markets of Telecommunications in the State, shall undertake not to abuse their market power or Dominance in those markets or anything related to them. The Secretariat-General may determine whether the conduct of any of the Service Providers constitutes an abuse of the market power, or an abuse of Dominance, or any other non-competitive practice. If the Secretariat-General decides that abuse has occurred it may take such action as it sees fit.
Article 42.- Categories of Strong Position in the Market
The Secretariat-General shall classify the Service Providers and determine the extent of the strong or Dominant position they enjoy in the market. Before classification, it shall do the following:

1.- Identify the markets of the relevant products and services, including the geographical area or region.

2.- Determine the criteria and methodology to be applied in determining the degree of market power, or the other standards of the Strong Position in the Market or Dominance in the relevant markets.

3.- Undertake an analysis of the markets of relevant products and services through the application of the relevant criteria and methodology.

The decisions that classify the Service Providers as having a Strong Position in the Market or Dominance shall define the markets of relevant products and services, the standards, and the methodology and circumstances relied upon to justify this classification. The Secretariat-General may consult the Service Providers, customers or any of the other stakeholders when identifying any market, analyzing or classifying the market forces in accordance with the provisions of this Article. The implementing regulations, other regulations, rules and issued orders shall define the standards, methodologies and processes for the classification of market forces.
Article 43.- Abuse of Dominance
Dominant Service Providers are prohibited to engage in activities or acts that constitute an abuse of dominance. The following acts and activities, in particular, shall be considered as abuse of dominance:
1- Failure to supply Interconnection or Access services or facilities to other service providers within a reasonable period of time from the time requests for such services had been presented. Excluded are cases when failure to supply any of such services is justified;
2- Failure to supply Interconnection or Access related services or facilities to other service providers on the same terms the service provider provides such services and facilities to its own facilities or those of its subsidiaries or affiliates. Excluded are the cases where the differences in the terms of services are justified;
3- Bundling up a number of telecommunications services in one package so that a competitor service provider has to obtain such package as a pre-requite for providing any of such services from Dominant Service Provider;
4- Providing an offer on more preferential terms and conditions and in a manner not based on differences in costs where a competing service provider is to acquires a service that is not required of him;
5- Monopolising the use of scarce facilities or resources of exclusive use, with the effect of denying a competing service provider from using such facilities or resources or from enjoying its right of Access.
6- Supplying competitive telecommunications services at prices below long-term incremental costs or any other cost criteria specified by the General Secretariat;
7- Using revenues or transferring a part of the cost of a specific telecommunications service to subsidise another telecommunications service supplied by same service provider, except where such subsidy is approved by the General Secretariat;
8- Failure to meet Interconnection service obligations;
9- Performing any acts that have the effect of substantially reducing competition in any telecommunications market, in particular any of the following acts:
a. reducing the margin of profit available to a competitor that requires a set of telecommunications services from Dominant Service Provider;
b. agreeing with a supplier not to sell to a competitor;
c. adopting technical specifications for networks or systems for the purposes of preventing interconnection or interoperability with a network or system of a competing service provider;
d. failure to make available within an appropriate period of time technical specifications, and information about essential telecommunications facilities or services or other related commercial information which are required by other service providers to provide telecommunications services; and
e. the use by Dominant Service Providers of information related to interconnection or other telecommunications facilities or services provided by competing service providers with the purposes of competing with them.
Article 44.- The Prohibition of Unjustified Discrimination
The Dominant Service Providers shall provide the conditions and quality of a standard service for all customers, including the tariff fee. The Secretariat-General may  decide otherwise if differing conditions were justified objectively based on a difference in the conditions of service supply, including the various costs, traffic volumes or the lack of available facilities or resources. This shall be applied  to customers who receive service for resale to their own customers and end-users. The Dominant Service Provider shall submit to the Secretariat-General sufficient justification for the existence of any discrimination, and must cease discrimination when receiving a notification from the Secretariat-General.
Article 45.- Other Non-Competitive Practices
No person shall participate in any practices that prevent competition or lead to a drop in the Telecommunications markets, in particular, the agreement between two or more Service Providers to determine the rates and conditions of service in the Telecommunications markets, distribution of employment opportunities and contracts, or sharing of Telecommunications markets among them.
Article 46.- Treatment of Non-Competitive Practices
If the Service Provider carries out non-competitive practices or the Dominant Service Provider abuses its Dominance, the Secretariat-General may issue any decisions to remedy anti-competitive practices or abuse of Dominance, and is entitled to do the following:
  1. Oblige the persons concerned to stop the work or activity that causes this practice, or make specific changes in the work or activity to eliminate or mitigate its negative impact on competition.
  2. Oblige the concerned Service Providers to submit periodic reports to the Secretariat-General to determine the extent of their adherence to its decisions.
  3. Refer the violator to the prosecution authority with a view to initiating criminal proceedings.

 

Article 47.- The Powers of the Secretariat-General in the Transfer of Dominance
The Secretariat-General shall review the proposals for the transfer of Dominance over the Service Providers. The Secretariat-General, upon reviewing the proposals for the transfer of Dominance, shall have the right to approve the transfer, grant conditional approval or reject the transfer. When deciding to approve the transfer, grant conditional approval, or reject, the Secretariat-General shall take into account the effects of the proposed transfer on the Telecommunications markets in the State, particularly its effects on competition in those markets and the related interests of customers and the public.

Chapter Ten.-  Consumer Protection

Article 48.- Preparation and Development of Consumer Protection Policy
The Secretariat-General shall prepare a policy for consumer protection in accordance with this Law, or any other related laws.

Article 49.- The Application of Consumer Protection Policy

When applying the consumer protection policy, the Secretariat-General shall carry out the following powers:

  1. Control the conditions of service between the Service Providers and customers.
  2. Determine and develop the applied standards of the quality of the service.
  3. Follow up and prevent abusive and misleading trade practices.
  4. Ensure the availability of effective procedures to resolve customer disputes.
  5. Review the conditions of competition in any markets for Telecommunications services that are determined by the State, review and update the consumer protection policy and related regulations to reflect the state of competition in those markets with the purpose of relying on market forces to protect the interests of customers. The Service Providers must abide by the rules, conditions, standards and practices relating to the policy of consumer protection.

 

Article 50.- Consumer Protection Regulations

The Secretariat-General shall determine the rules that regulate the drawing-up, development and application of the consumer protection policy, in the following matters:

  1. The practice of Service Providers regarding the issuance of invoices and retention of documents and papers relating to the services provided.
  2. The Terms of Service delivery, its adoption, publication and posting.
  3. The procedures for Service Providers to resolve disputes and complaints of the customers.
  4. The provision of telephone directories, directory services and service centres.
  5. The exploitation of Telecommunications services in the promotion of products and other goods.
  6. The requirements of service quality, quality control and quality compliance.
  7. Access to the Clients’ premises and property.
  8. The responsibility of Service Providers for the services and mandates they provide, and the limits of that responsibility.

 

Article 51.- Fair Practices
The Service Provider must provide the Client, before its subscription to the service, or before assuming any commercial obligations towards the Service Provider, with the Terms of Service and any other terms and conditions and all tariffs, prices and costs applicable to any Telecommunications service. The Service Providers may impose on the Client only the service fee specified for the selected Telecommunications, or the fee specified for Telecommunications Equipment requested by the Client. The Client shall not be responsible for paying any fee for any service or equipment for communications it did not request.

Article 52.- Protection of Customer Information

The Service Providers in managing their networks, facilities and related systems, shall take into account the rights of privacy of the Client. It is their responsibility to maintain the information and data of the Client and the Telecommunications in their possession, and they shall provide adequate protection for the same. The Service Provider may not collect, use, retain or announce any information of any customer except with its consent or as permitted by Law. The Service Providers must ensure that the information submitted is accurate, complete and valid for the purpose of use.
The customers shall have the right to request correction or deletion of any information relating to them. Nothing in the provisions of this Article shall prevent the relevant authorities from obtaining any confidential information or communications relating to the customers in accordance with this Law.

Chapter Eleven.- Access to property

 

Article 53.- Access Procedures
The Secretariat-General shall develop the rules necessary to facilitate Access to private and public property, in order to install, operate and maintain the Telecommunications Facilities according to the provisions of this Law in coordination with the relevant authorities.

Chapter Twelve.- Accreditation of the Criteria for Telecommunications Equipment

 

Article 54.- Definition and Accreditation of the Criteria for Telecommunications Equipment
The Secretariat-General shall define the technical standards and specifications for the Telecommunications Equipment, their types, accreditation requirements and the procedures to be applied to those standards and specifications, according to the provisions of this Law, and any other relevant Laws.
Article 55.- The compliance of the Service Providers and Suppliers with the
Telecommunications Equipment Standards and Accreditation and          Certification Requirements
The Service Providers and suppliers of Telecommunications Equipment shall undertake that all the Telecommunications Equipment used, imported, manufactured or supplied in any way for use in the State shall be consistent with the standards of equipment, International Rules, and certification requirements established by the Secretariat-General
Article 56.- Definition of Equipment Standards
The Secretariat-General, in exercising its powers regarding the definition and accreditation of equipment standards and adoption, shall carry out the following:
  1. Set forth the technical standards or specifications for the Telecommunications Equipment or their types.
  2. Define the technical standards or specifications for the Telecommunications Equipment or their types which are set by the other authorities or bodies concerned with standards, in order to be approved and adopted in the State.
  3. Create or identify the test systems and facilities to accredit the use of Telecommunications Equipment or their types.
  4. Identify the appropriate international and regional regulations or testing facilities for the accreditation of Telecommunications Equipment or their types and approval of the use.
  5. Approve the accreditation of other certifications of Telecommunications Equipment by the other competent authorities or bodies, and consider the same as sufficient for using this equipment, in accordance with the International Rules.
The Secretariat-General may, whenever it is necessary to avoid any damage or interference with the work of Telecommunications Networks, issue an order prohibiting the manufacture, import or use of certain Telecommunications Equipment or their types.  The Secretariat-General shall ensure that the technical standards and specifications and the requirements for mandatory accreditation are compatible with the approved technical requirements for the electrical equipment, wireless Telecommunications devices and products designed for use in the State.
Article 57.- Management of Criteria
The Secretariat-General shall keep records of accredited and prohibited Telecommunications Equipment. It shall make one or more declaration indicating the applicable standards and specifications required and the bodies responsible for test and measurement, the foundations for issuing the certification, accreditation of Telecommunications Equipment or their types and the adopted procedures and practices
Article 58.- Telecommunications Equipment Used before Enforcing the Law
The Telecommunications Equipment approved before enforcing the provisions of this Law, installed or connected to a public Telecommunications Network, shall be certified and approved for use in the State, unless the Secretariat-General has decided that they interfere with the work of any Telecommunications Network, equipment or facilities, or pose a public danger.

Chapter Thirteen.- National security and cases of public emergency

 

Article 59.- The Obligations of Service Providers
The Service Providers must comply with the requirements of the security authorities in the country especially with the requirements of maintaining national security and adhere to the guidance of government agencies in cases of public emergency. They must also observe the implementation of the orders and instructions issued by the Secretariat-General on the development of a service network or mechanism to meet those requirements.
Article 60.- Compensation and Recovery of Expenses
The Service Providers may request and recover any expenses resulting from the execution of orders and directives issued in accordance with the provisions of the preceding Article. Such a claim may not be based on loss of income, expenses, or indirect damages resulting from any period of suspension of service.

Chapter Fourteen.-  Settlement of Disputes

 

Article 61.- Settlement of Disputes by the Secretariat-General
The Secretariat-General shall settle the disputes that arise among the Service Providers and between them and others. The decision issued by the Secretariat-General regarding the dispute shall be final and enforceable. No case regarding the dispute may be accepted until a decision is issued by the Secretariat-General or until the passage of sixty days from the date of it being submitted, whichever is earlier. The implementing regulations shall govern the rules and procedures related to the dispute.

Chapter Fifteen.- The Authority to Inspect, Verify and Control

 

Article 62.- Provision of Information
The Secretariat-General may request the Service Providers or others to supply information necessary for the exercise of its powers. The information must be provided in the form, manner and time determined by the Secretariat-General. Any person required to provide information shall inform the Secretariat-General of any reasons which prevent this, and may request that the information provided may not be disclosed, in whole or part, because of its commercial nature or confidentiality.
Article 63.- The Authority to Inspect, Verify and Control
The employees of the Supreme Council, who shall be invested with the power of judicial control based on a decision from the prosecutor in agreement with the President of the Council, shall have the power to investigate and prosecute the crimes committed in violation of the provisions of this Law. They will have the authority to enter relevant places and have Access to records and documents, as well as checking equipment and Telecommunications systems and any other related things and requesting the data and clarifications they deem necessary.

Chapter Sixteen.- Offences and Sanctions

 

Article 64

 Without prejudice to any severer penalty provided for in any other law, the offences set forth in the following Articles shall be punished based on the penalties indicated.
Article 65
Whoever intentionally causes the disruption of Telecommunications or intentionally damages for this purpose some of the buildings or facilities allocated to the Telecommunications Networks, infrastructure or their Telecommunications lines, or makes all or part of them unfit for use shall be punished with imprisonment for not less than one year and not more than five years and with a fine of not less than fifty thousand (50,000) Riyals and not more than 500,000(five hundred thousand) Riyals.  If any of the acts referred to in the preceding paragraph are as a result of negligence or lack of precaution, the punishment shall be imprisonment for not more than three months and a fine of not more than fifty thousand (50,000 ) Riyals, or either one of the penalties. In all cases, the court shall compel the person who committed such act(s) to pay the value of the damage, or the cost of restoration, without prejudice to the right to compensation, if required.
Article 66
Whoever intentionally commits one of the following acts shall be punished with imprisonment for a period not exceeding one year and with a fine not exceeding fifty thousand (50,000 ) Riyals, or with either of the penalties:
  1. Using one of the Telecommunications Facilities or obtaining one of its services without payment of the costs prescribed.
  2. Accessing a Telecommunications Network or facility or a system associated with it by penetrating the security measures with the purpose of obtaining data or Telecommunications service.
  3. Wiretapping Telecommunications not intended for the public with technical means, intercepting radio waves which are intended for others, interfering with radio waves which are intended for others or other purposes which are contrary to this Law.
  4. Causing damage to, repealing, intercepting, altering or discontinuing the work of any Telecommunications Network or tool, or tampering with it in any way.
  5. Possessing, producing, selling or providing for the purpose of usage or importation, or distributing or providing a device in any other way, or password in the computer, Access code or any similar data that allows Access to a facility or network from Telecommunications, or a system linked with it, with the intent of committing any of the crimes provided in the previous four items of this Article.
  6. Using or allowing the use of a Telecommunications Network with the purpose of the disturbance, excitement or abuse of any person.
  7. Using any Telecommunications service or facility in a manner that leads to a violation of the provisions of this Law or other laws.

 

Article 67

Whoever violates a provision in any of Article 9, paragraph 3 of Article 11, and Articles 15 and 16 of this Law or violates any of the licensing or Permit conditions shall be punished with imprisonment for a period not exceeding one year and with a fine not exceeding one million) (1,000,000) Riyals.

 

Article 68

Whoever commits, without obtaining a License, one of the following acts shall be punished with imprisonment for a period not exceeding one year and with a fine that not exceeding twenty thousand (20,000) Riyals:
  1. Importing or manufacturing one of the of Telecommunications devices with the purpose of marketing the same.
  2. Acquiring, installing or operating any wireless Telecommunications devices.
Punishment shall be imprisonment for not less than two years and not exceeding five years if the import or manufacturing or acquisition is for the purpose of violating national security. The court shall in all cases order the confiscation of the equipment and devices used in committing the crime.
Article 69
Whoever, while performing its duty in the field of Telecommunications or as a result of the same, commits one of the following acts shall be punished with imprisonment for a period not exceeding one year and a fine not exceeding 100,000 (one hundred thousand) Riyals, or with either penalty:
  1. Disclosing, publishing or broadcasting any information about an institution operating in the field of Telecommunications where this would lead to unfair competition between the establishments operating in this area.
  2. Disclosing, publishing, broadcasting or recording the content of a Telecommunications message or part thereof without a legal basis.
  3. Hiding, changing, hindering or modifying any Telecommunications message or any part thereof that might have reached that person.
Disclosing any information concerning the users of Telecommunications Networks or concerning their outgoing or incoming Telecommunications, without a legal basis.
Article 70
Whoever violates any of the provision of Articles 18(4)#(8) and Articles 22, 24, 28, 31, the last paragraph of Article 34, Articles 38, 41, 43, 44, 45, the last paragraph of Article 49, and Articles 51, 52, 55, 59 and 62 of this Law shall be punished with imprisonment for a period not exceeding two years and with a fine not exceeding 100,000 (one hundred thousand) Riyals or either punishment.
Article 71
Whoever, being responsible for the actual management of the violator shall be punished with the same penalties prescribed for the acts committed in violation of the provisions of this Law if it is proved that the same were committed with his knowledge, or if his breach of the duties imposed by that management has contributed to the crime.
Article 72
The penalty shall be doubled in the case of recurrence. Any of the crimes specified in this Law committed within three years from the date of implementing the penalty preceding it shall be deemed recurrent.
10Jul/17

Decision of the Board of The Supreme Council for Information and Communication Technology nº 1 of 2009 on the promulgation of the Executive By-Law for the Telecommunications Law

Decision of the Board of The Supreme Council for Information and Communication Technology nº 1 of 2009 on the promulgation of the Executive By-Law for the Telecommunications Law

The Board,

Having perused the Telecommunications Law issued by Decree Law nº 34 of 2006;

Emiri Decision nº 29 of  1996 regarding the decisions of the Council of Ministers that are submitted to The Emir for certification and promulgation, and

The Council of Ministers’ approval of the draft of this Decision in its ordinary meeting nº 24 of 2008 held on 2/7/2008;

Have decided the following:

Article 1.- Introduction

The By-Law for the Telecommunications Law enclosed with this Decision, shall be effective.

Article 2.- Introduction

All competent authorities, each within its own competence, shall implement this decision which shall come into force on date of publication in the Official Gazette.

Tamim Bin Hamad Al-Thani
The Chairman of the Board

The Supreme Council for Information and Communication Technology
Issued on: 2/7/1430 A.H.
Corresponding to: 25/6/2009 A.D.

THE TELECOMMUNICATIONS BY-LAW

Chapter One.- Definitions and General Provisions

Article (1)
For implementation of this By-Law, the following terms and expressions shall have the meanings assigned to them, unless the context requires otherwise:

Supreme Council: The Supreme Council of Information and Communication Technology “ictQATAR.”

Board: The Board of the Supreme Council.

General Secretariat: the General Secretariat of the Supreme Council.

Law: The Telecommunications Law issued by Decree Law nº 34 of 2006.

By-Law: The Executive By-Law of the Telecommunications Law.

Person: a natural or juridical person of any type or form.

Access: access to any telecommunications network, telecommunications facilities or telecommunications services between Service Providers which makes facilities, services or both facilities and services available by one Service Provider to another Service Provider, under defined terms and conditions, on either an exclusive or non-exclusive basis, for the purpose of providing telecommunications services. It includes access to network elements and associated facilities, the connection of equipment, and in particular includes access to the local loop and to facilities and services necessary to provide services over the local loop, access to physical infrastructure including buildings, ducts and masts, access to relevant
software systems including operational support systems, access to number translation or systems offering equivalent functionality, access to fixed and mobile networks for roaming and access to conditional access systems for digital broadcasting services; but does not include access to facilities or services by end-user customers.

Control: the power of a Person to exercise decisive influence over, or to determine the actions of another Person in any manner, whether directly through the ownership of shares, stocks or other securities or voting rights, or indirectly through an agreement or arrangement of any type. Many factors shall be taken into consideration in determining Control including any Person that owns or has at its disposal, directly or indirectly, at least 10% of voting rights in another Person shall be deemed to be in control of such other Person.

Customer: subscriber, user or consumer of telecommunications services, whether an individual, corporation, governmental body or any other public or private legal entity and regardless of whether the services are acquired for the customer’s own use or for resale.

License: The permission issued by the Board or the General Secretariat to an individual or class of individuals to own or operate a telecommunications network, provide telecommunications services, or use radio frequency spectrum and it does not constitute a contract or bilateral agreement.

Significant Market Power: a position of an economic strength of a service provider in the market that permits it to act independently of customers or competitors, or to dominate one or more identified telecommunications service markets, through acting either individually or jointly with others, in accordance with the provisions of chapter nine of the Law and in accordance with chapter eight of this By-Law. Also referred to as “SMP”.

Telecommunications Equipment: equipment capable of being connected directly or indirectly to a telecommunications network in order to send, transmit or receive telecommunications services, and includes radio-communications equipment.

Affiliate or Affiliated Person: any natural or juridical person that directly or indirectly, is related to, is controlled by, or is under common control with another person.

Allocation of radio spectrum: entry in the national frequency allocation table, prepared by the General Secretariat pursuant to this By-Law, of a given frequency band for the purpose of its use by one or more terrestrial or space radio-communications services or the radio astronomy service under specified conditions.

Assignment of a radio frequency or radio frequency channel: authorization given by the General Secretariat pursuant to this By-Law for a radio station to use a radio frequency or radio frequency channel under specified conditions.

Information Request: an order issued by the General Secretariat requiring the provision of specified information, including original documents or copies of the same, pursuant to the Law or this By-Law.

Tariff: any statement of prices, rates, charges or any other compensation including related  service descriptions or terms and conditions such as rebates, waivers or discounts offered by a Service Provider regarding any of its services.

Telecommunications Service: any form of transmission, emission or reception of signs, signals, writing, text, images, sounds or other intelligence provided by means of a telecommunications network to a third party.

Article (2)

The Board may issue amendments to this By-Law as it deems appropriate after following the procedures set out by law.

Article (3)

Licensees and Service Providers shall comply with the Law, this By-Law, the terms and conditions of their respective Licenses, and all regulations, decisions, orders, rules, and notices issued thereunder.

Article (4)

The Secretary General shall issue other regulations, decisions, rules, orders, instructions and notices for the implementation of the provisions of the Law and this By-Law.

Article (5)

The General Secretariat shall carry out the powers and authorities stipulated in the Law and this By-Law.

Article (6)

The General Secretariat shall take measures, actions and decisions, as it deems appropriate, to ensure that Licensees and Service Providers comply with the provisions of the Law, this ByLaw and the provisions of the Licenses, or to remedy their breaches.

Chapter Two.- Telecommunications Licenses

Article (7)

Individual Licenses shall be in writing, and the General Secretariat shall make copies of them available on the Supreme Council’s official website, in addition to paper copies available for inspection by the public and it may exclude from published copies of Individual Licenses any information that it determines is confidential or commercially sensitive.

Article (8)

The licensing criteria, procedures and the basic terms and conditions of the Individual License shall be published on the official website of the Supreme Council. The form of Class License and the scope of licensed activities shall also be published on the official website of the Supreme Council. In all cases, the publication shall contain the period of time expected to reach a decision concerning an application for a License.

Article (9)

The General Secretariat shall establish the terms and conditions of granting Individual Licenses on a case by case basis and the terms and conditions of granting Class Licenses.

Article (10)

In determining whether Telecommunications Networks and Telecommunications Services should be subject to an Individual License, the following general criteria shall be taken into account:

(1) whether the Telecommunications Services are provided to the public, directly or indirectly, or to another Individual Licensee in return for a direct or indirect fee.

(2) whether the owners or operators of a Telecommunications Network or
Telecommunications Facility use the network or facility to provide services to the public, directly or indirectly, or to another Individual Licensee in return for a direct or indirect fee.

(3) any other criteria that the Supreme Council considers relevant for the efficient and effective administration of the licensing process and supervision of compliance by Licensees.

Article (11)

Class Licenses will generally be issued to authorize more than one person of the same class to provide Telecommunications Services or own or operate Telecommunications Networks or Telecommunications Facilities in cases where Individual Licenses are not issued.

Article (12)

The General Secretariat may issue regulations or instructions containing further requirements for applicants for Individual and Class Licenses and service providers in order to provide clarification of services, telecommunications and related activities that require an Individual
or Class License.

Article (13)

An Individual License will not be deemed to be assigned by contract or for any other reason, without the prior approval of the Board.

If a Licensee wishes to assign its Individual License to another person, the Licensee shall deliver to the General Secretariat a written notification of the intended transaction and the written notification shall be given without delay, within a period not less than sixty (60) days prior to the intended completion date of the transaction. The written notification shall with sufficient clarity identify the parties to the transaction, including their respective Affiliates,
and shall state the nature of the transaction, including the intended completion date in order for the General Secretariat to review the proposed assignment. The Licensee shall provide information, and comply with the procedural requirements, as specified by the General Secretariat.

The term “Assignment” shall include, without limitation, a transfer of the Individual License or a change of control of a Licensee.

The Board shall determine whether to approve such assignment or not within thirty (30) days from the date of receiving the request, unless the review requires a longer period, the term of which shall be specified by the General Secretariat before expiry of the initial 30 day period.

In the event that the assignment involves an assignment of radio spectrum or a transfer of control, the General Secretariat shall also follow a coordinated procedure with respect to its review it in accordance with this Article and Articles (32), (33), (77), (78), (79), (80), (81), (82), (83), (84) and (85) of this By-Law.

The Licensee will have 180 days to consummate the proposed assignment from the date of approval by Board and notify the General Secretariat of its completion. The General Secretariat may approve one or more extensions to the above-mentioned period upon request of the Licensee.

Article (14)

The Board may amend Individual Licenses and the General Secretariat may amend Class Licenses in one of the following cases:

(1) in accordance with the Law, this By-Law, rules, regulations or the applicable License terms and conditions.

(2) following changes to international treaties or any other applicable laws that require an amendment.

(3) where an amendment has been requested or agreed to by the Licensee.

(4) the Licensee have committed repeated violations of the provisions of the Law, this By-Law, regulations, orders, decisions of the Board or the General Secretariat, or License terms.

Article (15)

The Board may suspend, revoke or refuse to renew Individual Licenses and the General Secretariat may suspend, revoke or refuse to renew Class Licenses in one of the following cases:

(1) in accordance with the Law, this By-Law, and the applicable License terms and conditions.

(2) the Licensee have committed repeated violations of the provisions of the Law, this By-Law, regulations, orders or decisions issued by the Board or the General Secretariat, or License terms.

(3) non-payment of fees specified for the License or its renewal or any other financial amount pursuant to the provisions of the Law or this By-Law.

(4) The death of a natural person or the dissolution of a juridical person for any ground specified by law.

(5) The Individual Licensee assigned the Individual License without the approval of the Board or the Class Licensee assigned the Class license without the approval of the Secretary General.

Article (16)

Prior to amendment, suspension, revocation or non-renewal of an Individual License by the Board, pursuant to the preceding two Articles, the General Secretariat shall notify the Licensee of this in order for the Licensee to submit its comments and the General Secretariat shall comply with the following:

(1) shall give the Licensee sufficient time to prepare comments on the intended action.

(2) shall set out any procedures the Board may use in further consideration of the action.

(3) request comments from other interested parties or the general public, when necessary.

(4) study the comments received.

Article (17)

If the Board amends an Individual License, it shall provide the Licensee with a reasonable amount of time as determined by the Board to implement any changes needed to comply with the amendment.

Article (18)

The Board shall not suspend or revoke or refuse to renew an Individual License without giving the Licensee a reasonable amount of time, as determined by the Board, to remedy any breach or reason that is the basis for the suspension, revocation or refusal to renew, unless proven that the breach or the reason still continues after receipt by the Licensee of one or more written warnings issued by the General Secretariat ordering the Licensee to remedy same.

Article (19)
Where a License is amended, suspended, revoked or not renewed, the General Secretariat shall take measures to ensure the continuity of service to customers and include in its orders in this regard terms and conditions as it deems appropriate.

Article (20)

The General Secretariat may issue regulations, rules or orders containing further procedures related to the amendment, revocation, suspension or non-renewal of a License.

Article (21)

The term of a License shall be stated in the License. Upon request by the Licensee, a License may be renewed by the Board or the General Secretariat on the same conditions or on the basis of new conditions, subject to the applicable License terms, regulations and decisions issued by the Supreme Council in this regard.

Article (22)

The Board shall determinate the License fees, any other fees, remuneration or charges and the General Secretariat shall issue in this regard, from time to time, regulations, decisions and orders regulating this matter.

Article (23)

The regulations, decisions and orders issued in accordance with the preceding Article shall contain the following:

(1) the entity which the fees and charges are to be paid to.

(2) fees and charges may be based on a percentage or proportion of the revenues of Licensees.

(3) fees and charges payable under the Law and this By-Law as set by the Board are in addition to any other fees or charges that must be paid by Service Providers in connection with their operations or commercial activities.

(4) the totality of fees applied to each Licensee and to the sector as a whole pursuant to the Law, and the impact on Licensees and end users shall be considered in the light of the objectives stated in paragraphs (1), (2) and (3) of Article (2) of the Law.

Chapter Three.- Radio Spectrum Management

Article (24)

In relation to radio spectrum management, the General Secretariat shall:

(1) prepare and publish a national frequency assignment plan for the spectrum allocated to the telecommunications sector and to promote the optimal and most efficient use of radio spectrum, and assign radio spectrum in accordance with that plan.

(2) prepare and publish a national frequency allocation table identifying all radio spectrum allocations.

(3) ensure that the use of radio spectrum is consistent with the national frequency assignment plan, related allocations and assignments, any applicable international treaties, commitments, protocols and standards and Radio Spectrum License conditions, including taking related compliance and enforcement actions.

(4) ensure the best and most efficient use of radio spectrum in accordance with international best practice in order to promote the objectives identified in Article (2) of the Law.

(5) determine, allocate, and assign, and re-allocate or re-assign, radio frequencies and frequency bands and channel assignments, and issue Radio Spectrum Licenses or radio frequency Authorizations, in accordance with the national frequency assignment plan.

(6) advise the Council of Ministers and government agencies on matters specifically referred to the Supreme Council relating to the use or management of radio spectrum.

(7) regulate matters related to radio spectrum fees.

(8) conduct public inquiries relating to the use or management of radio spectrum as it deems appropriate.

(9) mediate, resolve and manage interference disputes, where such disputes are not resolved by the disputing parties to the satisfaction of the General Secretariat.

(10) issue regulations, rules, orders or notices relating to the use of radio spectrum as the General Secretariat deems appropriate.

(11) determine any other matters relating to the transmission of radio-communications whether by satellite, terrestrial or other transmissions.

(12) perform such other radio spectrum-related functions as are conferred on the Supreme Council by other applicable laws or regulations.

Article (25)

The General Secretariat shall issue Radio Spectrum Licenses in writing and shall refer to the Licenses in the national frequency assignment plan available on the Supreme Council’s website.

Article (26)

The General Secretariat shall develop a regulation to implement an efficient approach to management of the radio spectrum in the State of Qatar. This regulation shall include in particular the following:

(1) specify the procedures, conditions and restrictions relating to the operation of the radio spectrum and radio-communications equipment, including the use of radio spectrum and operation of radio-communications equipment without authorization.

(2) specify the requirements for Radio Spectrum Licenses in respect of the operation of the radio spectrum.

(3) specify the requirements for any other authorization for the use of radiocommunications equipment.

(4) specify the technical requirements and standards in relation to radio-communications equipment, interference-causing equipment and radio-sensitive equipment.

Article (27)

All service providers utilising radio spectrum or radio-communications equipment in the State of Qatar shall comply with the regulation mentioned in the preceding Article.

Article (28)

Applications for Radio Spectrum Licenses shall be submitted separately from applications for Licenses to provide Telecommunications Networks and Services. The General Secretariat may from time to time publish procedures of general or specific applicability to facilitate the simultaneous review of Individual Licenses with associated applications for Radio Spectrum
Licenses.

Article (29)

The General Secretariat shall grant the Radio Spectrum Licenses or Authorizations in accordance with the national frequency assignment plan.

Article (30)

In all circumstances where a Radio Spectrum License or Authorisation is required, the General Secretariat shall publish on the website of the Supreme Council the following:

(1) the applicable licensing procedures and licensing criteria.

(2) the basic terms and conditions of the License.

(3) the period of time expected to reach a decision concerning an application for a License.

Article (31)

The General Secretariat shall establish the terms and conditions of all Licenses and shall monitor compliance by Licensees with the terms and conditions of their Licenses, and the General Secretariat may take any measures and procedures in this regard.

The General Secretariat may establish the criteria through Radio Spectrum Regulations in order to determine what radio spectrum should be available for common use and this may be awarded by means of a Class License.

Article (32)

A Radio Spectrum Licensee may not assign a License or Authorization, spectrum rights or any portion thereof by contract or for any other reason, without the approval of the Secretary General.

A transfer or change of control of a Licensee or segregation or partitioning of radio frequency spectrum rights, or combination of the two or sharing radio frequency spectrum rights with a third party shall be deemed to be an assignment of the License, Authorization, spectrum rights or any portion thereof.

Article (33)

The Licensee shall notify the Secretary General in writing of its wish to assign a License or Authorization at least 60 days before the date of the proposed assignment. The Licensee shall provide the information, and comply with the procedural requirements specified in the regulations issued by the General Secretariat in this regard.

The Secretary General shall issue its decision, whether to approve such assignment or not, within 30 days from receiving the request, unless the Secretary General finds that circumstances warrant a longer period of review, the term of which shall be specified by the General Secretariat before expiry of the initial 30 day period.

In the event that the assignment of a Radio Spectrum Licence also involves assignment of an Individual Licence or a transfer of control, the General Secretariat will follow a coordinated procedure with respect to its review in accordance with Articles (13), (32), (33), (77), (78), (79), (80), (81), (82), (83), (84) and (85) of this By-Law, as the case may be.

The Secretary General shall determine whether to approve such assignment based on the suitability of the proposed assignee to use the radio spectrum, in accordance with the terms of the Individual License, the terms of its issuance, and the provisions of the Law and this ByLaw.

A Licensee will have 180 days, from the date of approval by the Secretary General, to consummate the proposed assignment and notify the General Secretariat of its completion. If necessary, the Licensee may request, and the General Secretariat may approve, one or more extensions to the 180-day deadline.

Article (34)

The General Secretariat may amend a Radio Spectrum License in one of the following circumstances:

(1) in accordance with the Law, this By-Law, and the terms and conditions of the License.

(2) as requested or agreed to by the Licensee.

(3) to implement changes to international treaties or laws that require the amendment.

Article (35)

The Supreme Council may suspend, revoke or refuse to renew Radio Spectrum Licenses in one of the following cases:

(1) the Licensee have committed repeated violations of the Law, this By-Law, other regulations, orders or decisions issued by the Board or the General Secretariat, or the terms of the License.

(2) the misuse of radio spectrum or its use for an unauthorised purpose.

(3) non-payment of fees specified for the License or its renewal or any other financial amount pursuant to the provisions of the Law or this By-Law.

(4) The death of a natural person or the dissolution of a juridical person for any ground specified by law.

(5) The Licensee assigned the License without the approval of the Secretary General.

Article (36)

The General Secretariat shall, prior to amendment, suspension, revocation, or refusal to renew a License, notify the Licensee of this in writing and shall consider any comments submitted by the Licensee in this regard. The notice shall contain the following:

(1) provide the Licensee with sufficient time to prepare comments on the intended action.

(2) specify the procedures that the General Secretariat may use in further consideration of the action.

(3) may invite comments from interested parties or the general public regarding the intended action.

Article (37)

In the case where the General Secretariat amends the License, the General Secretariat shall provide the Licensee with a period of time as it deems appropriate, to implement any changes needed to comply with the amendment.

Article (38)

The General Secretariat shall not implement the suspension, revocation or refuse to renew a License without giving the Licensee a period of time, as it deems appropriate, to remedy any breach or reason that is the basis for the suspension, revocation or refusal to renew, unless proven that the breach or reason continues following the issuance of one or more written warnings by the General Secretariat to remedy such breach or reason.

Article (39)

Where a License is amended, suspended, revoked or not renewed, the General Secretariat shall take measures to ensure continuity of service to customers and include in its orders terms and conditions as it deems appropriate to ensure the least amount of negative disruption to customers which may result therefrom.

Article (40)

The General Secretariat my issue regulations, rules or orders containing further procedures related to the amendment or revocation of a License.

Article (41)

The term of a License shall be stated in the License. Upon application by the Licensee, a License may be renewed by the General Secretariat in accordance with the provisions of the License, regulations and decisions issued by the General Secretariat.

Article (42)

The Board shall set the License fees and any other fees, remuneration or charges and the General Secretariat shall issue in this regard, from time to time, the regulations and orders regulating this matter.

Article (43)

Any regulations, decisions and orders issued pertaining to fees shall contain the following principles:

(1) stipulate the entity which the fees and charges are to be paid to.

(2) fees and charges shall be levied on Licensees in an impartial manner.

(3) fees and charges may be based on factors such as the amount of radio frequency spectrum provided in the License; whether the Licensee is operating in a shared or exclusive frequency band; or a percentage or proportion of the revenues of Licensees from the use of radio spectrum.

(4) fees and charges payable under the Law and this By-Law are in addition to any other fees or charges that must be paid by Service Providers in connection with their operations or commercial activities.

Article (44)

In resolving radio spectrum interference disputes, the General Secretariat may carry out the following:

(1) assign its professional staff or technical experts to mediate the dispute, and if failing mediation to submit a report to the General Secretariat on possible ways to resolve the dispute.

(2) submit the dispute for arbitration in accordance with the procedure of the International Telecommunications Union (ITU), or such other arbitration rules or processes as the General Secretariat shall select.

(3) issue an order to resolve the dispute.

Article (45)

The Supreme Council shall consult with and coordinate the use of the radio spectrum with other countries, users, and organizations such as the International Telecommunications Union “ITU”, as required by law, treaty in force or as otherwise determined by the General Secretariat.

Chapter Four.- Interconnection and Access

Article (46)

The General Secretariat shall issue regulations, orders or notices to specify interconnection and access terms, conditions and processes, including the types of interconnection and facilities access that shall be provided by one or more Service Providers, and to facilitate interconnection and related access in accordance with its duties and objectives pursuant to the Law.

The General Secretariat shall have the authority to determine and oversee compliance with the rights, obligations, terms and conditions governing interconnection of telecommunications networks and access to telecommunications facilities and telecommunications services, in accordance with the Law, this By-Law and any regulations, rules, orders or notices issued by the General Secretariat and the License terms.

Article (47)

Subject to any limitations that may be established concerning the types of Service Providers that are entitled to interconnect, a Service Provider shall, upon receipt of a written request by another Service Provider licensed to operate a telecommunications network, enter into good faith negotiations to reach interconnection or access agreement in order to achieve the following objectives:

(1) connect and keep connected the telecommunications networks of both Service Providers.

(2) provide access to such telecommunications facilities, including but not limited to central offices and other equipment locations, mast sites, towers, conduits, poles, subscriber access lines and underground facilities, as are reasonably requested in order for the Service Providers to provide telecommunications service to their customers. Any co-location of facilities shall also be subject to Articles (112) and (113) of this By-Law.

The parties shall have a period of (60) day from date of receipt of the request for interconnection in which to reach agreement. If the parties are unable to reach agreement, either or both parties may resort to the General Secretarial for resolution. The General Secretariat may issue interim orders before final determination.

Service Providers and any other interested parties may at any time request the General Secretariat to clarify or interpret the interconnection and access rights or obligations set out in the Law, this By-Law, any regulation, rule or order, or any interconnection or access agreement. Decisions issued by the General Secretariat shall be binding.

Article (48)

Articles (49), (50), (51) and (52) of this By-Law apply only to Service Providers that the General Secretariat has designated as Dominant Service Providers in one or more telecommunications markets relevant to interconnection and related facilities access in accordance with Chapter Nine of the Law and Chapter Eight of this By-Law.

Article (49)

Interconnection or access arrangements offered by Dominant Service Providers designated in accordance with the preceding Article, in addition to meeting the requirements of Article (47) of this By-Law shall:

(1) meet all requirements of the Law, this By-Law and any regulations, rules and orders issued by the General Secretariat, including any requirements relating to interconnection or access charges, interconnection provisioning intervals or quality of service.

(2) be in accordance with any applicable reference interconnection offer approved by the General Secretariat for the Service Provider.

(3) meet all reasonable requests for interconnection with the Dominant Service Provider’s telecommunications network, at any technically feasible point, including to permit traffic originating on the Dominant Service Provider’s network to be terminated on the networks of the interconnecting Service Provider and all other licensed Service Providers.

(4) incorporate reasonable terms and conditions, including technical standards and specifications.

Every Dominant Service Provider designated, shall ensure that:

(1) it applies substantially the same terms and conditions to all Service Providers requiring interconnection or facilities access under similar circumstances.

(2) it provides interconnection and facilities access to all Service Providers under substantially the same conditions and quality as it provides for its own
telecommunications service operations or those of its Affiliates.

(3) it makes available on request, and without delay, all necessary or reasonably required information and specifications to Service Providers requesting interconnection or facilities access.

(4) it uses information received from a Service Provider seeking interconnection or facilities access only for the purposes for which it was supplied and does not disclose the information or use the information for any other anti-competitive purpose.

Article (50)

(1) The General Secretariat may require that interconnection or access charges of any Dominant Service Provider be subject to Article (29) of the Law and Articles (56), (57), (58) and (59) of this By-Law. The General Secretariat may also direct Dominant Service Providers to implement specific interconnection or access charges, or changes to such charges, as determined by the General Secretariat.

(2) Interconnection and facilities access charges of Dominant Service Providers designated in accordance with Article (48) of this By-Law shall be cost-based and in accordance with rules or standards determined by the General Secretariat.

(3) In establishing charges for interconnection or facilities access, Dominant Service Providers designated in accordance with Article (48) of this By-Law shall comply with any rules or orders applicable to interconnection or access, including any pricing, costing and cost separation requirements as prescribed by the General Secretariat.

Article (51)

(1) Every Dominant Service Provider designated in accordance with Article (48) of this By-Law shall perform the following:

(a) prepare a reference interconnection offer for approval by the General Secretariat within the time period prescribed by order of the General Secretariat.

(b) periodically update the reference interconnection offer as directed by orders of the General Secretariat.

(c) publish its approved reference interconnection offer in the following manner:

(-) filing a copy with the Supreme Council, who shall publish the reference
interconnection offer on the Supreme Council’s official website.

(-) making a copy available to the public in its principal business offices;

(-) publishing the agreement on the Service Provider’s website.

(-) sending a copy to any other Service Provider on request.

(2) Every reference interconnection offer shall:

(a) comply with any rules or orders applicable to interconnection or facilities access, including any applicable instructions regarding the form and content of a reference interconnection offer as prescribed by the General Secretariat.

(b) include a full list of services, sufficiently unbundled, to be supplied to Service Providers, setting out the associated terms and conditions, including the provisioning processes and charges for each service.

(c) not be amended by the Dominant Service Provider except as directed or approved by the General Secretariat.

(3) In the event that a Dominant Service Provider does not submit a reference
interconnection offer within the time period prescribed by the General Secretariat, or delays finalization of a reference interconnection offer acceptable to the General Secretariat, the General Secretariat may require the Dominant Service Provider to adopt a reference interconnection offer as prepared or prescribed by the General Secretariat.

Article (52)

(1) Every Dominant Service Provider designated in accordance with Article (48) of this By-Law shall within five (5) days from signing the interconnection or access agreement, file a copy of the agreement with the General Secretariat.

(2) Subject to the following paragraph, the Supreme Council may place a copy of any interconnection or access agreements filed with it in accordance with paragraph (1) of this Article on its official website.

(3) A Dominant Service Provider or any other party to an interconnection or access agreement that has been filed with the General Secretariat may identify specific information contained in the interconnection or access agreement as confidential, and may request that such confidential information be excluded from the copy of the agreement placed on the Supreme Council’s official website. Details of interconnection or access charges and all other essential terms and conditions offered by any Dominant Service Provider shall not be considered confidential; and the General Secretariat shall determine what information will be treated as confidential.

Article (53)

If the General Secretariat decides that an interconnection or access agreement is in violation of the Law or this By-Law, or the requirements of any regulation, rule, order, notice or License, it may issue an order requiring one or more of the parties to the agreement to amend the agreement.

Chapter Five.- Tariff Regulation

Article (54)

The General Secretariat shall have the authority to review all Service Provider tariffs, including wholesale and retail tariffs, and to determine any requirements regarding tariffs, their approval and publication, and the General Secretariat may issue regulations or orders to regulate the tariffs of Service Providers.

Article (55)

Articles (56), (57), (58) and (59) of this By-Law apply to Service Providers that the General Secretariat has designated as Dominant Service Providers in one or more telecommunications markets, in accordance with Articles (72), (73) and (74) of this By-Law. These tariff requirements shall apply to all service tariffs of a Dominant Service Provider, including all retail and wholesale tariffs. These tariff requirements shall also apply to interconnection or access related charges where those charges have been the subject of an order under paragraph (1) of Article (50) of this By-Law.

Article (56)

Tariffs that are subject to filing with and approval by the General Secretariat shall enter into force only after they have been approved by a decision from the General Secretariat.

The General Secretariat shall be entitled to issue interim orders regarding service tariffs and tariff related matters pending further evaluation and final determination. Final orders may confirm, amend or revoke any interim order.

Article (57)

Unless the General Secretariat orders otherwise, the Service Provider shall from the date on which the tariff or tariff revision is filed until the tariff or tariff revision is approved publish an electronic copy on its website; and maintain a paper copy available to the public at its main business offices; and within ten (10) days from the day on which the tariff or tariff revision is filed, place a notice of the tariff filing summarizing its contents and specifically identifying its effects, including its commercial impact on customers, in two local newspapers published in Arabic and English, or as otherwise directed by the General Secretariat.

Dominant Service Providers shall also comply with the tariff information and disclosure requirements of Articles (97), (98) and (99) of this By-Law and License Terms.

Article (58)

Tariffs charged by a Dominant Service Provider to other Service Providers shall be filed with and subject to approval by the General Secretariat in accordance with Article (29) of the Law and Article (56) of this By-Law; and the terms of the License.

Those tariffs must also comply with the orders issued by the General Secretariat.

Article (59)

The General Secretariat may require a Dominant Service Provider to prepare or participate in the development of a cost study of its telecommunications services if it determines that a cost study would be an effective and necessary means of addressing the effects of dominance or significant market power, preventing anti-competitive conduct or would otherwise be effective and necessary in implementing any scheme of tariff or price regulation.

The General Secretariat may require any Dominant Service Provider to prepare or participate in the development of a cost study for the purpose of determining the costs of providing different types of telecommunications services or the business activities of the Service Provider and the General Secretariat shall decide on the cost categories, form, approach, procedures and timing of the cost study; the Service Provider shall comply with all
requirements identified by the General Secretariat; and shall file with the General Secretariat the study.

The General Secretariat shall consult with the Service Provider required to file a cost study and any other interested parties before it makes an order requiring the study.

The General Secretariat may require a Dominant Service Provider to adopt identified cost accounting practices to facilitate cost studies or to achieve any other regulatory purpose under the Law or this By-Law, including the separation of accounts among different categories of business activities or services or as directed by the General Secretariat.

Article (60)

The General Secretariat may develop methods of price control and may consult Service Providers or any other interested parties.

The General Secretariat may issue orders or notices prescribing guidelines for the development of proposals for methods of price control; or setting out directions for the further development of any proposal that has been filed with the General Secretariat or any method of price control that is under development by the General Secretariat.

The General Secretariat may also approve of a proposal or method of price control for implementation by one or more Service Providers. Following development and approval of any method of price control, the General Secretariat may also issue regulations, rules, orders or notices required for its implementation.

Chapter Six.- Numbers and Numbering

Article (61)

The General Secretariat shall prepare, publish and manage a National Numbering Plan and shall allocate and assign numbers and number ranges in accordance with the National Numbering Plan. The General Secretariat shall, in preparing the National Numbering Plan take into account the following:

(1) The National Numbering Plan shall be consistent with the requirements of
international agreements, commitments, conventions, regulations and
recommendations to which the State of Qatar is party therewith.

(2) expected growth in demand for telecommunications services, and to allow numbers to be assigned with no delay.

(3) the plan and resulting allocation and assignment of numbers shall reflect the needs of Service Providers and customers, and be consistent with the efficient use of the Service Providers’ telecommunications networks.

(4) the plan may provide for many features such as number portability and service provider selection when required.

(5) allocation or assignment of numbers shall not confer an unreasonable advantage or disadvantage to any Service Provider.

Article (62)

In preparing and managing the National Numbering Plan, the General Secretariat shall have due regard for existing allocations and assignments of numbers and for the costs to Service Providers in accommodating the plan.

Article (63)

The General Secretariat may modify the National Numbering Plan and notify the Service Providers of this within a period of time as it deems appropriate, prior to the date when the modification is to be effected. Service Providers shall notify their customers regarding any such modification and its practical effects in accordance with any direction issued by the General Secretariat.

Article (64)

Service Providers and customers shall not have any property rights in numbers.

Article (65)

A Service Provider shall only change a customer’s number in the following cases:

(1) based on the request of the customer.

(2) a change in the location of fixed service customer which makes the retention of the existing number not technically or economically feasible.

(3) modification to the National Numbering Plan which orders this or any direction from the General Secretariat.

(4) the Service Provider has other reasonable grounds, including compliance with any orders, decisions or notices issued by the General Secretariat, and in this case the Service Provider has to give a written notice to the customer in question, stating the reason and anticipated date of change including any compensation to be paid by the Service Provider in accordance with Article (35) of the Law. In cases of emergency, oral notice with subsequent written confirmation shall be sufficient.

Article (66)

The General Secretariat may publish instructions on practices and procedures for the allocation and assignment of numbers, including identification of any fees or charges payable by Service Providers or customers for the allocation or assignment of numbers. The instructions will form part of the National Numbering Plan.

Article (67)

Subject to the requirements of any statement published by the General Secretariat, Service Providers shall ensure, at the time of allocation or assignment, that customers understand that they have no ownership, special or property rights in numbers and that numbers may be reallocated or re-assigned, including where the customer has paid a special fee or charge for the assignment or use of a particular number. Service Providers shall also ensure that they provide customers with adequate remedies in the event such numbers are re-allocated or reassigned, including appropriate refunds of any special fees or charges or other form of fair compensation.

Article (68)

The General Secretariat may, after consultation with Service Providers and other interested parties, issue an order to one or more Service Providers to develop or to assist in the development of a number portability implementation plan, for approval and implementation by the General Secretariat. Such order will form part of the National Numbering Plan. Any order issued by the General Secretariat in this regard shall contain:

(1) the schedule for implementation of number portability.

(2) markets and Service Providers covered by the plan.

(3) the technical means of providing number portability.

(4) the recovery of costs for implementation of the plan.

The number portability implementation plan shall identify specific responsibilities for the supply, development and operation of the facilities and systems needed to implement number portability.

Following development and approval of a number portability implementation plan, the General Secretariat may issue any other regulations, rules, orders or notices required for its implementation.

Article (69)

The General Secretariat may, after consultation with Service Providers and other interested parties, issue an order directing one or more Service Providers to develop or to assist in the development of a Service Provider selection or Service Provider pre-selection implementation plan, for approval and implementation by the General Secretariat.

Following development and approval of a Service Provider selection or Service Provider preselection implementation plan, the General Secretariat may issue any other regulations, rules, orders or notices required for its implementation.

Chapter Seven.- Universal Service

Article (70)

(1) The General Secretariat may set out a policy stating specific objectives, and related principles and service obligations, relating to the provision of universal service and related access to telecommunications services and telecommunications facilities in the State of Qatar and the General Secretariat may consult with Service Providers and other interested parties when developing a universal service policy.

(2) In setting out the universal service policy, the General Secretariat shall take into account the following:

(a) the objectives for the development of universal service, including the state of universal access.

(b) the telecommunications services and telecommunications facilities to be included in universal service offerings.

(c) the service areas or types of service areas in which specified levels of universal service should be achieved.

(d) the costs of the universal service obligations, and how these costs should be met.

In developing a universal service policy, the General Secretariat shall ensure that any universal service obligations of Service Providers are administered in a transparent, nondiscriminatory and competitively neutral manner.

Article (71).- Universal Service Fund

Following approval by the Board of the universal service policy, the General Secretariat may issue a regulation to establish a Universal Service Fund to subsidize the net costs of providing universal service. The regulation shall determine how the Universal Service Fund shall be operated and administered. The Universal Service Fund shall be administered by and under
the direction of, the General Secretariat.

All Service Providers shall contribute to the Universal Service Fund in accordance with the policy approved by the Board, the terms of their Licenses, any implementing regulation or decisions issued by the General Secretariat.

The disbursement procedures of the Universal Service Fund shall be prescribed by the Secretary General, and shall be administered in a transparent, non-discriminatory and competitively neutral manner.

Chapter Eight.- Competition Policy

Article (72)

The General Secretariat shall issue a notice which establishes the standards and methodology that it will apply in determining whether Significant Market Power exists in a particular relevant market. The General Secretariat shall publish the methodology on the website of the Supreme Council and may be modified from time to time by it.

The methodology may include the following elements and any other relevant factors which will be applied in accordance with criteria set out in third paragraph of this Article:

(1) definition of the relevant telecommunications market or markets in terms of products and geographic scope.

(2) assessment of market power based on a review of the economic and behavioural characteristics of the relevant market and an examination of the extent to which a Service Provider, acting alone or jointly with others, is in a position to behave independently of customers or competitors.

The methodology may include the following criteria for assessing the degree of market power in a relevant market:

(1) market share.

(2) absolute and relative size of the firm in the relevant market.

(3) degree of control of facilities and infrastructure that would be uneconomical for another person to develop to provide services in the relevant market.

(4) economies of scope and scale.

(5) absence of countervailing buyer power, including customer churn characteristics.

(6) structural and strategic barriers to entry and expansion.

(7) any other factors relevant to evaluating the existence of market power in a particular market.

The methodology may also provide guidance on the parameters that will be used for measuring market share (number of lines, number of minutes, revenues or other relevant metrics), and for ease of administration, the General Secretariat may, in the absence of evidence to the contrary, may deem that an individual Service Provider with a share of more than 40 percent of the relevant market is a Dominant Service Provider.

Article (73)

The General Secretariat shall undertake a baseline review of those telecommunications markets that it determines should be examined as a matter of priority. In undertaking its assessment, the General Secretariat shall rely on the best data available to it, and all market participants shall cooperate fully in furnishing information requested by the General Secretariat in order to carry out its evaluation. Where true, complete and accurate data is not
available, the assessment may be based on reasonable estimates, proxies and regulatory actions in comparable jurisdictions in the region.

Article (74)

The General Secretariat’s decisions on dominance designations shall be published on the official website of the Supreme Council in a format that conceals information classified by the General Secretariat as confidential, along with a current list of all Service Providers which the General Secretariat has designated as dominant and the specific market(s) in which they been found to be dominant.

The General Secretariat shall, from time to time, review its designation of service providers as dominant in the relevant markets and the specific requirements imposed upon those service providers as a result of that designation. In doing so, the General Secretariat will take into account the presence of new market entrants and evaluate whether market forces are
sufficient to safeguard the interests of customers and the public.

Article (75)

Dominant Service Providers are prohibited from undertaking any activities or actions that abuse their dominant position. In addition to the conduct and activities specifically identified in Article (43) of the Law, the General Secretariat may prohibit any other action or activities engaged in by a Dominant Service Provider that the General Secretariat determines to have
the effect or to be likely to have the effect of substantially lessening competition in any telecommunications market.

Article (76)

In addition to the provision of Article (46) of the Law and any other remedies identified by the General Secretariat from time to time in accordance with this By-Law, the General Secretariat may require the Service Provider involved in the abusive action or anticompetitive practices, and the persons affected by such actions or practices, to meet and attempt to determine remedies for such actions or practices.

In case of repeated breaches of an order made by the General Secretariat to prohibit a Dominant Service Provider from the abuse of its dominant position or other anti-competitive action or activities, the General Secretariat may issue a order requiring the Service Provider to divest itself of some lines of business provided that:

(1) the Service Provider is notified in writing prior to issuing such an order to allow the Service Provider to provide its comments regarding this matter.

(2) the General Secretariat determines that such an order is an effective measure to end an abuse of dominant position or anti-competitive practices.

Article (77)

No transfer of control of a Service Provider shall become effective by any transaction without one or more parties providing written notification of the intended transaction to the General Secretariat. The written notification shall be given without delay, within a period of not less than sixty (60) days prior to the intended completion date of the transaction. The written notification shall in reasonable detail and with sufficient clarity identify all the parties to the
transaction, including their respective Affiliates or any related Persons, and shall summarize the nature of the transaction, including the intended completion date. In addition, the Licensee shall provide such information, and comply with such procedural requirements, as the General Secretariat may specify.

Within thirty (30) days of receiving the above-mentioned notification, the General Secretariat shall issue a written order in reply to the parties confirming whether the transaction will require approval under Article (78) of this By-Law. If approval of the transaction is not required, the order will state this. In such case, the order will also specify the conditions, if any, that would apply to any additional ownership, voting or other rights in the entity to be
acquired, or to any Affiliates of the entity to be acquired. The order will also indicate under what circumstances any proposal to acquire additional rights in the entity must be notified to the General Secretariat for review.

Article (78)

No transfer of control of a Service Provider shall be effected without the prior approval of the General Secretariat if:

(1) a Dominant Service Provider, or an Affiliate of a Dominant Service Provider is the Person ultimately acquiring control of the Service Provider; or the Person whose control is being transferred.

(2) the General Secretariat determines, in its sole but reasonable discretion, that as a result of the transfer a Person, alone or with its Affiliates or related persons, may become a Dominant Service Provider.

(3) The General Secretariat determines, in its sole but reasonable discretion, that the proposed transfer of control may result in a substantial lessening of competition.

Article (79)

No transfer of control that requires prior approval under the preceding Article shall be completed or have any legal force or effect unless the Person makes written application for approval of the transfer to the General Secretariat, and receives written approval for the transfer from the General Secretariat.

Article (80)

Applications for transfers of control stipulated under the preceding Article shall contain detailed information regarding the proposed transaction(s) provided that such information shall, at a minimum, include the following:

(1) the Persons involved in the transaction(s), including the buyers, sellers, their affiliated Persons, any related persons, and any shareholders or other Persons that have ownership rights in all such Persons;

(2) a description of the nature of the transaction(s) and a summary of the commercial terms.

(3) financial information regarding the Persons involved in the transaction(s), including their annual revenues from telecommunications markets identified by specific markets, value of assets for the telecommunications business and copies of any updated annual or quarterly financial reports.

(4) a description of the relevant telecommunications markets where those Persons involved or engaged in the transaction(s) operate in.

Article (81)

The General Secretariat may request at any time additional information regarding any transaction that is the subject of a notification under Articles (77) and (79) of this By-Law.

Article (82)

The General Secretariat shall, within sixty (60) days from receipt of the above-mentioned application stipulated under Article (79), or from date of receipt of the additional information requested pursuant to the preceding Article:

(1) approve the transfer of control with no conditions.

(2) conditional approval of the transfer of control. The conditions shall be related to the promotion and development of telecommunications markets in order to make them open and competitive in the State of Qatar and related to the protection of customers’ interests.

(3) deny the transfer of control.

(4) issue an order extending the review period for an identified period of time.

(5) issue a notice to initiate an investigation regarding the proposed transfer of control and take one of the above-mentioned decisions set out in subparagraphs (1), (2) or (3) of this Article.

Article (83)

Any party to a proposed transaction may apply to the Supreme Council requesting expedited approval of the transaction, including in the event that the General Secretariat does not take any of the decisions identified in the preceding Article within the identified 60 day period.

Article (84)

Transfers of control involving the assignment of Individual Licenses or Radio Spectrum Licences shall be reviewed by the General Secretariat pursuant to the competition policy and criteria, and in accordance with Articles (13), (32), (33) of this By-Law, also pursuant to a coordinated timetable corresponding to the provisions of Articles (77), (78), (79), (80), (81), (82), (83), (84), (85).
Article (85)

Following approval by the General Secretariat, a party seeking to effect a transfer of control of the Licensee will have 180 days to consummate the proposed transaction and notify the General Secretariat of its completion. If necessary, the General Secretariat may approve one or more extensions to the above-mentioned period upon request of the Licensee.

Chapter Nine.- Consumer Protection Provisions

Article (86)

Licensees and Service Providers shall comply with the provisions of this Chapter, the terms and conditions of applicable Licenses and with any regulations, rules, orders or notices issued by the General Secretariat in this regard.

Article (87)

Service Providers shall not transfer or attempt to transfer customers, and shall not charge customers for services, except in accordance with customer orders, agreed service terms or other written customer directions.

In addition to the orders issued by the General Secretariat regarding customer terms, service provision or billing, the Service Providers shall provide customers with invoices as follows:

(1) at least once every three (3) months and for free.

(2) in paper form, or in electronic form if the customer consents.

(3) in a plain and simple format.

(4) that provide accurate information on the services provided, the amounts due for each service and the method of calculation of tariffs for any service on which invoices are based, on the length of calls or other measure of usage.

Article (88)

Service Providers shall retain accurate records of all customer orders, service provisioning and billing for a period of at least twelve (12) months from the relevant billing date, and shall make them available to the General Secretariat upon request in accordance with the Law.

Article (89)

Where the General Secretariat has a concern relating to billing practices, it may require Service Providers to publish information on billing systems or billing practices or to take such other steps relating to their billing systems or billing practices as the General Secretariat may consider appropriate.

Article (90)

No Service Provider shall make any false or misleading claim or suggestion regarding the availability, price or quality of its telecommunications services or equipment; or the telecommunications services or equipment of another Service Provider.

A claim or suggestion is false or misleading if the Service Provider knew or ought to have known at the time it was made that it was false or misleading or that it was likely to deceive or mislead the person to whom it was made.

Article (91)

Service Providers shall take all reasonable steps to ensure the confidentiality of customer communications. Service Providers shall not intercept, monitor or alter the content of a customer communication, except with the customer’s explicit consent or as expressly permitted or required by applicable laws of the State of Qatar.

Article (92)

The purposes for which customer information is collected by a Service Provider shall be identified at or before collection, and a Service Provider shall not, except as permitted or required by law, or with the consent of the person to whom the information relates, collect, use, maintain or disclose customer information for undisclosed or unauthorised purposes. The Service Provider shall be entitled to use customer information for all legitimate purposes identified in its terms of service, or in accordance with the customer’s consent in accordance with legal and constitutional controls.

A Service Provider shall be responsible for any records, which are under its custody or control or under the custody or control of its agents, containing customer information and communications. Service Providers shall ensure that customer information and customer communications are protected by security and technical safeguards that are appropriate to their sensitivity.

A Service Provider shall not disclose customer information to any person without the customer’s consent, unless disclosure is required or permitted by the General Secretariat in accordance with the applicable laws or regulations of the State of Qatar.

All customer-specific information, and in particular billing-related information, shall be retained and used by a Service Provider only for purposes specifically provided for in the applicable terms of service or other agreed customer terms, or in accordance with any rules or orders made by the General Secretariat, or as otherwise permitted by applicable laws.

Service Providers shall ensure that customers’ information is accurate, complete and updated regularly for the purposes for which it is to be used.

Article (93)

Nothing in this By-Law prohibits or infringes upon the rights of authorized governmental authorities to access confidential information or communications relating to a customer, in accordance with applicable laws.

Article (94)

Service Providers shall identify a person or group of persons to receive complaints from customers other than Service Providers. Details of how to contact such person or group of persons shall be provided on all written communications sent to customers and also on each Service Provider’s website.

Service Providers shall set certain procedures to deal with complaints of customers other than Service Providers and have them published in the form and manner that is approved by the General Secretariat. These procedures along with any amendments introduced shall be subject to the approval of the General Secretariat.

Service Providers shall not disconnect or change the telecommunications services being provided to a customer that are the subject of a complaint or dispute, other than in accordance with the terms of service approved by the General Secretariat pursuant to Article (96) of this By-Law or as permitted by an order made by the General Secretariat.

Article (95)

The General Secretariat shall undertake any other appropriate action to protect the public from harassing, offensive or illegal telecommunications in accordance with the Law, this ByLaw and other applicable laws.

Article (96)

The General Secretariat may require a Service Provider to submit to it draft terms of service to it for approval and may prescribe a timetable for review, approval and implementation of the terms of service.

Terms of service shall be consistent with the Law, this By-Law, and all applicable regulations, rules, orders and License conditions, and shall describe the basic terms of the relationship between the Service Provider and its customers in the provision and use of telecommunications services.

The General Secretariat shall approve draft terms of service as submitted to it or after introducing changes to it as the General Secretariat deems appropriate. Once approved, the terms of service will replace the customer terms used by a Service Provider and shall become binding on the Service Provider and its customers.

The General Secretariat may issue an order discontinuing the requirement for a Service Provider to submit draft terms of service to the General Secretariat for approval where it determines that its approval is no longer required to protect the interests of customers.

Article (97)

Each Service Provider shall publish the following information on its website:

(1) the current version of any terms of service or other standard customer terms and conditions of service approved by the General Secretariat.

(2) Its tariffs, rates and charges for any equipment or services, including all approved tariffs and proposed tariff changes which have been filed with the General Secretariat in accordance with Article (55) of this By-Law.

(3) the official website address and other contact information of the Supreme Council, along with a clear statement that the Service Provider is regulated by the Supreme Council under the Law, this By-Law and any other applicable laws, and that customers and other Service Providers may contact the Supreme Council if they are unable to resolve disputes with Service Providers.

(4) a user-friendly navigation system that allows a customer to locate the abovementioned information easily.

Article (98)

Service Providers shall also maintain paper copies of the information described in the preceding Article at all of their business offices. This information shall also be made available for public inspection, without charge, during normal business hours. Copies of the information shall also be sent to the Supreme Council for public reference, and may be published by the Supreme Council in the manner that the General Secretariat deems
appropriate.

Article (99)

If required by an order of the General Secretariat, a Service Provider shall include the current version of its terms of service or other standard customer terms and conditions, copies of its tariffs, rates and charges being available for review at its business offices and the other information described in paragraph (3) of Article (97) of this By-Law in the introductory pages to every telephone directory published by it or on its behalf. Service Providers shall
provide, upon request and at a reasonable charge, paper copies of its terms of service and all applicable tariffs, rates and charges to any customer who requests them.

Article (100)

The General Secretariat may issue regulations, rules or orders requiring Service Providers to provide customers with a telephone directory and access to directory services.

Service Providers shall provide customers with a telephone directory and access to directory services in accordance with any regulations, rules or orders issued by the General Secretariat.

Service Providers shall also exchange and compile customer information as required to facilitate the production of telephone directories or the provision of directory services in accordance with any regulations, rules or orders issued by the General Secretariat.

Article (101)

The General Secretariat shall set the minimum quality of service standards and may have them amended by following consultation with the related Service Providers.

The Supreme Council may include those criteria in the Licenses, or issue them by an order from it.

A Service Provider shall deliver to the General Secretariat a written quality of service report each quarter in the form and detail prescribed by the General Secretariat and setting out therein the Service Provider’s actual results for each quality of service standard.

Article (102)

If the quality of service report mentioned in the preceding Article shows that a quality of service standard has not been fulfilled nor achieved, the Service Provider shall provide a clear explanation stating the reason behind it and the steps it has taken or to taken by it in order to implement that standard.

The General Secretariat shall advise the Service Provider within thirty (30) days from receipt of quality of service reports and whether it accepts the report and the explanation submitted regarding any standard not achieved. If the General Secretariat does not reply within the above-mentioned period, this shall be deemed approval by the General Secretariat of the report, including the explanation.

In case the General Secretariat does not accept the explanation, the General
Secretariat shall issue an order stating the extra steps that the Service Provider shall take and the time frame within which those steps shall be taken, including submission of any additional reports by the Service Provider until the standard is achieved; and specific refunds, if any, or any other customer remedies to be implemented by the Service Provider as a result of its failure to comply with the quality of service standards.

Article (103)

A Service Provider shall publish on its website, in accordance with the orders of the General Secretariat, the quality of service report or any other additional related material submitted by it to the General Secretariat. The Supreme Council may also post on its official website the quality of service report or any additional related material submitted by a Service Provider.

The General Secretariat may require a Service Provider to publish all of the quality of service reports or parts therefrom or any information relating to quality of service in both the Arabic and English languages and in two local newspapers.

The Supreme Council may issue press releases and publish information regarding Service Provider quality of service performance, including comparisons regarding the quality of service performance among different Service Providers.

Article (104)

The service obligations of Service Providers described in this Chapter shall extend to the installation, operation, maintenance and repair of all telecommunications facilities that are owned or provided by the Service Provider and located on the customer’s property.

A Service Provider shall have the right to enter a customer’s premises or property for the purposes described in the preceding paragraph, subject to the following conditions:

(1) the Service Provider has given the customer a notice and has received the consent of the customer.

(2) the Service Provider dispatches identified and qualified personnel.

Article (105)

The General Secretariat may issue any orders relating to Service Provider liability, customer refunds and damages associated with the provision of services. The General Secretariat may take these provisions into consideration in the course of approving terms of service pursuant to Article (96) of this By-Law.

Chapter Ten.- Access to Property

Article (106)

Where a Service Provider cannot, on commercially reasonable terms and within sixty (60) days following the commencement of negotiations between the Service Provider and the concerned party obtain the consent of the government authority having jurisdiction over State Public and Private Property or facilities to construct, maintain or operate telecommunications
network facilities on that land or facility; or gain access to the pole, duct, tower or other supporting structure of a telecommunications, electrical power, or other transmission system constructed on that property or facility that is owned or controlled by the State, the Service Provider may apply to the Supreme Council for assistance or to exercise its powers under applicable laws and regulations.

Article (107)

Upon receipt of an application for assistance in accordance with the preceding Article, the General Secretariat shall consult with the concerned government authority to find a solution acceptable to both the Service Provider and the concerned government authority. If the General Secretariat’s consultation fails to produce agreement within a period of (60) days from date of receipt by the General Secretariat of the request, the General Secretariat may refer the matter for resolution to any administrative, executive or any other competent
authority that has jurisdiction, or the General Secretariat may provide assistance as it deems appropriate, or the parties to the dispute may refer the matter to the courts for resolution.

Article (108)

The Service Provider may apply to the General Secretariat for assistance in reaching an agreement with the owner of private land or private facility, or for the exercise of powers under applicable laws or regulations to obtain access to private land or private facility to construct, maintain or operate telecommunications network facilities, or to provide telecommunications services; if the Service Provider cannot, on commercially reasonable
terms, reach an agreement with the owner of the private land or private facility within thirty (30) days from date of commencement of negotiations with the concerned party.

Article (109)

Upon receipt of an application for assistance in accordance with the preceding Article, the General Secretariat shall take the steps it deems necessary to assist the concerned parties. If the General Secretariat’s consultation fails to produce agreement within a period of sixty (60) days, from the date of receipt by the General Secretariat of request for assistance, the General Secretariat may refer the dispute to any administrative, executive or other competent body that has jurisdiction, or the General Secretariat may provide assistance as it deems appropriate, or the parties to the dispute may refer the matter for resolution by the court.

Article (110)

The Secretary General may prescribe regulations that require any Service Provider to allow other Licensees to have access to conduit, ducts, cabling, wire and space for switching facilities inside multi-tenanted buildings where historic or contractual arrangements create anti-competitive conditions in respect of such access. Such regulations shall prohibit any Service Provider from providing, installing or continuing to service inside wiring, duct, conduit and related facilities unless the property owner also permits other duly authorized Licensees to have the same rights of access, absent a proof showing of undue burden to the property-owner based on unusual circumstances.

Article (111)

A Service Provider shall, in exercising any rights of access stipulated in Articles (106), (107), (108), (109), (110) of this By-Law, comply with all other applicable laws and regulations and with all applicable planning and approvals requirements and related processes. Service Providers shall indemnify property owners for any damage to property, injury or expense caused by the Service Provider acting contrary to any terms of access, laws, regulations or
planning and approvals processes.

In exercising the functions identified in Articles (106), (107), (108), (109), (110) or as otherwise appropriate to facilitate the construction, maintenance or operation of telecommunications facilities, the General Secretariat may establish and oversee the operation of a committee or other body to coordinate applicable planning and approvals requirements and related processes. The General Secretariat may issue regulations, rules, orders or notices required for the establishment or operation of such a committee or
coordinating body.

Article (112)

Service Providers with existing telecommunications network facilities shall allow other Service Providers, whom the General Secretariat have decided that they are entitled to co-locate, to co-locate their telecommunications network facilities on those existing facilities, including central office premises and other equipment locations, land and roof tops, mast sites, towers, conduits, ducts, poles and underground facilities, and physical and virtual colocation arrangements, where such co-location is technically and economically feasible.

In the event that the parties fail to reach agreement within 30 days following the commencement of such negotiations, either party may request the assistance of the General Secretariat to reach an agreement in accordance with the provisions of the Articles (106), (107), (108), (109), (110) of this By-Law.

The party requesting co-location shall compensate the party required to provide colocation for such an amount as the parties may agree to or where the parties are unable to agree, the party requesting co-location shall compensate for such an amount as determined by the General Secretariat.

Where the parties are unable to agree on the terms of co-location, any party may request the General Secretariat to resolve the dispute in accordance with Articles (121), (122), (123) of this By-Law.

Article (113)

In addition to the rules and conditions of this Chapter, the terms of co-location shall be subject to Chapter Four of this By-Law.

Article (114)

New telecommunications facilities shall be installed in a manner that do not create an undue adverse effect on existing telecommunications facilities or other existing installations including installations used to maintain public ways, water and gas lines, oil pipelines and electrical installations or other.

Article (115)

Any person installing new telecommunications facilities shall compensate affected persons for the reasonable costs of relocating, modifying or protecting existing facilities or installations which result from the installation of the new facilities.

Article (116)

The General Secretariat may issue regulations, rules, decisions, orders or notices related to access to private or public property, in coordination with other concerned authorities.

Chapter Eleven.- Telecommunications Equipment Standards and Approval

Article (117)

The General Secretariat may issue regulations, rules, orders and notices regarding technical standards and specifications, equipment specifications, testing facilities, the application and procedures for certification or type approval of telecommunications equipment; and any other aspect of practice or procedure relevant to equipment standards or certification. The General Secretariat may consult with the Ministry of Health in the State of Qatar regarding some matters relating to public health and telecommunications equipment, if any.

Article (118)

In exercising its functions and powers regarding equipment standards and certification procedures or type approval, the General Secretariat may require from the concerned any information or documentation regarding equipment performance, standards or certification.

Article (119)

The General Secretariat shall ensure that all technical standards, specifications and certification requirements that it identifies as mandatory requirements for telecommunications equipment, are consistent with, the technical requirements and procedures generally applicable to electrical equipment, radio-communications apparatus and consumer products approved for sale or use in the State of Qatar.

Article (120)

The General Secretariat may issue instructions regarding ceasing use or removal of the equipment that was in use prior to the effective date of the Law if it determines that such telecommunications equipment interfere(s) with the operation of other telecommunications equipment, or constitute a public hazard and may issue instructions regarding of any replacement or modified equipment.

Chapter Twelve.- Dispute Resolution

Article (121)

In accordance with Article (61) of the Law, the General Secretariat shall resolve disputes arising between service providers, or between service providers and others, which are under its jurisdiction in accordance with the Law and this By-Law, and the General Secretariat shall establish procedures for the fair and efficient resolution of such disputes.

Article (122)

The General Secretariat may issue regulations, rules, orders and notices related to dispute resolution.

Article (123)

Where Service Providers have been unable to agree on the resolution of a matter following reasonable efforts to reach an amicable settlement, one or more Service Providers may apply to the General Secretariat for assistance in resolving the dispute, and the General Secretariat may take any of the following measures:

(1) assign members of its staff or an expert consultant to attempt to resolve the dispute.

(2) issue a decision to resolve the dispute, and the decision shall be binding.

(3) take any other action as it deems appropriate.

(4) direct the parties to refer the dispute to the competent Court.

Article (124)

Where a customer other than a Service Provider has a dispute with a Service Provider that the parties have been unable to resolve among themselves, by means of the Service Provider’s customer complaint process approved by the General Secretariat, either party may request the assistance of the General Secretariat to resolve the dispute, and the General Secretariat may take any of the following measures:

(1) assign members of its staff or an expert consultant to attempt to resolve the dispute.

(2) issue a decision to resolve the dispute and the decision shall be binding.

(3) take such other action as it deems appropriate.

(4) direct the parties to refer the dispute to the competent Court.

Article (125)

Parties to a dispute may refer the dispute to private mediation or arbitration and all costs arising therefrom including any travel or other expenses incurred by the General Secretariat in connection with any assistance in resolving the dispute, shall be paid for by the parties of the dispute.

Article (126)

Service Providers shall be subject to the dispute resolution processes defined or initiated by the General Secretariat pursuant to the Law and this By-Law or any other applicable laws, regulations or procedural rules. Service Providers shall also be subject to any customer complaint procedures established or approved by the General Secretariat.

Chapter Thirteen.- Provision of Information

Article (127)

The General Secretariat may require Service Providers or others to provide it with information that it deems necessary for the exercise of its powers or that enables it to perform its functions.

Article (128)

Such information shall be provided in the format specified by the Information Request and may include, but not limited to, data that must be calculated or compiled by the recipient of the Information Request, original paper-based documents and information stored in digital electronic format.

Article (129)

The Information Request shall specify the data that is required, identify the proceeding and purpose for which the data is being collected, and indicate the time period within which the information must be supplied to the General Secretariat. The General Secretariat may extend the deadline for the submission of part or all of the information requested if the recipient of the Information Request provides a convincing justification, in writing, at least five (5) working days before the date on which the information is due.

Article (130)

The General Secretariat shall take into consideration a request made by the recipient of the Information Request for the confidential treatment of the information provided and the General Secretariat shall ensure that appropriate measures are taken to protect the confidentiality of information, which the General Secretariat determines to be confidential or commercially sensitive.

Article (131)

The recipient of an Information Request shall cooperate fully and shall provide true and complete answers to the questions posed within the timeframe established by the General Secretariat.

Article (132)

If a recipient of an Information Request does not furnish the requested information within the time stipulated by the General Secretariat, the General Secretariat may base its decisions or any other actions on the best alternative data available to it, and may collect the alternative data from published reports issued by third parties, relevant benchmarks, and reasonable estimates based on known data.

09Jul/17

Resolución 109/2016, del 16 de diciembre de 2016, del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA). Estándar del Servicio de Provisión de Internet en forma inalámbrica (WIFI)

VISTO el Expediente nº 35/14 del Registro del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), los Decretos nros. 375 de fecha 24 de abril de 1997, 500 de fecha 2 de junio de 1997, ambos ratificados por el Decreto de Necesidad y Urgencia nº 842 de fecha 27 de agosto de 1997, los Decretos nros. 163 de fecha 11 de febrero de 1998, 1799 de fecha 4 de diciembre de 2007 y la Resolución nº 96 de fecha 31 de julio de 2001 del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), y

CONSIDERANDO:

Que en el Expediente citado en el Visto tramita actualmente la propuesta del Departamento de Control de Calidad de este Organismo Regulador de implementar el “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del SIistema Nacional de Aeropuertos (SNA)”, a fin de garantizar la prestación en forma libre y gratuita del servicio en el marco de un determinado estándar, mejorando la experiencia del usuario.

Que cabe considerar que el área técnica del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) analizó las características y la calidad del servicio de provisión de Internet en forma inalámbrica (WIFI) que se brinda en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), realizando pruebas de velocidad en varios de los referidos aeropuertos.

Que de dicho análisis surgió que el mencionado servicio se presta en diferentes condiciones en los distintos aeropuertos y que no existe una calidad mínima establecida que satisfaga las necesidades del usuario aeroportuario en el Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA).

Que en tal sentido el Departamento de Control de Calidad manifiesta que “El ORSNA como parte de su misión debe velar por la calidad de los servicios aeroportuarios que se ofrecen en los Aeropuertos del SNA, por ello debemos garantizar que la experiencia del usuario del servicio WIFI sea satisfactoria”.

Que el Departamento de Control de Calidad informa que los canales en las frecuencias 2,4Ghz y 5Ghz están ocupados por redes WIFI de prestadores, de organismos oficiales y del Concesionario Aeropuertos Artentina 2000 Sociedad Anónima, generando, de este modo, interferencias y degradando la calidad de las transmisiones de internet gratuito y la calidad del servicio prestado al usuario.

Que el área técnica expresa que “Se observa que los explotadores determinan características del servicio heterogéneas entre sí y además que no existe una calidad mínima establecida que satisfaga las necesidades del usuario aeroportuario, se sugiere que este Organismo establezca un estándar mínimo de servicio para garantizar un servicio adecuado”.

Que el mencionado Departamento, a los efectos de garantizar un servicio adecuado, indica que “Analizando distintos mecanismos que proponen los fabricantes y analistas, establecer una velocidad mínima garantizada en los horarios de conexiones pico resulta el más indicado dada la distribución horaria en las terminales aeroportuarias”.

Que el Departamento de Control de Calidad concluye que “La implementación del esquema de velocidad mínima permite la utilización del ancho de banda ocioso el resto del tiempo en que hay menos usuarios, por ello este mecanismo maximiza la utilización del ancho de banda para el usuario”. A ello agregó que “En base a las mediciones formuladas, y teniendo en cuenta lo dicho se sugiere la adecuación del espectro wifi y el establecimiento de un estándar para la provisión del servicio wifi gratuito”. Así también se sugiere que el servicio wifi esté disponible a la mayor cantidad de usuarios aeroportuarios posible”. Por último el área técnica en cuestión señala que “…habiéndose analizado el equipamiento adquirido por parte del concesionario Aeropuertos Argentina 2000 S.A, se sugiere que los aeropuertos bajo su administración conformen la primera etapa de implementación del estándar wifi dado que resultan capaces y suficientes”.

Que conforme lo expuesto en los considerandos precedentes, se prevé la necesidad de establecer un estándar para la prestación del servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA).

Que para el establecimiento del estándar propiciado en el servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), el Departamento de Control de Calidad utilizó como parámetro similar la calidad del servicio en cuestión prestado en la región y en otros países del mundo.

Que de dicho estudio surge que la prestación del servicio de provisión de Internet en forma inalámbrica (WIFI) libre y gratuito es una práctica habitual que se realiza en otros aeropuertos del mundo que favorece la comunicación de los usuarios aeroportuarios, ofreciéndose en condiciones de igualdad, libre acceso y no discriminación en el uso de dicho servicio.

Que la estandarización de los parámetros de calidad en el citado servicio otorga previsibilidad en la prestación del mismo, favoreciendo de esta manera a los usuarios, quienes incorporan a su cotidianeidad el uso de equipos de comunicación portátiles en los aeropuertos.

Que asimismo, el establecimiento de un estándar respecto de este servicio aporta orden y seguridad en el uso del espectro del servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA).

Que el estándar que propicia el Departamento de Control de Calidad fija un mínimo de velocidad garantizada en los horarios en que se encuentran presentes la mayor cantidad de conexiones simultáneas, y prevé que en el resto de los horarios la velocidad de conexión se distribuya según la cantidad de conexiones establecidas.

Que ello permite que en caso de existir pocas conexiones los usuarios incrementen su velocidad y así mejore su experiencia y satisfacción en el uso del servicio de provisión de Internet en forma inalámbrica (WIFI).

Que la implementación del esquema de velocidad mínima permite la utilización del ancho de banda ocioso el resto del tiempo en que hay menor cantidad de usuarios.

Que asimismo, con la presente medida se busca otorgar un servicio seguro que evite cualquier tipo de filtración de los datos sensibles.

Que la medida propuesta por el Departamento de Control de Calidad será sometida, a continuos exámenes de eficiencia y eficacia en forma constante a los fines de evaluar su aplicación y los logros obtenidos.

Que asimismo, cabe considerar que el Decreto nº° 375 de fecha 24 de abril de 1997 establece en su Artículo 14 Inciso a), que el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) tiene entre sus principios y objetivos asegurar la igualdad, el libre acceso y la no discriminación en el uso de los servicios e instalaciones aeroportuarias.

Que dentro de los servicios que se prestan actualmente en los aeropuertos, se encuentra el de provisión de Internet en forma inalámbrica (WIFI), por lo que este Organismo Regulador debe llevar adelante los mecanismos pertinentes a los fines de establecer los requisitos mínimos de su prestación.

Que de acuerdo a lo establecido en el Título Primero, Numeral 1, Punto a) del Pliego de Bases y Condiciones aprobado por el Decreto nº 500 de fecha 2 de junio de 1997 el Estado Nacional persiguió con la Licitación del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA) “mejorar substancialmente la actual infraestructura y operación de los aeropuertos objeto de la presente licitación y llevarla a los mayores niveles de operatividad, seguridad, tecnología y confianza posibles, acordes con los estándares internacionales en la materia, de forma de garantizar la mejor prestación del servicio aeroportuario a los usuarios”.

Que otro de los propósitos de la concesión, plasmado en el Punto c) del Numeral 1 de la citada norma fue el de “Incrementar la calidad de la prestación del servicio aeroportuario a los efectos de beneficiar a los usuarios destinatarios de tales mejoras”.

Que la concesión para la administración, explotación y funcionamiento de los aeropuertos integrantes del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos ha sido otorgada a la empresa Aeropuertos Argentina 2000 Sociedad Anónima por medio del Decreto nº 163 de fecha 11 de febrero de 1998, exigiendo que la administración y explotación comercial que el Concesionario ejerce, se desarrolle llevando a cabo todas las medidas y acciones necesarias para asegurar la continuidad en la prestación de los servicios cuya explotación se comprenda en los términos de la concesión, y el mantenimiento de los aeropuertos involucrados en óptimas condiciones operativas, asegurando además a los usuarios condiciones de seguridad y confort en el uso de las instalaciones (Artículo 13, numeral XXV).

Que el Numeral 3 de la Parte Cuarta del Acta Acuerdo de Adecuación de Contrato de Concesión, ratificada por Decreto nº 1799 de fecha 4 de diciembre de 2007, prevé la obligación del Concesionario de cumplir con los estándares de calidad que establezca el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), los cuales deben ser prudentes y establecidos de manera razonable por este Organismo Regulador según lo previsto en el Anexo I de la referida Acta Acuerdo

Que por su parte, el “Reglamento General de Uso y Funcionamiento de los Aeropuertos del Sistema Nacional de Aeropuertos” aprobado por la Resolución nº 96 de fecha 31 de julio de 2001 de este Organismo Regulador estableció en el Artículo 5.6.1 que el explotador aeroportuario deberá: “Aplicar y cumplir el nivel de servicio y los estándares de calidad de atención al pasajero, usuario y público en general, establecidos por el ORSNA o por la Autoridad de aplicación que corresponda”.

Que, en este sentido, el estándar propuesto en la presente se encuentra acorde con los lineamientos básicos por los cuales se determinó la concesión para la explotación, administración y funcionamiento del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA).

Que el Departamento de Sistemas y de Tecnología Informática de este Organismo Regulador ha tomado la intervención pertinente en el ámbito de su competencia.

Que la Gerencia de Asuntos Jurídicos, ha tomado la debida intervención.

Que el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) es competente para el dictado de la presente, conforme lo dispone el Artículo 3° de la Ley Nacional de Procedimientos Administrativos nº 19.549 y demás normativa citada precedentemente.

Que en reunión de Directorio de fecha 18 de noviembre de 2016 se ha considerado el asunto, facultándose al suscripto a dictar la presente medida.

Por ello,

EL DIRECTORIO DEL ORGANISMO REGULADOR DEL SISTEMA NACIONAL DE AEROPUERTOS

RESUELVE:

Artículo 1°.-  Aprobar el “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)” que como ANEXO I integra la presente medida.

Artículo 2°.-  Instruir a la empresa Aeropuertos Argentina 2000 Sociedad Anónima a que implemente la provisión del servicio de Internet en forma inalámbrica (WIFI) de acuerdo al “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)”, aprobado en el Artículo 1° de la presente medida, en el marco de las instrucciones emitidas por el Departamento de Control de Calidad de este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) y/o el área que lo reemplace.

Artículo 3°.- Instruir al Departamento de Control de Calidad y al Departamento de Sistemas y de Tecnología Informática a los efectos de que analice y verifique la provisión del servicio en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA) sobre la base del estándar aprobado en el Artículo 1° de la presente medida.

Artículo 4°.-  Regístrese, Notifíquese al Concesionario Aeropuertos Argentina 2000 Sociedad Anónima, publíquese, dése a la Dirección Nacional del Registro Oficial y cumplido, archívese.

Lic. PATRICIO DI STEFANO, Presidente, Organismo Regulador del Sistema Nacional de Aeropuertos, O.R.S.N.A.

ANEXO I.- Estándar del Servicio de Provisión de Internet en Forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)

1.- Ámbito de Aplicación
El Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) será de aplicación en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), debiendo el Concesionario Aeropuertos Argentina 2000 Sociedad Anónima brindar el mencionado servicio de acuerdo al presente estándar, asegurando su prestación libre, gratuita y en condiciones de igualdad y no discriminación.

2.- Área de Cobertura
El servicio deberá ser prestado y estar disponible en la parte pública y la zona estéril de la terminal de pasajeros, entendida esta última como el sector comprendido entre un puesto de inspección y la aeronave, cuyo acceso está estrictamente controlado y sirve para la permanencia de los pasajeros que aguardan un determinado vuelo.

3.- Servicio Prestado

a) Los usuarios podrán conectarse por el término de UNA (1) hora de duración con reconexiones ilimitadas.

b) El servicio de WIFI deberá estar disponible las 24 (VEINTICUATRO) horas del día, los 365 (TRESCIENTOS SESENTA Y CINCO) días del año. Es decir que debe prestarse en forma continua e ininterrumpida.

c) El usuario deberá poder moverse por todo el aeropuerto —en las áreas en las que corresponda su prestación en los términos del Punto 2 de este Anexo I— sin necesidad de reconectarse al servicio, salvo el caso de reconexión previsto en el apartado a) del presente punto.

4.- Página de Inicio

4.1.- Al conectarse a la red WI-FI, el servicio provisto por el Concesionario deberá indicar al usuario que debe aceptar las políticas de uso y privacidad, términos y condiciones para su utilización.

4.2.- Una vez aceptadas se deberá presentar un sitio web con las siguientes características:
• Todo el sitio deberá adaptarse a la pantalla del dispositivo (responsive design).
• Todo el sitio deberá estar en el idioma Castellano, Inglés y Portugués.
• No podrá contener publicidades comerciales.
• Cada página del sitio web no deberá ser mayor a TRESCIENTOS (300) KB.
• Deberá incluir un link para visualizar los términos y condiciones del servicio provisto.
• El usuario deberá aceptar los términos y condiciones para acceder al servicio.
• La comunicación deberá estar cifrada.
• Todo el sitio deberá cumplir los estándares W3C.

5.- Características de la conexión

a) El Concesionario deberá prestar el servicio en las frecuencias 2,4Ghz (IEEE 802.11b/g/n) y 5Ghz (IEEE 802.11 a/n/ac) dentro del área de cobertura descripta en el Punto 2 del presente Anexo I.

b) El Concesionario deberá garantizar un mínimo de 1024 Kbps simétrico de ancho de banda ya sea nacional y/o internacional por cada conexión.

c) El ancho de banda de cada conexión no podrá ser limitado.

d) El Concesionario deberá garantizar la capacidad del vínculo al servicio para satisfacer a las “conexiones hora pico”.

e) El ancho de banda deberá estar distribuido en base a la cantidad de conexiones establecidas y deberá implementar mecanismos de balanceo de carga para tal fin.

f) El Concesionario deberá evaluar diariamente el tráfico total consumido y si el consumo fuera mayor al NOVENTA POR CIENTO (90%) de su capacidad deberá ampliar el vínculo a Internet. No deberá requerir información personal al usuario.

g) El Concesionario no podrá instalar software en los dispositivos de los usuarios.

6.- Señalización

a) El SSID deberá ser: WIFI-FREE (Nombre del Aeropuerto).

b) La calidad del beacon WIFI deberá ser superior al CINCUENTA POR CIENTO (50%).

c) La configuración del beacon interval del WIFI deberá ser entre CINCUENTA (50) y CIEN (100) milisegundos.

d) La intensidad de señal del punto de acceso más cercano deberá ser mayor a 70dBm.

e) Deberá proveerse IEEE 802.11 (b/g/n) en 2,4GHz y IEEE 802.11(a/n/ac) en 5GHz.

f) El Concesionario deberá garantizar la exclusividad del canal Mhz utilizado para la red WIFI evitando la superposición de canales.

g) Deberán utilizar el canal UNO (1) y SEIS (6) en 2,4GHz y del TREINTA Y SEIS (36) al CIENTO VEINTE (120) en 5Ghz para la red WIFI.

h) El resto de las redes WIFI del aeropuerto deberán utilizar el canal ONCE (11) en 2,4Ghz y los canales del CINTO VEINTE (120) en adelante en 5Ghz.

7.- Seguridad

a) El Concesionario deberá implementar un nivel de seguridad sobre la navegación a fin de evitar que los usuarios naveguen por sitios que puedan infringir las normativas vigentes.

b) El Concesionario deberá garantizar la privacidad de los usuarios conectados, mediante mecanismos de validación y encriptación:
Cada conexión a internet deberá ser única y no podrán verse los dispositivos entre sí.

Las comunicaciones entre el cliente y el “hotspot” deberán estar encriptadas.
El algoritmo de encriptación deberá ser WPA2 o superior.

c) El Concesionario deberá resguardar la seguridad de la red y de los sistemas del Aeropuerto de que se trate. Para ello, deberá contar con equipos destinados a tal fín. Deberá aplicar: filtros antispam; pornografía; fishing, propagandas, evitación de filtro, hacking, actividades ilegales, descargas ilegales, drogas ilegales, y armas, siendo esta enumeración meramente enunciativa pudiendo este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) requerir otros filtros.

d) El Concesionario deberá garantizar que en la red a la cual se conecten los usuarios no se propaguen programas y/o paquetes que afecten a la seguridad.

e) El Concesionario no podrá almacenar el contenido del tráfico de los usuarios.

f) El Concesionario deberá implementar mecanismos a fin de evitar conexiones “Man in the Middle”.

8.- Implementación del Servicio

a) El Departamento de Control de Calidad de este Organismo Regulador y/o el área que lo reemplace emitirá instrucciones al Concesionario Aeropuertos Argentina 2000 Sociedad Anónima respecto a la implementación del “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)”.

b) El Concesionario deberá requerir a los organismos públicos con presencia en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA) y a los prestadores aeroportuarios, la adecuación de sus redes inalámbricas a la presente medida.

c) El Concesionario deberá auditar que los diferentes prestadores del servicio cumplan con la presente ordenando los canales en las frecuencias 2,4Ghz y 5Ghz.

9.- Información a suministrar por Aeropuertos Argentina 2000 Sociedad Anónima.

El Concesionario deberá remitir en formato digital antes del décimo día de cada mes a este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) a la dirección electrónica calidaddeservicio@orsna.gob.ar un informe sobre la capacidad y ocupación del servicio WIFI.

En dicho informe deberán figurar datos estadísticos que reflejen el funcionamiento del servicio y la acreditación del cumplimiento del estándar fijado por el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA).

Entre los datos a informar al Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), deberán figurar:

a. Ancho de banda total (nacional e internacional).

b. Ancho de banda nacional e internacional consumido.

c. Cantidad de usuarios conectados por hora por día.

d. Kb/s promedio por usuario.

e. Total de tráfico promedio por usuario.

f. Cantidad de tráfico por servicio/protocolo.

g. Rango de los DIEZ (10) servicios o aplicaciones que consuman más tráfico.

h. Cantidad de incidentes del servicio, especificando su tipo y duración.

i. Cantidad de reclamos por el servicio.

j. Histograma mensual del tráfico total.

Cabe destacar que la precedente enumeración es meramente enunciativa, pudiendo el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) requerir toda otra que considere pertinente.

10.- Falla en el Servicio
Cualquier tipo de contingencia que tenga el Concesionario respecto de la prestación del presente servicio que no permita ser suministrado en las modalidades aquí establecidas, deberá ser puesto en conocimiento del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) a la mayor brevedad posible a la dirección electrónica calidaddeservicio@orsna.gob.ar.

11.- Incumplimentos
La falta de cumplimiento de la presente medida será pasible de la aplicación de los procedimientos sancionatorios que correspondan.

09Jul/17

Acordada 9/2016, de 29 de marzo de 2016, de la Corte Suprema de Justicia de la Nación (CSJN)

Exp. 1074/2016

En Buenos Aires, a los 29 días del mes de marzo del año 2016, los
señores Ministros que suscriben la presente,

CONSIDERARON:

I. Que dentro del proceso de cambio y modernización en la prestación del servicio de justicia, que la Corte Suprema de Justicia de la Nación viene desarrollando en el marco del programa de fortalecimiento institucional del Poder Judicial de la Nación, en uso de las facultades que le otorga la Constitución Nacional en razón de lo dispuesto por las leyes nº
25.506, 26.685 y 26.856 este Tribunal ha procedido reglamentar distintos
aspectos vinculados al uso de tecnologías electrónicas digitales, y en
consecuencia dispuso su gradual implementación en el ámbito del Poder
Judicial de la Nación a partir de la puesta marcha de distintos proyectos de
informatización y digitalización.

II. Que en el marco de los principios universales del Desarrollo Sustentable contenidos en la Declaración de Río de Janeiro de 1992 sobre Medio Ambiente y Desarrollo y receptados por nuestra Constitución Nacional en su art. 41, por la Ley General del Ambiente, Ley nº 25.675, que vienen siendo implementados por este Tribunal (acordadas 35/11, 38/11, entre otras), resulta prioritario implementar medidas de acción que permitan cooperar en este aspecto.

Que a fin de continuar con esta política, se adoptara esta medida que racionaliza el uso del papel y redunda su vez en un mejor aprovechamiento del espacio físico.

III. Que la implementación de los distintos Sistemas de Gestión en las dependencias del Poder Judicial de la Nación, permite la integración de las actuaciones por tecnología digital sustituyendo los medios de uso convencional para la realización de las actividades vinculadas a las
actuaciones que aquí se tramitan.

IV. Que en el marco de este plan de modernización y, teniendo en cuenta el convenio firmado con la Oficina Nacional de Tecnología de la Información (ONTI), el 2 de septiembre de 2011, corresponde disponer la utilización de la firma digital en los trámites administrativos vinculados las resoluciones de la Secretaría General de Administración de la Corte Suprema de Justicia de la Nación.

V. Que ello se realizará progresivamente en las distintas dependencias de dicha Secretaria empleando un procedimiento y una metodología homogénea y transparente, lo cual permitirá resguardar la seguridad jurídica de los actos y la sustitución del soporte papel; debiéndose publicar las disposiciones administrativas firmadas de acuerdo al método indicado en los sitios web del Tribunal.

VI. Que la presente medida se dicta en ejercicio de las competencias propias de esta Corte Suprema de Justicia de la Nación como cabeza de este poder del Estado (art. 108 de la Constitución Nacional, cuyas atribuciones se encuentran ampliamente desarrolladas en los antecedentes que cita la acordada 4/2000, considerandos 1 al 7) por cuanto el dictado de sentencias, acordadas y resoluciones resulta un acto propio del Poder Judicial, en tanto el Tribunal tiene las facultades de dictar su reglamento interior (art. 113 de la Constitución Nacional).

Por ello,

ACORDARON:

1°) Aprobar el uso de la firma digital en el ámbito de la Secretaria General de Administración de la Corte Suprema de Justicia de la Nación en los actos que rubrique el señor Secretario General de Administración y los funcionarios que él designe.

2°) Establecer que en todos los casos en que se aplique la firma digital, no será necesario la utilización del soporte papel, quedando lo resuelto en soporte electrónico cuyo almacenamiento y resguardo estará a cargo de la Dirección de Sistemas del Tribunal.

Todo lo cual dispusieron, ordenando que se comunique, publique en la
página web del Tribunal, en el Boletín Oficial, en la página del CIJ y se
registre en el libro correspondiente, por ante mí, que doy fe.

RICARDO LUIS LORENZETTI, Presidente de la Corte Suprema de Justicia de la Nación

ELENA HIGHTON DE NOLASCO, Ministro de la Corte Suprema de Justicia de la Nación

JUAN CARLOS MAQUEDA, Ministro de la Corte Suprema de Justicia de la Nación

HECTOR DANIEL MARCHI, Secretario General de Administración de la Corte Suprema de Justicia de la Nación

09Jul/17

Acordada 16/2016, de 7 de junio de 2016, de la Corte Suprema de Justicia de la Nación

Exp. 6830/2015

En Buenos Aires, a los 7 días del mes de junio del año dos mil dieciséis, los señores Ministros que suscriben la presente,

CONSIDERARON:

Que dentro del proceso de cambio y modernización en la prestación del servicio de justicia que la Corte Suprema de Justicia de la Nación viene
desarrollando en el marco del Programa de Fortalecimiento Institucional del Poder Judicial de la Nación, en uso de las facultades que le otorga la Constitución Nacional en razón de lo dispuesto por las leyes nº 26.685 y 26.856, este Tribunal ha procedido a reglamentar distintos aspectos
vinculados al uso de tecnologías electrónicas digitales y así dispuso su gradual implementación en el ámbito del Poder Judicial de la Nación, partir de la puesta en marcha del Sistema de Gestión Judicial (Lex100).

2) Que la ley 48 del 14 de septiembre de 1863 reconoció en cabeza de esta Corte la atribución de dictar los reglamentos necesarios para la ordenada tramitación de los pleitos, facultad que diversos textos legislativos han
mantenido inalterada para procurar la mejor administración de justicia (art. 10 de la ley 4055; art. 4°, ley 25.488); y que justifica la sistematización que se lleva cabo.

3) Que la implementación del Sistema de Gestión Judicial en todos los fueros dependencias del Poder Judicial de la Nación permite la integración de las partes por medios telemáticos para la realización de tramites vinculados a las causas.

4) Que en el marco de este plan de modernización, corresponde estandarizar y reglamentar los trámites vinculados al ingreso de causas por medios
electrónicos, sin necesidad de concurrir a la sede del tribunal.

5) Que, por otra parte, resulta necesario establecer un procedimiento y una metodología homogénea y transparente para el sorteo y la asignación de causas, lo cual permitirá resguardar la seguridad jurídica de los justiciables.

6) Que, a tal efecto, en aquellas ciudades en las que existe mas de un tribunal con idéntica competencia, las causas deberán ser sorteadas a través del sistema Lex 100, con las excepciones establecidas en el reglamento que
integra la presente acordada.

7) Que, asimismo, y con el fin de brindar mayor celeridad al proceso, en todas las instancias en las que se requiera la elevación, asignación y sorteo del expediente, se ha desarrollado una herramienta informática dentro del
sistema Lex 100, para que las dependencias judiciales lo
efectúen en forma directa, sin la intervención de la Mesa de Entradas.

8) Que a su vez, se considera conveniente establecer los requisitos formales necesarios para la admisibilidad de los escritos.

9) Que en concordancia con lo dispuesto en la Ley 26.856 y en la acordada nº 15/13 se deben publicar las asignaciones que se efectúen a través del Sistema Informático de Gestión Judicial.

Por ello,

ACORDARON:

1°) Aprobar el Reglamento para el ingreso de causas por medios electrónicos, sorteo y asignación de de expedientes que establece las reglas generales aplicables a todos los tribunales nacionales federales del Poder Judicial de la Nación, que obra como Anexo I.

2°) Establecer que toda elevación de una causa una instancia superior se efectuara través del Sistema de Gestión Judicial desde el juzgado, cámara o
tribunal oral que la disponga, sin intervención de la Mesa de Entradas, salvo situaciones de excepción que requieran un procedimiento distinto.

3º) Aprobar las “Reglas para la interposición de demandas y presentaciones en general” obrantes como Anexo II, que establecen los requisitos que deben cumplir los escritos que se presenten en las actuaciones judiciales a los efectos de su admisibilidad formal.

4°) Publicar en la página del Centro de Información Judicial las causas asignadas diariamente a través Sistema Informático de Gestión, con las excepciones que se indican en el anexo I y las que surjan de las
disposiciones legislativas administrativas.

5º) Disponer que las medidas que aquí se sancionan se aplicarán partir del primer día hábil de marzo de 2017.

Todo lo cual dispusieron, ordenando que se comunique, publique en la página web del Tribunal, en el Boletín Oficial, en la página del CIJ  y se registre en el libro correspondiente, por ante mi, que doy fe.

RICARDO LUIS LORENZETTI, Presidente de la Corte Suprema de Justicia de la Nación.

JUAN CARLOS MAQUEDA, Ministro de la Corte Suprema de Justicia de la Nación.

ELENA I. HIGHTON DE NOLASCO, Ministro de la Corte Suprema de Justicia de la Nación.

HECTOR DANIEL MARCHI, Secretario General de Administración de la Corte Suprema de la Nación

09Jul/17

Acordada 5/2017 de 28 de marzo de 2017 de la Corte Suprema de Justicia de la Nación

Expte. nº 6830/2015

En Buenos Aires, a los 28 días del mes de marzo del año dos mil diecisiete,
los Señores Ministros que suscriben la presente;

CONSIDERARON:

I. Que mediante la acordada 16/2016 -del 7 de junio de 2016- se dispuso que partir del primer día hábil de marzo de 2017 el ingreso, sorteo y asignación de causas, en todos los tribunales nacionales federales del Poder Judicial de la Nación, se realizaría por medios electrónicos conforme el Reglamento que allí se aprobó.

II. Que el Consejo de la Magistratura, través de la Directora de Tecnología, del Subadministrador General de su Presidente, hizo saber oportunamente que “la complejidad apreciable del desarrollo del sistema hace prever que no se podría arribar en condiciones de implantación al primer día de marzo de 2017, fecha prevista del ingreso web de causas”.

Por lo que requirió posponer su puesta en marcha (esc. 4279/2016).

III. Que con fecha 22 de febrero del corriente año el Colegio Público de Abogados de la Capital federal solicitó también el diferimiento de la acordada 16/2016.

Por ello, en razón la importancia de la adecuada implementación de esta herramienta digital y a efectos de garantizar la correcta prestación del servicio de justicia,

ACORDARON:

I. Postergar hasta el primer día hábil de septiembre de 2017 la implementación de las cláusulas previstas por la acordada 16/2016
en toda la justicia Nacional Federal, cuya vigencia comenzaba a regir el
primer día hábil del mes de marzo de 2017.

II. Exhortar nuevamente al Consejo de la Magistratura de la Nación para que adopte con carácter de urgente todas las medidas conducentes para el desarrollo y puesta en marcha, en tiempo forma, del sistema del ingreso web de causas dispuesto en la acordada 16/2016.

Todo lo cual dispusieron mandaron, ordenando que se comunique, se publique en la página web del Tribunal, en la página del CIJ y en el Boletín Oficial, se registre en el libro correspondiente, por ante mí, que doy fe.

RICARDO LUIS LORENZETTI, Presidente de la Corte Suprema de Justicia de la Nación

ELENA I. HIGHTON DE NOLASCO, Ministro de la Corte Suprema de Justicia de la Nación

JUAN CARLOS MAQUEDA, Ministro de la Corte Suprema de Justicia de la Nación

CARLOS FERNANDO ROSENKRANTZ, Ministro de la Corte Suprema de Justicia de la Nación

HORACIO DANIEL ROSATTI, Ministro de la Corte Suprema de Justicia de la Nación

HECTOR DANIEL MARCHI, Secretario General de Administración de la Corte Suprema de Justicia Militar

08Jul/17

Acordada nº 6/2016 de 2 de marzo de 2016, de la Corte Suprema de Justicia de la Nacion (CSJN)

Acordada nº 6/2016 de 2 de marzo de 2016, de la Corte Suprema de Justicia de la Nacion (CSJN), que dispone que este Tribunal, a través de la Dirección de Sistemas, dependiente de la Secretaria General de Administración, tendrá su cargo la seguridad informática

ACORDADA nº 6 de la Corte Suprema de Justicia de la Nación (CSJN), Expediente nº 931/2014

En Buenos Aires, a los 2 días del mes de marzo del año dos mil dieciséis, los Señores Ministros que suscriben la presente,

CONSIDERARON:

1°) Que este Tribunal viene desarrollando, desde el año 2004, una política activa en materia de publicidad transparencia con el fin de posibilitar el ejercicio por parte de la comunidad del derecho al control de los actos de gobierno, ordenando la difusión de las decisiones jurisdiccionales administrativas emanadas de los distintos tribunales,

2°) Que en este sentido, en su condición de órgano superior de la organización judicial argentina, ha dispuesto medidas para promover la difusión de las decisiones judiciales administrativas tanto de este Tribunal como de las distintas cámaras federales nacionales tribunales orales, con el objeto de permitir la comunidad una comprensión más acabada del quehacer judicial (acordadas 2, ambas de 2004, 15/2013, 24/2013 4/2014, entre otras).

Esta fue, precisamente, una de las razones por las que fue creada la Dirección de Comunicación Pública, en el marco de una política de comunicación abierta con la declarada finalidad de dar transparencia difusión aquellas decisiones (confr. acordadas 17/2006 9/2012),

3°) Que para asegurar el cumplimiento de esta finalidad, se estableció que resulta facultad exclusiva de la Corte Suprema de Justicia de la Nación, la captura transmisión de toda actividad procesal que se desarrolle en el Poder Judicial de la Nación, que por su naturaleza merezca difusión pública, quedando a su disposición los recursos tecnológicos necesarios de toda la jurisdicción para su concreción (conf. acordada 4/2014).

4°) Que la información almacenada en el Sistema Informático de Gestión Judicial, con la totalidad de los documentos registrados, constituye una base de datos de la Corte Suprema de Justicia de la Nación (conf. anexo de la acordada 24/2013).

5°) Que el Tribunal ya ha advertido la importancia de asegurar la transmisión de la información, audio, video aplicaciones de bases de datos la necesidad de establecer pautas de funcionamiento respecto de su control su disponibilidad (conf. acordada 4/2014).

Por ello,

ACORDARON:

Disponer que este Tribunal, través de la Dirección de Sistemas, dependiente de la Secretaria General de Administración, tendrá su cargo la seguridad informática de las bases de datos del Poder Judicial de la Nación vinculadas funciones jurisdiccionales; para lo cual adoptará las decisiones medidas que estime pertinentes, incluidas aquellas que tiendan preservar la integridad, infraestructura control del Centro de Datos del Poder Judicial de la Nación, lo que comprende servidores, equipos de comunicaciones, bases de datos, seguridad informática todo otro componente del servicio, sin que esto implique la transferencia de los mismos.

Todo lo cual dispusieron mandaron, ordenando que se comunique al Consejo de la Magistratura, se publique en la página web del Tribunal, en la página del CIJ se registre en el libro correspondiente, por ante mi, que doy fe.

08Jul/17

Resolución 640-E/2016 de 11 de agosto de 2016

Resolución 640-E/2016 de 11 de agosto de 2016, del Ministerio de Justicia y Derechos Humanos. Transfiere el Programa Nacional contra la Criminalidad Informática a la órbita de la Subsecretaría de Política Criminal.

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS
Resolución 640-E/2016

 

Buenos Aires, 11 de agosto de 2016

VISTO el Expediente nº S04:0008872/2016 del registro de este Ministerio, la Resolución M.J. y D.H. nº 69 del 11 de marzo de 2016, y

CONSIDERANDO:

Que mediante la Resolución citada en el Visto se creó el Programa Nacional contra la Criminalidad Informática en la órbita de la Unidad Ministro de este Ministerio.

Que debido a la reorganización de tareas y funciones dentro de esta cartera de Estado, resulta oportuno transferir el citado Programa a la órbita de la Subsecretaría de Política Criminal de la Secretaría de Justicia de este Ministerio.

Que asimismo, deviene necesario integrar el Comité Consultivo previsto en el artículo 3° de la mencionada Resolución, designando a tales efectos y con carácter “ad honorem”, a los doctores Pablo Palazzi (D.N.I. n° 21.586.348), Gustavo Pressman (D.N.I. n° 13.914.620), Ezequiel Sallis (D.N.I. n° 23.093.606) y Marcos G. Salt (D.N.I. n° 16.037.555).

Que los profesionales nombrados cuentan con reconocida trayectoria y prestigio en la materia para integrar dicho ámbito.

Que el doctor Marcos G. Salt reúne asimismo las condiciones necesarias de experiencia, idoneidad y capacidad para desempeñar la función de supervisor operativo del referido Comité.

Que ha tomado la intervención de su competencia la Dirección General de Asuntos Jurídicos de este Ministerio.

Que la presente medida se dicta en virtud de las facultades conferidas por el artículo 4°, inciso b), apartado 9 de la Ley de Ministerios (T.O. 1992) y sus modificaciones.

Por ello,

EL MINISTRO DE JUSTICIA Y DERECHOS HUMANOS

RESUELVE:

Artículo 1º.- Transfiérase el Programa Nacional contra la Criminalidad Informática de la Unidad Ministro de esta cartera a la órbita de la Subsecretaría de Política Criminal de la Secretaría de Justicia de este Ministerio.

Artículo 2º.- El Comité Consultivo previsto en el artículo 3º de la Resolución M.J. y D.H. N° 69/16 estará integrado por los doctores Pablo Palazzi (D.N.I. nº 21.586.348), Gustavo Pressman (D.N.I. nº 13.914.620), Ezequiel Sallis (D.N.I. nº 23.093.606) y Marcos G. Salt (D.N.I. nº 16.037.555), quienes se desempeñarán con carácter “ad honorem”.

Artículo 3º.-  Asígnase al doctor Marcos G. Salt (D.N.I. nº 16.037.555) la función de Supervisor Operativo del Comité Consultivo del Programa Nacional contra la Criminalidad Informática.

Artículo 4º.-  Déjase sin efecto, a partir del 11 de marzo de 2016, el artículo 5º de la Resolución M.J. y D.H. nº 69/16.

Artículo 5º.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

GERMÁN CARLOS GARAVANO, Ministro, Ministerio de Justicia y Derechos Humanos.

08Jul/17

Disposición 17/2016, de 14 de julio de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP)

Disposición 17/2016, de 14 de julio de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP). Obligados ante el Registro Nacional “No llame”

Visto el Expediente nº S04:0012306/2016 del registro de este Ministerio, la Ley nº 26951 y su reglamentación aprobada por el Decreto nº 2501 del 17 de diciembre de 2014, las Disposiciones DNPDP nº 3 del 16 de enero de 2015 y 44 del 18 de agosto de 2015, y

CONSIDERANDO:

Que entre las atribuciones asignadas a esta Dirección Nacional se encuentra la de dictar las normas reglamentarias que se deben observar en el desarrollo de las actividades comprendidas por la Ley nº 26951 y el Decreto nº 2501/14.

Que la Ley mencionada crea en el ámbito de la Dirección Nacional de Protección de Datos Personales, el Registo Nacional “No llame” con el objeto de proteger a los titulares o usuarios autorizados de los servicios de telefonía, en cualquiera de sus modalidades, de los abusos del procedimiento de contacto, publicidad, oferta, venta y regalo de bienes o servicios no solicitados.

Que en virtud del artículo 7 de la Ley nº 26951, quienes publiciten, oferten, vendan o regalen bienes o servicios utilizando como medio de contacto los servicios de telefonía en cualquiera de sus modalidades, no podrán dirigirse a ninguno de los inscriptos en el Registro Nacional “No llame” y deberán consultar la lista de inscriptos proporcionada por la autoridad de aplicación con una periodicidad de TREINTA (30) días correspondiendo a la Autoridad de Aplicación determinar el procedimiento para dicha consulta.

Que por la Disposición DNPDP nº 003/15, se implementó el Registro Nacional “No llame”, estableciéndose el procedimiento para la descarga del Formulario “C06 – Certificación de Requisitos de Obligados por el Registro Nacional No llame.- Ley 26.951“, el que habilita para la descarga de la lista de inscriptos en el Registro Nacional “No llame”.

Que el objeto de dicho procedimiento es que esta Autoridad de Control verifique que los obligados por la Ley 26.951 cumplan con los requisitos legales que les son exigidos para poder consultar el citado Registro.

Que, entre otros requisitos, en su carácter de usuarios y responsables de archivos, registros y bancos de datos de acuerdo a lo establecido en la Ley nº 25326 y su modificatoria, deben encontrarse inscriptos ante el Registro Nacional de Bases de Datos habilitado por esta Dirección Nacional, según establece el artículo 7, párrafo tercero, del Anexo I al Decreto nº 2501/14.

Que el artículo 7 de la Disposición DNPDP nº 2 del 14 de febrero de 2005 establece que la inscripción en el Registro Nacional de Bases de Datos tendrá validez anual.

Que a los fines de mantener actualizada la nómina de obligados por el Registro Nacional “No llame”, también resulta indispensable establecer un límite temporal a la validez de la misma.

Que por Disposición DNPDP nº° 44/15 se aprobó el “Sistema de Gestión de Denuncias”, cuya finalidad es determinar el trámite a ser asignado en cada caso y conformar las planillas con el detalle de las denuncias recibidas que se adjuntarán a las respectivas intimaciones.

Que es necesario fijar un criterio para los casos en que corresponda la apertura de actuaciones administrativas, a los fines de iniciar el procedimiento sancionatorio establecido en el artículo 31 , apartado 3 de la reglamentación de la Ley nº 25326 , aprobada por el Decreto nº 1558 del 29 de noviembre de 2001 y su modificatorio.

Que se considera apropiado iniciar actuaciones administrativas mensualmente, en concordancia con el plazo dispuesto en el artículo 7 de la Ley 26.951 para la consulta de inscripciones y bajas en el Registro Nacional “No llame”.

Que teniendo en cuenta la experiencia de esta Dirección Nacional a UN (1) año de la vigencia de la Ley 26.951 y normas reglamentarias y complementarias, se considera conveniente, a fin de evitar un dispendio administrativo desmedido, que la apertura de actuaciones administrativas se realice no sólo mensualmente, sino también teniendo en cuenta una cantidad de denuncias por denunciado que permita mayor celeridad y sencillez en la atención del procedimiento aplicable y, consecuentemente, una mejor protección de los derechos amparados por la Ley 26.951.

Que las denuncias que correspondan a empresas denunciadas que no alcancen el número considerado para la apertura de actuaciones administrativas, se incluirán en los meses sucesivos.

Que ha tomado intervención el servicio permanente de asesoramiento jurídico de este Ministerio.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 9 de la Ley nº 26.951 y el artículo 2 del Anexo I al Decreto nº 2501 del 17 de diciembre de 2014.

Por ello,

 

EL DIRECTOR NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

 

DISPONE:

Artículo 1.- La habilitación de obligados ante el Registro Nacional “No llame” tendrá validez anual. Dentro del plazo de CUARENTA Y CINCO (45) días corridos anteriores a la fecha de vencimiento de dicha inscripción, deberá solicitarse su renovación, completando el Formulario “C06 – Certificación de Requisitos de Obligados por el Registro Nacional No llame. Ley 26.951“.

 

Artículo 2.- Las habilitaciones que cuenten con más de UN (1) año desde su aprobación, deberán regularizar su situación dentro de los CUARENTA Y CINCO (45) días desde la entrada en vigencia de la presente.

 

Artículo 3.- La apertura de actuaciones administrativas se hará mensualmente, teniendo en cuenta una cantidad de denuncias por denunciado que permita mayor celeridad y sencillez en la atención del procedimiento aplicable. Las denuncias que correspondan a empresas denunciadas que no alcancen el número considerado para la apertura de actuaciones administrativas, se incluirán en los meses sucesivos.

 

Artículo 4.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.-

 

EDUARDO BERTONI, Director, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

08Jul/17

Disposición 55-E/2016, de 25 de octubre de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP)

Disposición 55-E/2016, de 25 de octubre de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP), que aprueba el “Procedimiento de Inspección y Control de la Dirección Nacional de Protección de Datos Personales” de 2016.

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

Disposición 55-E/2016

Ciudad de Buenos Aires, 25 de octubre de 2016

VISTO el Expediente nº EX-2016-00206789- -APN-DNPDP del registro de este Ministerio, la Ley nº 25.326 y su Decreto Reglamentario nº 1558 del 29 de noviembre de 2001, modificado por su similar nº 1160 del 11 de agosto de 2010 y la Disposición nº 3 del 31 de julio de 2012 de esta Dirección Nacional, y

CONSIDERANDO:

Que la Ley nº 25.326 tiene por objeto la protección integral de los datos personales asentados en archivos, registros, bancos de datos, u otros medios técnicos de tratamiento de datos, sean éstos públicos, o privados destinados a dar informes, para garantizar el derecho al honor y a la intimidad de las personas, así como también el acceso a la información que sobre las mismas se registre, de conformidad a lo establecido en el artículo 43, párrafo tercero de la Constitución Nacional.

Que es facultad de esta Dirección Nacional diseñar los instrumentos que considere adecuados para la mejor protección de los datos personales y para el cumplimiento de sus funciones y atribuciones.

Que de conformidad con lo establecido en el artículo 29, inciso 1, apartados b) y e), de la Ley nº 25.326, se encuentran entre sus funciones y atribuciones, las de dictar las normas y reglamentaciones que se deben observar en el desarrollo de sus actividades; y las de solicitar la información pertinente a las entidades públicas y privadas, en orden a proporcionar los antecedentes, documentos, programas u otros elementos relativos al tratamiento de los datos que se le requieran.

Que asimismo tiene la facultad de controlar la observancia de las normas sobre integridad y seguridad de datos por parte de los archivos, registros o bancos de datos. A tal efecto podrá solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la Ley nº 25.326, conforme el artículo 29, inciso 1, apartado d), de la mencionada norma.

Que se ha iniciado un proceso de revisión interna de los procedimientos sobre inspecciones a efectos de hacerlo más eficiente y fortalecer el rol de órgano de control de esta Dirección Nacional.

Que, con la sanción de la Ley nº 26.951, que crea el Registro Nacional “No llame”, se establece que esta Dirección Nacional es su autoridad de aplicación, conforme su artículo 9°.

Que, por lo tanto, se impone ampliar el control que lleva a cabo este organismo a fin de fiscalizar el cumplimiento de las obligaciones que impone la norma citada en el párrafo precedente.

Que, por todo lo expuesto, deviene necesario derogar el procedimiento de inspección aprobado por la Disposición DNPDP nº 3/12, aprobando un nuevo procedimiento de inspección y control.

Que ha tomado la intervención que le compete la Dirección General de Asuntos Jurídicos de este Ministerio.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 29, inciso 1, apartado b) de la Ley nº 25.326 y el artículo 29, inciso 5, apartado a) del Anexo I del Decreto nº 1558/01 y su modificatorio.

Por ello,

EL DIRECTOR NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

DISPONE:

Artículo 1°.- Derógase la Disposición DNPDP N° 3 del 31 de julio de 2012.

Artículo 2°.- Apruébase el “Procedimiento de Inspección y Control de la Dirección Nacional de Protección de Datos Personales” que se dispone en el Anexo IF-2016-02519312-APN-DNPDP y que forma parte de la presente.

Artículo 3°.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

EDUARDO BERTONI, Director Nacional, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

ANEXO I.- “PROCEDIMIENTO DE INSPECCIÓN Y CONTROL DE LA DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES”

1) Objetivos de las inspecciones

a) Fiscalizar y controlar las actividades del responsable del tratamiento de datos, los datos personales que administra, y los medios y la forma en que lo hace.

b) Evaluar el grado de cumplimiento conforme lo dispuesto por la Ley nº 25.326, la Ley nº 26.951, y demás normativa aplicable en el marco de la competencia de la Dirección Nacional de Protección de Datos Personales (DNPDP), con el objeto de:

I) detectar incumplimientos a la normativa vigente; y

II) realizar los requerimientos necesarios para adecuar el tratamiento de datos a la normativa vigente.

2) Competencia

Las facultades de la DNPDP para llevar adelante las inspecciones están establecidas en las siguientes normas:

Artículo 29, inciso 1, apartado d), Ley nº 25.326: “Controlar la observancia de las normas sobre integridad y seguridad de datos por parte de los archivos, registros o bancos de datos. A tal efecto podrá solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la presente ley”.

Artículo 29, inciso 1, apartado e), Ley nº 25.326: “Solicitar información a las entidades públicas y privadas, las que deberán proporcionar los antecedentes, documentos, programas u otros elementos relativos al tratamiento de los datos personales que se le requieran. En estos casos, la autoridad deberá garantizar la seguridad y confidencialidad de la información y elementos suministrados”.

3) Alcance de la inspección

Las inspecciones abarcarán los siguientes aspectos, sin perjuicio de otros que puedan contemplarse al momento de llevarse a cabo:

a) Licitud de las bases de datos (artículos 3°, 21 y 24, Ley nº 25.326).

b) Calidad de los datos tratados (artículo 4°, Ley nº 25.326).

c) Consentimiento del titular del dato e información (artículos 5° y 6°, Ley nº 25.326).

d) Cumpliento de los principios de categrías de datos, seguridad y confidencialidad (artículos 7°, 9° y 10, Ley nº 25.326).

e) Requisitos de la cesión de datos y transferencia internacional de datos (artículos 11 y 12, Ley nº 25.326).

f) Ejercicio de los derechos de los titulares del dato (artículos 14, 15, 16 y 19, Ley nº 25.326).

g) Prestación de servicios de información crediticia (artículo 25, Ley nº 25.326).

h) Tratamiento de datos con fines de publicidad (artículo 27, Ley nº 25.326; Ley N° 26.951).

4) Tipos de inspección

a) De oficio: aquellas que la DNPDP inicia en ejercicio de sus facultades de fiscalización. Se dividen en:

I) Planificadas: las que surgen de la planificación anual.

II) Espontáneas: las que se originan en razones que llegan a conocimiento de la DNPDP, y que pueden impactar en la protección de datos personales y en el derecho a la privacidad.

b) Por denuncia: aquellas que se inician en el marco de una investigación que se sustancia a raiz de una denuncia interpuesta ante la DNPDP. La inspección en este caso tiene el carácter de medida probatoria del sumario administrativo.

5) Planificación de las inspecciones

La DNPDP implementará una planificación de las inspecciones que se llevarán a cabo durante un período determinado, sin perjuicio de otras que puedan ser ordenadas de forma espontánea o como consecuencia de un sumario administrativo.

La selección de los sujetos a inspeccionar estará basada en criterios objetivos de selección, tales como categorías de datos procesados; impacto del tratamiento de datos sobre la privacidad; cantidad de denuncias recibidas; tipo de denuncias recibidas; incumplimiento del deber de inscripción o renovación ante el RNBD.

El proceso de selección se sustanciará mediante un expediente administrativo y tendrá el objeto de identificar a los responsables de tratamientos de datos, sectores o grupos sobre los cuáles se llevaran a cabo las inspecciones. En las actuaciones se dejará constancia del o los criterios objetivos de selección utilizados.

6) Procedimiento de la inspección

a) Apertura del expediente y notificación al responsable sujeto a inspección

Se procederá a la apertura de un expediente administrativo por cada responsable sujeto a inspección seleccionado.

Mediante una providencia se identificarán los inspectores a cargo de cada actuación, quienes actuarán en forma conjunta y/o indistinta.

Se notificará la apertura del procedimiento y se requerirá completar y remitir en un plazo de QUINCE (15) días hábiles administrativos el Formulario de Inspección, debiendo el inspeccionado adjuntar la documentación respaldatoria de sus respuestas. El formulario será puesto a disposición del inspeccionado como anexo de la primera notificación o a través de la página web de la DNPDP, mediante la indicación de su URL para su descarga.

En los casos en los que se considere que la notificación previa pueda afectar el resultado de la inspección, aquella podrá omitirse mediante acto fundado. En estos casos se procederá directamente a llevar a cabo la visita presencial de los inspectores prevista en el punto 6.c de la presente.

b) Programación y notificación de las visitas presenciales

Recibido el formulario de inspección, se programarán las visitas presenciales que llevaran a cabo los inspectores.

La fecha, hora y lugar de la visita presencial se notificará con una antelación no menor a DIEZ (10) días hábiles administrativos. En la notificación podrán incluirse los requerimientos que a criterio del inspector resulten necesarios, y que podrán cumplirse por el inspeccionado hasta la fecha de la visita presencial.

c) Visita presencial

Los inspectores se harán presentes en domicilio denunciado por el inspeccionado, a los fines de la visita presencial, para acceder a locales, equipos o programas de tratamientos de datos personales y verificar el correcto cumplimiento de las obligaciones establecidas por la Ley nº 25.326.

Presentación: Los inspectores, previa acreditación, procederán a informar los objetivos y procedimiento de la inspección y verificarán las identidades de los representantes del responsable de tratamiento, corroborando la correspondiente personería o autorización.

Alcance: La inspección abarcará los aspectos jurídicos y técnicos del tratamiento de datos personales y su adecuación a las exigencias de la normativa vigente.

Para la realización de la inspección técnica, se podrán llevar a cabo todas las acciones destinadas a controlar la observancia de las normas sobre integridad y seguridad de datos.

Metodología: Con el objeto de formar un juicio objetivo, se emplearán las siguientes técnicas:

I) Verificaciones verbales: se llevarán a cabo entrevistas al personal del inspeccionado para obtener información verbal sobre los tratamientos de datos efectuados;

II) Verificaciones oculares: mediante la observación, se constatará el cumplimiento de aquellas obligaciones que permitan ser corroboradas visualmente;

III) Verificaciones documentales: análisis de los documentos aportados;

IV) Verificaciones técnicas: mediante las acciones destinadas a controlar la observancia de las normas sobre integridad y seguridad de datos.

Acta: En la visita presencial se labrará un Acta de Inspección, que podrá contener observaciones y requerimientos que a criterio del inspector sean necesarios, sin perjuicio de otros que eventualmente surjan en etapas procedimentales posteriores.

El Acta será suscripta por todos por los inspectores intervinientes y por al menos un representante del inspeccionado que acredite personería o autorización. Si el representante del inspeccionado se negare a firmar, se dejará debida constancia en el Acta, la que será suscripta sólo por los inspectores intervinientes.

En el caso que la inspección técnica deba realizarse en un local distinto al de la visita presencial, se hará constar dicha circunstancia en el Acta, determinando fecha y lugar de realización. Al momento de realizar la inspección técnica en local distinto, se labrará nueva Acta.

Autorización judicial para acceso a locales, equipos y programas: En caso de que resultare necesario solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la Ley nº 25.326, el inspector deberá elaborar un informe al Jefe de Departamento de Investigación y Difusión, o la unidad orgánica que eventualmente lo sustituya, quién elevará la respectiva petición al Director Nacional. En caso de compartir el criterio, se formulará el correspondiente requerimiento.

d) Cierre de la inspección

Con la información obtenida en las distintas etapas del procedimiento de inspección, los inspectores elaborarán y suscribirán un Informe Final en el que se establezca el nivel de cumplimiento del responsable inspeccionado.

Incorporado el Informe Final a las actuaciones, se procederá al cierre de la inspección mediante un acto que será subscripto por el Jefe de Departamento de Investigación y Difusión, o la unidad orgánica que eventualmente lo sustituya. Tanto el Informe Final como el acto de cierre serán notificados al inspeccionado.

Si en el Informe Final no se hubieran formulado observaciones, se procederá al archivo de las actuaciones. En caso contrario, las actuaciones pasarán a la etapa de seguimiento, sin perjuicio de la potestad del Director Nacional de ordenar la sustanciación de un sumario administrativo a fin de verificar la posible comisión de infracciones conforme Disposición DNPDP nº 7/15, concordantes y modificatorias.

e) Seguimiento de las inspecciones

En esta etapa se controlorá que el inspeccionado de cumplimiento a los requerimientos dispuestos para subsanar las observaciones señaladas en el Informe Final. A esos efectos, se lo intimará por el plazo de QUINCE (15) días hábiles administrativos.

En aquellos casos en los que el responsable no acredite su cumplimiento en tiempo y forma, se promoverá la sustanciación del correspondiente sumario administrativo.

Cumplidos la totalidad de los requerimientos en tiempo y forma, se dispondrá el archivo las actuaciones.

07Jul/17

Disposición 71-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP)

Disposición 71-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP). Nuevos topes máximos a la Graduación de Sanciones por idéntica conducta

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

Disposición 71- E/2016

Ciudad de Buenos Aires, 13 de diciembre de  2016

VISTO el Expediente n° EX 2016-00311622-APN-DNPDP del registro de este Ministerio, las Leyes nº 25.326 y 26.951 y sus reglamentaciones aprobadas por los Decretos nº 1558 del 29 de noviembre de 2001 y 2501 del 17 de diciembre de 2014, respectivamente y la Disposición DNPDP nº 7 del 8 de noviembre de 2005 y sus modificatorias, y

CONSIDERANDO:

Que entre las atribuciones asignadas a esta Dirección Nacional se encuentra la de dictar las normas reglamentarias que se deben observar en el desarrollo de las actividades comprendidas por las Leyes nº 25.326 y 26.951.

Que esta Dirección Nacional es la Autoridad de Aplicación de ambas normas legales, contando con la facultad de imponer sanciones en caso de incumplimientos a lo por ellas normado.

Que por la Disposición DNPDP n° 7/05 y sus modificatorias se ha fijado el régimen de “Clasificación de Infracciones” y “Graduación de Sanciones” aplicable.

Que el punto 7 del Anexo II a la disposición citada establece que “Cada infracción deberá ser sancionada en forma independiente, debiendo acumularse cuando varias conductas sancionables se den en las mismas actuaciones”.

Que se ha observado que la aplicación de algunas de las sanciones previstas, cuando se trate de un cúmulo elevado de infracciones en las mismas actuaciones, daría lugar a montos muy altos que resultarían contrarios al logro de la finalidad preventiva o disuasoria de la sanción.

Que ello colocaría al sancionado en un estado de imposibilidad de pago y llevaría a interpretar el monto final de estas multas como confiscatorio o irrazonable, razón por la cual se estima necesario fijar topes al monto de las multas que pudieren resultar, teniendo en consideración que esa determinación brindará mayor razonabilidad y proporcionalidad al castigo impuesto, entendiendo ello como una exigencia de congruencia entre la entidad de las infracciones y la gravedad de las sanciones.

Que la Corte Suprema de Justicia de la Nación ha sostenido que “…la circunstancia de que la Administración obrase en ejercicio de facultades discrecionales, en manera alguna puede aquí constituir un justificativo de su conducta arbitraria; puesto que es precisamente la razonabilidad con que se ejercen tales facultades el principio que otorga validez a los actos de los órganos del Estado y que permite a los jueces, ante planteos concretos de parte interesada, verificar el cumplimiento de dicha exigencia” (Industria Maderera Lanín, Fallos 298:223) y que “…la facultad de graduación de una multa entre el mínimo y el máximo previsto por ley no escapa al control de razonabilidad que corresponde al Poder Judicial respecto de la Administración Pública, incluso cuando se trata de facultades discrecionales. Ello, pues la discrecionalidad no implica en modo alguno una libertad de apreciación extralegal, que obste una revisión judicial de la proporción o ajuste de la alternativa punitiva elegida por la autoridad, respecto de las circunstancias comprobadas, de acuerdo a la finalidad de la ley” (Prefectura Naval Argentina, Fallos 321:3103).

Que la doctrina ha sostenido que “Con acierto se ha escrito que el vicio de un acto afectado por exceso de punición es determinante de su irrazonabilidad, y que ésta se concreta en la falta de concordancia o proporción entre la pena aplicada y el comportamiento que motivó su aplicación. En otros términos, que la razonabilidad implica congruencia, adecuación de relación de medio a fin; el exceso identifica lo irrazonable (Marienhoff, Miguel S., “El exceso de punición como vicio del acto administrativo”, LL, 1989,- E, 969”) e implica “una violación del principio recogido en el Artículo 7º, inc. f, primer párrafo, in fine, de la Ley de Procedimientos Administrativos, que expresamente establece que las medidas que el acto involucre deben ser proporcionalmente adecuadas a las finalidades que resulten de las normas que asignan las facultades pertinentes al órgano emisor del acto”, de modo que “…el exceso de punición … no es sino, en definitiva, una variante de irrazonabilidad como vicio posible de todo acto jurídico estatal. En este orden de ideas una norma o un acto será excesivo en su punición cuando la sanción imponible impuesta a un particular no guarde adecuada proporcionalidad con la télesis represiva que sustentó -es razonable suponer- tanto el dictado de la norma como la emisión del acto individual que hace aplicación de ella” (Comadira, Julio Rodolfo, “Procedimientos Administrativos” Tomo I, pag. 331 Edit. La Ley).

Que a los fines de determinar el tope máximo de multa a aplicar se ha tomado como referencia el monto máximo de las multas establecidas en el artículo 47 de la Ley nº 24.240, sobre Protección y Defensa de los Consumidores, que regula las sanciones que puede aplicar la Autoridad de Aplicación de la mencionada ley y prevé multas de PESOS CIEN ($ 100.-) a PESOS CINCO MILLONES ($ 5.000.000.-).

Que ha tomado intervención el servicio permanente de asesoramiento jurídico de este Ministerio.

Que la presente medida se dicta en uso de las facultades conferidas por los artículos 29, inciso 1, apartado b) de la Ley nº 25.326 y 29, inciso 5, apartado a) del Anexo I al Decreto nº 1558/01 y 9° de la Ley n° 26.951.

Por ello,

EL DIRECTOR NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

DISPONE:

Artículo 1°.- Establécese que cuando un acto administrativo condenatorio incluya más de una sanción pecuniaria por idéntica conducta sancionable dentro de cada uno de los niveles de “Graduación de Sanciones” previsto por la Disposición DNPDP nº 7/05 y sus modificatorias, deberán aplicarse los siguientes topes máximos: a) para las infracciones leves: PESOS UN MILLÓN ($ 1.000.000.-), b) para las infracciones graves: PESOS TRES MILLONES ($ 3.000.000.-) y c) para las infracciones muy graves: PESOS CINCO MILLONES ($ 5.000.000.-),

Artículo 2°.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

EDUARDO BERTONI, Director Nacional, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

 

07Jul/17

Disposición 60-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP)

Disposición 60-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP), que aprueba las cláusulas contractuales tipo de transferencia internacional para la cesión y prestación de servicios de datos personales

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

Disposición 60-E/2016

Ciudad de Buenos Aires, 16 de noviembre de 2016

VISTO el EX-2016-00311578- -APN-DNPDP y las competencias atribuidas a esta Dirección Nacional por la Ley nº 25.326 y su Decreto Reglamentario nº 1558 de fecha 29 de noviembre de 2001, y

CONSIDERANDO:

Que el artículo 12 del Anexo I al Decreto nº 1558/01, faculta a la Dirección Nacional de Protección de Datos Personales a “evaluar, de oficio o a pedido de parte interesada, el nivel de protección proporcionado por las normas de un Estado u organismo internacional”.

Que la misma norma sostiene que “el carácter adecuado del nivel de protección que ofrece un país u organismo internacional se evaluará atendiendo a todas las circunstancias que concurran en una transferencia o en una categoría de transferencias de datos; en particular, se tomará en consideración la naturaleza de los datos, la finalidad y la duración de tratamiento o de los tratamientos previstos, el lugar de destino final, las normas de derecho, generales o sectoriales, vigentes en el país de que se trate, así como las normas profesionales, códigos de conducta y las medidas de seguridad en vigor en dichos lugares, o que resulten aplicables a los organismos internacionales o supranacionales”.

Que, asimismo, dispone “que un Estado u organismo internacional proporciona un nivel adecuado de protección cuando dicha tutela se deriva directamente del ordenamiento jurídico vigente, o de sistemas de autorregulación, o del amparo que establezcan las cláusulas contractuales que prevean la protección de datos personales”.

Que por tales motivos, nuestra legislación admite como garantías adecuadas a los fines de la transferencia internacional de datos personales la existencia de autorregulación o cláusulas contractuales que brinden una protección similar a la de nuestra normativa.

Que a tales fines resulta pertinente determinar las garantías y requisitos necesarios para que las cláusulas contractuales protejan adecuadamente los datos personales que se transfieran a países sin legislación adecuada en los términos del artículo 12 del Anexo I al Decreto nº 1558/01.

Que entiende esta Dirección Nacional que se garantizaran mejor los derechos del titular de los datos personales mediante la aprobación de un modelo de contrato de transferencia internacional, tanto para los casos de cesión como para los de prestación de servicios, el que deberá ser adoptado por quienes deban realizar transferencias internacionales de datos.

Que, asimismo, cabe considerar los casos en que el responsable del tratamiento decida apartarse del modelo que se propone, situación en la que se estima conveniente exigir la presentación del contrato de transferencia internacional ante esta Dirección Nacional para su aprobación, a fin de una adecuada tutela de los derechos de los titulares de los datos a ser transferidos.

Que a los fines de la confección de los contratos modelo cabe tener en cuenta la experiencia internacional, en particular las conclusiones del documento de trabajo relativo a las transferencias de datos personales a terceros países del Grupo de Trabajo del Artículo 29 de la Directiva 95/46/EC, del 24 de julio de 1998 y las cláusulas contractuales tipo de la Comisión de la Comunidad Europea dispuestas en la Decisión 2001/497/CE del 15 de junio de 2001 y la Decisión 2010/87/UE del 5 de febrero de 2010.

Que cabe distinguir en las cláusulas modelo las dos alternativas prácticas más habituales de una transferencia internacional, como son la cesión de datos personales y la prestación de servicios, proponiendo modelos de cláusulas tipo diferenciadas para ambos supuestos.

Que a los fines de la aplicación de la presente medida resulta conveniente determinar aquellos países que a criterio de esta Dirección Nacional de Protección de Datos Personales poseen legislación adecuada.

Que en el expediente EXP-S04:0071111/2011 se analizó la legislación de aquellos países calificados como legislación adecuada por parte de la Unión Europea, concluyéndose sobre el nivel equivalente de las normativas de dichos países respecto de la Ley nº 25.326.

Que resulta conveniente informar al público los países con legislación adecuada a través de la página de Internet de la Dirección Nacional de Protección de Datos Personales, en particular si se tiene en cuenta que la definición de la adecuación de un país respecto de la ley argentina es una cuestión que puede sufrir variaciones periódicas.

Que es menester destacar que el reconocimiento a ciertos países como poseedores de legislación adecuada no importará una calificación, respecto de todos los demás países no incluidos en esa enumeración, como naciones que carecen de esa legislación adecuada.

Que la Dirección General de Asuntos Jurídicos de este Ministerio ha tomado la intervención de su competencia.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 29, inciso 1, apartado b) de la Ley nº 25.326 y el artículo 29, inciso 5, apartado a) y 12 del Anexo I al Decreto nº 1558/01.

Por ello,

El Director Nacional de Protección de Datos Personales

DISPONE:

ARTÍCULO 1°.-  Apruébanse las cláusulas contractuales tipo de transferencia internacional para la cesión y prestación de servicios incorporadas en los Anexos I y II que forman parte integrante de la presente medida, respectivamente, a fin de garantizar un nivel adecuado de protección de datos personales en los términos del artículo 12 de la Ley nº 25.326 y del Anexo I al Decreto nº 1558/01 en aquellas transferencias de datos que tengan por destino países sin legislación adecuada.

ARTÍCULO 2°.- Dispónese que aquellos responsables de tratamiento que efectúen transferencias de datos personales a países que no posean legislación adecuada en los términos del artículo 12 de la Ley nº 25.326 y su Decreto reglamentario nº 1558/01, y utilicen contratos que difieran de los modelos aprobados en el artículo anterior o no contengan los principios, garantías y contenidos relativos a la protección de los datos personales previstos en los modelos aprobados, deberán solicitar su aprobación ante esta Dirección Nacional presentándolos, a más tardar, dentro de los TREINTA (30) días corridos de su firma.

ARTÍCULO 3°.-  A los fines de la aplicación de la presente disposición se consideran países con legislación adecuada a los siguientes: Estados miembros de la Unión Europea y miembros del espacio económico europeo (EEE), Confederación Suiza, Guernsey, Jersey, Isla de Man, Islas Feroe, Canadá sólo respecto de su sector privado, Principado de Andorra, Nueva Zelanda, República Oriental de Uruguay y Estado de Israel sólo respecto de los datos que reciban un tratamiento automatizado. Esta enumeración será revisada periódicamente por esta Dirección Nacional, publicando la nómina y sus actualizaciones en su sitio oficial en Internet.

ARTÍCULO 4°.-  Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

EDUARDO BERTONI, Director Nacional, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

ANEXO I.- Contrato modelo de transferencia internacional de datos personales con motivo de la cesión de datos personales

Entre, por una parte, ______________________________________, con domicilio en la calle________, localidad_____________, provincia de __________, Argentina, (en adelante, “el exportador de datos”) y, por otra, ____________________________ (nombre), __________ (dirección y país), (“en adelante, el importador de datos”), en conjunto “las partes”, convienen el presente contrato de transferencia internacional de datos personales, sometiéndola a los términos y condiciones que se detallan a continuación.

Cláusula 1) Definición de términos

A los efectos del presente contrato se entenderá por los siguientes términos:

a) “datos personales”, “datos sensibles”, “tratamiento”, “responsable” y “titular del dato”, el mismo significado que el establecido en la Ley nº 25.326, de Protección de Datos Personales.

b) “autoridad” o “autoridad de control”, la Dirección Nacional de Protección de Datos Personales de la República Argentina;

c) “exportador”, el responsable del tratamiento que transfiera los datos personales;

d) “importador”, el responsable del tratamiento radicado fuera de la jurisdicción argentina que reciba los datos personales procedentes del exportador de datos para su tratamiento de conformidad con los términos del presente.

Cláusula 2) Características específicas y finalidad del tratamiento

La finalidad y otros detalles específicos de la transferencia, como por ejemplo características de los datos personales transferidos, forma en que se atenderán los pedidos del titular del dato o la autoridad de control, cesiones o transferencias previstas a terceros, y jurisdicción en que se radicarán los datos, se especifican en el Anexo A, que forma parte del presente contrato. Las partes podrán suscribir en el futuro anexos adicionales a fin de incorporar detalles y características de aquellas transferencias que se realicen con posterioridad y que se enmarquen en el presente contrato.

Cláusula 3) Obligaciones del exportador de datos

El exportador de datos acuerda y garantiza lo siguiente:

a) La recopilación, el tratamiento y la transferencia de los datos personales se han efectuado y efectuarán de conformidad con la Ley nº 25.326, y manifiesta que ha cumplido en informar a los titulares de los datos que su información personal podía ser transferida a un tercer país con niveles inferiores de protección de datos a los de la República Argentina.

b) Hará entrega al importador de copia de la legislación vigente en Argentina aplicable al tratamiento de datos previsto.

c) En caso de ejercicio por parte del titular de los datos de los derechos que le otorga la Ley nº 25.326 respecto del tratamiento de sus datos personales previstos en el presente contrato, en especial sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, dará respuesta al mismo respetando los plazos de ley y disponiendo los medios para tal fin, sea por los datos en su poder o por pactarse como obligación a su cargo, lo que se indica en el Anexo A. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador, a menos que las partes hayan acordado que sea el importador quien responda a estas consultas. Aun en este supuesto, será el exportador quien deba responder, en la medida de lo posible y a partir de la información de que pueda disponer, si el importador de datos no responde.

d) Pondrá a disposición de los titulares de los datos, en su carácter de terceros beneficiarios a tenor de la cláusula 5, y a petición de éstos, una copia de las cláusulas que se relacionen al tratamiento de sus datos personales, derechos y garantías.

e) Ha realizado esfuerzos razonables para determinar que el Importador de datos es capaz de cumplir las obligaciones pactadas en el presente contrato. A tal efecto, el exportador podrá solicitar al importador la contratación de un seguro de responsabilidad para eventuales perjuicios ocasionados con motivo del tratamiento previsto, conforme se especifica en el Anexo A.

Cláusula 4) Obligaciones del importador de datos

El importador de datos acuerda y garantiza lo siguiente:

a) Disponer las medidas de seguridad y confidencialidad necesarias y efectivas para evitar la adulteración, pérdida, consulta o tratamiento no autorizado de los datos, y que permitan detectar desviaciones, intencionales o no, ya sea que los riesgos provengan de la acción humana o del medio técnico utilizado verificando que no sean inferiores a las dispuestas por la normativa vigente, de manera tal que garanticen el nivel de seguridad apropiado a los riesgos que entraña el tratamiento y a la naturaleza de los datos que han de protegerse;

b) dispondrá de procedimientos que garanticen que todo acceso a los datos transferidos se realizará por personal autorizado para ello, estableciendo niveles de acceso y claves, quienes cumplirán con el deber de confidencialidad y seguridad de los mismos, suscribiendo convenios a tales fines.

c) que ha verificado que la legislación local no impide el cumplimiento de las obligaciones, garantías y principios previstos en el presente contrato relativos al tratamiento de los datos personales y sus titulares, e informará al exportador de datos en forma inmediata en caso de tener conocimiento de la existencia de alguna disposición de esta índole;

d) tratará los datos personales para los fines descritos en el Anexo A;

e) comunicará al exportador de datos un punto de contacto dentro de su organización autorizado a responder a las consultas que guarden relación con el tratamiento de datos personales y cooperará de buena fe con el exportador de datos, el titular del dato y la autoridad respecto de tales consultas dentro de los plazos de ley. En caso de que el exportador de datos haya cesado de existir jurídicamente, o si así lo hubieran acordado las partes, el importador de datos asumirá las tareas relativas al cumplimiento de las disposiciones de la letra b) de la cláusula 3;

f) pondrá a disposición, a solicitud del exportador de datos o la autoridad, sus instalaciones de tratamiento de datos, sus ficheros y toda la documentación necesaria para el tratamiento, a efectos de revisión, auditoría o certificación. Estas labores serán realizadas, previa notificación razonable y durante horas laborables normales, por un inspector o auditor imparcial e independiente designados por el exportador o la autoridad, a fin de determinar si se cumplen las garantías y los compromisos previstos en el presente contrato;

g) tratará los datos personales de conformidad con la Ley nº 25.326 de protección de datos personales;

h) notificará sin demora al exportador de datos sobre:

i) toda solicitud jurídicamente vinculante de ceder datos personales presentada por una autoridad encargada de la aplicación de ley a menos que esté prohibido por la normativa aplicable (en la medida que no excedan lo necesario en una sociedad democrática siguiendo las pautas del epígrafe siguiente, punto 2),

ii) todo acceso accidental o no autorizado,

iii) toda solicitud sin respuesta recibida directamente de los titulares de los datos, a menos que se le autorice;

i) no cederá ni transferirá los datos personales a terceros excepto que:

1) se establezca de manera específica en el Anexo A del presente contrato o resulte necesario para su cumplimiento, verificando en ambos casos que el destinatario se obligue en iguales términos que el importador en el presente y siempre con el conocimiento y conformidad previa del exportador, o

2) la cesión sea requerida por ley o autoridad competente, en la medida que no exceda lo necesario en una sociedad democrática, por ejemplo, cuando constituya una medida necesaria para la salvaguardia de la seguridad del Estado, la defensa, la seguridad pública, la prevención, la investigación, la detección y la represión de infracciones penales o administrativas, o la protección del titular del dato o de los derechos y libertades de otras personas.

Al recibir la solicitud señalada arriba como punto 2), el Importador deberá de manera inmediata: a) verificar que la autoridad solicitante ofrezca garantías adecuadas de cumplimiento de los principios del artículo 4° de la Ley nº 25.326, y de los derechos de los titulares de los datos para el acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326 salvo en los siguientes casos y condiciones (conforme artículo 17 de la Ley nº 25.326):

i) previstos por la ley o mediante decisión fundada en la protección de la defensa de la Nación, el orden y la seguridad públicos, o la protección de los derechos e intereses de terceros,

ii) mediante resolución fundada y notificada al afectado, cuando pudieran obstaculizar actuaciones judiciales o administrativas en curso vinculadas a la investigación sobre el cumplimiento de obligaciones sujetas a control estatal y relativas al orden público, como ser: tributarias o previsionales, el desarrollo de funciones de control de la salud y del medio ambiente, la investigación de delitos penales y la verificación de infracciones administrativas; sin perjuicio de ello, se deberá brindar el acceso a los datos en la oportunidad en que el afectado tenga que ejercer su derecho de defensa; y b) en caso que la autoridad no otorgue u ofrezca las garantías indicadas en el punto a) inmediato anterior, prevalecerá la ley argentina, por lo que el Importador procederá a suspender el tratamiento en dicho país reintegrando los datos al Exportador según las instrucciones que este le imparta y notificando este último a la autoridad de control.

j) atenderá los pedidos que reciba del titular del dato (en su caso del exportador cuando actúe a su solicitud) respecto de los derechos que le otorga la Ley nº 25.326 sobre el tratamiento de sus datos personales previstos en el presente contrato —en su carácter de tercero beneficiario—, en especial sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, respetando los plazos de ley y disponiendo los medios para tal fin. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad —también en carácter de tercero beneficiario— relativas al tratamiento de los datos personales que realiza, sin perjuicio que las partes hayan acordado de otra forma respecto de quién responda a estas consultas;

k) destruirá, certificando tal hecho, y/o reintegrará al exportador, según se pacte en las condiciones particulares del Anexo A, los datos personales objeto de la transferencia cuando se produzca alguna de las siguientes circunstancias:

1) resolución del presente contrato;

2) imposibilidad de cumplimiento de las disposiciones de la Ley nº 25.326;

3) extinción de la finalidad por la que se transmitieron. Si a dicho momento la legislación nacional o la reglamentación local aplicable al importador no le permita devolver o destruir dichos datos en forma total o parcial, el importador se compromete a informar el plazo legal previsto y guardar el secreto sobre los mismos y a no volver a someterlos a tratamiento. En caso que dicho plazo de conservación sea contrario a los principios de protección de datos personales aplicables al caso no se reiterará la transferencia resolviéndose el contrato, al ser una causal de incumplimiento; y si se verificara tal condición durante la ejecución del contrato, éste deberá resolverse reintegrando los datos al Exportador conforme a las instrucciones que este le imparta.

l) llevará registro del cumplimiento de las obligaciones asumidas en la presente cláusula, cuyo informe estará disponible a pedido del exportador o la autoridad.

Cláusula 5) Responsabilidad y terceros beneficiarios

a) Cada una de las partes deberá responder ante los titulares de los datos por los daños que le hubiese provocado como resultado de la afectación de derechos reconocidos en este contrato en los términos previstos por la Ley nº 25.326, sus normas reglamentarias y derecho de fondo de Argentina.

b) Los titulares de los datos, podrán exigir al Importador, en carácter de terceros beneficiarios, el cumplimiento de las disposiciones de la Ley nº 25.326 relacionadas con el tratamiento de sus datos personales, conforme a las obligaciones y responsabilidades asumidas por las partes en el presente contrato, en particular lo relativo a los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos. 13 a 20 de la Ley nº 25.326; a tal fin, se someten a la jurisdicción argentina, tanto en sede judicial como administrativa. En aquellos casos en que se alegue incumplimiento por parte del importador de datos, el titular del dato podrá requerir al exportador que emprenda acciones apropiadas a fin de cesar dicho incumplimiento.

c) El importador acepta que la autoridad de control ejerza sus facultades respecto del tratamiento de datos que asume a su cargo, con los límites y facultades que le otorga la Ley nº 25.326, aceptando sus facultades de control y sanción, otorgándole a tales fines, en lo que resulte pertinente, el carácter de tercero beneficiario. Las tareas de auditoría podrán ser realizadas tanto por personal de la autoridad de control como por terceras personas idóneas por ella designadas para dicho acto o autoridades locales de competencias análogas en colaboración con la autoridad.

El importador de datos informará sin demora al exportador de datos en el caso de que la legislación existente aplicable a él o a cualquier subencargado no permita auditar al importador ni a los subencargados.

d) En caso que el Importador revoque, o no cumpla no obstante ser intimado por el Exportador otorgando un plazo perentorio de CINCO (5) días hábiles, con los derechos y facultades reconocidos a terceros beneficiarios en esta cláusula, tal hecho será causal de resolución automática del presente Contrato.

e) Las partes no se oponen a que los titulares de los datos estén representados por una asociación u otras entidades previstas por la ley argentina.

Cláusula 6) Legislación aplicable y jurisdicción

El presente contrato se regirá por la ley de la República Argentina, en particular la Ley nº 25.326, sus normas reglamentarias y disposiciones de la Dirección Nacional de Protección de Datos Personales, y entenderán en caso de conflicto vinculado a la protección de datos personales la jurisdicción judicial y administrativa de la República Argentina.

Cláusula 7) Resolución de conflictos con los titulares de los datos o con la autoridad

a) En caso de conflicto o de reclamación interpuesta contra una o ambas partes por un titular del dato o por la autoridad en relación con el tratamiento de datos personales, una parte informará a la otra sobre esta circunstancia y ambas cooperarán con objeto de alcanzar una solución lo antes posible y dentro de los plazos fijados por la Ley nº 25.326, participando activamente en cualquier proceso obligatorio.

b) Las partes acuerdan atender cualquier procedimiento de mediación que haya sido iniciado por un titular del dato o por la autoridad. Si deciden participar en el procedimiento no vinculante, podrán hacerlo a distancia (p. ej. por teléfono u otros medios electrónicos).

c) Cada una de las partes se compromete a acatar cualquier decisión de los tribunales competentes o de la autoridad cuyas decisiones sean finales y contra la que no pueda entablarse recurso alguno.

Cláusula 8) Resolución del Contrato

a) En caso que el importador de datos incumpla las obligaciones que le incumben en virtud de las presentes cláusulas, el exportador de datos deberá suspender temporalmente la transferencia de datos personales al importador hasta que se subsane el incumplimiento en plazo perentorio que le fije según la gravedad del hecho, notificando de dicho hecho a la autoridad de control.

b) El contrato se tendrá por resuelto, y así deberá declararlo el exportador previa intervención de la autoridad de control, en caso de que:

i) la transferencia de datos personales al importador de datos haya sido suspendida temporalmente por el exportador de datos durante un período de tiempo superior a TREINTA (30) días corridos de conformidad con lo dispuesto en la letra a);

ii) el cumplimiento por parte del importador de datos del presente contrato y la ley aplicable sean contrarios a disposiciones legales o reglamentarias en el país de importación;

iii) el importador de datos incumpla de forma sustancial o persistente cualquier garantía o compromiso previstos en las presentes cláusulas;

iv) una decisión definitiva y firme, contra la que no pueda entablarse recurso alguno de un tribunal argentino o de la Dirección Nacional de Protección de Datos Personales, que establezca que el importador o el exportador de datos han incumplido el Contrato; o

v) el exportador de datos, sin perjuicio del ejercicio de cualquier otro derecho que le pueda asistir contra el importador de datos, podrá resolver las presentes cláusulas cuando: se haya solicitado la administración judicial o la liquidación del importador de datos, ya sea a título personal o como empresario, y dicha solicitud no haya sido desestimada en el plazo previsto al efecto con arreglo a la legislación aplicable; se emita una orden de liquidación; se designe a un administrador para algunos de sus activos; se nombre un síndico de la quiebra; el importador de datos haya solicitado la declaración de concurso de acreedores; o se encuentre en una situación análoga ante cualquier jurisdicción.

En los casos contemplados en los incisos i), ii), o iv), también podrá proceder a la resolución el importador de datos sin necesidad de intervención de la autoridad de control.

c) Las partes acuerdan que la resolución del presente contrato por motivo que fuere no las eximirá del cumplimiento de las obligaciones y condiciones relativas al tratamiento de los datos personales transferidos.

Cláusula 9) Variación de las cláusulas

Las partes se comprometen a no modificar este contrato de forma tal que implique una disminución del nivel de tutela y garantías que otorga al titular del dato y la autoridad de control.

En prueba de conformidad, en la ciudad de _________________________ de ________________, se firman dos ejemplares de un mismo tenor y a un solo efecto a los ________ días del mes de __________ del año __________________.

…………………………………………….              ………………………………………

Por el Importador de Datos                     Por el Exportador de Datos

ANEXO A.- DESCRIPCIÓN DE LA TRANSFERENCIA

(Deberá ser cumplimentado por las partes conteniendo la naturaleza y categorías de los datos a transferir, detallando los mismos, la finalidad del tratamiento al que serán sometidos, forma en que se atenderán los pedidos del titular del dato o la autoridad, y la jurisdicción en la que se radicarán los datos).

ANEXO II.- Contrato modelo de transferencia internacional de datos personales con motivo de prestación de servicios

Entre, por una parte, ______________________________________, con domicilio en la calle________, localidad_____________, provincia de __________, Argentina, (en adelante, “el exportador de datos”) y, por la otra, ____________________________ (nombre), __________ (dirección y país), (“en adelante, el importador de datos”), en conjunto “las partes”, convienen el presente contrato de transferencia internacional de datos personales para la prestación de servicios, sometiéndola a los términos y condiciones que se detallan a continuación.

Cláusula 1) Definiciones

A los efectos del presente contrato se entenderá por los siguientes términos:

a) “datos personales”, “datos sensibles”, “tratamiento”, “responsable” y “titular del dato”, el mismo significado que el establecido en la Ley nº 25.326, de Protección de Datos Personales.

b) “autoridad” o “autoridad de control”, la Dirección Nacional de Protección de Datos Personales de la República Argentina.

c) “exportador”, el responsable del tratamiento que transfiera los datos personales;

d) “importador” o “encargado del tratamiento”, el prestador de servicios en los términos del artículo 25 de la Ley nº 25.326 radicado fuera de la jurisdicción argentina que reciba los datos personales procedentes del exportador de datos para su tratamiento de conformidad con los términos del presente.

e) por «legislación de protección de datos» se entenderá la Ley nº 25.326 y normativa reglamentaria.

Cláusula 2) Características, finalidad de la transferencia y términos específicos

Los detalles y otros términos específicos de la transferencia y servicio previsto, como por ejemplo características de los datos personales transferidos, forma en que las partes pactan atender los pedidos del titular del dato o de la autoridad de control, transferencias previstas a terceros, y jurisdicción en que se radicarán los datos, se especifican en el Anexo A, que forma parte del presente contrato. Las partes podrán suscribir en el futuro anexos adicionales a fin de incorporar detalles y características de aquellas transferencias que se realicen con posterioridad y que se enmarquen en el presente contrato.

Cláusula 3) Responsabilidad y terceros beneficiarios

a) Los titulares de los datos, podrán exigir al Importador, en carácter de terceros beneficiarios, el cumplimiento de las disposiciones de la Ley nº 25.326 relacionadas con el tratamiento de sus datos personales, en particular lo relativo a los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, conforme a las obligaciones y responsabilidades asumidas por las partes en el presente contrato; a tal fin, se someten a la jurisdicción argentina, tanto en sede judicial como administrativa. En aquellos casos en que se alegue incumplimiento por parte del importador de datos, el titular del dato podrá requerir al exportador que emprenda acciones apropiadas a fin de cesar dicho incumplimiento.

b) El importador acepta que la Autoridad de Control ejerza sus facultades respecto del tratamiento de datos que asume a su cargo, con los límites y facultades que le otorga la Ley nº 25.326, aceptando sus facultades de control y sanción, otorgándole a tales fines, en lo que resulte pertinente, el carácter de tercero beneficiario.

c) En caso que el Importador revoque, o no cumpla no obstante ser intimado por el Exportador otorgando un plazo perentorio de CINCO (5) días hábiles, con los derechos y facultades reconocidos a terceros beneficiarios en esta cláusula, tal hecho será causal de resolución automática del presente Contrato.

d) Los titulares de los datos podrán exigir al importador el cumplimiento de obligaciones asumidas en el presente contrato relativas al tratamiento de los datos que sean propias del exportador, cuando este último haya desaparecido de hecho o haya cesado de existir jurídicamente, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigirlos a dicha entidad.

e) Los titulares de los datos podrán exigir al eventual subencargado de tratamiento de datos el cumplimiento de la presente cláusula y el cumplimiento de obligaciones asumidas en el presente contrato por parte del exportador y el importador, relativas al tratamiento de los datos que sean propias del exportador, cuando ambos hayan desaparecido de facto o hayan cesado de existir jurídicamente, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas de alguno de ellos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigirlos a dicha entidad. La responsabilidad civil del subencargado del tratamiento de datos se limitará a sus propias operaciones de tratamiento de datos según lo pactado entre las partes y estas cláusulas.

f) Las partes no se oponen a que los titulares de los datos estén representados por una asociación u otras entidades previstas por la ley Argentina.

Cláusula 4) Obligaciones del exportador de datos

El exportador de datos acuerda y garantiza lo siguiente:

a) La recopilación, el tratamiento y la transferencia de los datos personales se han efectuado y efectuarán de conformidad con la Ley nº 25.326.

b) Ha realizado esfuerzos razonables para determinar si el importador de datos es capaz de cumplir las obligaciones pactadas en el presente contrato. A tal efecto, el exportador podrá solicitar al importador la contratación de un seguro de responsabilidad para eventuales perjuicios ocasionados con motivo del tratamiento previsto, conforme se especifica en el Anexo A.

c) Durante la prestación de los servicios de tratamiento de los datos personales, dará las instrucciones necesarias para que el tratamiento de los datos personales transferidos se lleve a cabo exclusivamente en su nombre y de conformidad con la Ley nº 25.326 y el presente contrato;

d) Hará entrega al importador de copia de la legislación vigente en Argentina aplicable al tratamiento de datos previsto.

e) Garantiza que ha cumplido en informar a los titulares de los datos que su información personal podía ser transferida a un tercer país con niveles inferiores de protección de datos a los de la República Argentina;

f) Garantiza que en caso de subtratamiento la actividad se llevará a cabo por un subencargado que deberá contar con su conformidad previa expresa del exportador y que proporcionará por lo menos el mismo nivel de protección de los datos personales y derechos de los titulares de los datos que los aquí pactados con el importador de datos, celebrando un contrato a tales fines, y quien estará también bajo las instrucciones del Exportador;

g) En caso de ejercicio por parte del titular de los datos —como tercero beneficiario— de sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, dará respuesta al mismo dentro de los DIEZ (10) días corridos si se refiere a un pedido de acceso y de CINCO (5) días hábiles si se refiere a un pedido de rectificación, supresión o actualización, y disponiendo los medios para tal fin, sea por los datos en su poder o por haberse pactado como obligación a su cargo, lo que se indica en el Anexo A. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador, a menos que las partes hayan acordado que sea el importador quien responda a estas consultas. Aun en este supuesto, será el exportador quien deba responder, en la medida de lo razonablemente posible y a partir de la información de que razonablemente pueda disponer, si el importador de datos es incapaz de responder o no lo realiza.

h) Pondrá a disposición de los titulares de los datos, en su carácter de terceros beneficiarios a tenor de la cláusula 3, y a petición de éstos, una copia de las cláusulas que se relacionen al tratamiento de sus datos personales, derechos y garantías, así como una copia de las cláusulas de otros contratos necesarios para los servicios de subtratamiento de los datos que deba efectuarse de conformidad con este contrato.

Cláusula 5) Obligaciones del importador de datos

El importador de datos acuerda y garantiza lo siguiente:

a) tratará los datos personales transferidos solo en nombre del exportador de datos, de conformidad con sus instrucciones y las cláusulas. En caso de que no pueda cumplir estos requisitos por la razón que fuere, informará de ello sin demora al exportador de datos, en cuyo caso este estará facultado para suspender la transferencia de los datos o rescindir el contrato;

b) disponer las medidas de seguridad y confidencialidad necesarias y efectivas para evitar la adulteración, pérdida, consulta o tratamiento no autorizado de los datos, y que permitan detectar desviaciones, intencionales o no, ya sea que los riesgos provengan de la acción humana o del medio técnico utilizado verificando que no sean inferiores a las dispuestas por la normativa vigente, de manera tal que garanticen el nivel de seguridad apropiado a los riesgos que entraña el tratamiento y a la naturaleza de los datos que han de protegerse;

c) dispondrá de procedimientos que garanticen que todo acceso a los datos transferidos se realizará por personal autorizado para ello, estableciendo niveles de acceso y claves, quienes cumplirán con el deber de confidencialidad y seguridad de los mismos, suscribiendo convenios a tales fines.

d) que ha verificado que la legislación local no impide el cumplimiento de las obligaciones, garantías y principios previstos en el presente contrato relativos al tratamiento de los datos personales y sus titulares, e informará al exportador de datos en forma inmediata en caso de tener conocimiento de la existencia de alguna disposición de esta índole, en cuyo caso el Exportador podrá suspender la transferencia;

e) tratará los datos personales siguiendo las expresas instrucciones que le imparta el exportador conforme a los fines y forma descriptos en el Anexo A;

f) comunicará al exportador de datos un punto de contacto dentro de su organización autorizado a responder a las consultas que guarden relación con el tratamiento de datos personales y cooperará de buena fe con el exportador de datos, el titular del dato y la autoridad respecto de tales consultas dentro de los plazos de ley. En caso de que el exportador de datos haya cesado de existir jurídicamente, o si así lo hubieran acordado las partes, el importador de datos asumirá las tareas relativas a su cumplimiento conforme a lo dispuesto en la letra d) de la cláusula 3;

g) pondrá a disposición, a solicitud del exportador de datos o la autoridad, sus instalaciones de tratamiento de datos, sus ficheros y toda la documentación necesaria para el tratamiento, a efectos de revisión, auditoría o certificación. Estas labores serán realizadas, previa notificación razonable y durante horas laborables normales, por un inspector o auditor imparcial e independiente designados por el exportador o la autoridad, a fin de determinar si se cumplen las garantías y los compromisos previstos en el presente contrato;

h) tratará los datos personales de conformidad con la Ley nº 25.326, de protección de datos personales;

i) notificará sin demora al exportador de datos sobre:

i) toda solicitud jurídicamente vinculante de ceder datos personales presentada por una autoridad encargada de la aplicación de ley a menos que esté prohibido por la normativa aplicable (en la medida que no excedan lo necesario en una sociedad democrática siguiendo las pautas del epígrafe siguiente, punto 2),

ii) todo acceso accidental o no autorizado,

iii) toda solicitud sin respuesta recibida directamente de los titulares de los datos, a menos que se le autorice;

j) no cederá ni transferirá los datos personales a terceros excepto que:

1) se establezca de manera específica en el Anexo A del presente contrato o resulte necesario para su cumplimiento, verificando en ambos casos que el destinatario se obligue en iguales términos que el importador en el presente y siempre con el conocimiento y conformidad previa del exportador, o

2) la cesión sea requerida por ley o autoridad competente, en la medida que no exceda lo necesario en una sociedad democrática, por ejemplo, cuando constituya una medida necesaria para la salvaguardia de la seguridad del Estado, la defensa, la seguridad pública, la prevención, la investigación, la detección y la represión de infracciones penales o administrativas, o la protección del titular del dato o de los derechos y libertades de otras personas.

Al recibir la solicitud señalada arriba como punto 2), el Importador deberá de manera inmediata: a) verificar que la autoridad solicitante ofrezca garantías adecuadas de cumplimiento de los principios del artículo 4° de la Ley nº 25.326, y de los derechos de los titulares de los datos para el acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326 salvo en los siguientes casos y condiciones (conforme artículo 17 de la Ley nº 25.326):

i) previstos por la ley o mediante decisión fundada en la protección de la defensa de la Nación, el orden y la seguridad públicos, o la protección de los derechos e intereses de terceros,

ii) mediante resolución fundada y notificada al afectado, cuando pudieran obstaculizar actuaciones judiciales o administrativas en curso vinculadas a la investigación sobre el cumplimiento de obligaciones sujetas a control estatal y relativas al orden público, como ser: tributarias o previsionales, el desarrollo de funciones de control de la salud y del medio ambiente, la investigación de delitos penales y la verificación de infracciones administrativas; sin perjuicio de ello, se deberá brindar el acceso a los datos en la oportunidad en que el afectado tenga que ejercer su derecho de defensa; y b) en caso que la autoridad no otorgue u ofrezca las garantías indicadas en el punto a) inmediato anterior, prevalecerá la ley argentina, por lo que el Importador procederá a suspender el tratamiento en dicho país reintegrando los datos al Exportador según las instrucciones que este le imparta y notificando este último a la autoridad de control.

k) atenderá los pedidos que reciba del titular del dato como tercero beneficiario, o del exportador, con motivo del ejercicio de los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, respetando los plazos de ley y disponiendo los medios para tal fin. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador de datos, sin perjuicio que las partes hayan acordado de otra forma quien responda a estas consultas en el Anexo A, siguiendo las instrucciones de la autoridad de control;

l) destruirá, certificando tal hecho, y/o reintegrará al exportador los datos personales objeto de la transferencia, cuando por cualquier causa se resuelva el presente Contrato.

ll) que, en caso de subtratamiento de los datos, habrá informado previamente al exportador de datos y obtenido previamente su consentimiento por escrito;

m) que los servicios de tratamiento por el eventual subencargado del tratamiento se llevarán a cabo de conformidad con la cláusula específica nº 10;

n) enviará sin demora al exportador de datos una copia del contrato que celebre con el subencargado del tratamiento con arreglo a este contrato y en el que se ha de otorgar al Exportador el carácter de tercero beneficiario a fin de impartir las instrucciones que considere necesarias y facultades para resolverlo.

ñ) llevará registro del cumplimiento de las obligaciones asumidas en la presente cláusula, cuyo informe estará disponible a pedido del exportador o la autoridad.

Cláusula 6) Responsabilidad

a) Las partes acuerdan que los titulares de los datos que hayan sufrido daños como resultado del incumplimiento de las obligaciones pactadas en el presente Contrato por cualquier parte o subencargado del tratamiento, tendrán derecho a percibir una indemnización del exportador de datos para reparar el daño sufrido.

b) En caso que el titular del dato no pueda interponer contra el exportador de datos la demanda de indemnización a que se refiere el epígrafe 1 por incumplimiento por parte del importador de datos o su subencargado de sus obligaciones impuestas en las cláusulas 5 y 10, por haber desaparecido de facto, cesado de existir jurídicamente o ser insolvente, el importador de datos acepta que el titular del dato pueda demandarle a él en el lugar del exportador de datos, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigir sus derechos a dicha entidad. El importador de datos no podrá basarse en un incumplimiento de un subencargado del tratamiento de sus obligaciones para eludir sus propias responsabilidades.

c) En caso de que el titular del dato no pueda interponer contra el exportador de datos o el importador de datos la demanda a que se refieren los apartados 1 y 2, por incumplimiento por parte del subencargado del tratamiento de datos de sus obligaciones impuestas en la cláusula 3 o en la cláusula 10, por haber desaparecido de facto, cesado de existir jurídicamente o ser insolventes ambos, tanto el exportador de datos como el importador de datos, el subencargado del tratamiento de datos acepta que el titular del dato pueda demandarle a él en cuanto a sus propias operaciones de tratamiento de datos en virtud de las cláusulas en el lugar del exportador de datos o del importador de datos, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos o del importador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigir sus derechos a dicha entidad. La responsabilidad del subencargado del tratamiento se limitará a sus propias operaciones de tratamiento de datos con arreglo a las presentes cláusulas.

Cláusula 7) Legislación aplicable y jurisdicción

El presente contrato se regirá por la ley de la República Argentina, en particular la Ley nº 25.326, sus normas reglamentarias y disposiciones de la Dirección Nacional de Protección de Datos Personales, y entenderán en caso de conflicto vinculado a la protección de datos personales la jurisdicción judicial y administrativa de la República Argentina.

Cláusula 8) Resolución de conflictos con los titulares de los datos

a) El importador de datos acuerda que si el titular del dato invoca en su contra derechos de tercero beneficiario o reclama una indemnización por daños y perjuicios con arreglo a las cláusulas, aceptará la decisión del titular del dato de:

i) someter el conflicto a mediación por parte de una persona independiente;

ii) presentar denuncia ante la Dirección Nacional de Protección de Datos Personales; y

iii) someter el conflicto a los tribunales argentinos competentes.

b) Las partes acuerdan que las opciones del titular del dato no obstaculizarán sus derechos sustantivos o procedimentales a obtener reparación de conformidad con otras disposiciones de Derecho nacional o internacional.

Cláusula 9) Cooperación con las autoridades de control

a) Las partes acuerdan que la autoridad de control está facultada para auditar al importador, o a cualquier subencargado, en la misma medida y condiciones en que lo haría respecto del exportador de datos conforme a la Ley nº 25.326, poniendo a disposición sus instalaciones de tratamiento de los datos. Las tareas de auditoría podrán ser realizadas tanto por personal de la autoridad de control como por terceras personas idóneas por ella designadas para dicho acto o autoridades locales de competencias análogas en colaboración con la autoridad.

b) El importador de datos informará sin demora al exportador de datos en el caso de que la legislación existente aplicable a él o a cualquier subencargado no permita auditar al importador ni a los subencargados.

Cláusula 10) Subtratamiento de datos

a) El importador de datos no subcontratará ninguna de sus operaciones de procesamiento llevadas a cabo en nombre del exportador de datos con arreglo a las cláusulas sin previo consentimiento por escrito del exportador de datos. Si el importador de datos subcontrata sus obligaciones deberá realizarse mediante un acuerdo escrito en el que el subencargado asuma iguales obligaciones que el importador, en lo que resulte compatible, sea frente al exportador de datos como el titular del dato y la autoridad de control, como terceros beneficiarios. En los casos en que el subencargado del tratamiento de datos no pueda cumplir sus obligaciones de protección de los datos con arreglo a dicho acuerdo escrito, el importador de datos seguirá siendo plenamente responsable frente al exportador de datos del cumplimiento de las obligaciones del subencargado del tratamiento de datos con arreglo a dicho acuerdo.

b) El contrato escrito previo entre el importador de datos y el subencargado del tratamiento contendrá asimismo una cláusula de tercero beneficiario que incluya aquellos casos en que el titular del dato no pueda interponer la demanda de indemnización a que se refiere el apartado a) de la cláusula 6 contra el exportador de datos o el importador de datos por haber estos desaparecido de facto, cesado de existir jurídicamente o ser insolventes, y ninguna entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos o del importador de datos en virtud de contrato o por ministerio de la ley. Dicha responsabilidad civil del subencargado del tratamiento se limitará a sus propias operaciones de tratamiento de datos conforme tareas subcontratadas.

c) Las disposiciones sobre aspectos de la protección de los datos en caso de subcontratación de operaciones de procesamiento se regirán por la legislación Argentina. Este requisito puede verse satisfecho mediante contrato entre importador y subencargado en el cual este último es cosignatario del presente Contrato.

d) El exportador de datos conservará la lista de los acuerdos de subtratamiento celebrados por el importador de datos, lista que se actualizará al menos una vez al año. La lista estará a disposición de la autoridad de control.

Cláusula 11) Resolución del Contrato

a) En caso que el importador de datos incumpla las obligaciones que le incumben en virtud de las presentes cláusulas, el exportador de datos deberá suspender temporalmente la transferencia de datos personales al importador hasta que se subsane el incumplimiento en plazo perentorio que le fije según la gravedad del hecho, notificando de dicho hecho a la autoridad de control.

b) El contrato se tendrá por resuelto, y así deberá declararlo el exportador previa intervención de la autoridad de control, en caso de que:

i) la transferencia de datos personales al importador de datos haya sido suspendida temporalmente por el exportador de datos durante un período de tiempo superior a TREINTA (30) días corridos de conformidad con lo dispuesto en la letra a);

ii) el cumplimiento por parte del importador de datos del presente contrato y la ley aplicable sean contrarios a disposiciones legales o reglamentarias en el país de importación;

iii) el importador de datos incumpla de forma sustancial o persistente cualquier garantía o compromiso previstos en las presentes cláusulas;

iv) una decisión definitiva y firme, contra la que no pueda entablarse recurso alguno de un tribunal argentino o de la Dirección Nacional de Protección de Datos Personales, que establezca que el importador o el exportador de datos han incumplido el Contrato; o

v) El exportador de datos, sin perjuicio del ejercicio de cualquier otro derecho que le pueda asistir contra el importador de datos, podrá resolver las presentes cláusulas cuando: se haya solicitado la administración judicial o la liquidación del importador de datos y dicha solicitud no haya sido desestimada en el plazo previsto al efecto con arreglo a la legislación aplicable; se emita una orden de liquidación o se decrete su quiebra; se designe a un administrador de cualquiera de sus activos; el importador de datos haya solicitado la declaración de concurso de acreedores; o se encuentre en una situación análoga ante cualquier jurisdicción.

En los casos contemplados en los incisos i), ii), o iv), también podrá proceder a la resolución el importador de datos sin necesidad de intervención de la autoridad de control.

c) Las partes acuerdan que la resolución del presente contrato por motivo que fuere no las eximirá del cumplimiento de las obligaciones y condiciones relativas al tratamiento de los datos personales transferidos.

Cláusula 12) Obligaciones una vez finalizada la prestación de los servicios de tratamiento de los datos personales

Las partes acuerdan que, una vez finalizada la prestación de los servicios de tratamiento de los datos personales, por motivo que fuere, el importador y el subencargado deberán, a discreción del exportador, o bien devolver todos los datos personales transferidos y sus copias, o bien destruirlos por completo y certificar esta circunstancia al exportador, a menos que la legislación aplicable al importador le impida devolver o destruir total o parcialmente los datos personales transferidos, verificando que dicho plazo de conservación no sea contrario a los principios de protección de datos personales aplicables, y en caso afirmativo se notificará a la autoridad de control.

En nombre del exportador de datos:

Nombre (completo):

……………………………………………………………………………………………………………………………………………….

Cargo: ……………………………………………………………………………………………………………………………………

Dirección: ……………………………………………………………………………………………………………………………….

…………………………………………………………….…………………………………………………………….

Otros datos necesarios con vistas a la obligatoriedad del contrato (en caso de existir):

…………………………………………………………………….…………………………………….………………

…………………………………………………………………………………………………………………………..

(Sello de la entidad)

Firma: …………………………………………………………………………………………………………………………………….

En nombre del importador de los datos:

Nombre (completo):

……………………………………………………………………………………………………………………………………………….

Cargo: ……………………………………………………………………………………………………………………………………

Dirección: ……………………………………………………………………………………………………………………………….

…………………………………………………………………………..………………………………………………

Otros datos necesarios con vistas a la obligatoriedad del contrato (en caso de existir):

……………………………………………………………………………………………………….………………….

……………………………………………………………………………….………………………………………….

…………………………………………………………………………….…………………………………………….

(Sello de la entidad)

Firma: …………………………………………………………………………………………………………………………………….

ANEXO A.- DESCRIPCIÓN DE LA TRANSFERENCIA Y SERVICIOS PREVISTOS

Exportador de datos

El exportador de datos es (especifique brevemente sus actividades correspondientes a la transferencia):

……………………………………………………………………………………..……………………………………….

……………………………………………………………………………………………………………………………………………….

Importador de datos

El importador de datos es (especifique brevemente sus actividades correspondientes a la transferencia):

……………………………………………………………………………………………………………………………………………….

……………………………………………………………………………………………………………………………………………….

Titulares de los datos

Los datos personales transferidos se refieren a las siguientes categorías de titulares de los datos:
………………………………………………………………………………………………………………………………………………

……………………………………………………………………………………………………………………………………………….

Características de los datos

Los datos personales transferidos se refieren a las siguientes categorías de datos: …………………

……………………………………………………………………………………………………………………………………………….

Tratamientos previstos y finalidad

Los datos personales transferidos serán sometidos a los siguientes tratamientos y finalidades:

……………………………………………………………………………………………………………………………..

………………………………………………………………………………………………………………………………………………

EXPORTADOR DE DATOS

Nombre: …………………………………………………………………………………………………………………………………

Firma ……………………………………………………………………………………………………………………………………..

IMPORTADOR DE DATOS

Nombre: …………………………………………………………………………………………………………………………………

Firma………………………………………………………………………………………………………………………………………

04Jul/17

Directriz nº 067-MICITT-H-MEIC, de 25 de abril de 2014

Directriz nº 067-MICITT-H-MEIC, de 25 de abril de 2014 (La Gaceta Diario Oficial nº 79)

LA PRESIDENTA DE LA REPÚBLICA Y LOS MINISTROS DE CIENCIA, TECNOLOGÍA Y TELECOMUNICACIONES, DE HACIENDA Y LA MINISTRA DE ECONOMÍA, INDUSTRIA Y COMERCIO

En uso de las facultades conferidas en los artículos 140 incisos 3) y 18) y 146 de la Constitución Política de Costa Rica; artículos 25 inciso 1) y 28 inciso 2.b) de la Ley n° 6227, “Ley General de la Administración Pública”, publicada en el Diario Oficial La Gaceta n° 102 del 30 de mayo de 1978, Alcance n° 90; artículos 3, 4 y 100 de la Ley n° 7169, “Ley de Promoción del Desarrollo Científico y Tecnológico”, publicada en el Alcance nº 23 del Diario Oficial La Gaceta n° 144 del 01 de agosto de 1990 y sus reformas; artículos 1, 3, 9, 10, 11, 12, 23 y 24 inciso g) de la Ley n° 8454, “Ley de Certificados, Firmas Digitales y Documentos Electrónicos, publicada en el Diario Oficial La Gaceta
n° 197 del 13 de octubre del 2005; artículo 3 de la Ley n° 8131, “Ley de la Administración Financiera y Presupuestos Públicos”, publicada en el Diario Oficial La Gaceta nº 198 del 16 de octubre del 2001; artículos 4, 23, 24 y 25 del Decreto Ejecutivo n° 33018-MICIT, “Reglamento a la Ley de Certificados, Firmas Digitales y Documentos Electrónicos”, publicado en el Diario Oficial La
Gaceta n° 77 del 21 de abril del 2006 y sus reformas; la Ley n° 8220, “Ley de Protección al Ciudadano del Exceso de Trámites y Requisitos Administrativos”, publicada en el Diario Oficial La Gaceta n° 49 del 11 de marzo del 2002; el Decreto Ejecutivo n° 37045, “Reglamento a la Ley de
Protección al Ciudadano del Exceso de Requisitos y Trámites Administrativos”, publicado en el Diario Oficial La Gaceta nº° 60 del 23 de marzo de 2012, Alcance n° 36; la Política de Certificados para la Jerarquía Nacional de Certificadores Registradores; y la Política de Formatos Oficiales de los Documentos Electrónicos Firmados Digitalmente.

 

Considerando:

 

I.—Que el Estado costarricense debe implementar las Tecnologías de la Información y Comunicación bajo principios racionales de eficiencia en el uso de recursos y efectividad en su aplicación con el objetivo de garantizar la eficiencia y transparencia de la administración, así como para propiciar incrementos sustantivos en la calidad del servicio brindado a los ciudadanos de acuerdo con los derechos establecidos constitucionalmente.

 

II.—Que la Dirección de Certificadores de Firma Digital (DCFD), perteneciente al Ministerio de Ciencia, Tecnología y Telecomunicaciones (MICITT), es el órgano administrador, fiscalizador y supervisor del Sistema Nacional de Certificación Digital (SNCD).

 

III.—Que dentro de sus facultades, la Dirección de Certificadores de Firma Digital tiene la responsabilidad y potestad de definir políticas y requerimientos para el uso de los certificados digitales, así como establecer todas las medidas que estime necesarias para proteger los derechos, los intereses y la confidencialidad de los usuarios, la continuidad y eficiencia del servicio, y de velar por la ejecución de tales disposiciones.

 

IV.—Que los artículos 3 y 9 de la Ley de Certificados, Firmas Digitales y Documentos Electrónicos reconocen el mismo valor y eficacia probatoria de los documentos electrónicos firmados digitalmente con respecto a los documentos físicos firmados de manera manuscrita.

 

V.—Que de conformidad con el inciso k) del artículo 4 de la Ley de Promoción del Desarrollo Científico y Tecnológico Ley n° 7169, es deber del Estado impulsar la incorporación selectiva de la tecnología moderna en la Administración Pública, a fin de agilizar y actualizar permanentemente,
los servicios públicos en el marco de una reforma administrativa que ayude a lograr la modernización del aparato estatal costarricense, en procura de mejores niveles de eficiencia operativa. Siendo así, el uso de la firma digital certificada como herramienta de identificación confiable y segura ofrece una oportunidad fundamental para el incremento de la eficiencia, la eficacia, la transparencia y el acometimiento de los fines estatales.

 

VI.—Que la Ley de Certificados, Firmas Digitales y Documentos Electrónicos, así como su Reglamento, facultan al Estado y a todas sus instituciones públicas para utilizar los certificados, firmas digitales y documentos electrónicos dentro de sus respectivos ámbitos de competencia,
incentivar su uso para la prestación directa de servicios a los administrados, así como para facilitar la recepción, tramitación y resolución electrónica de sus gestiones.

 

VII.—Que de conformidad con el artículo 4 del Reglamento a la Ley de Certificados, Firmas Digitales y Documentos Electrónicos, el Estado y todas las dependencias públicas incentivarán el uso de documentos electrónicos, certificados y firmas digitales para la prestación directa de servicios a los administrados, así como para facilitar la recepción, tramitación y resolución
electrónica de sus gestiones y la comunicación del resultado correspondiente.

De igual manera todas las dependencias públicas deben procurar ajustar sus disposiciones a los principios de  neutralidad tecnológica e interoperabilidad, no pudiendo imponer exigencias técnicas o jurídicas que impidan o dificulten injustificadamente la interacción con las oficinas públicas mediante el uso
de certificados y firmas digitales.

 

VIII.—Que por medio del artículo 25 del Reglamento a la Ley de Certificados, Firmas Digitales y Documentos Electrónicos, se autoriza a las instituciones del Estado a presupuestar y girar recursos, en la medida de sus posibilidades jurídicas y materiales, con el fin de contribuir a lograr los objetivos de la DCFD.

 

IX.—Que de conformidad con el artículo 3 de la Ley de la Administración Financiera de la República y Presupuestos Públicos n° 8131, se debe propiciar dentro de las instituciones públicas que la obtención y aplicación de los recursos públicos se realice según los principios de economía,
eficiencia y eficacia, orientados a los intereses generales de la sociedad costarricense.

 

X.—Que de conformidad con lo establecido en el artículo 2 inciso 20 del Decreto Ejecutivo nº 33018-MICIT, y en el punto 4.1.2 del documento de “Política de Certificados para la Jerarquía Nacional de Certificadores Registrados”, el solicitante de la firma digital certificada, durante el
proceso de solicitud e inscripción ante una Autoridad de Registro, debe firmar el “Acuerdo de Suscriptor”, mediante el cual se obliga a una serie de responsabilidades y deberes personales que son asumidos al firmar de manera digital dicho acuerdo, lo que le brinda el carácter personal al
dispositivo seguro de creación de la firma digital.

 

XI.—Que en vista de la situación actual de las instituciones públicas y con el fin de potenciar el uso de certificados digitales y firmas digitales en nuestro país, se ha considerado preciso redefinir y promover que los diferentes procesos que ejecutan las instituciones públicas se ofrezcan a los
ciudadanos haciendo uso de las tecnologías de información y comunicación, y en el caso específico, potenciando el uso de los certificados y firmas digitales como mecanismos de garantía de autenticidad, integridad y no repudio de los actos de manifestación de voluntad en toda la función pública.

 

XII.—Que en razón de lo anterior el Gobierno de Costa Rica considera necesario promover en las instituciones públicas el desarrollo de sistemas de información – tanto a lo interno (para con sus funcionarios) como a lo externo (para con los ciudadanos y otras instituciones) -, cuya conceptualización, diseño e implementación consideren y utilicen los certificados digitales y firmas digitales, permitiendo un mejor, eficiente, eficaz, seguro y oportuno servicio a los funcionarios y ciudadanos.

 

XIII.—Que la implementación de servicios o sistemas informáticos que utilicen la firma digital, implica un ahorro importante de tiempo y recursos que redundan en beneficios para la Administración Pública y el administrado, garantizando además una mayor transparencia en la ejecución de los trámites. De igual manera permite a las instituciones posicionarse como
organizaciones tecnológicas, que invierten y mantienen infraestructura tecnológica altamente modernizada y eficiente, garantizando un adecuado servicio y potenciando la interconexión e interoperabilidad con otras instituciones del Estado, colaborando activamente en el desarrollo del
gobierno electrónico, de la simplificación de trámites, y brindando mayor agilidad y seguridad tecnológica y jurídica en los servicios que se ofrecen al ciudadano.

 

XIV.—Que la Ley de Protección al Ciudadano del Exceso de Requisitos y Trámites Administrativos, Ley n° 8220, ordena simplificar los trámites y requisitos establecidos por la Administración Pública frente a los ciudadanos, evitando duplicidades y garantizando en forma expedita el derecho de
petición y el libre acceso a los departamentos públicos, contribuyendo de forma innegable en el proceso de reforzamiento del principio de seguridad jurídica del sistema democrático costarricense.

 

XV.—Que uno de los objetivos estratégicos en el eje de competitividad e innovación del Plan Nacional de Desarrollo 2011-2014, consiste en aumentar la producción mediante el mejoramiento en aspectos de reforma regulatoria y tramitología. Como acción estratégica en este campo destaca el uso intensivo de las facilidades tecnológicas cuyo propósito es hacer los procesos más
eficientes.

 

XVI.—Que el Poder Ejecutivo en el ejercicio de su potestad de dirección en materia de Gobierno, y los Ministerios de Ciencia, Tecnología y Telecomunicaciones, de Hacienda y de Economía, Industria y Comercio, como rectores en materia de tecnologías de la información, de asignación de los recursos públicos y de eficiencia de la administración pública respectivamente, deben procurar la existencia de sistemas de información más eficientes mediante un proceso razonado y dirigido por las oportunidades de mejora del Estado que estas habilitan, y no por implementaciones
transitorias. Por tanto,

 

Emiten la siguiente directriz:

 

MASIFICACIÓN DE LA IMPLEMENTACIÓN Y EL USO DE LA FIRMA DIGITAL EN EL SECTOR PÚBLICO COSTARRICENSE

 

Artículo 1°.- A partir de la publicación de esta directriz, todas las instituciones del sector público costarricense deberán tomar las medidas técnicas y financieras necesarias que le permitan disponer de los medios electrónicos para que los ciudadanos puedan obtener información, realizar consultas, formular solicitudes, manifestar consentimiento y compromiso, efectuar pagos, realizar transacciones y oponerse a las resoluciones y actos administrativos. Se busca con esta directriz hacer efectivo el derecho a exigir igualdad en el acceso por medios electrónicos a todos los servicios que se ofrecen por medios físicos, pudiendo las personas físicas utilizar en cualquier
escenario la capacidad de firma digital certificada, ya sea para autenticarse o para firmar todos los trámites con la institución por vía electrónica.

 

Artículo 2°.- Las instituciones del sector público costarricense deberán incluir dentro de sus procesos de compra, y en la medida de sus posibilidades presupuestarias, la adquisición de los mecanismos de firma digital certificada para sus funcionarios. Además, deberán implementar procesos internos soportados en plataformas digitales que utilicen la capacidad de autenticación y de firma digital certificada de sus funcionarios, y que potencien la reducción en el uso de papel y la mejora de su eficiencia y eficacia operativa.

 

Artículo 3°.- Todo nuevo desarrollo, funcionalidad o implementación de sistemas de información de las instituciones del sector público costarricense, en los cuales se ofrezcan servicios de cara al ciudadano o de utilización interna, deberá incorporar:

 

a.- Mecanismos de autenticación mediante firma digital certificada. Cuando un ciudadano se autentique utilizando firma digital certificada, se reconocerá la autenticidad plena y el valor de su relación con la institución por el canal electrónico.

 

b.- Mecanismos de firma de documentos y transacciones electrónicas mediante firma digital certificada cuando el trámite así lo requiera, tanto para uso de los funcionarios como para los ciudadanos involucrados en el proceso.

 

Artículo 4°.- Todo nuevo desarrollo, funcionalidad o implementación de sistemas de información de las instituciones del sector público costarricense, en los cuales se ofrezcan servicios de cara al ciudadano, deberá incorporar en la emisión de sus certificaciones, comprobantes, facturas y/o
comunicaciones electrónicas, mecanismos de firma digital certificada mediante el uso de los certificados digitales de Sello Electrónico de Persona Jurídica, que garanticen su validez y certeza jurídica.

 

Artículo 5°.- Las instituciones del sector público costarricense deberán, dentro de sus posibilidades presupuestarias, modernizar y ajustar los sistemas de información que tengan en operación, en los cuales se ofrezcan servicios de cara al ciudadano o de utilización interna, para incorporar mecanismos de autenticación mediante firma digital certificada; así como mecanismos
de firma de documentos y transacciones electrónicas mediante firma digital certificada cuando los trámites así lo requieran.

 

Artículo 6°.- En todo momento, los mecanismos de firma digital certificada deberán implementarse respetando la normativa vigente al respecto, garantizando así la validez de las firmas digitales en el tiempo, potenciando la interoperabilidad en el intercambio de documentos electrónicos entre instituciones, la apropiada conservación de los documentos electrónicos
firmados digitalmente, y el valor legal de la interacción entre el ciudadano y la institución por medios electrónicos a través del tiempo.

 

Artículo 7°.- En todos los casos donde las instituciones del sector público costarricense adquieran la capacidad de firma digital para sus funcionarios, se entenderá que el dispositivo seguro de creación de la firma digital certificada pasará a formar parte del patrimonio del funcionario público, por ser considerado un bien personal indispensable para el ejercicio no solo de sus funciones públicas, sino también de sus derechos y de sus atribuciones individuales.

 

Artículo 8°.- Las instituciones del sector público costarricense deberán realizar campañas y actividades de educación para sus funcionarios, que les permita aprender a utilizar los mecanismos de firma digital, así como reconocer la equivalencia jurídica y la eficacia probatoria de los documentos electrónicos firmados digitalmente con respecto a los documentos en papel con
firmas autógrafas, tal como la Ley n° 8454 lo establece. Para el caso de aquellos funcionarios responsables de la recepción y/o trámite de los documentos electrónicos, deberán también capacitarlos técnicamente para poder reconocer, interpretar y validar las firmas digitales asociadas a éstos documentos electrónicos.

 

Artículo 9°.- Los distintos jerarcas de las instituciones del sector público costarricense serán los responsables de la aplicación de lo dispuesto en la presente directriz, en lo que les corresponda.

 

Artículo 10.- Se insta a las Autoridades Certificadoras debidamente registradas y autorizadas por la Dirección de Certificadores de Firma Digital, para que en la medida de sus posibilidades y dentro de la normativa jurídica vigente, contribuyan con el aporte de recursos económicos, logísticos y
técnicos para dar continuidad y garantizar la calidad, eficiencia y seguridad del Sistema Nacional de Certificación Digital, y a su vez potenciar la emisión, implementación, adquisición y uso de los mecanismos de firma digital certificada en Costa Rica.

 

Artículo 11.- Se insta a todas las instituciones del sector público costarricense y a las empresas privadas, para que en la medida de sus posibilidades presupuestarias y dentro de la normativa jurídica vigente, contribuyan con el aporte de recursos económicos, logísticos y técnicos para potenciar la exitosa emisión, implementación, adquisición y uso de los mecanismos de firma digital certificada en Costa Rica.

 

Artículo 12.- Transitorio único. La fecha límite para la aplicación de lo establecido en los artículos 4, 5 y 8 de ésta directriz, es el 16 de diciembre del 2016.

 

Artículo 13.- Rige a partir de su publicación.

 

Dada en la Presidencia de la República, a los tres días del mes de abril del año dos mil catorce.

 

LAURA CHINCHILLA MIRANDA.-

El Ministro de Ciencia, Tecnología y Telecomunicaciones, José Alejandro Cruz Molina.

El Ministro de Hacienda, Edgar Ayales Esna.

La Ministra de Economía, Industria y Comercio, Mayi Antillón Guerrero.

01Jul/17

Número 17, primer semestre 2017

ISSN 1989-5852
Título clave: Revista informática jurídica
Tít. abreviado: Rev. inform. jurid.

Introducción

En este decimoséptimo número de la Revista, aparecen artículos de colaboradores por orden alfabético.

Un agradecimiento especial a los 42 colaboradores que han aportado sus artículos para hacer posible la publicación semestral de esta revista, que ya lleva 8 años y medio

Un cordial saludo para todos y gracias por vuestra colaboración.

José Cuervo Álvarez

  1. Introducción
  2. Albizu Ortiz, Rayda L.
  3. Almodóvar Pérez, Evelyn Judith
  4. Avilés, Jeanevy
  5. Barbosa Garriga, Teremari
  6. Calbetó Vaillant, María
  7. Casí Ladrón de Guevara, Yosvanys
  8. Corchado López, Iliana
  9. Correa Colón, Danishia
  10. Cruz Cobián, Lorraine de la
  11. De la Cruz Leyva, Viana
  12. De la Cruz Moreno, César Miguel
  13. Díaz-Cáceres, Vivian E.
  14. Estrada Jiménez, Pedro Manuel
  15. Fonseca Hernández, Juan Antonio
  16. Gil, Anabelle
  17. Hechavarria Derronselet, Yoendrís
  18. Hernández Zamora, Cecilia Rosa
  19. Jiménez, Yoileana
  20. León Fonseca, Marcos Antonio
  21. Leyva Regalon, José A.
  22. López Álvarez, Lesbia
  23. Mayoral Céspedes, Irisleydis
  24. Morales Delgado, Irma
  25. Muñiz Maldonado, Noralys
  26. Negrón, Carlos M.
  27. Ocasio Otero, María M.
  28. Ortiz Mussenden, Rubén
  29. Pompa Rodríguez, Lisandra
  30. Rodríguez Cabrera, Julio
  31. Rosales Arévalo, Evelio
  32. Sánchez, Ramón
  33. Santiago Gómez, Hector L.
  34. Santisteban García, Rolando Bairon
  35. Sasso Borges, Cedrid P.
  36. Silva Del Rosario, Yamila
  37. Sosa Gierbolini, Raquel
  38. Torres Báez, Josúe
  39. Torres Huertas, Gianina
  40. Torres Manso, Wilma
  41. Vázquez Guerrero, Iluminado Agustín
  42. Velázquez Ballester, Rodolfo Villar
  43. Velázquez Lominchar, Arlin

Albizu Ortiz, Rayda L.

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico

El Derecho a Desconectarse: La protección de la Privacidad del Empleado, frente al Patrono (Fuera del entorno laboral) Trabajo en colaboración con Cedric P. Sasso Borges y Vivian E. Díaz-Cáceres (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Almodóvar Pérez, Evelyn Judith

JD Candidate, School of Law. Interamerican University of Puerto Rico. BA in Political Science. University of Puerto Rico

Avilés, Jeanevy

JD Candidate, School of Law. Interamerican University of Puerto Rico. BA in Political Science. University of Puerto Rico

Barbosa Garriga, Teremari

Estudiante de Cyber Law, de la Facultad de Derecho. Universidad Interamericana de Puerto Rico.

  • Las redes sociales: vehículo de trata de niños. Trabajo realizado en colaboración con Danishia Correa Colón y Lorraine De la Cruz Cobián. (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Calbetó Vaillant, María

Estudiante de Derecho Cibernético del Profesor Fredrick Vega, en la Facultad de Derecho Interamericana de Puerto Rico.

Casí Ladrón de Guevara, Yosvanys

Corchado López, Iliana

Estudiante de la Universidad Interamericana de Puerto Rico. Facultad de Derecho

El derecho del empleado frente al patrono por expresiones publicadas en las Redes Sociales. Trabajo en colaboración con Gianina Torres Huertas e Irma Morales Delgado (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Correa Colón, Danishia

Estudiante de Cyber Law, de la Facultad de Derecho. Universidad Interamericana de Puerto Rico.

  • Las redes sociales: vehículo de trata de niños. Trabajo realizado en colaboración con Teremari Barbosa Garriga y Lorraine De la Cruz Cobián. (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Cruz Cobián, Lorraine de la

Estudiante de Cyber Law, de la Facultad de Derecho. Universidad Interamericana de Puerto Rico.

  • Las redes sociales: vehículo de trata de niños. Trabajo realizado en colaboración con Danishia Correa Colón y Teremari Barbosa Garriga. (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

De la Cruz Leyva, Viana

Universidad de Granma

De la Cruz Moreno, César Miguel

MSc Prof. Aux. César Miguel de la Cruz Moreno. Universidad de Granma. Sede “Blas Roca Calderío”

  • OBJEPLA (19.06.2017) (Trabajo en colaboración con Yoendrís Hechavarria Derronselet)

Díaz-Cáceres, Vivian E.

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico.

El Derecho a Desconectarse: La protección de la Privacidad del Empleado, frente al Patrono (Fuera del entorno laboral) Trabajo en colaboración con Rayda L. Albizu Ortiz y Cedric P. Sasso Borges (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Estrada Jiménez, Pedro Manuel

Profesor del departamento de Informática, Facultad de Ciencias Informáticas, Naturales y Exactas. Universidad de Granma. Cuba

Fonseca Hernández, Juan Antonio

Gil, Anabelle

J. D. Candidata. Curso Law 348 D: International Private Law-Cyber Law. Prof. Fredrick Vega

Hechavarria Derronselet, Yoendrís

Licenciado Yoendrís Hechavarria Derronselet, profesor Asistente de la Universidad de Granma, Sede “Blas Roca Calderío”

Hernández Zamora, Cecilia Rosa

Aspirante a Doctora y profesora Asistente del Departamento Educación Laboral-Informática de la Universidad de Granma. Sede “Blas Roca Calderío” Manzanillo. Granma. Cuba

Jiménez, Yoileana

J. D. Candidata. Curso Law 348 D: International Private Law-Cyber Law. Prof. Fredrick Vega

León Fonseca, Marcos Antonio

Leyva Regalon, José A.

Profesor del departamento de Informática, Facultad de Ciencias Informáticas, Naturales y Exactas. Universidad de Granma. Cuba

López Álvarez, Lesbia

Mayoral Céspedes, Irisleydis

Profesora del departamento de Informática, Facultad de Ciencias Informáticas, Naturales y Exactas. Universidad de Granma. Cuba

Morales Delgado, Irma

Estudiante de la Universidad Interamericana de Puerto Rico. Facultad de Derecho

El derecho del empleado frente al patrono por expresiones publicadas en las Redes Sociales. Trabajo en colaboración con Gianina Torres Huertas e Iliana Corchado López (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Muñiz Maldonado, Noralys

Negrón, Carlos M.

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico

Ocasio Otero, María M.

J. D. Candidata. Curso Law 348 D: International Private Law-Cyber Law. Prof. Fredrick Vega

Ortiz Mussenden, Rubén

Estudiante de Juris Doctor. Facultad de Derecho, Universidad Interamericana de Puerto Rico

Pompa Rodríguez, Lisandra

Especialista en gestión de la información bibliografía docente. Universidad de Granma. Cuba.

Rodríguez Cabrera, Julio

Estudiante de Derecho Cibernético del Profesor Fredrick Vega-Lozada, en la Facultad de Derecho Interamericana de Puerto Rico.

Rosales Arévalo, Evelio

Lic. Evelio Rosales Arévalo, profesor Asistente, del Departamento Educación Laboral-Informática de la Universidad de Granma. Sede “Blas Roca Calderío”. Manzanillo. Granma. Cuba

Sánchez, Ramón

JD Candidate, School of Law. Interamerican University of Puerto Rico. BA in Political Science. University of Puerto Rico

Santiago Gómez, Hector L.

Estudiante de Juris Doctor. Facultad de Derecho, Universidad Interamericana de Puerto Rico

Santisteban García, Rolando Bairon

Delegación Provincial de la Agricultura en Granma

Sasso Borges, Cedrid P.

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico

El Derecho a Desconectarse: La protección de la Privacidad del Empleado, frente al Patrono (Fuera del entorno laboral) Trabajo en colaboración con Rayda L. Albizu Ortiz y Vivian E. Díaz-Cáceres (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Silva Del Rosario, Yamila

Sosa Gierbolini, Raquel

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico

Torres Báez, Josúe

Estudiante de Juris Doctor. Facultad de Derecho, Universidad Interamericana de Puerto Rico

Torres Huertas, Gianina

Estudiante de la Universidad Interamericana de Puerto Rico. Facultad de Derecho

El derecho del empleado frente al patrono por expresiones publicadas en las Redes Sociales. Trabajo en colaboración con Iliana Corchado López e Irma Morales Delgado (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Torres Manso, Wilma

Vázquez Guerrero, Iluminado Agustín

Velázquez Ballester, Rodolfo Villar

Velázquez Lominchar, Arlin

27Abr/17
Proyecto de Ley

Proyecto de Ley de Protección de Datos en Chile, abril de 2017

Boletín n° 11.144 -07

Proyecto de ley, iniciado en mensaje de S. E. la Presidenta de la República, que regula la protección y el tratamiento de los datos personales y crea la Agencia de Protección de Datos Personales.

MENSAJE nº 001-365/
Honorable Senado:

Tengo el honor de someter a vuestra consideración el siguiente proyecto de ley que regula la protección y el tratamiento de los datos personales.

I.- ANTECEDENTES GENERALES

1. Desarrollo de la economía digital

En muchos sentidos el Siglo XXI representa el inicio de una nueva era. No sólo porque desde una perspectiva convencional y temporal marca el punto de partida del nuevo milenio, sino también porque en lo que va transcurrido de él se han sucedido cambios y transformaciones sociales, culturales y tecnológicas de extraordinaria envergadura. La mayor de estas transformaciones se puede sintetizar en el proceso de transición desde la sociedad industrial a la sociedad digital.

La sociedad digital ha expandido los espacios de libertad, autonomía y desarrollo de las personas, pero también ha diseñado nuevos y sofisticados sistemas de control y vigilancia que amenazan o limitan esa misma libertad.

Parte importante de los desafíos que actualmente enfrentan las sociedades y los gobiernos es crear reglas de conducta que permitan organizar las transformaciones en la sociedad digital. Se trata de diseñar instituciones, marcos normativos e incentivos que permitan generar convergencias entre la información personal y su uso, entre las libertades individuales y el interés público, entre la vida privada y la información pública, entre la interconexión global y las identidades locales, entre la tecnología y la humanidad.

La sociedad del conocimiento y la información han dado paso a una nueva economía: la economía digital. La inserción de los países a esta nueva realidad exige la adaptación de sus regulaciones, prácticas, instituciones y la organización industrial y productiva de las empresas al uso generalizado de las tecnologías de la información.

La expansión de la economía digital tiene evidentes efectos positivos para el bienestar de los ciudadanos. Entre otras cosas, es amigable con el medio ambiente, genera eficiencias en la asignación de recursos, posibilita la creación de nuevos negocios y aumenta la satisfacción de los consumidores.

Las barreras que enfrenta un desarrollo más vigoroso de la economía digital vienen dadas por restricciones en el acceso y uso de las nuevas tecnologías de la información y en la existencia de hábitos y prácticas culturales que enfatizan el uso de sistemas análogos por sobre los sistema digitales. Pero más aún, se alimenta en la desconfianza de los consumidores respecto de la seguridad relativa al cumplimiento de los requisitos de autenticidad, integridad y confidencialidad de las operaciones y sus registros, y en la falta de un marco normativo adecuado y de instituciones eficaces para sancionar las infracciones y resolver las controversias.

Otra restricción importante se encuentra en la configuración de los mercados y en la conducta de los agentes económicos. Muchas empresas mantienen rentas ancladas en prácticas que no son compatibles con sistemas abiertos, competitivos y transparentes propios de una sociedad y de una economía digital. En esta nueva era las empresas exitosas son aquellas que valoran el conocimiento, la información, la innovación y la competencia.

Chile es una economía pequeña y abierta al mundo. Las empresas chilenas se han insertado competitivamente en la economía global y el país es un destino atractivo para las inversiones extranjeras.

Sin embargo, para que Chile mantenga e incremente su trayectoria de desarrollo y crecimiento económico, es necesario, tal como lo ha venido planteando la OCDE en sus recomendaciones, emprender cambios y transformaciones que permitan avanzar hacia una economía más innovadora, basada en el conocimiento e integrada por más empresas que sean capaces de competir a nivel mundial y participar en las cadenas globales de valor, especialmente en el ámbito de los servicios globales.

Una de las mayores deudas en materia regulatoria es la falta de una legislación moderna y flexible que permita cumplir las normas y estándares internacionales en materia de protección y tratamiento de los datos personales.

2. Contexto internacional

Desde el año 2010, Chile es parte de la Organización para la Cooperación y el Desarrollo Económico (OCDE). El ingreso de nuestro país a dicha organización implicó esfuerzos significativos para lograr la adaptación de las políticas públicas y la legislación interna a las recomendaciones que emanan de esa organización, en materia social y económica.

En este sentido, este proyecto de ley recoge las recomendaciones que la propia organización ha puesto a disposición de los países miembros. Entre ellas, destacan las directrices sobre protección de la privacidad y flujos transfronterizos de datos personales. Estos instrumentos dan cuenta de los principios y contenidos básicos que deben recoger las normativas internas de los países para asegurar el respeto a la privacidad y la protección de los datos personales.

Las orientaciones de la OCDE relativas al flujo transfronterizo de datos personales es una materia de particular relevancia en este proyecto, dado el acelerado intercambio de información, la expansión del comercio electrónico y el desarrollo de la economía digital. Chile en la actualidad no cuenta con normas en esta materia y su incorporación resulta clave para el desarrollo de mercados emergentes de la economía como la exportación de servicios.

II.- DERECHO FUNDAMENTAL A LA VIDA PRIVADA Y SU PROTECCIÓN

La Constitución Política de la República garantiza el derecho fundamental a la vida privada y su protección. A su vez, la Declaración Universal de los Derechos Humanos de las Naciones Unidas prescribe que nadie sufrirá injerencias arbitrarias en su vida privada, su familia, domicilio o correspondencia, ni ataques a su honra o reputación. La Convención Americana sobre Derechos Humanos, denominada “Pacto de San José de Costa Rica”, por su parte consagra la protección de la honra y la dignidad de la persona, prohibiendo injerencias arbitrarias en su vida privada.

Consistente con el marco constitucional y los tratados internacionales ratificados por Chile, el año 1999 se dictó la ley n° 19.628, sobre protección de la vida privada, que establece las normas que actualmente regulan la protección y el uso de los datos de carácter personal de las personas naturales, tanto en sus aspectos sustantivos como procedimentales.

Si bien dicha ley constituyó un gran avance al momento de su dictación, es un hecho indiscutido que el acelerado desarrollo tecnológico, la masificación en el uso de las tecnologías de la información, el extendido acceso a internet, la expansión del comercio electrónico, unido a los nuevos desafíos que enfrentan las sociedades y los Estados para reconocer y proteger los derechos de sus ciudadanos, han llevado a que esta normativa haya terminado siendo insuficiente.

La obsolescencia de algunos de sus criterios u orientaciones y la ausencia de una autoridad de control que den eficacia a la ley, son parte de un diagnóstico en el que existe un amplio consenso entre los actores políticos e institucionales, agentes económicos, medios de comunicación social y la ciudadanía en general.

Este diagnóstico compartido se ha expresado en diversas propuestas e iniciativas orientadas a poner de manifiesto la necesidad de impulsar un nuevo marco regulatorio.

En la actualidad existen más de 60 iniciativas legales en tramitación, originadas mayoritariamente en mociones parlamentarias, que se refieren a estas materias, todas las cuales fueron consideradas en la elaboración del presente proyecto de ley. Asimismo, durante el mes de agosto de 2016, la Unidad de Evaluación de la Ley de la Cámara de Diputados presentó un informe en que evaluó los impactos y desafíos de la ley n° 19.628 y formuló un conjunto de conclusiones y recomendaciones, muchas de las cuales fueron recogidas en esta propuesta.

El Poder Judicial también ha sido un actor relevante en este proceso. La Corte Suprema ha contribuido a la reflexión jurídica y al debate doctrinario en torno a la garantía, protección y equilibrio de los diversos derechos fundamentales que entran en juego en este ámbito: vida privada, intimidad, honra, libertad de opinión e información, acceso a la información y transparencia, entre otros.

Por último, también han aportado a este debate el sector privado, las organizaciones empresariales, los académicos, la sociedad civil y la ciudadanía. En particular, es importante destacar las contribuciones técnicas realizadas por el Consejo de la Sociedad Civil de Economía Digital y la Mesa Público Privada de Protección de Datos. En consecuencia, este proyecto de ley busca balancear y equilibrar las diferentes miradas y opciones técnicas, económicas, jurídicas y políticas que se promueven por los diversos actores, instituciones y grupos de interés que participan de este debate, proponiendo un marco regulatorio que proteja los derechos y libertades de las personas, garantice el tratamiento lícito de los datos personales por parte de terceros, sin entrabar ni entorpecer la libre circulación de la información y, en definitiva, se alcance una legislación moderna y flexible que permita enfrentar los desafíos del país de cara al Siglo XXI.

III.- OBJETIVOS DEL PROYECTO DE LEY

1.- Objetivo general

Este proyecto de ley tiene como objetivo general actualizar y modernizar el marco normativo e institucional con el propósito de establecer que el tratamiento de los datos personales de las personas naturales se realice con el consentimiento del titular de datos o en los casos que autorice la ley, reforzando la idea de que los datos personales deben estar bajo la esfera de control de su titular, favoreciendo su protección frente a toda intromisión de terceros y estableciendo las condiciones regulatorias bajo las cuales los terceros pueden efectuar legítimamente el tratamiento de tales datos, asegurando estándares de calidad, información, transparencia y seguridad.

De esta forma, el principal desafío regulatorio es equilibrar la protección de los derechos de las personas, especialmente el respeto y protección a la vida privada e intimidad, con la libre circulación de la información, asegurando que las reglas de autorización y uso que se establezcan no entraben ni entorpezcan el tratamiento lícito de los datos por parte de las personas, organismos y empresas.

2.- Objetivos específicos

En cuanto a los objetivos específicos de este proyecto de ley, se plantean los siguientes:

a.- Establecer las condiciones regulatorias que permitan reforzar los derechos de los titulares de datos personales en relación a las operaciones de tratamiento de datos que legítimamente efectúen los agentes privados y públicos.

b.- Dotar al país de una legislación moderna y flexible en materia de tratamiento de datos personales, que sea consistente con los compromisos internacionales adquiridos luego de su incorporación a la OCDE y ajustada a las normas y estándares internacionales.

c.- Incrementar los estándares legales de Chile en el tratamiento de datos personales para transformarlo en un país con niveles adecuados de protección y seguridad, promoviendo el desarrollo de la economía digital y favoreciendo la expansión del mercado de los servicios globales.

d.- Definir estándares regulatorios, condiciones operacionales y un marco institucional que legitime el tratamiento de los datos personales por parte de los órganos públicos, garantizando el cumplimiento de la función pública y los derechos de los ciudadanos.

e.- Contar con una autoridad de control de carácter técnico y una institucionalidad pública que asuma los desafíos regulatorios y de fiscalización en materia de protección de las personas y tratamiento de los datos personales.

IV.- CONTENIDO DEL PROYECTO

1.- Determinación precisa del ámbito regulatorio

El objeto de la ley es regular el tratamiento de los datos personales, asegurando el respeto y protección de los derechos y libertades fundamentales de los titulares de datos (personas naturales), en particular el derecho a la vida privada.

El ámbito de aplicación de la ley es todo tratamiento de datos personales que realicen las personas naturales o jurídicas, incluidos los órganos públicos, que no se encuentre regido por una ley especial. Al mismo tiempo, se establece el carácter supletorio de esta normativa para todos aquellos tratamientos de datos regulados en leyes especiales.

Se excluyen expresamente de este régimen regulatorio al tratamiento de datos personales que se realice en el ejercicio de las libertades de emitir opinión y de informar regulado por las leyes especiales dictadas de conformidad al numeral 12 del artículo 19 de la Constitución Política de la República, y el tratamiento que efectúen las personas naturales en relación con sus actividades personales.

Además, cabe señalar que este proyecto de ley no innova respecto de la regulación específica y actualmente vigente, referida al tratamiento de los datos personales relativos a obligaciones de carácter económico, financiero, bancario o comercial, manteniendo íntegramente las normas contenidas en el Título III de la ley, salvo adecuaciones formales y de referencia.

2.- Principios rectores y actualización de definiciones legales

Se incorporan un conjunto de principios rectores en materia de protección y tratamiento de los datos personales que han sido reconocidos en las directrices de la OCDE y en la legislación comparada. Estos principios constituyen el marco teórico y normativo que inspiran toda la regulación del tratamiento de los datos personales y permiten orientar la aplicación e interpretación doctrinaria y jurisprudencial de esta normativa. Estos principios son la licitud del tratamiento, finalidad, proporcionalidad, calidad, seguridad, responsabilidad e información.

En el tratamiento de datos personales por parte de los organismos públicos se incorporan además los principios de coordinación, eficiencia, transparencia y publicidad.

Con el objeto de facilitar a los operadores del sistema la aplicación e interpretación de la ley, se actualizan e incorporan nuevas definiciones legales, adaptándolas a las que se usan en las legislaciones más modernas, las recomendaciones técnicas de los organismos internacionales y el estado actual del arte y la técnica.

3.- Reforzamiento y ampliación de los derechos de los titulares de datos
Se reconocen al titular de datos personales los derechos de acceso, rectificación, cancelación y oposición, los denominados “derechos ARCO”. Estos derechos son irrenunciables, gratuitos y no puede limitarse su ejercicio en forma convencional.

El derecho de acceso permite solicitar y obtener confirmación acerca de si sus datos personales están siendo tratados por el responsable y acceder a ellos, en su caso. El derecho de rectificación busca que se modifique o completen los datos cuando sean inexactos o incompletos. El derecho de cancelación persigue que se supriman o eliminen los datos del titular por las causales previstas en la ley. El derecho de oposición permite requerir que no se lleve a cabo un tratamiento de datos determinado por la concurrencia de las causales previstas en la ley.

Con el objeto de asegurar un ejercicio eficaz de los derechos ARCO, se establece un procedimiento directo y eficaz para que cualquier titular de datos pueda recurrir directamente ante el responsable de datos ejerciendo el correspondiente derecho ARCO, permitiéndose bloquear transitoriamente los datos en cuestión. Si el responsable no acoge la solicitud o no responde dentro del plazo que le fija la ley, el titular puede presentar un reclamo ante la autoridad de control. La resolución de la autoridad de control es reclamable ante la Corte de Apelaciones respectiva.

Siguiendo las tendencias regulatorias más modernas se introduce el derecho a la portabilidad de los datos personales, en virtud del cual el titular de datos puede solicitar y obtener del responsable en un formato electrónico estructurado, genérico y de uso habitual, una copia de sus datos personales y comunicarlos o transferirlos a otro responsable de datos.

Por otro lado y haciéndose cargo de un debate actual, complejo y que exige armonizar diversos bienes sociales, esta propuesta legislativa incorpora y refuerza la regulación del denominado “derecho al olvido” en relación a los datos relativos a infracciones penales, civiles, administrativas y disciplinarias. Se busca contar con una regla que equilibre adecuadamente el derecho de las personas a reducir el acceso a información desfavorable y que afecta su reputación social, con el derecho a la información y el interés público que hay envuelto en el acceso a ella.

4.- Consentimiento del titular como la principal fuente de legitimidad del tratamiento de datos

Concordante con el principio que los datos personales deben estar bajo la esfera de control de su titular, se establece el consentimiento como la fuente principal de legitimidad del tratamiento de los datos personales.

El consentimiento del titular debe ser libre, informado, inequívoco, otorgado en forma previa al tratamiento y específico en cuanto a su finalidad o finalidades.

Se consideran excepciones a las regla del consentimiento, tales como cuando la información ha sido recolectada de una fuente de acceso público; cuando sean datos relativos a obligaciones de carácter económico, financiero, bancario o comercial; o cuando el tratamiento sea necesario para la ejecución o el cumplimiento de una obligación legal o de un contrato en que es parte el titular.

5.- Régimen de responsabilidades de los responsables de datos

Con el objeto de reforzar la legitimidad del tratamiento de datos, se crean una serie de obligaciones y deberes para los responsables de datos, tales como acreditar la licitud del tratamiento que realizan; deberes de información; deberes de reserva y confidencialidad, de información y transparencia, y el deber de adoptar medidas de seguridad y reportar las vulneraciones dichas medidas.

Por otro lado, haciéndose cargo del propósito deliberado de no imponer trabas excesivas a la circulación de información, se establecen estándares diferenciados de cumplimiento de los deberes de información y de seguridad para personas naturales y jurídicas, el tamaño de la empresa y el volumen y las finalidades de los datos que trata.

Se regulan también la cesión o transferencia de las bases de datos personales que disponga o administre el responsable de datos, así como el régimen del tratamiento que efectúa un tercero o mandatario en representación o por encargo del responsable.

Una de las principales innovaciones de esta nueva normativa es la regulación del tratamiento automatizado de grandes volúmenes de datos, o “Big Data”, protegiendo la facultad de control del titular sobre su propia información, pero reconociendo también la licitud del acceso y uso de la información por parte de terceros y particularmente, de las empresas.

6.- Nuevos estándares para el tratamiento de datos sensibles y categorías especiales de datos personales

Se eleva el estándar para el tratamiento de los datos sensibles, estableciendo que sólo puede realizarse cuando el titular consienta libre e informadamente, en forma expresa.

Manteniendo la coherencia con el actual modelo normativo, se reconocen excepciones que legitiman el tratamiento de los datos personales sensibles, como cuando el titular ha hecho manifiestamente públicos su dato sensible o cuando exista una situación de emergencia médica o de salud, por ejemplo.

Adicionalmente, se introducen normas especiales para el tratamiento de los datos personales relativos a la salud, los datos biométricos y los datos relativos al perfil biológico humano; para el tratamiento de datos personales con fines históricos, estadísticos, científicos y para estudios o investigaciones que atiendan fines de interés público; y para el tratamiento de los datos personales de geolocalización o de movilidad del titular.

7.- Tratamiento de datos personales de niños, niñas y adolescentes

Se establece como regla basal que el tratamiento de los datos personales que conciernen a los niños, niñas y adolescentes sólo puede realizarse atendiendo al interés superior de éstos y al respeto de su autonomía progresiva.

Siguiendo las mejores prácticas de la legislación comparada y las recomendaciones internacionales, se regula en forma diferencia las autorizaciones de tratamiento para los niños y niñas y para los adolescentes.

En el caso de los niños y niñas, el tratamiento de datos requiere el consentimiento previo, específico y expreso de quien tiene a su cargo el cuidado personal. Respecto de los adolescentes, se establece que sus datos personales sensibles sólo pueden ser tratados con el consentimiento de quien tiene a su cargo el cuidado personal del adolescente. Para los demás datos personales, rigen las normas generales de autorización.

Consistente con la orientación protectora de los datos personales de los niños, niñas y adolescentes, se establece una obligación especial para los establecimientos educacionales y para las personas o entidades públicas o privadas que traten o administren este tipo de datos, incluyendo a quienes ejercen su cuidado personal, de velar por el uso lícito y la protección de la información personal que concierne a los niños, niñas y adolescentes.

8.- Regulación del flujo transfronterizo de datos personales

El proyecto de ley incorpora una regulación específica para la transferencia internacional de datos personales, ajustándola a los estándares y recomendaciones de la OCDE.

Se distingue entre países que disponen de un marco normativo que proporciona niveles adecuados de protección de datos y aquellos que no, entendiendo que un país posee niveles adecuados de protección de datos cuando cumple con estándares similares o superiores a los fijados en la ley chilena en materia de protección y tratamiento de datos personales. La autoridad de control, siguiendo parámetros técnicos y los estándares de la OCDE, determinará los países que poseen una legislación adecuada.

En el caso de los países adecuados se reconoce amplia autonomía a los intervinientes para transferir datos, sujeto al cumplimiento de las reglas generales. En el caso de países no adecuados, se permite la transferencia de datos sólo en un conjunto de circunstancias que autorizan el envío de la información, bajo la responsabilidad legal de quien efectúa la transferencia de datos y con aviso previo a la autoridad de control.

9.- Modernización de estándares para el tratamiento de datos personales por organismos públicos

Siendo la ley una de las fuentes de legitimidad del tratamiento de datos personales, el tratamiento de los datos personales que efectúan los órganos públicos será lícito cuando se realiza para el cumplimiento de sus funciones legales, dentro del ámbito de sus competencias y de conformidad a las normas legales correspondientes. Cumpliéndose esas condiciones, no se requiere el consentimiento del titular.

Con el objeto de evitar flujos innecesarios de los datos personales, pero al mismo tiempo promover la interconectividad y la eficiencia en la gestión pública, se regula la facultad de los órganos públicos para comunicar o ceder datos personales a otros órganos públicos, siempre que la comunicación o cesión de los datos sea necesaria para el cumplimiento de funciones legales y ambos órganos actúen dentro del ámbito de sus competencias. Se establece también que pueden comunicar o ceder datos personales cuando se requieran para un tratamiento que tenga por finalidad otorgar beneficios al titular, evitar duplicidad de trámites o reiteración de requerimientos de información o documentos para los titulares. También se regula la comunicación y cesión de datos a personas o entidades privadas.

Del mismo modo, se consagran y regulan los principios que rigen el tratamiento de los datos personales por parte de los órganos públicos, los derechos que se reconocen a los titulares, la forma de ejercer estos derechos y se define un procedimiento de reclamación administrativa y de tutela judicial efectiva para el ejercicio y protección de estos derechos.

Se define un régimen especial de responsabilidades y sanciones para que el tratamiento de datos se realice conforme a los principios y obligaciones establecidos en la ley.

Se regula también un régimen de excepción para el tratamiento de datos protegidos por normas de secreto o confidencialidad; cuando se refiere al tratamiento de datos vinculados a la investigación de infracciones penales, civiles y administrativas; cuando correspondan a actividades relacionadas con la seguridad de la nación, el orden público o la seguridad pública, y cuando en los casos que se hayan declarado estado de catástrofe o estado de emergencia.

Por último, se regulan las actividades de tratamiento de los datos personales que efectúan el Congreso Nacional, el Poder Judicial, la Contraloría General de la República, el Ministerio Público, el Tribunal Constitucional, el Banco Central, el Servicio Electoral y la Justicia Electoral, y los demás tribunales especiales creados por ley. Se contempla un modelo regulatorio, de fiscalización y cumplimiento compatible con la autonomía de estas instituciones.

10.- Creación de una autoridad de control

Para efectos de velar por la protección de los derechos y libertades de las personas titulares de datos y por el adecuado cumplimiento de las normas relativas al tratamiento de los datos, se requiere contar con una autoridad de control dotada de facultades para regular, supervisar, fiscalizar y en última instancia, sancionar los incumplimientos. Sin una autoridad de control con potestades normativas y fiscalizadoras suficientes, la ley tiene escasa eficacia.

Con tal propósito, se crea una institución especializada y de carácter técnico, denominada “Agencia de Protección de Datos Personales, encargada de velar y fiscalizar el cumplimiento de esta normativa, que se relaciona con el Presidente de la República a través del Ministerio de Hacienda y se encuentra afecto al Sistema de Alta Dirección Pública.

Con el objeto de evitar o precaver conflictos de normas y asegurar la coordinación, cooperación y colaboración entre la Agencia de Protección de Datos Personales y el Consejo para la Transparencia, se consagra un modelo de coordinación regulatoria entre ambas instituciones.

11.- Modelo general de cumplimiento de la ley

Se contempla un catálogo específico de infracciones a los principios y obligaciones establecidos en la ley, que se califican en leves, graves y gravísimas, estableciendo sanciones correlativas a la gravedad de la infracción que van desde la amonestación escrita a multas que oscilan entre 1 y 5.000 UTM. En casos excepcionales se contempla el cierre o clausura de las operaciones de tratamiento de datos. La determinación de las infracciones y la aplicación de la sanción respectiva corresponden a la Agencia de Protección de Datos Personales. En el caso de los órganos públicos y de los agentes de la Administración del Estado, las investigaciones las realiza la Agencia y las sanciones las aplica la Contraloría General de la República.

Se incorpora, asimismo, un procedimiento de reclamación judicial de ilegalidad para cualquier persona natural o jurídica que se vea afectada por una resolución de la Agencia de Protección de Datos Personales, ante la Corte de Apelaciones correspondiente. Para el conocimiento y resolución de estas controversias se establece un procedimiento judicial concentrado y de rápida resolución.

Finalmente, como una forma de incentivar y promover el cumplimiento de la ley, y siguiendo las recomendaciones de la OCDE, se regula la adopción por parte del sector privado y del sector público de modelos de prevención de infracciones, fijando para ellos los estándares y requisitos mínimos con los que deberán cumplir.

La certificación y supervisión de estos programas estará a cargo de la Agencia de Protección de Datos Personales.

12.- Disposiciones transitorias

Por último, el proyecto contempla disposiciones transitorias que la ley entrará en vigencia el día primero del mes décimo tercero posterior a su publicación en el Diario Oficial.

Los reglamentos señalados en la ley deberán dictarse dentro de los seis meses posteriores la publicación.

Se establece el plazo de nueve meses para que, mediante uno o más decretos con fuerza de ley, el Presidente de la República regule al personal de la Agencia de Protección de Datos Personales. Dentro de los 60 días siguientes a la publicación de la ley deberá convocarse al concurso público para nombrar al primer director o directora de la Agencia de Protección de Datos Personales.

En mérito de lo expuesto, tengo el honor de someter a vuestra consideración el siguiente

PROYECTO DE LEY:

Artículo primero.- Introdúcense las siguientes modificaciones a la ley nº 19.628, sobre protección de la vida privada:

1) Reemplázase el artículo 1 por el siguiente:

“Artículo 1.- Objeto y ámbito de aplicación. La presente ley tiene por objeto regular el tratamiento de los datos personales que realicen las personas naturales o jurídicas, públicas o privadas, con el propósito de asegurar el respeto y protección de los derechos y libertades de quienes son titulares de estos datos, en particular, el derecho a la vida privada. Todo tratamiento de datos personales que realicen las personas naturales o jurídicas, incluidos los órganos públicos, que no se encuentre regido por una ley especial quedará sujeto a las disposiciones de esta ley. Con todo, en los asuntos no regulados en las leyes especiales se aplicarán supletoriamente las normas de esta ley.

El régimen de tratamiento y protección de los datos personales establecidos en esta ley no se aplicará al tratamiento de datos que realicen los medios de comunicación social en el ejercicio de las libertades de emitir opinión y de informar regulado por las leyes a que se refiere el artículo 19 n° 12 de la Constitución Política de la República, ni al que efectúen las personas naturales en relación con sus actividades personales.”.

2) Modifícase el artículo 2 del siguiente modo:

a) Intercálase el siguiente epígrafe: “Definiciones.”.

b) Reemplázanse las letras c), f), g) e i) por las siguientes:

“c) Comunicación o transmisión de datos personales: dar a conocer por el responsable de datos, de cualquier forma, datos personales a personas distintas del titular a quien conciernen los datos, sin llegar a cederlos o transferirlos. Las comunicaciones que realice el responsable de datos deben contener información exacta, completa y veraz.

f) Dato personal: cualquier información vinculada o referida a una persona natural, identificada o identificable a través de medios que puedan ser razonablemente utilizados.

g) Datos personales sensibles: aquellos datos personales que conciernen o se refieren a las características físicas o morales de una persona, tales como el origen racial, ideología, afiliación política, creencias o convicciones religiosas o filosóficas, estado de salud físico o psíquico, orientación sexual, identidad de género e identidad genética y biomédica.

i) Fuentes de acceso público: todas aquellas bases de datos personales, públicas o privadas, cuyo acceso o consulta puede ser efectuado en forma lícita por cualquier persona, sin existir restricciones o impedimentos legales para su acceso o utilización.

Las dudas o controversias que se susciten sobre si una determinada base de datos es considerada fuente de acceso público serán resueltas por la Agencia de Protección de Datos Personales, quien podrá identificar categorías genéricas, clases o tipos de registros o bases de datos que posean esta condición.”.

c) Elimínase la letra j), pasando la actual letra k) a ser j) y así sucesivamente.

d) Sustitúyense las actuales letras l), m), n), ñ) y o), que pasaron a ser k), l), m), n) y ñ), respectivamente, por las siguientes:

k) Proceso de anonimización o disociación: procedimiento en virtud del cual los datos personales no pueden asociarse al titular ni permitir su identificación, por haberse destruido el nexo con toda información que lo identifica o porque dicha asociación exige un esfuerzo no razonable, entendiendo por tal el empleo de una cantidad de tiempo, gasto o trabajo desproporcionados. Un dato anonimizado deja de ser un dato personal.

l) Base de datos personales: conjunto organizado de datos personales, cualquiera sea la forma o modalidad de su creación, almacenamiento, organización y acceso, que permita relacionar los datos entre sí, así como realizar el tratamiento de ellos.

m) Responsable de datos o responsable: persona natural o jurídica, pública o privada, a quien compete decidir acerca del tratamiento de datos personales, con independencia de si los datos son tratados directamente por él o a través de un tercero o mandatario, y de su localización.

n) Titular de datos o titular: persona natural, identificada o identificable, a quien conciernen o se refieren los datos personales.

ñ) Tratamiento de datos: cualquier operación o conjunto de operaciones o procedimientos técnicos, de carácter automatizado o no, que permitan recolectar, procesar, almacenar, comunicar, transmitir o utilizar de cualquier forma los datos personales.”.

e) Agréganse los siguientes literales o), p), q), r), s), t) y u), nuevos:

“o) Consentimiento: toda manifestación de voluntad libre, específica, inequívoca e informada mediante la cual el titular de datos, su representante legal o mandatario, según corresponda, autoriza el tratamiento de los datos personales que le conciernen.

p) Derecho de acceso: derecho del titular de datos a solicitar y obtener del responsable confirmación acerca de si sus datos personales están siendo tratados por él, acceder a ellos en su caso, y a la información prevista en esta ley.

q) Derecho de rectificación: derecho del titular de datos a solicitar y obtener del responsable que modifique o complete sus datos personales, cuando están siendo tratados por él y sean inexactos o incompletos.

r) Derecho de cancelación: derecho del titular de datos a solicitar y obtener del responsable que suprima o elimine sus datos personales, de acuerdo a las causales previstas en la ley.

s) Derecho de oposición: derecho del titular de datos que se ejerce ante el responsable con el objeto de requerir que no se lleve a cabo un tratamiento de datos determinado, de conformidad a las causales previstas en la ley.

t) Derecho a la portabilidad de los datos personales: derecho del titular de datos a solicitar y obtener del responsable en un formato electrónico estructurado, genérico y de uso habitual, una copia de sus datos personales y comunicarlos o transferirlos a otro responsable de datos.

u) Registro Nacional de Cumplimiento y Sanciones: registro nacional de carácter público administrado por la Agencia de Protección de Datos Personales, que consigna las sanciones impuestas a los responsables de datos por infracción a la ley, los modelos de prevención de infracciones que implementes los responsables y los programas de cumplimiento debidamente certificados.”.

3) Reemplázase el artículo 3 por el siguiente:

“Artículo 3.- Principios. El tratamiento de los datos personales se rige por los siguientes principios:

a) Principio de licitud del tratamiento. Los datos personales sólo pueden tratarse con el consentimiento de su titular o por disposición de la ley.

b) Principio de finalidad. Los datos personales deben ser recolectados con fines específicos, explícitos y lícitos. El tratamiento de los datos personales debe limitarse al cumplimiento de estos fines.

En aplicación de este principio, no se pueden tratar los datos personales con fines distintos a los informados al momento de la recolección, salvo que el titular otorgue nuevamente su consentimiento, los datos provengan de fuentes de acceso público o así lo disponga la ley.

c) Principio de proporcionalidad. Los datos personales que se traten deben limitarse a aquellos que resulten necesarios en relación con los fines del tratamiento.

Los datos personales deben ser conservados sólo por el período de tiempo que sea necesario para cumplir con los fines del tratamiento, luego de lo cual deben ser cancelados o anonimizados. Un período de tiempo mayor requiere autorización legal o consentimiento del titular.

d) Principio de calidad. Los datos personales deben ser exactos y, si fuera necesario, completos y actuales, en relación con los fines del tratamiento.

e) Principio de responsabilidad. Quienes realicen tratamiento de los datos personales serán legalmente responsables del cumplimiento de los principios, obligaciones y deberes de conformidad a esta ley.

f) Principio de seguridad. En el tratamiento de los datos personales se deben garantizar niveles adecuados de seguridad, protegiéndolos contra el tratamiento no autorizado, pérdida, filtración, destrucción o daño accidental y aplicando medidas técnicas u organizativas apropiadas.

g) Principio de información. Las prácticas y políticas sobre el tratamiento de los datos personales deben estar permanentemente accesibles y a disposición de cualquier interesado de manera precisa, clara, inequívoca y gratuita.”.

4) Reemplázase el título I por el siguiente:

“Título I De los derechos del titular de datos personales

Artículo 4.- Derechos del titular de datos. Toda persona, actuando por sí o a través de su representante legal o mandatario, según corresponda, tiene derecho de acceso, rectificación, cancelación, oposición y portabilidad de sus datos personales, de conformidad a la presente ley.

Los derechos de acceso, rectificación, cancelación y oposición son personales, intransferibles e irrenunciables y no pueden limitarse por ningún acto o convención.

En caso de fallecimiento del titular de datos, los derechos que reconoce esta ley pueden ser ejercidos por sus herederos.

Artículo 5.- Derecho de acceso. El titular de datos tiene derecho a solicitar y obtener del responsable confirmación acerca de si los datos personales que le conciernen están siendo tratados por él y, en tal caso, acceder a dichos datos y a la siguiente información:

a) Los datos tratados y su origen.

b) La finalidad o finalidades del tratamiento.

c) Las categorías, clases o tipos de destinatarios a los que se han comunicado o cedido los datos o se prevé comunicar o ceder, según corresponda.

d) El período de tiempo durante el cual los datos serán tratados.

El responsable no estará obligado a entregar al titular la información establecida en las letras anteriores cuando el titular ya disponga de esta información por haber ejercido este derecho con anterioridad; cuando su comunicación resulte imposible o requiera de un esfuerzo no razonable; cuando su entrega imposibilite u obstaculice gravemente un tratamiento de datos con fines históricos, estadísticos o científicos y para estudios o investigaciones que atiendan fines de interés público o vayan en beneficio de la salud humana; cuando los datos estén protegidos por una norma de secreto o una obligación de confidencialidad que impida su comunicación, o cuando lo disponga expresamente la ley.

Artículo 6.- Derecho de rectificación. El titular de datos tiene derecho a solicitar y obtener del responsable la rectificación de los datos personales que le conciernen y que están siendo tratados por él, cuando sean inexactos, desactualizados o incompletos.

La rectificación y su contenido serán públicas y deberán difundirse cuando así lo requiera el titular y sea necesario para los fines del tratamiento realizado.

Artículo 7.- Derecho de cancelación. El titular de datos tiene derecho a solicitar y obtener del responsable la cancelación o supresión de los datos personales que le conciernen cuando éstos no resulten necesarios en relación con los fines del tratamiento; cuando haya retirado su consentimiento para el tratamiento y éste no tenga otro fundamento legal; cuando se trate de datos caducos; cuando los datos hayan sido obtenidos o tratados ilícitamente por el responsable o cuando la cancelación deba realizarse para el cumplimiento de una obligación legal.

Sin perjuicio de lo anterior, no procede la cancelación o supresión de los datos en los siguientes casos:

a) Cuando el tratamiento sea necesario para ejercer el derecho a las libertades de emitir opinión y de informar regulado por las leyes a que se refiere el artículo 19 n° 12 de la Constitución Política de la República.

b) Cuando se requiera el tratamiento de los datos para el cumplimiento de una obligación legal o la ejecución de un contrato del que el titular es parte.

c) Cuando existan razones de interés público en el ámbito de la salud pública.

d) Cuando el tratamiento se realice con fines históricos, estadísticos o científicos y para estudios o investigaciones que atiendan fines de interés público, en la medida que la cancelación de los datos imposibilite u obstaculice gravemente el propósito de este tratamiento.

e) Cuando se requieran para la formulación, ejercicio o defensa de una reclamación formulada en el marco de esta ley.

Artículo 8.- Derecho de oposición. El titular de datos tiene derecho a oponerse ante el responsable a que se realice un tratamiento específico o determinado de los datos personales que le conciernan, en los siguientes casos:

a) Cuando el tratamiento de datos afecte sus derechos y libertades fundamentales.

b) Cuando el tratamiento de datos sea utilizado exclusivamente con fines de marketing directo de bienes o servicios, así como cualquier otro propósito comercial o fines publicitarios, salvo que exista un contrato entre las partes que expresamente contemple dicho uso de su información.

c) Cuando se realice tratamiento automatizado de sus datos personales y se adopten decisiones que impliquen una valoración, evaluación o predicción de su comportamiento realizada únicamente en base a este tipo de tratamiento, salvo las excepciones previstas en el artículo 15 ter de esta ley.

d) Cuando el titular de los datos hubiere fallecido. En este caso, la oposición deberá ser formulada por los herederos. Con todo, no procederá la oposición cuando el tratamiento de los datos se realice exclusivamente con fines históricos, estadísticos o científicos o para estudios o investigaciones que atiendan fines de interés público.

Artículo 9.- Derecho a la portabilidad de los datos personales. El titular de datos tiene derecho a solicitar y recibir del responsable una copia de los datos personales que le conciernen de manera estructurada, en un formato genérico y de uso común que permita ser operado por distintos sistemas, y a comunicarlos o transferirlos a otro responsable de datos, cuando concurran las siguientes circunstancias o requisitos:

a) El titular haya entregado sus datos personales directamente al responsable.

b) Se trate de un volumen relevante de datos y sean tratados en forma automatizada.

c) Exista consentimiento del titular para el tratamiento o se requiera para la ejecución o cumplimiento de un contrato.

El responsable debe utilizar los medios más expeditos, menos onerosos y sin poner trabas u obstáculos para el ejercicio de este derecho.

El responsable también debe comunicar al titular de manera clara y precisa las medidas necesarias para recuperar sus datos personales y especificar las características técnicas para llevar a cabo estas operaciones.

Artículo 10.- Forma y medios de ejercer los derechos del titular de datos. Los derechos reconocidos en esta ley se ejercen por el titular, en forma personal o debidamente representado, ante el responsable de datos. Si los datos personales del titular se encuentran en una base de datos que es administrada o tratada por diversos responsables, el titular puede ejercer sus derechos ante cualquiera de ellos.

Los responsables de datos deben implementar mecanismos y herramientas tecnológicas que permitan que el titular ejerza sus derechos en forma expedita, ágil y eficaz. Los medios dispuestos por el responsable deben ser sencillos en su operación.

El ejercicio de los derechos de rectificación, cancelación y oposición siempre serán gratuitos para el titular. El derecho de acceso también se ejercerá en forma gratuita, al menos, trimestralmente.

El responsable de datos sólo puede exigir el pago de los costos directos en que incurra cuando el titular ejerza su derecho de acceso más de una vez en el trimestre o cuando ejerza el derecho a la portabilidad.

La Agencia de Protección de Datos Personales deberá velar por el efectivo ejercicio y cumplimiento de los derechos que esta ley reconoce al titular.

Artículo 11.- Procedimiento ante el responsable de datos. Para ejercer los derechos que le reconoce esta ley, el titular debe presentar una solicitud o requerimiento escrito ante el responsable dirigido a la dirección de correo electrónico establecida para este fin o a través de un formulario de contacto o de un medio electrónico equivalente. La solicitud o el medio de contacto deben contener, a lo menos, las siguientes menciones:

a) Individualización del titular y de su representante legal o mandatario, según corresponda, y autenticación de su identidad de acuerdo a los procedimientos, formas y modalidades que establezca el reglamento.

b) Indicación de una dirección de correo electrónico o de otro medio electrónico equivalente para comunicar la respuesta.

c) Identificación de los datos personales o del tratamiento determinado, según corresponda, respecto de los cuales se ejerce el derecho correspondiente.

d) En las solicitudes de rectificación el titular debe indicar las modificaciones o actualizaciones precisas a realizar y acompañar, en su caso, los antecedentes que las sustenten. Cuando se trate de solicitudes de cancelación u oposición al tratamiento de datos, el titular debe indicar la causal o fundamento invocado para ello y acompañar también los antecedentes que las sustenten, si correspondiere. En el caso del derecho de acceso, basta con la individualización del titular.

e) Cualquier otro antecedente que facilite la localización de los datos personales.

Recibida la solicitud, el responsable debe pronunciarse sobre ella inmediatamente o a más tardar dentro de los 10 días hábiles siguientes a la fecha de ingreso.

El responsable debe responder por escrito al titular a la dirección de correo electrónico fijada por éste. Cuando la respuesta se entregue por otro medio electrónico, el responsable debe almacenar los respaldos que le permitan demostrar la transmisión y recepción de la respuesta, su fecha y el contenido íntegro de ella. En caso de denegación total o parcial de la solicitud, el responsable debe fundar su decisión indicando la causa invocada y los antecedentes que la justifican. En esta misma oportunidad, el responsable debe señalar al titular que dispone de un plazo de 10 días hábiles para formular una reclamación ante la Agencia de Protección de Datos Personales, de acuerdo al procedimiento establecido en el artículo 45.

Transcurridos los 10 días hábiles a que hace referencia el inciso segundo sin que haya respuesta del responsable, el titular puede formular directamente una reclamación ante la Agencia de Protección de Datos Personales, en los mismos términos del inciso anterior.

Cuando se formule una solicitud de rectificación o cancelación, el titular tiene derecho a solicitar y obtener del responsable el bloqueo temporal de los datos. La solicitud de bloqueo temporal debe ser fundada y el responsable deberá responder a este requerimiento dentro de los 2 días hábiles siguientes a su recepción. En caso de negativa, el responsable deberá invocar una causa justificada y fundar su respuesta.

La rectificación o cancelación de los datos se aplicarán sólo respecto de los responsables a quienes se les haya formulado la solicitud.”.

5) Reemplázase el título II por el siguiente:

“Título II.- Del tratamiento de los datos personales y de las categorías especiales de datos

Párrafo Primero.- Del consentimiento del titular, de las obligaciones y deberes del responsable y del tratamiento de datos en general

Artículo 12.- Regla general del tratamiento de datos. Es lícito el tratamiento de los datos personales que le conciernen al titular cuando otorgue su consentimiento para ello o lo autorice la ley.

El consentimiento del titular debe ser libre e informado, otorgarse en forma previa al tratamiento y debe ser específico en cuanto a su finalidad o finalidades. Debe manifestarse de manera inequívoca, mediante una declaración verbal, escrita o realizada a través de un medio electrónico equivalente o mediante un acto afirmativo que dé cuenta con claridad de la voluntad del titular. Cuando el consentimiento lo otorgue un mandatario, éste deberá encontrase expresamente premunido de esta facultad.

El titular puede revocar el consentimiento otorgado en cualquier momento y sin expresión de causa, utilizando medios similares o equivalentes a los empleados para su otorgamiento. La revocación del consentimiento no tiene efectos retroactivos.

Los medios utilizados para el otorgamiento o la revocación del consentimiento deben ser expeditos, fidedignos, gratuitos y estar permanentemente disponibles para el titular.

Corresponde al responsable probar que el tratamiento de datos realizado contó con el consentimiento del titular o fue efectuado por disposición de la ley.

Artículo 13.- Excepciones al consentimiento. No se requiere el consentimiento del titular en los siguientes casos:

a) Cuando el tratamiento se refiere a datos personales que han sido recolectados de una fuente de acceso público.

b) Cuando el tratamiento esté referido a datos relativos a obligaciones de carácter económico, financiero, bancario o comercial y se realice de conformidad con las normas del título III de esta ley.

c) Cuando el tratamiento sea necesario para la ejecución o el cumplimiento de una obligación legal o de un contrato en que es parte el titular.

Artículo 14.- Obligaciones del responsable de datos. El responsable de datos, sin perjuicio de las demás disposiciones previstas en esta ley, tiene las siguientes obligaciones:

a) Informar y poner a disposición del titular, de manera expedita y cuando le sean requeridos, los antecedentes que acrediten la licitud del tratamiento de datos que realiza.

b) Asegurar que los datos personales se recojan con fines específicos, explícitos y lícitos, y que su tratamiento se limite al cumplimiento de estos fines.

c) Comunicar o ceder, en conformidad a las disposiciones de esta ley, información exacta, completa y veraz. d) Cumplir con los demás principios que rigen el tratamiento de los datos personales previstos en esta ley.

Artículo 14 bis.- Deber de secreto o confidencialidad. El responsable de datos está obligado a mantener secreto o confidencialidad acerca de los datos personales que conciernan a un titular, salvo aquellos que provengan de fuentes de acceso público o el titular los ha hecho manifiestamente públicos. Este deber subsiste aún después de concluida la relación con el titular.

El deber de secreto o confidencialidad no obsta a las comunicaciones o cesiones de datos que deba realizar el responsable en conformidad a la ley, y al cumplimiento de la obligación de dar acceso al titular e informar el origen de los datos, cuando esta información le sea requerida por el titular o por un órgano público dentro del ámbito de sus competencias legales.

El responsable debe adoptar las medidas necesarias con el objeto que sus dependientes o las personas naturales o jurídicas que ejecuten operaciones de tratamiento de datos bajo su responsabilidad, cumplan el deber de secreto o confidencialidad establecidos en este artículo.

Quedan sujetas a la obligación de secreto o confidencialidad las personas e instituciones y sus dependientes que, en cumplimiento de una obligación legal, han remitido información a un organismo público sujeto al régimen de excepciones establecido en el artículo 24, en cuanto al requerimiento y al hecho de haber remitido dicha información.

Artículo 14 ter.- Deber de información y transparencia. El responsable de datos debe mantener permanentemente a disposición del público, en su sitio web o en cualquier otro medio de información equivalente, al menos, la siguiente información:

a) La política de tratamiento de datos personales que ha adoptado, la fecha y versión de la misma.

b) La individualización del responsable de datos, su representante legal, y la identificación del encargado de prevención si existiere.

c) La dirección de correo electrónico, el formulario de contacto o la identificación del medio tecnológico equivalente a través del cual se le notifican las solicitudes que realicen los titulares.

d) Las categorías, clases o tipos de bases de datos que administra; la descripción genérica del universo de personas que comprenden las bases de datos; los destinatarios a los que se prevé comunicar o ceder los datos; y las finalidades del tratamiento que realiza.

e) La política y las medidas de seguridad adoptadas para proteger las bases de datos personales que administra.

Artículo 14 quáter.- Deber de adoptar medidas de seguridad. El responsable de datos debe adoptar las medidas necesarias para resguardar el cumplimiento del principio de seguridad establecido en esta ley, considerando el estado actual de la técnica y los costos de aplicación, junto con la naturaleza, alcance, contexto y fines del tratamiento, así como la probabilidad de los riesgos y la gravedad de sus efectos en relación con el tipo de datos tratados. Las medidas aplicadas por el responsable deben asegurar la confidencialidad, integridad, disponibilidad y resiliencia de los sistemas de tratamiento de datos.

Si las bases de datos que opera el responsable tienen distintos niveles de criticidad deberá adoptar las medidas de seguridad que correspondan al nivel más alto.

Ante la ocurrencia de un incidente de seguridad, y en caso de controversia judicial o administrativa, corresponderá al responsable acreditar la existencia y el funcionamiento de las medidas de seguridad adoptadas en base a los niveles de criticidad y a la tecnología disponible.

Artículo 14 quinquies.- Deber de reportar las vulneraciones a las medidas de seguridad. El responsable de datos debe reportar a la Agencia de Protección de Datos Personales, por los medios más expeditos posibles y sin dilaciones indebidas, las vulneraciones a las medidas de seguridad que ocasionen la destrucción, filtración, pérdida o alteración accidental o ilícita de los datos personales que trate, o la comunicación o acceso no autorizados a dichos datos.

El responsable de datos deberá registrar estas comunicaciones, describiendo la naturaleza de las vulneraciones sufridas, sus efectos, las categorías de datos y el número aproximado de titulares afectados y las medidas adoptadas para gestionarlas y precaver incidentes futuros.

Cuando dichas vulneraciones se refieran a datos personales sensibles o a datos relativos a obligaciones de carácter económico, financiero, bancario o comercial, el responsable deberá también efectuar esta comunicación a los titulares de estos datos. Esta comunicación debe realizarse en un lenguaje claro y sencillo, singularizando los datos afectados, las posibles consecuencias de las vulneraciones de seguridad y las medidas de solución o resguardo adoptadas. La notificación se debe realizar a cada titular afectado y si ello no fuere posible se realizará mediante la difusión o publicación de un aviso en un medio de comunicación social masivo y de alcance nacional.

Artículo 14 sexies.- Diferenciación de estándares de cumplimiento. Los estándares o condiciones mínimas que se impongan al responsable de datos para el cumplimiento de los deberes de información y de seguridad establecidos en los artículos 14 ter y 14 quáter, respectivamente, serán determinados considerando si el responsable es una persona natural o jurídica; el tamaño de la entidad o empresa de acuerdo a las categorías establecidas en el artículo segundo de la ley n° 20.416, que fija normas especiales para las empresas de menor tamaño, y el volumen y las finalidades de los datos personales que trata.

Los estándares de cumplimiento y las medidas diferenciadas serán especificados en un reglamento dictado por el Ministerio de Hacienda y suscrito por el Ministro o Ministra de Economía, Fomento y Turismo.

Artículo 15.- Cesión o transferencia de bases de datos personales. Se podrán ceder todo o parte de las bases de datos personales que disponga o administre el responsable de datos cuando la cesión sea necesaria para cumplir con los fines del tratamiento o las funciones del cedente o del cesionario, de conformidad con las disposiciones de esta ley.

La cesión de datos personales requiere el consentimiento previo del titular a quien conciernen los datos, salvo las excepciones legales.

En caso que el consentimiento otorgado por el titular al momento de realizarse la recolección de los datos personales no haya considerado la cesión de los mismos, éste debe recabarse antes que se produzca, considerándose para todos los efectos legales como una nueva operación de tratamiento.

Con el objeto que el titular preste su consentimiento a la cesión, el responsable debe entregar la información necesaria que le permita conocer la finalidad a la cual se destinarán los datos y el tipo de actividades que realiza el cesionario. La cesión de datos debe constar por escrito o a través de cualquier medio electrónico idóneo. En ella se deberá individualizar a las partes, las bases de datos que son objeto de la cesión, las finalidades previstas para el tratamiento y los demás antecedentes o estipulaciones que acuerden el cedente y el cesionario.

El tratamiento de los datos personales cedidos debe realizarse por el cesionario de conformidad a las finalidades establecidas en el contrato de cesión.

Una vez perfeccionada la cesión, el cesionario adquiere la condición de responsable de datos para todos los efectos legales, respecto de las bases de datos que fueron objeto de la cesión. El cedente, por su parte, también mantiene la calidad de responsable de datos, respecto de las operaciones de tratamiento que continúe realizando.

Si se verifica una cesión de datos sin contar con el consentimiento del titular, siendo éste necesario, o sin informarle acerca de la finalidad a la cual serán destinados los datos cedidos o el tipo de actividades que desarrolla el cesionario, la cesión será considerada nula para todos los efectos legales, debiendo el cesionario cancelar todos los datos recibidos, sin perjuicio de las responsabilidades legales que correspondan.

A las cesiones de datos anonimizados no le son aplicables las reglas señaladas en este artículo.

Artículo 15 bis.- Tratamiento de datos por parte de un tercero o mandatario. El responsable puede efectuar el tratamiento de datos en forma directa o a través de un tercero mandatado para este efecto. En este último caso, el tercero o mandatario realiza el tratamiento de datos personales conforme al encargo y a las instrucciones que le imparta el responsable, quedándole prohibido su tratamiento, cesión o entrega para un objeto distinto del convenido con el responsable.

Si el tercero trata, cede o entrega los datos o la base de datos con un objeto distinto del encargo convenido o a una persona distinta del responsable, se le considerará como responsable de datos para todos los efectos legales, debiendo responder solidariamente por las infracciones y los perjuicios en que hubiere incurrido, sin perjuicio de las responsabilidades contractuales que le correspondan frente al responsable de datos.

Cumplida la prestación del servicio de tratamiento por parte del tercero, los datos que obran en su poder deben ser cancelados o devueltos al responsable de datos, según corresponda.

Artículo 15 ter.- Tratamiento automatizado de grandes volúmenes de datos.- El responsable de datos puede establecer procedimientos automatizados de tratamiento y de transferencia de grandes volúmenes de datos, siempre que éstos cautelen los derechos del titular y el tratamiento guarde relación con las finalidades de las personas o entidades participantes.

El titular de datos tiene derecho a solicitar al responsable que ninguna decisión que le afecte de manera significativa se adopte exclusivamente basada en el tratamiento automatizado de sus datos, salvo que sea necesario para la celebración o ejecución de un contrato entre el titular y el responsable, exista consentimiento previo y explícito del titular o lo disponga la ley.

Párrafo Segundo.- Del tratamiento de los datos personales sensibles

Artículo 16.- Regla general para el tratamiento de datos personales sensibles. El tratamiento de los datos personales sensibles sólo puede realizarse cuando el titular a quien conciernen estos datos preste su consentimiento libre e informado, otorgado previamente, para un tratamiento específico y lo manifieste en forma expresa a través de una declaración escrita, verbal o por un medio tecnológico equivalente.

No obstante lo anterior, no se requiere el consentimiento del titular en los siguientes casos:

a) Cuando el tratamiento se refiere a datos personales sensibles que el titular ha hecho manifiestamente públicos.

b) Cuando el tratamiento es realizado por una fundación, una asociación o cualquier otra entidad que no persiga fines de lucro, cuya finalidad sea política, filosófica, religiosa, cultural, deportiva, sindical o gremial, siempre que el tratamiento que realicen se refiera exclusivamente a sus miembros o afiliados, tenga por objeto cumplir sus finalidades específicas, la entidad otorgue las garantías necesarias para evitar un uso o tratamiento no autorizado, y los datos no se comuniquen o cedan a terceros. Cumpliéndose todas estas condiciones, las entidades señaladas no requerirán el consentimiento de los titulares para tratar sus datos personales, incluidos sus datos sensibles. En caso de duda o controversia administrativa o judicial, el responsable de datos deberá acreditar que el tratamiento realizado cumple con los requisitos anteriores.

c) Cuando el tratamiento de los datos personales, incluidos los datos relativos a la salud del titular, resulte indispensable para salvaguardar la vida, salud o integridad física o psíquica del titular o de otra persona, o cuando el titular se encuentre física o jurídicamente impedido de otorgar su consentimiento. Una vez que cese el impedimento, el responsable debe informar detalladamente al titular los datos que fueron tratados y las operaciones específicas de tratamiento que fueron realizadas.

d) Cuando el tratamiento de datos personales sensibles lo autoriza o mandata expresamente la ley.

Artículo 16 bis.- Datos personales relativos a la salud. Los datos personales relativos a la salud del titular sólo pueden ser objeto de tratamiento cuando sean necesarios para el diagnóstico de una enfermedad o para la determinación de un tratamiento médico, siempre que el diagnóstico o el tratamiento, según corresponda, se realicen por establecimientos de salud públicos o privados o por un profesional de la salud titular del secreto profesional o por otra persona sujeta a una obligación equivalente de secreto, establecido en la ley o en un contrato.

También es lícito el tratamiento de los datos personales relativos a la salud del titular, en los siguientes casos:

a) Cuando exista una urgencia médica o sanitaria declarada por la autoridad.

b) Cuando se deba calificar el grado de dependencia o discapacidad de una persona.

c) Cuando resulte indispensable para la ejecución o cumplimiento de un contrato cuyo objeto o finalidad exija tratar datos relativos a la salud del titular.

d) Cuando sean utilizados con fines históricos, estadísticos o científicos, para estudios o investigaciones que atiendan fines de interés público o vayan en beneficio de la salud humana o para el desarrollo de productos o insumos médico