Todas las entradas de José Cuervo

01Oct/17

Privacy Act 1993, nº 28. Date of assent 17 May 1993. Reprint as at 17 July 2017

1 octubre, 2017Ley, Nueva Zelandanº 28. Date of assent 17 May 1993. Reprint as at 17 July 2017, Privacy Act 1993José Cuervo

Privacy Act 1993, nº 28. Date of assent 17 May 1993. Reprint as at 17 July 2017

1.- Short Title and commencement

(1) This Act may be cited as the Privacy Act 1993.

(2) Except as provided by section 31(2), this Act shall come into force on 1 July 1993.

Part 1.- Preliminary provisions

2.- Interpretation

(1) In this Act, unless the context otherwise requires:

action includes failure to act; and also includes any policy or practice

agency:

(a) means any person or body of persons, whether corporate or unincorporate, and whether in the public sector or the private sector; and, for the avoidance of doubt, includes a department; but

(b) does not include:
(i) the Sovereign; or
(ii) the Governor-General or the Administrator of the Government; or
(iii) the House of Representatives; or
(iv) a member of Parliament in his or her official capacity; or
(v) the Parliamentary Service Commission; or
(vi) the Parliamentary Service, except in relation to personal information about any employee or former employee of that agency in his or her capacity as such an employee; or
(vii) in relation to its judicial functions, a court; or
(viii) in relation to its judicial functions, a tribunal; or
(ix) an Ombudsman; or
(x) a Royal Commission; or
(xi) a commission of inquiry appointed by an Order in Council made under the Commissions of Inquiry Act 1908; or
(xii) a commission of inquiry or board of inquiry or court of inquiry or committee of inquiry appointed, pursuant to, and not by, any provision of an Act, to inquire into a specified matter; or
(xiii) in relation to its news activities, any news medium; or
(xiv) an inquiry to which section 6 of the Inquiries Act 2013 applies

collect does not include receipt of unsolicited information

Commissioner means the Privacy Commissioner referred to in section 12 of this Act and appointed in accordance with section 28(1)(b) of the Crown Entities Act 2004

correct, in relation to personal information, means to alter that information by way of correction, deletion, or addition; and correction has a corresponding meaning

department means a government department named in Part 1 of Schedule 1 of the Ombudsmen Act 1975

Deputy Commissioner means the Deputy Privacy Commissioner appointed under section 15

Director of Human Rights Proceedings means the Director of Human Rights Proceedings or alternate Director of Human Rights Proceedings appointed under section 20A of the Human Rights Act 1993

document means a document in any form; and includes:

(a) any writing on any material:

(b) any information recorded or stored by means of any tape recorder, computer, or other device; and any material subsequently derived from information so recorded or stored:

(c) any label, marking, or other writing that identifies or describes any thing of which it forms part, or to which it is attached by any means:

(d) any book, map, plan, graph, or drawing:

(e) any photograph, film, negative, tape, or other device in which 1 or more visual images are embodied so as to be capable (with or without the aid of some other equipment) of being reproduced

enactment means any provision of:

(a) any Act of Parliament; or

(b) any legislative instrument within the meaning of the Legislation Act 2012 made by Order in Council

Human Rights Review Tribunal or Tribunal means the Human Rights Review Tribunal continued by section 93 of the Human Rights Act 1993

individual means a natural person, other than a deceased natural person

individual concerned, in relation to personal information, means the individual to whom the information relates

information matching programme has the meaning given to it by section 97

information privacy principle or principle means any of the information privacy principles set out in section 6

information privacy request has the meaning given to it by section 33

intelligence organisation means:

(a) the New Zealand Security Intelligence Service; and

(b) the Government Communications Security Bureau

international organisation means any organisation of States or Governments of States or any organ or agency of any such organisation; and includes the Commonwealth Secretariat

local authority:

(a) means a local authority or public body named or specified in Schedule 1 of the Local Government Official Information and Meetings Act 1987; and

(b) includes:
(i) any committee or subcommittee or standing committee or special committee or joint standing committee or joint special committee which the local authority is empowered to appoint under its standing orders or rules of procedure or under any enactment or Order in Council constituting the local authority or regulating its proceedings; and
(ii) a committee of the whole local authority

Minister means a Minister of the Crown in his or her official capacity

news activity means:

(a) the gathering of news, or the preparation or compiling of articles or programmes of or concerning news, observations on news, or current affairs, for the purposes of dissemination to the public or any section of the public:

(b) the dissemination, to the public or any section of the public, of any article or programme of or concerning:
(i) news:
(ii) observations on news:
(iii) current affairs

news medium means any agency whose business, or part of whose business, consists of a news activity; but, in relation to principles 6 and 7, does not include Radio New Zealand Limited or Television New Zealand Limited

Ombudsman means an Ombudsman appointed under the Ombudsmen Act 1975

Organisation:

(a) means:
(i) an organisation named in Part 2 of Schedule 1 of the Ombudsmen Act 1975; and
(ii) an organisation named in Schedule 1 of the Official Information Act 1982; and

(b) includes:
(i) the Office of the Clerk of the House of Representatives:
(ii) an intelligence organisation

permanent resident of New Zealand means a person who:

(a) resides in New Zealand; and

(b) is not:
(i) a person to whom section 15 or 16 of the Immigration Act 2009 applies (except if the person has been granted a visa or entry permission in accordance with section 17 of that Act); or
(ii) a person obliged by or under that Act to leave New Zealand immediately or within a specified time; or
(iii) treated for the purposes of that Act as being unlawfully in New Zealand

personal information means information about an identifiable individual; and includes information relating to a death that is maintained by the Registrar-General pursuant to the Births, Deaths, Marriages, and Relationships Registration Act 1995, or any former Act (as defined by the Births, Deaths, Marriages, and Relationships Registration Act 1995)

public register has the meaning given to it in section 58

public register privacy principle has the meaning given to it in section 58

public sector agency:

(a) means an agency that is a Minister, a department, an organisation, or a local authority; and

(b) includes any agency that is an unincorporated body (being a board, council, committee, or other body):
(i) which is established for the purpose of assisting or advising, or performing functions connected with, any public sector agency within the meaning of paragraph (a); and
(ii) which is so established in accordance with the provisions of any enactment or by any such public sector agency

publicly available information means personal information that is contained in a publicly available publication

publicly available publication means a magazine, book, newspaper, or other publication that is or will be generally available to members of the public; and includes a public register

responsible Minister means the Minister of Justice

serious threat, for the purposes of principle 10(d) or 11(f), means a threat that an agency reasonably believes to be a serious threat having regard to all of the following:

(a) the likelihood of the threat being realised; and

(b) the severity of the consequences if the threat is realised; and

statutory officer means a person:

(a) holding or performing the duties of an office established by an enactment; or

(b) performing duties expressly conferred on that person by virtue of that person’s office by an enactment

unique identifier means an identifier:

(a) that is assigned to an individual by an agency for the purposes of the operations of the agency; and

(b) that uniquely identifies that individual in relation to that agency;—
but, for the avoidance of doubt, does not include an individual’s name used to identify that individual

working day means any day of the week other than:

(a) Saturday, Sunday, Good Friday, Easter Monday, Anzac Day, Labour Day, the Sovereign’s birthday, and Waitangi Day; and

(ab) if Waitangi Day or Anzac Day falls on a Saturday or a Sunday, the following Monday; and

(b) a day in the period commencing with 25 December in any year and ending with 15 January in the following year.

(2) For the avoidance of doubt, it is hereby declared that the fact that any body (being a commission of inquiry or board of inquiry or court of inquiry or committee of inquiry appointed, by any provision of an Act, to inquire into a specified matter) is not excluded from the definition of the term agency in subsection (1) by virtue of subparagraph (xii) of paragraph (b) of that definition does not mean that such a body is not excluded from that definition by virtue of subparagraph (vii) or subparagraph (viii) of that paragraph.

3.- Information held by agency

(1) Subject to subsection (2), information that is held by an officer or employee or member of an agency in that person’s capacity as such an officer or employee or member or in that person’s capacity as a statutory officer shall be deemed, for the purposes of this Act, to be held by the agency of which that person is an officer or employee or member.

(2) Nothing in subsection (1) applies in respect of any information that any officer or employee or member of a public sector agency would not hold but for that person’s membership of, or connection with, a body other than a public sector agency, except where that membership or connection is in that person’s capacity as an officer or an employee or a member of that public sector agency or as a statutory officer.

(3) Nothing in subsection (1) applies in respect of any information that any officer or employee or member of any agency (not being a public sector agency) would not hold but for that person’s membership of, or connection with, any other agency, except where that membership or connection is in that person’s capacity as an officer or an employee or a member of that first-mentioned agency.

(4) For the purposes of this Act, where an agency holds information—

(a) solely as agent; or

(b) for the sole purpose of safe custody; or

(c) for the sole purpose of processing the information on behalf of another agency,:
and does not use or disclose the information for its own purposes, the information shall be deemed to be held by the agency on whose behalf that information is so held or, as the case may be, is so processed.

4.- Actions of, and disclosure of information to, staff of agency, etc
For the purposes of this Act, an action done by, or information disclosed to, a person employed by, or in the service of, an agency in the performance of the duties of the person’s employment shall be treated as having been done by, or disclosed to, the agency.

5.- Act to bind the Crown
This Act binds the Crown.

Part 2.- Information privacy principles

6.- Information privacy principles
The information privacy principles are as follows:
Information privacy principles

Principle 1 .- Purpose of collection of personal information
Personal information shall not be collected by any agency unless:
(a) the information is collected for a lawful purpose connected with a function or activity of the agency; and
(b) the collection of the information is necessary for that purpose.

Principle 2.- Source of personal information
(1) Where an agency collects personal information, the agency shall collect the information directly from the individual concerned.
(2) It is not necessary for an agency to comply with subclause (1) if the agency believes, on reasonable grounds,:
(a) that the information is publicly available information; or
(b) that the individual concerned authorises collection of the information from someone else; or
(c) that non-compliance would not prejudice the interests of the individual concerned; or
(d) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(e) that compliance would prejudice the purposes of the collection; or
(f) that compliance is not reasonably practicable in the circumstances of the particular case; or
(g) that the information:
(i) will not be used in a form in which the individual concerned is identified; or
(ii) will be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(h) that the collection of the information is in accordance with an authority granted under section 54.

Principle 3.- Collection of information from subject
(1) Where an agency collects personal information directly from the individual concerned, the agency shall take such steps (if any) as are, in the circumstances, reasonable to ensure that the individual concerned is aware of:
(a) the fact that the information is being collected; and
(b) the purpose for which the information is being collected; and
(c) the intended recipients of the information; and
(d) the name and address of:
(i) the agency that is collecting the information; and
(ii) the agency that will hold the information; and
(e) if the collection of the information is authorised or required by or under law,:
(i) the particular law by or under which the collection of the information is so authorised or required; and
(ii) whether or not the supply of the information by that individual is voluntary or mandatory; and
(f) the consequences (if any) for that individual if all or any part of the requested information is not provided; and
(g) the rights of access to, and correction of, personal information provided by these principles.
(2) The steps referred to in subclause (1) shall be taken before the information is collected or, if that is not practicable, as soon as practicable after the information is collected.
(3) An agency is not required to take the steps referred to in subclause (1) in relation to the collection of information from an individual if that agency has taken those steps in relation to the collection, from that individual, of the same information or information of the same kind, on a recent previous occasion.
(4) It is not necessary for an agency to comply with subclause (1) if the agency believes, on reasonable grounds,:
(a) that non-compliance is authorised by the individual concerned; or
(b) that non-compliance would not prejudice the interests of the individual concerned; or
(c) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(d) that compliance would prejudice the purposes of the collection; or
(e) that compliance is not reasonably practicable in the circumstances of the particular case; or
(f) that the information:
(i) will not be used in a form in which the individual concerned is identified; or
(ii) will be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned.

Principle 4.- Manner of collection of personal information
Personal information shall not be collected by an agency:
(a) by unlawful means; or
(b) by means that, in the circumstances of the case,:
(i) are unfair; or
(ii) intrude to an unreasonable extent upon the personal affairs of the individual concerned.

Principle 5.- Storage and security of personal information
An agency that holds personal information shall ensure:
(a) that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against:
(i) loss; and
(ii) access, use, modification, or disclosure, except with the authority of the agency that holds the information; and
(iii) other misuse; and
(b) that if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of the information.

Principle 6.- Access to personal information
(1) Where an agency holds personal information in such a way that it can readily be retrieved, the individual concerned shall be entitled:
(a) to obtain from the agency confirmation of whether or not the agency holds such personal information; and
(b) to have access to that information.
(2) Where, in accordance with subclause (1)(b), an individual is given access to personal information, the individual shall be advised that, under principle 7, the individual may request the correction of that information.
(3) The application of this principle is subject to the provisions of Parts 4 and 5.

Principle 7.- Correction of personal information
(1) Where an agency holds personal information, the individual concerned shall be entitled:
(a) to request correction of the information; and
(b) to request that there be attached to the information a statement of the correction sought but not made.
(2) An agency that holds personal information shall, if so requested by the individual concerned or on its own initiative, take such steps (if any) to correct that information as are, in the circumstances, reasonable to ensure that, having regard to the purposes for which the information may lawfully be used, the information is accurate, up to date, complete, and not misleading.
(3) Where an agency that holds personal information is not willing to correct that information in accordance with a request by the individual concerned, the agency shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the information, in such a manner that it will always be read with the information, any statement provided by that individual of the correction sought.
(4) Where the agency has taken steps under subclause (2) or subclause (3), the agency shall, if reasonably practicable, inform each person or body or agency to whom the personal information has been disclosed of those steps.
(5) Where an agency receives a request made pursuant to subclause (1), the agency shall inform the individual concerned of the action taken as a result of the request.

Principle 8.- Accuracy, etc, of personal information to be checked before use
An agency that holds personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, complete, relevant, and not misleading.

Principle 9.- Agency not to keep personal information for longer than necessary
An agency that holds personal information shall not keep that information for longer than is required for the purposes for which the information may lawfully be used.

Principle 10.- Limits on use of personal information
An agency that holds personal information that was obtained in connection with one purpose shall not use the information for any other purpose unless the agency believes, on reasonable grounds,:
(a) that the source of the information is a publicly available publication and that, in the circumstances of the case, it would not be unfair or unreasonable to use the information; or
(b) that the use of the information for that other purpose is authorised by the individual concerned; or
(c) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(d) that the use of the information for that other purpose is necessary to prevent or lessen a serious threat (as defined in section 2(1)) to:
(i) public health or public safety; or
(ii) the life or health of the individual concerned or another individual; or
(e) that the purpose for which the information is used is directly related to the purpose in connection with which the information was obtained; or
(f) that the information:
(i) is used in a form in which the individual concerned is not identified; or
(ii) is used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(g) that the use of the information is in accordance with an authority granted under section 54.

Principle 11 .- Limits on disclosure of personal information
An agency that holds personal information shall not disclose the information to a person or body or agency unless the agency believes, on reasonable grounds,:
(a) that the disclosure of the information is one of the purposes in connection with which the information was obtained or is directly related to the purposes in connection with which the information was obtained; or
(b) that the source of the information is a publicly available publication and that, in the circumstances of the case, it would not be unfair or unreasonable to disclose the information; or
(c) that the disclosure is to the individual concerned; or
(d) that the disclosure is authorised by the individual concerned; or
(e) that non-compliance is necessary:
(i) to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or
(ii) for the enforcement of a law imposing a pecuniary penalty; or
(iii) for the protection of the public revenue; or
(iv) for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or
(f) that the disclosure of the information is necessary to prevent or lessen a serious threat (as defined in section 2(1) to:
(i) public health or public safety; or
(ii) the life or health of the individual concerned or another individual; or
(g) that the disclosure of the information is necessary to facilitate the sale or other disposition of a business as a going concern; or
(h) that the information:
(i) is to be used in a form in which the individual concerned is not identified; or
(ii) is to be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or
(i) that the disclosure of the information is in accordance with an authority granted under section 54.

Principle 12.- Unique identifiers
(1) An agency shall not assign a unique identifier to an individual unless the assignment of that identifier is necessary to enable the agency to carry out any 1 or more of its functions efficiently.
(2) An agency shall not assign to an individual a unique identifier that, to that agency’s knowledge, has been assigned to that individual by another agency, unless those 2 agencies are associated persons within the meaning of subpart YB of the Income Tax Act 2007.
(3) An agency that assigns unique identifiers to individuals shall take all reasonable steps to ensure that unique identifiers are assigned only to individuals whose identity is clearly established.
(4) An agency shall not require an individual to disclose any unique identifier assigned to that individual unless the disclosure is for one of the purposes in connection with which that unique identifier was assigned or for a purpose that is directly related to one of those purposes

7.- Savings

Nothing in principle 6 or principle 11 derogates from any provision that is contained in any enactment and that authorises or requires personal information to be made available.

(2) Nothing in principle 6 or principle 11 derogates from any provision that is contained in any other Act of Parliament and that:
(a) imposes a prohibition or restriction in relation to the availability of personal information; or
(b) regulates the manner in which personal information may be obtained or made available.

(3) Nothing in principle 6 or principle 11 derogates from any provisión:

(a) that is contained in any legislative instrument within the meaning of the Legislation Act 2012 made by Order in Council and in forcé:
(i) in so far as those principles apply to a department, a Minister, an organisation, or a public sector agency (as defined in paragraph (b) of the definition of that term in section 2(1)) that is established for the purposes of assisting or advising, or performing functions connected with, a department, a Minister, or an organisation, immediately before 1 July 1983; and
(ii) in so far as those principles apply to a local authority or a public sector agency (as so defined) that is established for the purposes of assisting or advising, or performing functions connected with, a local authority, immediately before 1 March 1988; and
(iii) in so far as those principles apply to any other agency, immediately before 1 July 1993; and

(b) that:
(i) imposes a prohibition or restriction in relation to the availability of personal information; or
(ii) regulates the manner in which personal information may be obtained or made available.

(4) An action is not a breach of any of principles 1 to 5, 7 to 10, and 12 if that action is authorised or required by or under law.

(5) Nothing in principle 7 applies in respect of any information held by the Department of Statistics, where that information was obtained pursuant to the Statistics Act 1975.

(6) Subject to the provisions of Part 7, nothing in any of the information privacy principles shall apply in respect of a public register.

8.- Application of information privacy principles

(1) Subject to subsection (4), principles 1 to 4 apply only in relation to information collected after the commencement of this section.

(2) Subject to section 9, principles 5 to 9 and principle 11 apply in relation to information held by an agency, whether the information was obtained before, or is obtained after, the commencement of this section.

(3) Principle 10 applies only in relation to information obtained after the commencement of this section.

(4) Nothing in principle 3 shall apply in relation to the collection, by means of any printed form, of any personal information, if the form was printed before the commencement of this section and is used, before 1 July 1995, for the purpose of collecting personal information.

(5) Subclauses (1) to (3) of principle 12 apply only in relation to the assignment of unique identifiers after the commencement of this section.

(6) Subclause (4) of principle 12 applies to any unique identifier, whether assigned before or after the commencement of this section.

9.- Postponement of application of principle 11 to lists used for direct marketing

Nothing in principle 11 shall apply, before 1 July 1996, in relation to the disclosure, by any agency, of personal information collected before 1 July 1993 for direct marketing purposes, where that disclosure is made to another agency for the purpose of enabling that other agency to engage in direct marketing.

(2) For the purposes of subsection (1), direct marketing means:

(a) the offering of goods or services; or

(b) the advertising of the availability of goods or services; or

(c) the solicitation of donations or contributions for charitable, cultural, philanthropic, recreational, political, or other purposes, :
by means of:

(d) information or goods sent to any person by mail, facsimile transmission, electronic mail, or other similar means of communication, where the information or goods are addressed to a specific person or specific persons by name; or

(e) telephone calls made to specific persons by name.

10.- Application of principles to information held overseas

(1) For the purposes of principle 5 and principles 8 to 11, information held by an agency includes information that is held outside New Zealand by that agency, where that information has been transferred out of New Zealand by that agency or any other agency.

(2) For the purposes of principles 6 and 7, information held by an agency includes information held outside New Zealand by that agency.

(3) Nothing in this section shall apply to render an agency in breach of any of the information privacy principles in respect of any action that the agency is required to take by or under the law of any place outside New Zealand.

11.-Enforceability of principles

(1) The entitlements conferred on an individual by subclause (1) of principle 6, in so far as that subclause relates to personal information held by a public sector agency, are legal rights, and are enforceable accordingly in a court of law.

(2) Subject to subsection (1), the information privacy principles do not confer on any person any legal right that is enforceable in a court of law.

Part 3.- Privacy Commissioner

12.-Privacy Commissioner

There shall be a Commissioner called the Privacy Commissioner.

(2) The Commissioner is:

(a) a corporation sole; and

(b) a Crown entity for the purposes of section 7 of the Crown Entities Act 2004; and

(3) The Crown Entities Act 2004 applies to the Commissioner except to the extent that this Act expressly provides otherwise.

(4) [Repealed]

13.- Functions of Commissioner

The functions of the Commissioner shall be:

(a) to promote, by education and publicity, an understanding and acceptance of the information privacy principles and of the objects of those principles:

(b) when requested to do so by an agency, to conduct an audit of personal information maintained by that agency for the purpose of ascertaining whether or not the information is maintained according to the information privacy principles:

(c) to monitor the use of unique identifiers, and to report to the Prime Minister from time to time on the results of that monitoring, including any recommendation relating to the need for, or desirability of taking, legislative, administrative, or other action to give protection, or better protection, to the privacy of the individual:

(d) to maintain, and to publish, in accordance with section 21, directories of personal information:

(e) to monitor compliance with the public register privacy principles, to review those principles from time to time with particular regard to the Council of Europe Recommendations on Communication to Third Parties of Personal Data Held by Public Bodies Recommendation R (91) 10), and to report to the responsible Minister from time to time on the need for or desirability of amending those principles.

(f) to examine any proposed legislation that makes provision for:
(i) the collection of personal information by any public sector agency; or
(ii) the disclosure of personal information by one public sector agency to any other public sector agency,:
or both; to have particular regard, in the course of that examination, to the matters set out in section 98, in any case where the Commissioner considers that the information might be used for the purposes of an information matching programme; and to report to the responsible Minister the results of that examination:

(g) for the purpose of promoting the protection of individual privacy, to undertake educational programmes on the Commissioner’s own behalf or in co-operation with other persons or authorities acting on behalf of the Commissioner:

(h) to make public statements in relation to any matter affecting the privacy of the individual or of any class of individuals:

(i) to receive and invite representations from members of the public on any matter affecting the privacy of the individual:

(j) to consult and co-operate with other persons and bodies concerned with the privacy of the individual:

(k) to make suggestions to any person in relation to any matter that concerns the need for, or the desirability of, action by that person in the interests of the privacy of the individual:

(l) to provide advice (with or without a request) to a Minister or an agency on any matter relevant to the operation of this Act:

(m) to inquire generally into any matter, including any enactment or law, or any practice, or procedure, whether governmental or non-governmental, or any technical development, if it appears to the Commissioner that the privacy of the individual is being, or may be, infringed thereby:

(n) to undertake research into, and to monitor developments in, data processing and computer technology to ensure that any adverse effects of such developments on the privacy of individuals are minimised, and to report to the responsible Minister the results of such research and monitoring:

(o) to examine any proposed legislation (including subordinate legislation) or proposed policy of the Government that the Commissioner considers may affect the privacy of individuals, and to report to the responsible Minister the results of that examination:

(p) to report (with or without request) to the Prime Minister from time to time on any matter affecting the privacy of the individual, including the need for, or desirability of, taking legislative, administrative, or other action to give protection or better protection to the privacy of the individual:

(q) to report to the Prime Minister from time to time on the desirability of the acceptance, by New Zealand, of any international instrument relating to the privacy of the individual:

(r) to report to the Prime Minister on any other matter relating to privacy that, in the Commissioner’s opinion, should be drawn to the Prime Minister’s attention:

(s) to gather such information as in the Commissioner’s opinion will assist the Commissioner in carrying out the Commissioner’s functions under this Act:

(t) to do anything incidental or conducive to the performance of any of the preceding functions:

(u) to exercise and perform such other functions, powers, and duties as are conferred or imposed on the Commissioner by or under this Act or any other enactment.

(1AA) Without limiting subsection (1), the functions of the Commissioner in relation to information sharing under Part 9A are:

(a) to make submissions on an information sharing agreement for which approval by Order in Council under section 96J is being sought:

(b) to report to a relevant Minister, under section 96P(1), on any matter relating to privacy that arises or is likely to arise in respect of an approved information sharing agreement and on any other matter specified in that section:

(d) to receive and investigate complaints about any alleged interference with privacy under an approved information sharing agreement in accordance with Part 8:

(e) if appropriate under the circumstances, to exempt an agency, under section 96R, from the requirement to give notice of adverse action under section 96Q or to reduce the period of notice required under that section:

(f) to conduct a review under section 96W on the operation of an approved information sharing agreement:

(g) to report to a relevant Minister under section 96X on the findings of a review conducted under section 96W:

(h) to require a public sector agency to report, in accordance with section 96S, on the operation of each approved information sharing agreement for which it is the lead agency.

(1AB) In subsection (1AA), adverse action, approved information sharing agreement, information sharing agreement,lead agency, and relevant Minister have the meanings given to them by section 96C.

(1A) Except as expressly provided otherwise in this or another Act, the Commissioner must act independently in performing his or her statutory functions and duties, and exercising his or her statutory powers, under:

(a) this Act; and

(b) any other Act that expressly provides for the functions, powers, or duties of the Commissioner (other than the Crown Entities Act 2004).

(2) The Commissioner may from time to time, in the public interest or in the interests of any person or body of persons, publish reports relating generally to the exercise of the Commissioner’s functions under this Act or to any case or cases investigated by the Commissioner, whether or not the matters to be dealt with in any such report have been the subject of a report to the responsible Minister or the Prime Minister.

14.- Commissioner to have regard to certain matters
In the performance of his or her functions, and the exercise of his or her powers, under this Act, the Commissioner shall:

(a) have due regard for the protection of important human rights and social interests that compete with privacy, including the general desirability of a free flow of information and the recognition of the right of government and business to achieve their objectives in an efficient way; and

(b) take account of international obligations accepted by New Zealand, including those concerning the international technology of communications; and

(c) consider any developing general international guidelines relevant to the better protection of individual privacy; and

(d) have due regard to the information privacy principles and the public register privacy principles.

15.- Deputy Commissioner

(1) The Governor-General may, on the recommendation of the Minister, appoint a deputy to the person appointed as Commissioner.

(2) Part 2 of the Crown Entities Act 2004, except section 46, applies to the appointment and removal of a Deputy Commissioner in the same manner as it applies to the appointment and removal of a Commissioner.

(3) Subject to the control of the Commissioner, the Deputy Commissioner shall have and may exercise all the powers, duties, and functions of the Commissioner under this Act or any other enactment.

(4) On the occurrence from any cause of a vacancy in the office of the Commissioner (whether by reason of death, resignation, or otherwise), and in the case of the absence from duty of the Commissioner (from whatever cause arising), and so long as any such vacancy or absence continues, the Deputy Commissioner shall have and may exercise all the powers, duties, and functions of the Commissioner.

(5) [Repealed]

(6) Subject to this Act, the Deputy Commissioner shall be entitled to all the protections, privileges, and immunities of the Commissioner.

16.- Term of office [Repealed]

17.- Continuation in office after term expires [Repealed]

18.- Vacation of office [Repealed]

19.- Holding of other offices

(1) In addition to the matters in section 30(2) of the Crown Entities Act 2004, a member of a local authority is disqualified from being appointed as Commissioner.
(2) The appointment of a Judge as the Commissioner, or service by a Judge as the Commissioner, does not affect that person’s tenure of his or her judicial office or his or her rank, title, status, precedence, salary, annual or other allowances, or other rights or privileges as a Judge (including those in relation to superannuation), and, for all purposes, that person’s service as the Commissioner shall be taken to be service as a Judge.

20.- Powers relating to declaratory judgments

(1) If at any time it appears to the Commissioner that it may be desirable to obtain a declaratory judgment or order of the High Court in accordance with the Declaratory Judgments Act 1908, he or she may refer the matter to the Proceedings Commissioner for the purpose of deciding whether proceedings under that Act should be instituted.

(2) In respect of any matter referred to the Proceedings Commissioner under subsection (1), the Proceedings Commissioner shall, notwithstanding anything to the contrary in the Declaratory Judgments Act 1908 or any other enactment or rule of law, have sufficient standing to institute proceedings under that Act whether or not the matter is one within his or her own functions and powers under this Act or under the Human Rights Commission Act 1977.

21.- Directories of personal information

(1) The Commissioner may from time to time, as the Commissioner thinks fit, cause to be published 1 or more publications that include all or any of the following information:

(a) the nature of any personal information held by any agency:

(b) the purpose for which any personal information is held by any agency:

(d) the period for which any type of personal information is held by any agency:

(e) the individuals who are entitled to have access to any personal information held by any agency, and the conditions under which they are entitled to have that access:

(f) the steps that should be taken by any individual wishing to obtain access to any personal information held by any agency.

(2) The Commissioner may from time to time bring the material contained in any publication published pursuant to subsection (1) up to date, either by causing to be published a new edition of that publication or by causing to be published supplementary material.

(3) In determining whether or not any publication should be published pursuant to this section, the Commissioner shall have regard, among other things, to the need to assist members of the public to obtain personal information and to effectively exercise their rights under this Act.

(4) Nothing in this section requires the publication of any information for which good reason for withholding would exist under section 27 or section 28.

22.- Commissioner may require agency to supply information
For the purpose of:

(a) the publication of any directory or any supplementary material pursuant to section 21; or

(b) enabling the Commissioner to respond to enquiries from the public seeking information of the kind referred to in any of paragraphs (a) to (f) of section 21(1),:

the Commissioner may, from time to time, require any agency to supply to the Commissioner such information as the Commissioner may reasonably require in relation to the personal information held by that agency, and the agency shall comply with that requirement.

23.- Privacy officers
It shall be the responsibility of each agency to ensure that there are, within that agency, 1 or more individuals whose responsibilities include:
(a) the encouragement of compliance, by the agency, with the information privacy principles:

(b) dealing with requests made to the agency pursuant to this Act:

(d) otherwise ensuring compliance by the agency with the provisions of this Act.

24.- Annual report

(1) Without limiting the right of the Commissioner to report at any other time, but subject to section 120, the annual report of the Commissioner under section 150 of the Crown Entities Act 2004 must include a report with respect to the operation of this Act during the year to which the report relates.

(2) [Repealed]

25.- Further provisions relating to Commissioner

The provisions of Schedule 1 shall have effect in relation to the Commissioner and the Commissioner’s affairs.

26.- Review of operation of Act

(1) As soon as practicable after the expiry of the period of 3 years beginning on the commencement of this section, and then at intervals of not more than 5 years, the Commissioner shall:

(a) review the operation of this Act since:
(i)the date of the commencement of this section (in the case of the first review carried out under this paragraph); or
(ii) the date of the last review carried out under this paragraph (in the case of every subsequent review); and

(b) consider whether any amendments to this Act are necessary or desirable; and

(2) As soon as practicable after receiving a report from the Commissioner under subsection (1)(c), the responsible Minister shall lay a copy of that report before the House of Representatives.

Part.4.- Good reasons for refusing access to personal information

27.- Security, defence, international relations, etc

(1) An agency may refuse to disclose any information requested pursuant to principle 6 if the disclosure of the information would be likely:

(a) to prejudice the security or defence of New Zealand or the international relations of the Government of New Zealand; or

(b) to prejudice the entrusting of information to the Government of New Zealand on a basis of confidence by:
(i) the Government of any other country or any agency of such a Government; or
(ii) any international organisation; or

(c) to prejudice the maintenance of the law, including the prevention, investigation, and detection of offences, and the right to a fair trial; or

(d) to endanger the safety of any individual.

(2) An agency may refuse to disclose any information requested pursuant to principle 6 if the disclosure of the information would be likely:

(a) to prejudice the security or defence of:
(i) the self-governing State of the Cook Islands; or
(ii) the self-governing State of Niue; or
(iii) Tokelau; or
(iv) the Ross Dependency; or

(b) to prejudice relations between any of the Governments of:
(i) New Zealand:
(ii) the self-governing State of the Cook Islands.
(iii) the self-governing State of Niue; or

(c) to prejudice the international relations of the Governments of:
(i)the self-governing State of the Cook Islands; or
(ii) the self-governing State of Niue.

28.- Trade secrets

(1) Subject to subsection (2), an agency may refuse to disclose any information requested pursuant to principle 6 if the withholding of the information is necessary to protect information where the making available of the information:

(a) would disclose a trade secret; or

(b) would be likely unreasonably to prejudice the commercial position of the person who supplied or who is the subject of the information.

(2) Information may not be withheld under subsection (1) if, in the circumstances of the particular case, the withholding of that information is outweighed by other considerations which render it desirable, in the public interest, to make the information available.

29.- Other reasons for refusal of requests

(1) An agency may refuse to disclose any information requested pursuant to principle 6 if:

(a) the disclosure of the information would involve the unwarranted disclosure of the affairs of another individual or of a deceased individual; or

(b) the disclosure of the information or of information identifying the person who supplied it, being evaluative material, would breach an express or implied promise:
(i) which was made to the person who supplied the information; and
(ii) which was to the effect that the information or the identity of the person who supplied it or both would be held in confidence; or

(c) after consultation undertaken (where practicable) by or on behalf of the agency with an individual’s medical practitioner, the agency is satisfied that:
(i) the information relates to that individual; and
(ii) the disclosure of the information (being information that relates to the physical or mental health of the individual who requested it) would be likely to prejudice the physical or mental health of that individual; or

(d) in the case of an individual under the age of 16, the disclosure of that information would be contrary to that individual’s interests; or

(e) the disclosure of that information (being information in respect of an individual who has been convicted of an offence or is or has been detained in custody) would be likely to prejudice the safe custody or the rehabilitation of that individual; or

(f) the disclosure of the information would breach legal professional privilege; or

(g) in the case of a request made to Radio New Zealand Limited or Television New Zealand Limited, the disclosure of the information would be likely to reveal the source of information of a bona fide news media journalist and either:
(i) the information is subject to an obligation of confidence; or
(ii) the disclosure of the information would be likely to prejudice the supply of similar information, or information from the same source; or

(h) the disclosure of the information, being information contained in material placed in any library or museum or archive, would breach a condition subject to which that material was so placed; or

(i) the disclosure of the information would constitute contempt of court or of the House of Representatives; or

(ia) the request is made by a defendant or a defendant’s agent and is:
(i) for information that could be sought by the defendant under the Criminal Disclosure Act 2008; or
(ii) for information that could be sought by the defendant under that Act and that has been disclosed to, or withheld from, the defendant under that Act; or

(j) the request is frivolous or vexatious, or the information requested is trivial.

(2) An agency may refuse a request made pursuant to principle 6 if:

(a) the information requested is not readily retrievable; or

(b) the information requested does not exist or cannot be found; or

(c) the information requested is not held by the agency and the person dealing with the request has no grounds for believing that the information is either:
(i) held by another agency; or
(ii) connected more closely with the functions or activities of another agency.

(3) For the purposes of subsection (1)(b), the term evaluative material means evaluative or opinion material compiled solely: .

(a) for the purpose of determining the suitability, eligibility, or qualifications of the individual to whom the material relates—
(i) for employment or for appointment to office; or
(ii) for promotion in employment or office or for continuance in employment or office; or
(iii) for removal from employment or office; or
(iv) for the awarding of contracts, awards, scholarships, honours, or other benefits; or

(b) for the purpose of determining whether any contract, award, scholarship, honour, or benefit should be continued, modified, or cancelled; or

(c) for the purpose of deciding whether to insure any individual or property or to continue or renew the insurance of any individual or property.

(4) In subsection (1)(c), medical practitioner means a health practitioner who is, or is deemed to be, registered with the Medical Council of New Zealand continued by section 114(1)(a) of the Health Practitioners Competence Assurance Act 2003 as a practitioner of the profession of medicine.

30.- Refusal not permitted for any other reason

Subject to sections 7, 31, and 32, no reasons other than 1 or more of the reasons set out in sections 27 to 29 justifies a refusal to disclose any information requested pursuant to principle 6.

31.- Restriction where person sentenced to imprisonment [Repealed]

32.-Information concerning existence of certain information

Where a request made pursuant to principle 6 relates to information to which section 27 or section 28 applies, or would, if it existed, apply, the agency dealing with the request may, if it is satisfied that the interest protected by section 27 or section 28 would be likely to be prejudiced by the disclosure of the existence or non-existence of such information, give notice in writing to the applicant that it neither confirms nor denies the existence or non-existence of that information.

Part 5.- Procedural provisions relating to access to and correction of personal information

33.- Application

This Part applies to the following requests (in this Act referred to as information privacy requests):

(a) a request made pursuant to subclause (1)(a) of principle 6 to obtain confirmation of whether or not an agency holds personal information:

(b) a request made pursuant to subclause (1)(b) of principle 6 to be given access to personal information:

34.- Individuals may make information privacy requests

An information privacy request may be made only by an individual.

35.- Charges

(1) Subject to section 36, a public sector agency shall not require the payment, by or on behalf of any individual who wishes to make an information privacy request, of any charge in respect of:

(a) the provision of assistance in accordance with section 38; or

(b) the making of the request to that agency; or

(d) the processing of the request, including deciding whether or not the request is to be granted and, if so, in what manner; or

(e) the making available of information in compliance, in whole or in part, with the request; or

(f) in the case of a request made pursuant to subclause (1) of principle 7,:
(i) the correction of any information in compliance, in whole or in part, with the request; or
(ii) the attaching, to any information, of a statement of any correction sought but not made.

(2) Subject to subsection (4), an agency that is not a public sector agency shall not require the payment, by or on behalf of any individual who wishes to make an information privacy request, of any charge in respect of:

(a) the provision of assistance in accordance with section 38; or

(b) the making of the request to that agency; or

(d) the processing of the request, including deciding whether or not the request is to be granted and, if so, in what manner.

(3) An agency that is not a public sector agency may require the payment, by or on behalf of any individual who wishes to make a request pursuant to subclause (1)(a) or subclause (1)(b) of principle 6 or pursuant to principle 7, of a charge in respect of:

(a) the making available of information in compliance, in whole or in part, with the request; or

(b) in the case of a request made pursuant to subclause (1) of principle 7,:
(i) the correction of any information in compliance, in whole or in part, with the request; or
(ii) the attaching, to any information, of a statement of any correction sought but not made.

(4) Where an agency that is not a public sector agency makes information available in compliance, in whole or in part, with an information privacy request, the agency may require the payment of a charge in respect of the provision of assistance, by that agency, in accordance with section 38, in respect of that request.

(5) Any charge fixed by an agency pursuant to subsection (3) or subsection (4) or pursuant to an authority granted pursuant to section 36 in respect of an information privacy request shall be reasonable, and (in the case of a charge fixed in respect of the making available of information) regard may be had to the cost of the labour and materials involved in making information available in accordance with the request and to any costs incurred pursuant to a request of the applicant for the request to be treated as urgent.

(6) The provisions of subsections (3) to (5), in so far as they relate to the fixing, by any agency that is not a public sector agency, of any charge in respect of any information privacy request, shall apply subject to any provisions to the contrary in any code of practice issued under section 46 and for the time being in force.

36.- Commissioner may authorise public sector agency to charge

(1) Where a public sector agency satisfies the Commissioner that the agency is commercially disadvantaged, in comparison with any competitor in the private sector, by reason that the agency is prevented, by subsection (1) ofsection 35, from imposing a charge in respect of any of the matters referred to in paragraph (e) or paragraph (f) of that subsection, the Commissioner may authorise that agency to impose a charge in respect of either or both of those matters.

(1A) The Commissioner may authorise a public sector agency to impose a charge in respect of the matter referred to insection 35(1)(e) if the information privacy request is received from, or on behalf of, an individual who:

(a) is residing outside New Zealand; and

(b) is not a New Zealand citizen or a permanent resident of New Zealand.

(2) The Commissioner may impose in respect of any authority granted pursuant to subsection (1) or (1A) such conditions as the Commissioner thinks fit.

(3) The Commissioner may, at any time, revoke any authority granted to an agency pursuant to subsection (1) or (1A), but shall not revoke any such authority without giving the agency an opportunity to be heard.

37.- Urgency

If an individual making an information privacy request asks that his or her request be treated as urgent, that individual shall give his or her reasons why the request should be treated as urgent.

38.- Assistance

It is the duty of every agency to give reasonable assistance to an individual, who:

(a) wishes to make an information privacy request; or

(b) in making such a request, has not made the request in accordance with the requirements of this Act; or

(c) has not made his or her request to the appropriate agency,
to make a request in a manner that is in accordance with the requirements of this Act or to direct his or her request to the appropriate agency.

39.- Transfer of requests

Where:

(a) an information privacy request is made to an agency or is transferred to an agency in accordance with this section; and

(b) the information to which the request relates:
(i) is not held by the agency but is believed by the person dealing with the request to be held by another agency; or
(ii) is believed by the person dealing with the request to be more closely connected with the functions or activities of another agency,
the agency to which the request is made shall promptly, and in any case not later than 10 working days after the day on which the request is received, transfer the request to the other agency and inform the individual making the request accordingly.

40.- Decisions on requests

(1) Subject to this Act, the agency to which an information privacy
request is made or transferred in accordance with this Act shall, as soon as reasonably practicable, and in any case not later than 20 working days after the day on which the request is received by that agency,:

(a) decide whether the request is to be granted and, if it is to be granted, in what manner and, subject to sections 35and 36, for what charge (if any); and

(b) give or post to the individual who made the request notice of the decision on the request.

(2) Where any charge is imposed, the agency may require the whole or part of the charge to be paid in advance.

(3) Where an information privacy request is made or transferred to a department, the decision on that request shall be made by the chief executive of that department or an officer or employee of that department authorised by that chief executive, unless that request is transferred in accordance with section 39 to another agency.

(4) Nothing in subsection (3) prevents the chief executive of a department or any officer or employee of a department from consulting a Minister or any other person in relation to the decision that the chief executive or officer or employee proposes to make on any information privacy request made or transferred to the department in accordance with this Act.

41.- Extension of time limits

(1) Where an information privacy request is made or transferred to an agency, the agency may extend the time limit set out in section 39 or section 40(1) in respect of the request if:

(a) the request is for a large quantity of information or necessitates a search through a large quantity of information, and meeting the original time limit would unreasonably interfere with the operations of the agency; or

(b) consultations necessary to make a decision on the request are such that a proper response to the request cannot reasonably be made within the original time limit.

(2) Any extension under subsection (1) shall be for a reasonable period of time having regard to the circumstances.

(3) The extension shall be effected by giving or posting notice of the extension to the individual who made the request within 20 working days after the day on which the request is received.

(4) The notice effecting the extension shall:

(a) specify the period of the extension; and

(b) give the reasons for the extension; and

(c) state that the individual who made the request for the information has the right, under section 67, to make a complaint to the Commissioner about the extension; and

(d) contain such other information as is necessary.

42.- Documents

(1) Where the information in respect of which an information privacy request is made by any individual is comprised in a document, that information may be made available in 1 or more of the following ways:

(a) by giving the individual a reasonable opportunity to inspect the document; or

(b) by providing the individual with a copy of the document; or
(c) in the case of a document that is an article or thing from which sounds or visual images are capable of being reproduced, by making arrangements for the individual to hear or view those sounds or visual images; or

(d) in the case of a document by which words are recorded in a manner in which they are capable of being reproduced in the form of sound or in which words are contained in the form of shorthand writing or in codified form, by providing the individual with a written transcript of the words recorded or contained in the document; or

(e) by giving an excerpt or summary of the contents; or

(f) by furnishing oral information about its contents.

(2) Subject to section 43, the agency shall make the information available in the way preferred by the individual requesting it unless to do so would:

(a) impair efficient administration; or

(b) be contrary to any legal duty of the agency in respect of the document; or

(c) prejudice the interests protected by section 27 or section 28 or section 29 and (in the case of the interests protected by section
28) there is no countervailing public interest.

(3) Where the information is not provided in the way preferred by the individual requesting it, the agency shall, subject tosection 32, give to that individual:

(a) the reason for not providing the information in that way; and

(b) if that individual so requests, the grounds in support of that reason, unless the giving of those grounds would itself prejudice the interests protected by section 27 or section 28 or section 29 and (in the case of the interests protected by section 28) there is no countervailing public interest.

43.- Deletion of information from documents

(1) Where the information in respect of which an information privacy request is made is comprised in a document and there is good reason for withholding some of the information contained in that document, the other information in that document may be made available by making a copy of that document available with such deletions or alterations as are necessary.

(2) Where a copy of a document is made available under subsection (1), the agency shall, subject to section 32, give to the individual—

(a) the reason for withholding the information; and

(b) if the individual so requests, the grounds in support of that reason, unless the giving of those grounds would itself prejudice the interests protected by section 27 or section 28 or section 29 and (in the case of the interests protected by section 28) there is no countervailing public interest.

44.- Reason for refusal to be given

Where an information privacy request made by an individual is refused, the agency shall,:

(a) subject to section 32, give to the individual:
(i) the reason for its refusal; and
(ii) if the individual so requests, the grounds in support of that reason, unless the giving of those grounds would itself prejudice the interests protected by section 27 or section 28 or section 29 and (in the case of the interests protected by section 28) there is no countervailing public interest; and

(b) give to the individual information concerning the individual’s right, by way of complaint under section 67 to the Commissioner, to seek an investigation and review of the refusal.

45.- Precautions

Where an information privacy request is made pursuant to subclause (1)(b) of principle 6, the agency:

(a) shall not give access to that information unless it is satisfied concerning the identity of the individual making the request; and

(b) shall ensure, by the adoption of appropriate procedures, that any information intended for an individual is received:
(i) only by that individual; or
(ii) where the request is made by an agent of the individual, only by that individual or his or her agent; and

(c) shall ensure that, where the request is made by an agent of the individual, the agent has the written authority of that individual to obtain the information or is otherwise properly authorised by that individual to obtain the information.

Part 6.- Codes of practice and exemptions from information privacy principles

Codes of practice

46.- Codes of practice

(1) The Commissioner may from time to time issue a code of practice.

(2) A code of practice may:

(a) modify the application of any 1 or more of the information privacy principles by:
(i) prescribing standards that are more stringent or less stringent than the standards that are prescribed by any such principle:
(ii) exempting any action from any such principle, either unconditionally or subject to such conditions as are prescribed in the code:

(aa) apply any 1 or more of the information privacy principles (but not all of those principles) without modification:

(b) prescribe how any 1 or more of the information privacy principles are to be applied, or are to be complied with.

(3) A code of practice may apply in relation to any 1 or more of the following:

(a) any specified information or class or classes of information:

(b) any specified agency or class or classes of agencies:

(d) any specified industry, profession, or calling or class or classes of industries, professions, or callings.

(4) A code of practice may also:

(a) impose, in relation to any agency that is not a public sector agency, controls in relation to the comparison (whether manually or by means of any electronic or other device) of personal information with other personal information for the purpose of producing or verifying information about an identifiable individual:

(b) in relation to charging under section 35,:
(i) set guidelines to be followed by agencies in determining charges:
(ii) prescribe circumstances in which no charge may be imposed:

(c) prescribe procedures for dealing with complaints alleging a breach of the code, but no such provisions may limit or restrict any provision of Part 8 or Part 9:

(d) provide for the review of the code by the Commissioner:

(e) provide for the expiry of the code.

(5) A code of practice may not limit or restrict the circumstances in which an individual is entitled,:

(a) under subclause (1)(a) of principle 6, to obtain confirmation of whether or not a public sector agency holds personal information; or

(b) under subclause (1)(b) of principle 6, to have access to personal information held by a public sector agency; or

(c) under principle 7,:
(i) to request the correction of personal information held by a public sector agency; or
(ii) to request that there be attached to any such information a statement of any correction sought but not made.

(6) Notwithstanding the definition of the term individual in section 2(1),:

(a) for the purposes of the issuing under this section of any code of practice relating to health information (whether or not any such code also relates to any other information), principle 11 shall be read as if it applies in respect of health information about any individual, whether living or deceased; and

(b) any code of practice so issued shall have effect under section 53 as if principle 11 so applied, and the provisions of this Act shall apply accordingly.

(7) For the purposes of subsection (6), the term health information has the same meaning as it has in section 22B of the Health Act 1956.

47.- Proposal for issuing of code of practice

(1) Subject to section 48, the Commissioner may issue a code of practice under section 46 on the Commissioner’s own initiative or on the application of any person.

(2) Without limiting subsection (1), but subject to subsection (3), any person may apply to the Commissioner for the issue of a code of practice in the form submitted by the applicant.

(3) An application may be made pursuant to subsection (2) only—

(a) by a body the purpose of which, or one of the purposes of which, is to represent the interests of any class or classes of agency, or of any industry, profession, or calling; and

(b) where the code of practice sought by the applicant is intended to apply in respect of the class or classes of agency, or the industry, profession, or calling, that the applicant represents, or any activity of any such class or classes of agency or of any such industry, profession, or calling.

(4) Where an application is made to the Commissioner pursuant to subsection (2), the Commissioner shall give public notice that the application has been received by the Commissioner, which notice shall contain a statement that:

(a) the details of the code of practice sought by the applicant, including a draft of the proposed code, may be obtained from the Commissioner; and

(b) submissions on the proposed code may be made in writing to the Commissioner within such period as is specified in the notice.

(5) For the purposes of section 48, the publication of a notice under subsection (4) in relation to any proposed code of practice shall be sufficient compliance with the requirements of subsection (1)(a) of that section in relation to the issuing of that code.

48.- Notification of intention to issue code

(1) Subject to section 52, the Commissioner shall not issue a code of practice under section 46 unless:

(a) the Commissioner has given public notice of the Commissioner’s intention to issue the code, which notice shall contain a statement that:
(i) the details of the proposed code, including a draft of the proposed code, may be obtained from the Commissioner; and
(ii) submissions on the proposed code may be made in writing to the Commissioner within such period as is specified in the notice; and

(b) the Commissioner has done everything reasonably possible on his or her part to advise all persons who will be affected by the proposed code, or representatives of those persons, of the proposed terms of the code, and of the reasons for it, has given such persons or their representatives a reasonable opportunity to consider the proposed code and to make submissions on it to the Commissioner, and has considered any such submissions.

(2) The fact that the Commissioner has published in the Gazette a notice under section 49(1) shall be conclusive proof that the requirements of this section have been complied with in respect of the code of practice to which the notice relates.

(3) Nothing in subsection (1) prevents the Commissioner from adopting any additional means of publicising the proposal to issue a code or of consulting with interested parties in relation to such a proposal.

49.- Notification, availability, and commencement of code

(1) Where a code of practice is issued under section 46,:

(a) the Commissioner shall ensure that there is published in the Gazette, as soon as practicable after the code is issued, a notice:
(i) indicating that the code has been issued; and
(ii) showing a place at which copies of the code are available for inspection free of charge and for purchase; and

(b) the Commissioner shall ensure that so long as the code remains in force, copies of the code are available:
(i) for inspection by members of the public free of charge; and
(ii) for purchase by members of the public at a reasonable price.

(2) Every code of practice issued under section 46 shall come into force on the 28th day after the date of its notification in the Gazette or on such later day as may be specified in the code.

50.- Application of Legislation Act 2012 to codes

All codes of practice issued under section 46 are disallowable instruments, but not legislative instruments, for the purposes of the Legislation Act 2012 and must be presented to the House of Representatives under section 41 of that Act.

51.- Amendment and revocation of codes

(1) The Commissioner may from time to time issue an amendment or revocation of a code of practice issued under section 46.

(2) The provisions of sections 47 to 50 shall apply in respect of any amendment or revocation of a code of practice.

52.- Urgent issue of code

(1) If the Commissioner considers that it is necessary to issue a code of practice under section 46, or to amend or revoke any such code of practice, and that following the procedure set out in section 48 would be impracticable because it is necessary to issue the code or, as the case may be, the amendment or revocation urgently, the Commissioner may issue the code of practice or, as the case may be, the amendment or revocation without complying with those procedures.

(2) Every code of practice, and every amendment or revocation of a code of practice, issued in accordance with this section shall be identified as a temporary code or amendment or revocation, and shall remain in force for such period (not exceeding 1 year after the date of its issue) as is specified for that purpose in the code or, as the case may be, the amendment or the revocation.

(3) Nothing in section 49(2) shall apply in respect of a code of practice, or any amendment or revocation of a code of practice, issued in accordance with this section.

53.- Effect of code

Where a code of practice issued under section 46 is in force,:

(a) the doing of any action that would otherwise be a breach of an information privacy principle shall, for the purposes of Part 8, be deemed not to be a breach of that principle if the action is done in compliance with the code:

(b) failure to comply with the code, even though that failure is not otherwise a breach of any information privacy principle, shall, for the purposes of Part 8, be deemed to be a breach of an information privacy principle.

Specific exemptions

54.- Commissioner may authorise collection, use, or disclosure of personal information

(1) The Commissioner may authorise an agency to collect, use, or disclose personal information, even though that collection, use, or disclosure would otherwise be in breach of principle 2 or principle 10 or principle 11, if the Commissioner is satisfied that, in the special circumstances of the case,:

(a) the public interest in that collection or, as the case requires, that use or that disclosure outweighs, to a substantial degree, any interference with the privacy of the individual that could result from that collection or, as the case requires, that use or that disclosure; or

(b) that collection or, as the case requires, that use or that disclosure involves a clear benefit to the individual concerned that outweighs any interference with the privacy of the individual that could result from that collection or, as the case requires, that use or that disclosure.

(2) The Commissioner may impose in respect of any authority granted under subsection (1) such conditions as the Commissioner thinks fit.

(3) The Commissioner shall not grant an authority under subsection (1) in respect of the collection, use, or disclosure of any personal information for any purpose if the individual concerned has refused to authorise the collection or, as the case requires, the use or disclosure of the information for that purpose.

55.- Certain personal information excluded

Nothing in principle 6 or principle 7 applies in respect of:

(a) personal information in the course of transmission by post, telegram, cable, telex, facsimile transmission, electronic mail, or other similar means of communication; or

(b) evidence given or submissions made to:
(i) a Royal Commission; or
(ii) a commission of inquiry appointed by Order in Council under the Commissions of Inquiry Act 1908; or
(iii) an inquiry to which section 6 of the Inquiries Act 2013 applies,
at any time before the report of the Royal Commission, commission of inquiry, or inquiry, as the case may be, has been published or, in the case of evidence given or submissions made in the course of a public hearing, at any time before the report has been presented to the Governor-General or appointing Minister, as the case may be; or

(c) evidence given or submissions made to a commission of inquiry or board of inquiry or court of inquiry or committee of inquiry appointed, pursuant to, and not by, any provision of an Act, to inquire into a specified matter; or

(d) information contained in any correspondence or communication that has taken place between the office of the Ombudsmen and any agency and that relates to any investigation conducted by an Ombudsman under theOmbudsmen Act 1975 or the Official Information Act 1982 or the Local Government Official Information and Meetings Act 1987, other than information that came into existence before the commencement of that investigation; or

(e) information contained in any correspondence or communication that has taken place between the office of the Commissioner and any agency and that relates to any investigation conducted by the Commissioner under this Act, other than information that came into existence before the commencement of that investigation.

56.- Personal information relating to domestic affairs

(1) Nothing in the information privacy principles applies in respect of—

(a) the collection of personal information by an agency that is an individual; or

(b) personal information that is held by an agency that is an individual,
where that personal information is collected or held by that individual solely or principally for the purposes of, or in connection with, that individual’s personal, family, or household affairs.

(2) The exemption in subsection (1) ceases to apply once the personal information concerned is collected, disclosed, or used, if that collection, disclosure, or use would be highly offensive to an ordinary reasonable person.

57.- Intelligence organisations

Nothing in principles 1 to 5 or principles 8 to 11 applies in relation to information collected, obtained, held, used, or disclosed by, or disclosed to, an intelligence organisation.

Part 7.- Public register personal information

58.- Interpretation

In this Part, unless the context otherwise requires,:

public register means:

(a) any register, roll, list, or other document maintained pursuant to a public register provision:

(b) a document specified in Part 2 of Schedule 2

public register privacy principle means any of the principles set out in section 59

public register provision means a provision specified in the second column of Part 1 of Schedule 2 as a public register provision of an enactment specified in the first column of that Part.

59.- Public register privacy principles

The public register privacy principles are as follows:
Public register privacy principles

Principle 1.- Search references
Personal information shall be made available from a public register only by search references that are consistent with the manner in which the register is indexed or organised.

Principle 2.- Use of information from public registers
Personal information obtained from a public register shall not be re-sorted, or combined with personal information obtained from any other public register, for the purpose of making available for valuable consideration personal information assembled in a form in which that personal information could not be obtained directly from the register.

Principle 3.- Electronic transmission of personal information from register
Personal information in a public register shall not be made available by means of electronic transmission, unless the purpose of the transmission is to make the information available to a member of the public who wishes to search the register.

Principle 4.- Charging for access to public register
Personal information shall be made available from a public register for no charge or for no more than a reasonable charge.

60.- Application of information privacy principles and public register privacy principles to public registers

(1) Subject to subsection (3), the agency responsible for administering any public register shall, in administering that register, comply, so far as is reasonably practicable, with the information privacy principles and the public register privacy principles.

(2) Every person shall, so far as is reasonably practicable, comply with principle 2 of the public register privacy principles.

(3) Where any information privacy principle or any public register privacy principle is inconsistent with any provision of any enactment, then, for the purposes of this Part, that enactment shall, to the extent of the inconsistency, prevail.

61.- Complaints relating to compliance with principles

(1) The Commissioner may, on complaint made to the Commissioner by any person or on the Commissioner’s own initiative, inquire into any public register provision if it appears to the Commissioner that the provision is inconsistent with any of the information privacy principles or any of the public register privacy principles.

(2) On completing any inquiry conducted pursuant to subsection (1), the Commissioner shall report the Commissioner’s findings to the Minister responsible for the administration of the enactment that was the subject of the inquiry, and any such report may include recommendations on the need for, or desirability of, taking any legislative, administrative, or other action to ensure adherence or greater adherence to the information privacy principles or the public register privacy principles, or both.

(3) The Commissioner may, on complaint made to the Commissioner by any person or on the Commissioner’s own initiative, investigate—

(a) the actions of any agency that is responsible for administering any public register if it appears that the agency is not, in the administration of that register, complying with the information privacy principles, or the public register privacy principles, or both:

(b) the actions of any person if it appears that the person is not complying with principle 2 of the public register privacy principles.

(4) On completing any inquiry conducted pursuant to subsection (3), the Commissioner shall report the Commissioner’s findings to the chief administrative officer of the agency whose actions were the subject of the inquiry (or the person whose actions were the subject of the inquiry, in the case of an inquiry to which paragraph (b) of that subsection applies), and any such report may include recommendations on the need for, or desirability of, taking any administrative or other action to ensure adherence or greater adherence to the information privacy principles or the public register privacy principles, or both.

(5) Sections 68, 70, 71, 73, 75, 80, and Part 9 shall apply, so far as applicable and with all necessary modifications, in relation to the making of a complaint pursuant to this section and to any inquiry conducted by the Commissioner pursuant to this section.

62.- Enforceability of principles

The public register privacy principles do not confer on any person any legal right that is enforceable in a court of law.

63.- Codes of practice in relation to public registers

(1) The Commissioner may from time to time issue, in relation to any public register, a code of practice.

(2) A code of practice issued under this section may:

(a) modify the application, in relation to a public register, of any 1 or more of the public register privacy principles, or any 1 or more of the information privacy principles, or both, by:
(i) prescribing standards that are more stringent or less stringent than the standards that are prescribed by any such principle:
(ii) exempting any action from any such principle, either unconditionally or subject to such conditions as are prescribed in the code:

(b) prescribe how any 1 or more of the public register privacy principles, or any 1 or more of the information privacy principles, or both, are to be applied, or are to be complied with:

(3) A code of practice issued under this section may also contain provisions:

(a) providing for the review of the code by the Commissioner:

(b) providing for the expiry of the code.

(4) To the extent that any code of practice issued under this section is inconsistent with any provision of any enactment, the code shall, to the extent of the inconsistency, be of no effect.

(5) Sections 47 to 52, so far as they are applicable and with all necessary modifications, shall apply with respect to the issue of any code of practice under this section and with respect to any code so issued.

64.- Effect of code

Where a code of practice issued under section 63 is in force,:

(a) the doing of any action that would otherwise be a breach of a public register privacy principle or an information privacy principle shall, for the purposes of this Part, be deemed not to be a breach of that principle if the action is done in compliance with the code:

(b) failure to comply with the code, even though that failure is not otherwise a breach of any public register privacy principle, shall, for the purposes of this Part, be deemed to be a breach of a public register privacy principle.

65.- Power to amend Schedule 2 by Order in Council

(1) The Governor-General may from time to time, by Order in Council made on the advice of the responsible Minister given after consultation with the Commissioner, amend Schedule 2 by adding any item.

(2) An Order in Council made under this section may add an item to Part 2 of Schedule 2 only if the item relates to a document that contains personal information and that is held by a public sector agency.

Part 8.- Complaints

Interpretation

66.- Interference with privacy

(1) For the purposes of this Part, an action is an interference with the privacy of an individual if, and only if:

(a) in relation to that individual,:
(i) the action breaches an information privacy principle; or
(ii) the action breaches a code of practice issued under section 63 (which relates to public registers); or
(iia) the action breaches an information privacy principle or a code of practice as modified by an Order in Council made under section 96J; or
(iib) the provisions of an information sharing agreement approved by an Order in Council made under section 96J have not been complied with; or
(iii) the provisions of Part 10 (which relates to information matching) have not been complied with; and

(b) in the opinion of the Commissioner or, as the case may be, the Tribunal, the action:
(i) has caused, or may cause, loss, detriment, damage, or injury to that individual; or
(ii) has adversely affected, or may adversely affect, the rights, benefits, privileges, obligations, or interests of that individual; or
(iii) has resulted in, or may result in, significant humiliation, significant loss of dignity, or significant injury to the feelings of that individual.

(2) Without limiting subsection (1), an action is an interference with the privacy of an individual if, in relation to an information privacy request made by the individual,:

(a) the action consists of a decision made under Part 4 or Part 5 in relation to the request, including:
(i) a refusal to make information available in response to the request; or
(ii) a decision by which an agency decides, in accordance with section 42 or section 43, in what manner or, in accordance with section 40, for what charge the request is to be granted; or
(iii) a decision by which an agency imposes conditions on the use, communication, or publication of information made available pursuant to the request; or
(iv) a decision by which an agency gives a notice under section 32; or
(v) a decision by which an agency extends any time limit under section 41; or
(vi) a refusal to correct personal information; and

(b) the Commissioner or, as the case may be, the Tribunal is of the opinion that there is no proper basis for that decision.

(3) If, in relation to any information privacy request, any agency fails within the time limit fixed by section 40(1) (or, where that time limit has been extended under this Act, within that time limit as so extended) to comply with paragraph (a) or paragraph (b) of section 40(1), that failure shall be deemed, for the purposes of subsection (2)(a)(i) of this section, to be a refusal to make available the information to which the request relates.

(4) Undue delay in making information available in response to an information privacy request for that information shall be deemed, for the purposes of subsection (2)(a)(i), to be a refusal to make that information available.

Complaints

67.- Complaints

(1) Any person may make a complaint to the Commissioner alleging that any action is or appears to be an interference with the privacy of an individual.

(2) A complaint under this Part may be lodged with the Commissioner or an Ombudsman.

(3) On receiving a complaint under this Part, an Ombudsman shall forward the complaint to the Commissioner as soon as practicable.

68.- Mode of complaint

(1) A complaint to the Commissioner may be made either orally or in writing.

(2) A complaint made orally shall be put in writing as soon as practicable.

(3) The Commissioner shall give such reasonable assistance as is necessary in the circumstances to enable an individual, who wishes to make a complaint to the Commissioner, to put the complaint in writing.

Investigations by Commissioner

69.- Investigation of interference with privacy of individual

(1) The functions of the Commissioner under this Part shall be—

(a) to investigate any action that is or appears to be an interference with the privacy of an individual:

(b) to act as conciliator in relation to any such action:

(2) The Commissioner may commence an investigation under subsection (1)(a) either on complaint made to the Commissioner or on the Commissioner’s own initiative.

70.- Action on receipt of complaint

(1) On receiving a complaint under this Part, the Commissioner may:

(a) investigate the complaint; or

(b) decide, in accordance with section 71, to take no action on the complaint.

(2) The Commissioner shall, as soon as practicable, advise the complainant and the person to whom the complaint relates of the procedure that the Commissioner proposes to adopt under subsection (1).

71.- Commissioner may decide to take no action on complaint

(1) The Commissioner may in his or her discretion decide to take no action or, as the case may require, no further action, on any complaint if, in the Commissioner’s opinion,:

(a) the length of time that has elapsed between the date when the subject matter of the complaint arose and the date when the complaint was made is such that an investigation of the complaint is no longer practicable or desirable; or

(b) the subject matter of the complaint is trivial; or

(d) the individual alleged to be aggrieved does not desire that action be taken or, as the case may be, continued; or

(e) the complainant does not have a sufficient personal interest in the subject matter of the complaint; or

(f) where:
(i) the complaint relates to a matter in respect of which a code of practice issued under section 46 is in force; and
(ii) the code of practice makes provision for a complaints procedure,
the complainant has failed to pursue, or to pursue fully, an avenue of redress available under that complaints procedure that it would be reasonable for the complainant to pursue; or

(g) there is in all the circumstances an adequate remedy or right of appeal, other than the right to petition the House of Representatives or to make a complaint to an Ombudsman, that it would be reasonable for the individual alleged to be aggrieved to exercise.

(2) Notwithstanding anything in subsection (1), the Commissioner may in his or her discretion decide not to take any further action on a complaint if, in the course of the investigation of the complaint, it appears to the Commissioner that, having regard to all the circumstances of the case, any further action is unnecessary or inappropriate.

(3) In any case where the Commissioner decides to take no action, or no further action, on a complaint, the Commissioner shall inform the complainant of that decision and the reasons for it.

72.- Referral of complaint to Ombudsman

(1) Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly within the jurisdiction of an Ombudsman under the Ombudsmen Act 1975 or theOfficial Information Act 1982 or the Local Government Official Information and Meetings Act 1987, the Commissioner shall forthwith consult with the Chief Ombudsman in order to determine the appropriate means of dealing with the complaint.

(2) As soon as practicable after consulting with the Chief Ombudsman under subsection (1), the Commissioner shall determine whether the complaint should be dealt with, in whole or in part, under this Act.

(3) If the Commissioner determines that the complaint should be dealt with, in whole or in part, under the Ombudsmen Act 1975 or the Official Information Act 1982 or the Local Government Official Information and Meetings Act 1987, the Commissioner shall forthwith refer the complaint or, as the case requires, the appropriate part of the complaint to the Chief Ombudsman to be dealt with accordingly, and shall notify the complainant of the action that has been taken.

72A.- Referral of complaint to Health and Disability Commissioner

(1) Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly within the jurisdiction of the Health and Disability Commissioner under theHealth and Disability Commissioner Act 1994, the Commissioner shall forthwith consult with the Health and Disability Commissioner in order to determine the appropriate means of dealing with the complaint.

(2) As soon as practicable after consulting with the Health and Disability Commissioner under subsection (1), the Commissioner shall determine whether or not the complaint should be dealt with, in whole or in part, under this Act.

(3) If the Commissioner determines that the complaint should be dealt with, in whole or in part, under the Health and Disability Commissioner Act 1994, the Commissioner shall forthwith refer the complaint or, as the case requires, the appropriate part of the complaint to the Health and Disability Commissioner to be dealt with accordingly, and shall notify the complainant of the action that has been taken.

72B.- Referral of complaint to Inspector-General of Intelligence and Security

(1) Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly within the jurisdiction of the Inspector-General of Intelligence and Security under the Inspector-General of Intelligence and Security Act 1996, the Commissioner shall forthwith consult with the Inspector-General of Intelligence and Security in order to determine the appropriate means of dealing with the complaint.

(2) As soon as practicable after consulting with the Inspector-General of Intelligence and Security under subsection (1), the Commissioner shall determine whether or not the complaint should be dealt with, in whole or in part, under this Act.

(3) If the Commissioner determines that the complaint should be dealt with, in whole or in part, under the Inspector-General of Intelligence and Security Act 1996, the Commissioner shall forthwith refer the complaint or, as the case requires, the appropriate part of the complaint to the Inspector-General of Intelligence and Security to be dealt with accordingly, and shall notify the complainant of the action that has been taken.

72C.- Referral of complaint to overseas privacy enforcement authority

(1) Where, on receiving a complaint under this Part, the Commissioner considers that the complaint relates, in whole or in part, to a matter that is more properly within the jurisdiction of an overseas privacy enforcement authority, the Commissioner may consult with that authority in order to determine the appropriate means of dealing with the complaint.

(2) As soon as practicable after consulting with the overseas privacy enforcement authority under subsection (1), the Commissioner must determine whether the complaint should be dealt with, in whole or in part, under this Act.

(3) If the Commissioner determines that the complaint should be dealt with, in whole or in part, by the overseas privacy enforcement authority, and both the authority and the complainant agree, the Commissioner may refer the complaint or, as the case requires, the appropriate part of the complaint, to the authority to be dealt with.

(4) In this section, overseas privacy enforcement authority or authority means any overseas public body that is responsible for enforcing legislation that protects personal information, and that has the power to conduct investigations and pursue enforcement proceedings.

Proceedings of Commissioner

73.- Proceedings of Commissioner

Before proceeding to investigate any matter under this Part, the Commissioner:

(a) shall inform the complainant (if any), the person to whom the investigation relates, and any individual alleged to be aggrieved (if not the complainant), of the Commissioner’s intention to make the investigation; and

(b) shall inform the person to whom the investigation relates of—
(i) the details of the complaint (if any) or, as the case may be, the subject matter of the investigation; and
(ii) the right of that person to submit to the Commissioner, within a reasonable time, a written response in relation to the complaint or, as the case may be, the subject matter of the investigation.

74.- Settlement of complaints

Where it appears from a complaint, or any written response made in relation to a complaint under section 73(b)(ii), that it may be possible to secure a settlement between any of the parties concerned and, if appropriate, a satisfactory assurance against the repetition of any action that is the subject matter of the complaint or the doing of further actions of a similar kind by the person concerned, the Commissioner may, without investigating the complaint or, as the case may be, investigating the complaint further, use his or her best endeavours to secure such a settlement and assurance.

75.- Parties to be informed of result of investigation

Where any investigation is made following a complaint, the Commissioner shall conduct the investigation with due expedition and shall inform the parties concerned, as soon as reasonably practicable after the conclusion of the investigation and in such manner as the Commissioner thinks proper, of the result of the investigation and of what further action (if any) the Commissioner proposes to take in respect of that complaint.

76.- Compulsory conferences

(1) The Commissioner may call a conference of the parties to a complaint by:

(a) posting to each of them a notice requesting their attendance at a time and place specified; or

(b) such other means as is agreed to by the parties concerned.

(2) The objectives of the conference shall be:

(a) to identify the matters in issue between the parties; and

(b) to try to obtain agreement between the parties on the resolution of those matters.

(3) Where a person fails to comply with a request under subsection (1) to attend a conference, the Commissioner may issue a summons requiring the person to attend a conference at a time and place to be specified in the summons.

(4) Section 159 of the Criminal Procedure Act 2011 applies to a summons under this section as if it were a witness summons issued under that section.

77.- Procedure after investigation

(1) Where the Commissioner, after making any investigation under this Part, is of the opinion,:

(a) in the case of a complaint, that the complaint has substance, the Commissioner shall use his or her best endeavours to secure a settlement between any parties concerned and, if the Commissioner considers it appropriate, a satisfactory assurance against the repetition of any action that was the subject matter of the investigation or the doing of further actions of a similar kind by the person concerned; or

(b) in any other case, that the matter ought to be proceeded with, the Commissioner shall use his or her best endeavours to secure such an assurance as is referred to in paragraph (a).

(2) If,:

(a) in the circumstances referred to in section 74, the Commissioner is unable to secure such a settlement and assurance as is referred to in that section; or

(b) in the circumstances referred to in paragraph (a) or paragraph (b) of subsection (1), the Commissioner is unable to secure such a settlement and assurance or, as the case may be, such an assurance as is referred to in either of those paragraphs; or

(c) in any case to which section 74 or subsection (1) applies, it appears that the action that was the subject matter of the complaint or, as the case may be, the investigation was done in contravention of such an assurance as is referred to in that section or that subsection, given on a previous occasion, or that any term of such a settlement as is referred to in that section or that subsection, reached on a previous occasion, has not been complied with,
the Commissioner may refer the matter to the Director of Human Rights Proceedings for the purpose of deciding whether proceedings under section 82 should be instituted against the person against whom the complaint was made or in respect of whom the investigation was conducted.

(3) Where a matter is referred to the Director of Human Rights Proceedings under subsection (2), it shall, subject tosection 82(3), be for the Director of Human Rights Proceedings to determine, in his or her discretion, both whether a matter justifies the institution of proceedings under section 82 and whether proceedings should be instituted under section 82 in respect of that matter.

78.- Procedure in relation to charging

(1) Notwithstanding anything in section 77, where the Commissioner, after making any investigation under this Part, is of the opinion that a charge fixed in respect of an information privacy request is unreasonable, the Commissioner shall determine the amount of the charge (if any) that may reasonably be imposed in respect of that request.

(2) A determination of the Commissioner under subsection (1) shall be final and binding on the person who made the request and on the agency concerned, and, notwithstanding anything in section 82 or section 83, no proceedings may be brought before the Tribunal under either of those sections in respect of any action of any agency in so far as that action is the subject of a determination made by the Commissioner under subsection (1).

79.- Breaches of certain principles occurring before 1 July 1996

(1) This section applies to any interference with the privacy of an individual involving a breach of any of principles 1, 2, 3, 4, 8, 9, 10, and 11, in any case where the action that constitutes the breach occurs before 1 July 1996.

(2) Notwithstanding anything in this Part, but subject to subsection (3), where:

(a) any complaint is made under this Part; or

(b) any investigation is commenced under this Part,
then, in so far as the complaint or investigation relates to an interference with the privacy of an individual (being an interference to which this section applies), the following provisions shall apply:

(c) nothing in section 77(2) or section 77(3) or sections 82 to 89 shall apply in relation to the complaint or the investigation:

(d) the Commissioner may make such recommendations as the Commissioner thinks fit to the agency against which the complaint was made or, as the case requires, in respect of which the investigation was conducted, including (without limitation) a recommendation that the agency develop a code of practice in relation to all or any of its activities:

(e) where the Commissioner makes a recommendation to an agency pursuant to paragraph (d), the Commissioner may request the agency to notify the Commissioner, within a specified time, of the steps (if any) that the agency proposes to take to give effect to the Commissioner’s recommendation.

(3) Nothing in this section applies in relation to any interference with the privacy of an individual involving a breach of any information privacy principle, where the action that breaches the principle constitutes a failure to comply with a code of practice issued under section 46.

80.- Commissioner to report breach of duty or misconduct

If, during or after any investigation, the Commissioner is of the opinion that there is evidence of any significant breach of duty or misconduct on the part of any agency or any officer or employee or member of an agency, the Commissioner shall refer the matter to the appropriate authority.

Special procedure relating to intelligence organisations

81.- Special procedure relating to intelligence organisations

(1) The provisions of this section shall apply in every case where, after making any investigation under this Part in respect of any action of an intelligence organisation, the Commissioner is of the opinion that the action that was the subject matter of the investigation is an interference with the privacy of an individual.

(2) If, in any case to which this section applies, the Commissioner is of the opinion that any steps should be taken by the intelligence organisation in relation to the subject matter of the investigation, the Commissioner shall report his or her opinion, and the reasons for that opinion, to the intelligence organisation, and may make such recommendations as the Commissioner thinks fit.

(3) Where the Commissioner makes a report to an intelligence organisation pursuant to subsection (2), the Commissioner may request the organisation to notify the Commissioner, within a specified time, of the steps (if any) that the organisation proposes to take to give effect to the Commissioner’s recommendations.

(4) If, within a reasonable time after the report is made, no action is taken that seems to the Commissioner to be adequate and appropriate, the Commissioner, in the Commissioner’s discretion, after considering the comments (if any) made by or on behalf of the organisation concerned, may send a copy of the report and recommendations to the Prime Minister.

(5) As soon as practicable after receiving a report under subsection (4), the Prime Minister may lay a copy of all or any part of the report before the House of Representatives.

(6) Nothing in section 76 or section 77 or sections 82 to 89 shall apply in relation to any complaint made under this Part in relation to any action of an intelligence organisation, or in relation to any investigation under this Part into any such action.

Proceedings before Human Rights Review Tribunal

82.- Proceedings before Human Rights Review Tribunal

(1) This section applies to any person:

(a) in respect of whom an investigation has been conducted under this Part in relation to any action alleged to be an interference with the privacy of an individual; or

(b) in respect of whom a complaint has been made in relation to any such action, where conciliation undersection 74 has not resulted in a settlement.

(2) Subject to subsection (3), civil proceedings before the Human Rights Review Tribunal shall lie at the suit of theDirector of Human Rights Proceedings against any person to whom this section applies in respect of any action of that person that is an interference with the privacy of an individual.

(3) The Director of Human Rights Proceedings shall not take proceedings under subsection (2) against any person to whom this section applies unless the Director of Human Rights Proceedings has given that person an opportunity to be heard.

(4) The Director of Human Rights Proceedings may, under subsection (2), bring proceedings on behalf of a class of individuals, and may seek on behalf of individuals who belong to the class any of the remedies described in section 85, where the Director of Human Rights Proceedings considers that a person to whom this section applies is carrying on a practice which affects that class and which is an interference with the privacy of an individual.

(5) Where proceedings are commenced by the Director of Human Rights Proceedings under subsection (2), the aggrieved individual (if any) shall not be an original party to, or, unless the Tribunal otherwise orders, join or be joined in, any such proceedings.

83.- Aggrieved individual may bring proceedings before Human Rights Review Tribunal

Notwithstanding section 82(2), the aggrieved individual (if any) may himself or herself bring proceedings before theHuman Rights Review Tribunal against a person to whom section 82 applies if the aggrieved individual wishes to do so, and:

(a) the Commissioner or the Director of Human Rights Proceedings is of the opinion that the complaint does not have substance or that the matter ought not to be proceeded with; or

(b) in a case where the Director of Human Rights Proceedings would be entitled to bring proceedings, the Director of Human Rights Proceedings:
(i) agrees to the aggrieved individual bringing proceedings; or
(ii) declines to take proceedings.

84.- Remedies that may be sought

In any proceedings before the Human Rights Review Tribunal, the Director of Human Rights Proceedings or the aggrieved individual (as the case may be) may seek such of the remedies described in section 85 as he or she thinks fit.

85.- Powers of Human Rights Review Tribunal

(1) If, in any proceedings under section 82 or section 83, the Tribunal is satisfied on the balance of probabilities that any action of the defendant is an interference with the privacy of an individual, it may grant 1 or more of the following remedies:

(a) a declaration that the action of the defendant is an interference with the privacy of an individual:

(b) an order restraining the defendant from continuing or repeating the interference, or from engaging in, or causing or permitting others to engage in, conduct of the same kind as that constituting the interference, or conduct of any similar kind specified in the order:

(d) an order that the defendant perform any acts specified in the order with a view to remedying the interference, or redressing any loss or damage suffered by the aggrieved individual as a result of the interference, or both:

(e) such other relief as the Tribunal thinks fit.

(2) In any proceedings under section 82 or section 83, the Tribunal may award such costs against the defendant as the Tribunal thinks fit, whether or not the Tribunal makes any other order, or may award costs against the plaintiff, or may decline to award costs against either party.

(3) Where the Director of Human Rights Proceedings is the plaintiff, any costs awarded against him or her shall be paid by the Privacy Commissioner, and the Privacy Commissioner shall not be entitled to be indemnified by the aggrieved individual (if any).

(4) It shall not be a defence to proceedings under section 82 or section 83 that the interference was unintentional or without negligence on the part of the defendant, but the Tribunal shall take the conduct of the defendant into account in deciding what, if any, remedy to grant.

86.- Right of Director of Human Rights Proceedings to appear in proceedings

(1) Whether or not the Director of Human Rights Proceedings is or was a party to the proceedings before the Human Rights Review Tribunal, the Director may appear and be heard, in person or by counsel,:

(a) in any proceedings under this Part before the Human Rights Review Tribunal; and

(b) in relation to any proceedings that are or have been before the Human Rights Review Tribunal under this Part, in any proceedings in the District Court, the High Court, the Court of Appeal, or the Supreme Court.

(2) Where, pursuant to subsection (1), the Director of Human Rights Proceedings appears in any proceedings of a kind described in that subsection, he or she shall, unless those proceedings are by way of appeal, have the right:

(a) to call evidence on any matter (including evidence in rebuttal) that should be taken into account in the proceedings:

(b) to examine, cross-examine, and re-examine witnesses,
but shall have no greater rights than parties to the proceedings in respect of the calling of evidence or evidence in rebuttal, or in respect of the examination, cross-examination, and re-examination of witnesses.

(3) Where, pursuant to subsection (1), the Director of Human Rights Proceedings, not being a party to any proceedings before the Tribunal, appears in those proceedings or in any proceedings in any court in relation to those proceedings, the Tribunal or the court, as the case may be, may make such order as it thinks fit:

(a) as to the payment by any party to the proceedings before the Tribunal or the court of the costs incurred by theDirector of Human Rights Proceedings in so doing; or

(b) as to the payment by the Director of Human Rights Proceedings of any costs incurred by any of the parties to the proceedings before the Tribunal or the court by reason of the appearance of the Director of Human Rights Proceedings.

(4) Costs ordered to be paid by the Director of Human Rights Proceedings shall be paid by the Privacy Commissioner.

(5) The Privacy Commissioner may appear and be heard in any proceedings in which the Director of Human Rights Proceedings would be entitled to appear and be heard under this section but declines to do so, and, where the Privacy Commissioner so appears, the provisions of this section shall apply accordingly with all necessary modifications.

(6) Nothing in this section limits or affects:

(a) section 85(2); or

(b) any power of a court to award costs in any proceedings to which the Director of Human Rights Proceedings is a party.

87.- Proof of exceptions

Where, by any provision of the information privacy principles or of this Act or of a code of practice issued undersection 46 or section 63, conduct is excepted from conduct that is an interference with the privacy of an individual, the onus of proving the exception in any proceedings under this Part lies upon the defendant.

88.- Damages

(1) In any proceedings under section 82 or section 83, the Tribunal may award damages against the defendant for an interference with the privacy of an individual in respect of any 1 or more of the following:

(a) pecuniary loss suffered as a result of, and expenses reasonably incurred by the aggrieved individual for the purpose of, the transaction or activity out of which the interference arose:

(b) loss of any benefit, whether or not of a monetary kind, which the aggrieved individual might reasonably have been expected to obtain but for the interference:

(1A) Subsection (1) applies subject to subpart 1 of Part 2 of the Prisoners’ and Victims’ Claims Act 2005.

(2) Damages recovered by the Director of Human Rights Proceedings under this section shall be paid to the aggrieved individual on whose behalf the proceedings were brought or, if that individual is a minor who is not married or in a civil union or lacks the capacity to manage his or her own financial affairs, in the discretion of the Director of Human Rights Proceedings to Public Trust.

(3) Where money is paid to Public Trust under subsection (2),:

(a) sections 103 to 110 of the Contract and Commercial Law Act 2017 shall apply in the case of a minor who is not married or in a civil union; and

(b) Part 9A of the Protection of Personal and Property Rights Act 1988 shall apply in the case of an individual wholacks the capacity to manage his or her own financial affairs.

89.- Certain provisions of Human Rights Act 1993 to apply

Sections 92Q to 92W and Part 4 of the Human Rights Act 1993 shall apply, with such modifications as are necessary, in respect of proceedings under section 82 or section 83 of this Act as if they were proceedings under section 92B, orsection 92E, or section 92H of that Act.

Part 9.- Proceedings of Commissioner

90.- Procedure

(1) Every investigation under Part 8 by the Commissioner shall be conducted in private.

(2) Subject to section 120,:

(a) the Commissioner may hear or obtain information from such persons as the Commissioner thinks fit:

(b) the Commissioner may make such inquiries as the Commissioner thinks fit:

(d) subject to section 73(b), no person shall be entitled as of right to be heard by the Commissioner.

(3) Subject to the provisions of this Act, the Commissioner may regulate his or her procedure in such manner as he or she thinks fit.

91.- Evidence

(1) The Commissioner may summon before him or her and examine on oath any person who in the Commissioner’s opinion is able to give information relevant to an investigation being conducted by the Commissioner under Part 8, or an inquiry being carried out by the Commissioner under section 13(1)(m).

(2) The Commissioner may administer an oath to any person summoned pursuant to subsection (1).

(3) Every examination by the Commissioner under subsection (1) shall be deemed to be a judicial proceeding within the meaning of section 108 of the Crimes Act 1961 (which relates to perjury).

(4) The Commissioner may from time to time, by notice in writing, require any person who in the Commissioner’s opinion is able to give information relevant to an investigation being conducted by the Commissioner under Part 8, or an inquiry being carried out by the Commissioner under section 13(1)(m), to furnish such information, and to produce such documents or things in the possession or under the control of that person, as in the opinion of the Commissioner are relevant to the subject matter of the investigation or inquiry.

(5) Where the attendance of any person is required by the Commissioner under this section, the person shall be entitled to the same fees, allowances, and expenses as if the person were a witness in a court and, for the purpose,:

(a) the provisions of any regulations in that behalf under the Criminal Procedure Act 2011 shall apply accordingly; and

(b) the Commissioner shall have the powers of a court under any such regulations to fix or disallow, in whole or in part, or to increase, any amounts payable under the regulations.

92.- Compliance with requirements of Commissioner

(1) This section applies in every case where, during the course of an investigation under Part 8 of any decision of any agency in relation to an information privacy request, the Commissioner, pursuant to any power conferred on the Commissioner by section 91, requires that agency to furnish or produce to the Commissioner any information or document or thing which relates to that investigation.

(2) In any case to which this section applies, the agency to which the requirement is made shall, subject to section 93, as soon as reasonably practicable, and in no case later than 20 working days after the day on which the requirement is received by the agency, comply with the requirement.

(3) If any agency (being a department or a Minister or an organisation) fails, within the time limit fixed by subsection (2) (or, where that time limit has been extended under section 93, within that time limit as so extended), to comply with any requirement to which subsection (1) applies, the Commissioner may report such failure to the Prime Minister.

93.- Extension of time limit

(1) Where any requirement to which section 92 applies is made to any agency, the agency may extend the time limit set out in subsection (2) of that section in respect of that requirement if:

(a) the requirement relates to, or necessitates a search through, a large quantity of information or a large number of documents or things, and meeting the original time limit would unreasonably interfere with the operations of the agency; or

(b) consultations necessary before the requirement can be complied with are such that the requirement cannot reasonably be complied with within the original time limit; or

(c) the complexity of the issues raised by the requirement are such that the requirement cannot reasonably be complied with within the original time limit.

(2) Any extension under subsection (1) shall be for a reasonable period of time having regard to the circumstances.

(3) The extension shall be effected by giving or posting notice of the extension to the Commissioner within 20 working days after the day on which the requirement is received.

(4) The notice effecting the extension shall:

(a) specify the period of the extension; and

(b) give the reasons for the extension; and

94.- Protection and privileges of witnesses, etc

(1) Except as provided in section 119, every person shall have the same privileges in relation to the giving of information to, the answering of questions put by, and the production of documents and things to, the Commissioner or any employee of the Commissioner as witnesses have in any court.

(1A) Nothing in subsection (1) prevents the Commissioner or any employee of the Commissioner from:

(a) requiring, under section 91, the furnishing of any information or the production of any document or thing which is the subject of a complaint under Part 8 and in respect of which privilege is claimed by any person; and

(b) considering the information or inspecting any such document or thing
for the purpose of determining whether the information, document, or thing would be properly withheld, but not so as to give the Commissioner or employee any information, or enable the Commissioner or employee to make any use of the information, document, or thing, that he or she would not, apart from this subsection, be entitled to.

(1B) On the production of any information, document, or thing pursuant to subsection (1A), the Commissioner or any employee of the Commissioner:

(a) must not, without the consent of the producer of the information, document, or thing, and of any person who is the subject of the information, document, or thing, release the information, document, or thing, or any information derived from the document or thing, to any person other tan:

(i) the producer of the information, document, or thing; or

(ii) any barrister or solicitor engaged by the Commissioner for the purpose of providing legal advice as to whether the information, document, or thing would be properly withheld by that producer under subsection (1); or

(iii) where the Commissioner gives his or her opinion on the claim of privilege to the Director of Human Rights Proceedings under paragraph (b), to the Director of Human Rights Proceedings:

(b) may give his or her opinion only to the parties to the complaint or to the Director of Human Rights Proceedingsor to the Human Rights Review Tribunal as to whether or not the claim of privilege is valid:
provided that nothing in this paragraph prevents the Commissioner or any employee of the Commissioner from releasing, either generally or to any particular person, the opinion in a form that does not identify either the producer of the information, document, or thing or any person who is the subject of the information, document, or thing:

(c) must not take into account the information or any information in the document or thing in forming any opinion concerning the release of any other information.

(2) No person shall be liable to prosecution for an offence against any enactment, other than section 127, by reason of that person’s compliance with any requirement of the Commissioner or any employee of the Commissioner under section 91.

95.- Disclosures of information, etc

(1) Subject to subsection (2) and to section 94, any person who is bound by the provisions of any enactment to maintain secrecy in relation to, or not to disclose, any matter may be required to supply any information to, or answer any question put by, the Commissioner in relation to that matter, or to produce to the Commissioner any document or thing relating to it, notwithstanding that compliance with that requirement would otherwise be in breach of the obligation of secrecy or non-disclosure.

(2) Compliance with a requirement of the Commissioner (being a requirement made pursuant to subsection (1)) is not a breach of the relevant obligation of secrecy or non-disclosure or of the enactment by which that obligation is imposed.

(3) Where:

(a) the Prime Minister certifies that the giving of any information, or the production of any document or thing, might prejudice—
(i) the security or defence of New Zealand, or the international relations of the Government of New Zealand; or
(ii) any interest protected by section 7 of the Official Information Act 1982 (which relates to the Cook Islands, Niue, Tokelau, and the Ross Dependency); or

(b) the Attorney-General certifies that the giving of any information, or the production of any document or thing,:
(i) might prejudice the prevention, investigation, or detection of offences; or
(ii) might involve the disclosure of proceedings of Cabinet, or any committee of Cabinet, relating to matters of a secret or confidential nature, and such disclosure would be injurious to the public interest,
neither the Commissioner nor any employee of the Commissioner shall require the information to be given or, as the case may be, the document or thing to be produced.

96.- Proceedings privileged

(1) This section applies to:

(a) the Commissioner; and

(b) every person engaged or employed in connection with the work of the Commissioner.

(2) Subject to subsection (3),:

(a) [Repealed]

(b) no person to whom this section applies shall be required to give evidence in any court, or in any proceedings of a judicial nature, in respect of anything coming to his or her knowledge in the exercise of his or her functions.

(3) Nothing in subsection (2) applies in respect of proceedings for:

(a) an offence against section 78 or section 78A(1) or section 105 or section 105A or section 105B of the Crimes Act 1961; or

(b) the offence of conspiring to commit an offence against section 78 or section 78A(1) or section 105 orsection 105A or section 105B of the Crimes Act 1961.

(4) Anything said or any information supplied or any document or thing produced by any person in the course of any inquiry by or proceedings before the Commissioner under this Act shall be privileged in the same manner as if the inquiry or proceedings were proceedings in a court.

(5) For the purposes of clause 3 of Part 2 of Schedule 1 of the Defamation Act 1992, any report made under this Act by the Commissioner shall be deemed to be an official report made by a person holding an inquiry under the authority of the Parliament of New Zealand.

Part 9.- AInformation sharing

Subpart 1.- Preliminary matters

96A.- Purpose of Part

(1) The purpose of this Part is to enable the sharing of personal information to facilitate the provision of public services.

(2) To achieve that purpose, this Part:

(a) provides a mechanism for the approval of information sharing agreements for the sharing of information between or within agencies; and

(b) authorises exemptions from or modifications to:
(i) any of the information privacy principles (except principles 6 and 7, which relate respectively to the right to have access to, and correct, personal information):
(ii) any code of practice (except any code of practice that modifies principles 6 and 7); and

(c) reduces any uncertainty about whether personal information can be lawfully shared for the provision of the public services, and in the circumstances, described in approved information sharing agreements.

96B.- Relationship between Part 9A and other law relating to information disclosure

(1) To avoid doubt, nothing in this Part:

(a) limits the collection, use, or disclosure of personal information that is authorised or required by or under any enactment; and

(b) compels agencies to enter into an information sharing agreement if those agencies are already allowed to share personal information—
(i) by or under any other enactment:
(ii) in circumstances where an exemption from or a modification to any 1 or more of the information privacy principles or any code of practice is not required to make the sharing of the information lawful.

(2) Without limiting subsection (1)(a),:

(a) this Part does not limit section 7, 54 or 57; and

(b) this Part does not limit Part 10, 10A, or 11.

(3) An information sharing agreement may:

(a) duplicate an information sharing provision by providing for an agency to share the same personal information as specified in the information sharing provisión:
(i) with the same agencies specified in the information sharing provision; and
(ii) for the same purposes specified in the information sharing provision; or

(b) extend an information sharing provision that is not a restricted information sharing provision by providing for an agency to share the same personal information as specified in the information sharing provisión:
(i) with the same agencies specified in the information sharing provision for a purpose not specified in the information sharing provision; or
(ii) with an agency not specified in the information sharing provision for a purpose specified in the information sharing provision; or
(iii) with an agency not specified in the information sharing provision and for a purpose not specified in the information sharing provision; or

(c) duplicate a restricted information sharing provision by providing for an agency to share the same personal information as specified in the restricted information sharing provisión:
(i) with the same agencies specified in the restricted information sharing provision; and
(ii) for the same purposes specified in the restricted information sharing provision; or

(d) extend in any manner specified in paragraph (b) a restricted information sharing provision only if:
(i) the restricted information sharing provision is an information matching provision (as defined in section 97); or
(ii) there is express statutory authorisation to do so.

(4) In subsection (3),:

information sharing provision means a provision in any enactment other than this Act that authorises or requires the sharing of personal information by an agency with 1 or more other agencies for 1 or more specified purposes

restricted information sharing provision means an information sharing provision that expressly restricts the purposes for which the personal information may be shared to those purposes specified.

96C.- Interpretation

In this Part, unless the context otherwise requires,:

adverse action has the meaning given to it by section 97 and includes a decision to impose a penalty or a fine or to recover a penalty or a fine

approved information sharing agreement means an information sharing agreement approved by an Order in Council that is for the time being in force

code of practice means a code of practice issued under section 46

department has the meaning given to it by section 2(1) and also includes:

(a) the New Zealand Police:

(b) the New Zealand Transport Agency

information sharing agreement or agreement means an agreement between or within agencies that enables the sharing of personal information (whether or not the sharing also includes information that is not personal information) to facilitate the provision of a public service

lead agency means a department that enters into an information sharing agreement and is designated as the lead agency in:

(a) the agreement; and

(b) the Order in Council approving the agreement

local authority means a local authority or public body named or specified in Schedule 1 of the Local Government Official Information and Meetings Act 1987

Order in Council, except in sections 96V(3) and 96Z, means an Order in Council made under section 96J(1)

organisation means:

(a) an organisation named in Part 2 of Schedule 1 of the Ombudsmen Act 1975; and

(b) an organisation named in Schedule 1 of the Official Information Act 1982

private sector agency means a non-government agency

public sector agency means a department, an organisation, or a local authority

public service means a public function or duty that is conferred or imposed on a public sector agency:

(a) by or under law; or

(b) by a policy of the Government

relevant Minister means the Minister who, under the authority of any warrant or with the authority of the Prime Minister, is for the time being responsible for a lead agency

sharing, in relation to any information, means all or any of the following if authorised by an approved information sharing agreement:

(a) collecting the information:

(b) storing the information:

(d) using the information:

(e) disclosing the information:

(f) exchanging the information:

(g) if necessary, assigning a unique identifier to an individual.

Subpart 2.- Information sharing agreements

Authority for information sharing

96D.- Information sharing between agencies
An approved information sharing agreement may authorise an agency to share any personal information with 1 or more other agencies in accordance with the terms of the agreement.

96E.- Information sharing within agencies
An approved information sharing agreement may authorise a part of an agency to share any personal information with 1 or more parts of the same agency in accordance with the terms of the agreement.

Parties

96F.- Parties to information sharing agreement

(1) Any 2 or more of the following may enter into an information sharing agreement:

(a) a public sector agency:

(b) a private sector agency:

(d) a part of a private sector agency.

(2) Subsection (1) is subject to subsections (3) and (4).

(3) An overseas agency may not enter into an information sharing agreement.

(4) At least 1 of the agencies that enters into an information sharing agreement must be:

(a) a public sector agency that is a department; or

(b) part of a public sector agency that is a department.

96G.- Representative parties

(1) An agency that represents the interests of a class of agencies may enter into an information sharing agreement with a department if that agency is:

(a) a public sector agency that is not a department; or

(b) a private sector agency.

(2) If an agreement is proposed to be entered into under subsection (1), any agency (except a department) that is a member of the class of agencies referred to in that subsection may become a party to the agreement by being sufficiently identified in a schedule to the agreement (a Schedule of Parties).

(3) At any time after an agreement has been entered into the lead agency may, with or without the consent of any agency,:

(a) amend the Schedule of Parties to add or remove agencies as parties:

(b) substitute a new Schedule of Parties.

(4) An agency that becomes a party to the agreement under subsection (2) or (3) may, but need not, share or participate in the sharing of any personal information with 1 or more other agencies in accordance with the terms of the agreement.

(5) Unless the context otherwise requires, every reference in this Part to a party to an information sharing agreement includes an agency that becomes a party to an agreement under subsection (2) or (3).

Lead agency

96H.- Determining which party is lead agency

(1) If only 1 public sector agency that is a department enters into an information sharing agreement, it must be designated as the lead agency for the agreement.

(2) If more than 1 public sector agency that is a department enters into an information sharing agreement, the parties to the agreement may agree between themselves which of those public sector agencies is to be designated as the lead agency.

Form and content

96I.- Form and content of information sharing agreement

(1) An information sharing agreement must be in writing.

(2) An information sharing agreement must:

(a) specify with due particularity the purpose of the information sharing agreement:

(b) set out the information referred to in section 96K:

(d) specify the safeguards that will apply to protect the privacy of individuals and ensure that any interference with their privacy is minimised:

(e) if a party to the agreement is a private sector agency, state which public sector agency will be responsible for dealing with complaints about an alleged interference with privacy if the private sector agency is unable to be held to account for those complaints:

(f) state that every party to the agreement must give any reasonable assistance that is necessary in the circumstances to allow the Commissioner or an individual who wishes to make a complaint about an interference with privacy to determine the agency against which the complaint should be made:

(g) if entered into under section 96G,:
(i) identify the party that is a public sector agency or private sector agency representing the interests of a class of agencies; and
(ii) describe that class of agencies; and
(iii) include a schedule that sufficiently identifies the public sector agencies or private sector agencies within that class that are parties to the agreement.

(3) An information sharing agreement may specify any other terms or conditions that the parties may agree, including:

(a) the fees and charges that are payable under the agreement; and

(b) any other business processes relating to the sharing of information under the agreement.

Approval of information sharing agreements

96J.- Governor-General may approve information sharing agreement by Order in Council

(1) The Governor-General may, by Order in Council made on the recommendation of the relevant Minister, approve an information sharing agreement.

(2) An Order in Council may grant an exemption from or modify the application of:

(a) any 1 or more of the information privacy principles (except principles 6 and 7)

(b) any code of practice (except any code of practice that modifies principles 6 and 7).

(3) An Order in Council that, under subsection (2), grants an exemption from any 1 or more of the information privacy principles (except principles 6 and 7) or any code of practice (except any code of practice that modifies principles 6 and 7) may provide that the exemption is unconditional or is subject to any conditions that are prescribed in the Order in Council.

(4) An Order in Council that, under subsection (2), modifies the application of any 1 or more of the information privacy principles or any code of practice may do so by prescribing standards that are more stringent or less stringent than the standards that are prescribed by the principle or, as the
case may be, the code of practice.

96K.- Requirements for Order in Council

An Order in Council must:

(a) state, if applicable,:
(i) the nature of the exemption granted under section 96J(2) and the conditions of the exemption (if any):
(ii) how any of the information privacy principles or any code of practice will be modified under section 96J(2):

(b) state the public service or public services the provision of which the information sharing agreement is intended to facilitate:

(c) specify with due particularity the personal information or the type of personal information to be shared under the agreement:

(d) set out the parties, or classes of parties, to the agreement and designate 1 of the parties as the lead agency:

(e) for every party to the agreement,:
(i) describe the personal information or type of personal information that the party may share with each of the other parties; and
(ii) state how the party may use the personal information; and
(iii) state the adverse actions that the party can reasonably be expected to take as a result of sharing personal information under the agreement; and
(iv) specify the procedure that the party must follow before taking adverse action against an individual as a result of sharing personal information under the agreement if the requirement in section 96Q(1) does not apply because of section 96R(a)(ii):

(f) state how a copy of the agreement can be accessed.

96L.- Further provisions about Order in Council

(1) An Order in Council must provide that it comes into force on a date specified in the Order in Council (which must not be a date that is before the date on which it is made).

(2) An Order in Council remains in force until it:

(a) expires on a date appointed in the Order in Council (if any); or

(b) is revoked.

(3) An Order in Council must insert into Schedule 2A:

(a) a description of each of the following:
(i) the information sharing agreement that is approved by the Order in Council:
(ii) the public service or the public services the provision of which the agreement is intended to facilitate:
(iii) the personal information or type of personal information that may be shared between or within the agencies that are party to the agreement; and

(b) the name of the agreement; and

(d) the Internet site address where a copy of the agreement can be accessed.

96M.- Application of Legislation Act 2012

An Order in Council:

(a) is a legislative instrument for the purposes of the Legislation Act 2012; and

(b) is a disallowable instrument for the purposes of the Legislation Act 2012; and

Procedure for recommending Order in Council

96N.- Matters to which relevant Minister must have regard before recommending Order in Council

(1) Before recommending the making of an Order in Council, the relevant Minister must:

(a) be satisfied of the matters set out in subsection (2); and

(b) have regard to any submissions made under section 96O(1)(a) in relation to the information sharing agreement that is proposed for approval by the Order in Council.

(2) The matters referred to in subsection (1)(a) are as follows:

(a) that the information sharing agreement will facilitate the provision of any public service or public services:

(b) that the type and quantity of personal information to be shared under the agreement are no more than is necessary to facilitate the provision of that public service or those public services:

(c) that the agreement does not unreasonably impinge on the privacy of individuals and contains adequate safeguards to protect their privacy:

(d) that the benefits of sharing personal information under the agreement are likely to outweigh the financial and other costs of sharing it:

(e) that any potential conflicts or inconsistencies between the sharing of personal information under the agreement and any other enactment have been identified and appropriately addressed.

96O.- Consultation on proposed information sharing agreement

(1) The agencies proposing to enter into an information sharing agreement must, before the proposed agreement is concluded,:

(a) consult with, and invite submissions on the proposed agreement from,:
(i) the Commissioner; and
(ii) any person or organisation that the agencies consider represents the interests of the classes of individuals whose personal information will be shared under the proposed agreement; and
(iii) any other person or organisation that the agencies consider should be consulted; and

(b) have regard to any submissions made under paragraph (a).

(2) The Commissioner:

(a) must consider the privacy implications of the proposed agreement; and

(b) may make any submissions under subsection (1)(a)(i) that he or she thinks fit.

(3) The agencies must give the relevant Minister a copy of the submissions made under subsection (1)(a) (if any).

Commissioner’s report on approved information sharing agreement

96P.- Commissioner may prepare and publish report on approved information sharing agreement

(1) If an information sharing agreement is approved by Order in Council, the Commissioner may prepare a report to the relevant Minister on any matter relating to privacy that arises or is likely to arise in respect of the agreement.

(2) Without limiting subsection (1), the Commissioner may include in a report under that subsection:

(a) any comment that he or she wishes to make about the consultation that the agencies carried out under section 96O(1)(a); and

(b) any submissions that he or she made to the agencies under section 96O(1)(a)(i).

(3) The Commissioner:

(a) may publish a report under subsection (1); but

(b) must consult the relevant Minister before doing so.

Subpart 3.- Matters relating to operation of approved information sharing agreements

Notice of adverse action

96Q.- Requirement to give notice of adverse action

(1) A party to an approved information sharing agreement must give written notice to an individual before it takes any adverse action against the individual on the basis (whether wholly or in part) of personal information about the individual that was shared under the agreement.

(2) The notice must:

(a) give details of the adverse action that the party proposes to take and the personal information about the individual on which the action is based; and

(b) state that the individual has 10 working days from the receipt of the notice in which to dispute the correctness of that personal information.

(3) To avoid doubt, an individual who is given the notice may take any steps that are available under any enactment to dispute any proposed adverse action against him or her, but he or she may show cause under this section as to why the proposed adverse action should not be taken only on the basis that it is based on incorrect personal information.

96R.- When requirement to give notice of adverse action applies
The requirement to give notice under section 96Q applies unless:

(a) an approved information sharing agreement provides that a party to the agreement may:
(i) give a shorter period of notice than the 10-working-day period referred to in section 96Q(2)(b); or
(ii) dispense with the giving of the notice; or

(b) if an approved information sharing agreement does not provide in the manner specified in paragraph (a), the Commissioner, on the application of a party to an approved information sharing agreement, allows the party in the circumstances of a particular case to:
(i) give a shorter period of notice than the 10-working-day period referred to in section 96Q(2)(b); or
(ii) dispense with the giving of the notice.

Responsibilities of lead agency

96S.- Responsibilities of lead agency

(1) A lead agency for an information sharing agreement must, if the agreement is approved by Order in Council undersection 96J(1),:

(a) make a copy of the agreement:
(i) available for inspection, free of charge, at the lead agency’s head office on any working day; and
(ii) accessible, free of charge, on an Internet site maintained by or on behalf of the lead agency; and

(b) prepare a report on the operation of the agreement at the intervals required by the Commissioner under section 96U; and

(2) A lead agency does not need to comply with subsection (1)(a)(ii) if the relevant Minister designates an Internet site maintained by or on behalf of another public sector agency as the Internet site where a copy of the agreement is to be made accessible free of charge.

(3) To avoid doubt, nothing in this section applies to a party to an information sharing agreement that is not the lead agency except as provided in subsection (2).

96T.- Report of lead agency

(1) A report prepared by a lead agency under section 96S(1)(b) must include the matters prescribed in regulations made under this Act that the Commissioner specifies to the lead agency after having regard to—

(a) the costs of reporting:

(b) the degree of public interest in information about the matters prescribed in those regulations:

(2) A report must be included:

(a) in the lead agency’s annual report under the Public Finance Act 1989, if it is required annually; or

(b) in the lead agency’s annual report under the Public Finance Act 1989 that immediately follows the end of each interval specified under section 96U(1)(b).

96U.- Commissioner may specify frequency of reporting by lead agency

(1) The Commissioner may require a lead agency to prepare a report under section 96S(1)(b) either:

(a) annually; or

(b) at less frequent intervals that the Commissioner may specify.

(2) In determining the appropriate frequency in subsection (1) of a report under section 96S(1)(b), the Commissioner must have regard to:

(a) the costs of reporting:

(b) the degree of public interest in information about the matters prescribed in regulations made under this Act:

Amendment of approve information sharing agreements

96V.- Amendment of approved information sharing agreement

(1) This section applies if the parties to an approved information sharing agreement amend the agreement (whether in accordance with the Commissioner’s recommendation in a report under section 96X(1) or otherwise).

(2) As soon as practicable after the amendment is made, the lead agency must:

(a) give written notice of the amendment to:
(i) the Commissioner; and
(ii) the relevant Minister; and

(b) make a copy of the amendment:
(i) available for inspection, free of charge, at the lead agency’s head office on any working day; and
(ii) accessible, free of charge, on the Internet site where a copy of the agreement is accessible.

(3) The information sharing agreement approved by Order in Council continues to have effect as if the amendment notified under subsection (2) had not been made unless the Governor-General, by a further Order in Council made on the recommendation of the relevant Minister, approves the agreement as amended by the parties.

(4) Sections 96J to 96P apply, subject to any necessary modifications, to the approval of the agreement as so amended.

(5) Nothing in subsection (2)(a), (3), or (4) applies if the amendment to an approved information sharing agreement relates only to:

(a) the fees and charges payable under the agreement; or

(b) the name or description of a party to the agreement; or

(c) any terms or conditions of the agreement that the lead agency considers, after consulting the Commissioner, do not, or are unlikely to, have any effect on the privacy implications of the agreement.

Review of approved information sharing agreement

96W.- Review of operation of approved information sharing agreement

(1) The Commissioner may, on his or her own initiative, conduct a review of the operation of an approved information sharing agreement—

(a) at the end of a period of 12 months after the Order in Council approving the agreement is made; and

(b) at any time that the Commissioner considers appropriate for any subsequent reviews.

(2) In conducting a review, the Commissioner must

(a) consult the following about the review:
(i) the parties to the agreement:
(ii) any person or organisation that the Commissioner considers represents the interests of the classes of individuals whose personal information is being shared under the agreement; and

(b) consider any submissions made on the review.

96X.- Report on findings of review

(1) After completing a review under section 96W, the Commissioner may report to the relevant Minister if he or she has reasonable grounds to suspect that an approved information sharing agreement is—

(a) operating in an unusual or unexpected way (that is, in a way that was not foreseen by the Commissioner or the parties to the agreement at the time the agreement was entered into):

(b) failing to facilitate the provision of the public service or public services to which it relates:

(d) operating in such a way that the costs of sharing personal information under the agreement outweigh the benefits of sharing it.

(2) The Commissioner may recommend in the report that:

(a) the parties to the agreement should amend it in 1 or more material respects; or

(b) the Order in Council by which the agreement was approved should be revoked.

96Y.- Relevant Minister must present to House of Representatives copy of report under section 96X(1) and report setting out Government’s response

The relevant Minister must:

(a) present a copy of a report under section 96X(1) to the House of Representatives within 5 working days after receiving it from the Commissioner or, if Parliament is not in session, as soon as possible after the commencement of the next session of Parliament; and

(b) as soon as possible after complying with paragraph (a), present a report to the House of Representatives setting out the Government’s response to the report under section 96X(1).

Subpart 4—Miscellaneous

96Z.- Power to amend Schedule 2A

(1) Without limiting the matters that an Order in Council made under section 96J must insert into Schedule 2A in accordance with section
96L(3), the Governor-General may, by Order in Council,:

(a) make any amendments to Schedule 2A that are required:
(i) to recognise the abolition or dissolution of any agency that is party to an approved information sharing agreement or any change in the name of such an agency; or
(ii) to reflect any change in the Internet site address where a copy of an approved information sharing agreement can be accessed; or
(iii) to reflect any amendments to an approved information sharing agreement that are approved under section 96V; or
(iv) to correct any error or omission in any description in that schedule:

(b) remove any description or matter in Schedule 2A, including all of the descriptions or matters relating to an approved information sharing agreement if the Order in Council by which it was approved has expired or has been revoked:

(2) To avoid doubt, any of the matters set out in this section may be included in an Order in Council made under section 96J or in a separate Order in Council made under this section.

Part 10.- Information matching

Interpretation

97.-Interpretation

In this Part, unless the context otherwise requires,:

adverse action means any action that may adversely affect the rights, benefits, privileges, obligations, or interests of any specific individual; and, without limiting the generality of the foregoing, includes any decision:

(a) to cancel or suspend any monetary payment:

(b) to refuse an application for a monetary payment:

(d) to recover an overpayment of a monetary payment:

(e) to make an assessment of the amount of any tax, levy, or other charge, or of any contribution, that is payable by any individual, or to alter any such assessment:

(f) to investigate the possible commission of an offence:

(g) to make a deportation order in relation to the individual, to serve the individual with a deportation liability notice, or to deport the individual from New Zealand

authorised information matching information in relation to any specified agency, means information that consists of or includes information disclosed pursuant to an information matching provision

authorised information matching programme means the comparison (whether manually or by means of any electronic or other device) of authorised information matching information with other personal information for the purpose of producing or verifying information about an identifiable individual

discrepancy, in relation to an authorised information matching programme, means a result of that programme that warrants the taking of further action by any agency for the purpose of giving effect to the objective of the programme

information matching programme means the comparison (whether manually or by means of any electronic or other device) of any document that contains personal information about 10 or more individuals with 1 or more other documents that contain personal information about 10 or more individuals, for the purpose of producing or verifying information that may be used for the purpose of taking adverse action against an identifiable individual

information matching provision means any provision specified in the second column of Schedule 3 as an information matching provision of an enactment specified in the first column of that schedule

information matching rules means the rules for the time being set out in Schedule 4

monetary payment includes:

(a) a benefit within the meaning of section 3(1) of the Social Security Act 1964:

(b) a lump sum payable under section 61DB or section 61DC or section 61DD of that Act:

(c) any special assistance granted out of a Crown Bank Account from money appropriated by Parliament undersection 124(1)(d) or (da) of that Act:

(d) any monetary entitlement payable under Part 4, Part 10, or Part 11 of the Accident Compensation Act 2001

specified agency means any of the following agencies:

(a) the Accident Compensation Corporation:

(aa) the Regulator, as defined by Part 10 of the Accident Compensation Act 2001:

(b) the Electoral Commission established by section 4B of the Electoral Act 1993:

(ba) the company within the meaning of section 2(1) of the Housing Restructuring and Tenancy Matters Act 1992:

(bb) the Board of the Government Superannuation Fund Authority:

(bc) the Board of Trustees of the National Provident Fund:

(bd) the Ministry of Health:

(d) the Department of Corrections:

(e) the Ministry of Business, Innovation, and Employment:

(f) the department for the time being responsible for the administration of the Social Security Act 1964:

(fa) the Housing New Zealand Corporation established (as the Housing Corporation of New Zealand) by section 3(1)of the Housing Corporation Act 1974:

(g) the Inland Revenue Department:

(ga) the Ministry of Transport:

(gb) the New Zealand Transport Agency:

(gc) the Department of Internal Affairs:

(gd) the Registrar-General appointed under section 79(1) of the Births, Deaths, Marriages, and Relationships Registration Act 1995:

(h) the New Zealand Customs Service:

(ha) the Registrar of Motor Vehicle Traders:
the Regulator, as defined in the Accident Insurance Act 1998:

(ia) WorkSafe New Zealand:

(j) any tertiary institution, secondary school, or private training establishment (as those terms are defined in theEducation Act 1989) to which section 226A or section 238B of that Act applies, as from time to time notified to the Commissioner by the department for the time being responsible for the administration of the Social Security Act 1964.

(k) the Ministry of Education:

(l) the Education Council of Aotearoa New Zealand established under Part 32 of the Education Act 1989:

(m) the agency or agencies appointed under section 100 of the Housing Restructuring and Tenancy Matters Act 1992.

97A.- Relationship between Part 10 and other law relating to information disclosure

This Part does not:

(a) limit the collection, use, or disclosure of personal information that—
(i) is authorised or required by or under any enactment; or
(ii) is permitted by the information privacy principles:

(b) limit Part 9A, 10A, or 11.

Information matching guidelines

98.- Information matching guidelines

The following matters are the matters referred to in section 13(1)(f) to which the Commissioner shall have particular regard, in examining any proposed legislation that makes provision for the collection of personal information by any public sector agency, or the disclosure of personal information by one public sector agency to any other public sector agency, in any case where the Commissioner considers that the information might be used for the purposes of an information matching programme:

(a) whether or not the objective of the programme relates to a matter of significant public importance:

(b) whether or not the use of the programme to achieve that objective will result in monetary savings that are both significant and quantifiable, or in other comparable benefits to society:

(c) whether or not the use of an alternative means of achieving that objective would give either of the results referred to in paragraph (b):

(d) whether or not the public interest in allowing the programme to proceed outweighs the public interest in adhering to the information privacy principles that the programme would otherwise contravene:

(e) whether or not the programme involves information matching on a scale that is excessive, having regard to:
(i) the number of agencies that will be involved in the programme; and
(ii) the amount of detail about an individual that will be matched under the programme:

(f) whether or not the programme will comply with the information matching rules.

Authorised information matching programmes

99.- Information matching agreements

(1) No personal information held by any specified agency shall be disclosed, pursuant to an information matching provision, to any other specified agency for the purposes of an authorised information matching programme except pursuant to a written agreement between those agencies.

(2) Every such agreement shall incorporate provisions that reflect the information matching rules, or provisions that are no less onerous than those rules, and the agencies that are parties to the agreement shall comply with those provisions.

(3) Any such agreement may provide that the agencies involved in the information matching programme may charge each other fees for the services provided for the purposes of the programme.

(4) The parties to an agreement entered into pursuant to this section shall ensure that a copy of the agreement, and of any amendments subsequently made to such an agreement, are forwarded to the Commissioner forthwith.

100.- Use of results of information matching programme

(1) Subject to any other enactment or rule of law that limits or restricts the information that may be taken into account in taking adverse action against an individual, any specified agency that is involved in an authorised information matching programme may take adverse action against an individual on the basis of any discrepancy produced by that programme.

(2) Nothing in subsection (1) shall be taken to limit or restrict the use that may lawfully be made, by any specified agency, of any information produced by an authorised information matching programme.

101.- Further provisions relating to results of information matching programme

(1) Notwithstanding anything in section 100, where:

(a) a specified agency derives or receives information produced by an authorised information matching programme; and

(b) as a result of deriving or receiving that information, the agency becomes aware of a discrepancy,
that agency shall destroy that information not later than the expiration of the period of 60 working days after the agency becomes aware of that discrepancy unless, before the expiration of that period, the agency has considered that information and made a decision to take adverse action against any individual on the basis of that discrepancy.

(2) Any adverse action commenced by a specified agency in accordance with subsection (1) shall be commenced not later than 12 months from the date on which the information was derived or received by the agency.

(3) Where a specified agency decides not to take adverse action against any individual on the basis of information produced by an authorised information matching programme, the agency shall as soon as practicable destroy the information.

(4) When information produced by an authorised information matching programme is no longer needed by a specified agency for the purposes of taking any adverse action against any individual, the agency shall as soon as practicable destroy the information.

(5) Nothing in this section applies in relation to the Inland Revenue Department.

102.- Extension of time limit

Where a specified agency derives or receives information produced by an authorised information matching programme, the Commissioner may, either generally or in respect of any case or class of cases, extend the time limit set out in section 101 in respect of that information if the Commissioner is satisfied that,:

(a) because of the large quantity of information so derived or received by the agency; or

(b) because of the complexity of the issues involved; or

103.- Notice of adverse action proposed

(1) Subject to subsections (1A) to (2A) and to section 180C(1) of the Corrections Act 2004, a specified agency shall not take adverse action against any individual on the basis (whether wholly or in part) of a discrepancy produced by an authorised information matching programme:

(a) unless that agency has given that individual written notice:
(i) specifying particulars of the discrepancy and of the adverse action that it proposes to take; and
(ii) stating that the individual has 5 working days from the receipt of the notice in which to show cause why the action should not be taken; and

(b) until the expiration of those 5 working days.

(1A) Nothing in subsection (1) shall prevent the department for the time being responsible for the administration of theSocial Security Act 1964 from immediately suspending sole parent support, the supported living payment, an emergency benefit, jobseeker support, a young parent payment, or a youth payment, paid to an individual where the discrepancy arises in respect of departure information supplied to that department pursuant to section 280 of the Customs and Excise Act 1996, and where, before or immediately after the decision to suspend, the department gives the individual written notice:

(a) specifying particulars of the discrepancy and the suspension of benefit, and any other adverse action the department proposes to take; and

(b) stating that the individual has 5 working days from the receipt of the notice to show cause why the benefit ought not to have been suspended or why the adverse action should not be taken, or both—
and the adverse action shall not be taken until the expiration of those 5 working days.

(1B) [Repealed]

(1C) Nothing in subsection (1) prevents the Commissioner of Inland Revenue from immediately taking action to recover amounts relating to:

(a) unpaid amounts owed to the Commissioner by an individual who is in serious default identified in information supplied to the Commissioner under section 280H of the Customs and Excise Act 1996; or

(b) financial support under the Child Support Act 1991 owed to the Commissioner by an individual who is identified in information supplied to the Commissioner under section 280K or 280L of the Customs and Excise Act 1996.

(2) Nothing in subsection (1) or subsection (1A) prevents an agency from taking adverse action against an individual if compliance with the requirements of that subsection would prejudice any investigation into the commission of an offence or the possible commission of an offence.

(2A) Nothing in subsection (1) prevents any constable or any bailiff from immediately executing a warrant to arrest an individual in respect of the non-payment of the whole or any part of a fine if the discrepancy arises in respect of arrival and departure information supplied under section 280D of the Customs and Excise Act 1996 and if, before executing the warrant, the individual concerned is:

(a) informed of the intention to execute the warrant; and

(b) given an opportunity to confirm:
(i) whether or not he or she is the individual named in the warrant; and
(ii) that neither of the following circumstances applies:

(A) the fine has been paid:

(B) an arrangement to pay the fine over time has been entered into.

(3) Every notice required to be given to any individual under subsection (1) or subsection (1A) may be given by delivering it to that individual, and may be delivered:

(a) personally; or

(b) by leaving it at that individual’s usual or last known place of residence or business or at the address specified by that individual in any application or other document received from that individual; or

(4) If any such notice is sent to any individual by post, then in the absence of proof to the contrary, the notice shall be deemed to have been delivered to that individual on the fourth day after the day on which it was posted, and in proving the delivery it shall be sufficient to prove that the letter was properly addressed and posted.

(5) In this section,:

amount of reparation has the same meaning as in section 79 of the Summary Proceedings Act 1957

bailiff means a bailiff of the District Court or of the High Court
fine means:

(a) a fine within the meaning of section 79 of the Summary Proceedings Act 1957:

(b) a fine to which section 19 of the Crimes Act 1961 applies:

(d) [Repealed]

(e) any amount payable under section 138A(1) of the Sentencing Act 2002.

104.- Reporting requirements

(1) Every specified agency that is involved in an authorised information matching programme shall make such reports to the Commissioner in respect of that programme as the Commissioner may from time to time require.

(2) Without limiting the generality of subsection (1), the matters on which the Commissioner may require any agency to submit a report include the following:

(a) the actual costs and benefits of an authorised information matching programme:

(b) any difficulties experienced in the operation of an authorised information matching programme, and how those difficulties are being, or have been, overcome:

(c) whether or not internal audits or other forms of assessment are undertaken by an agency in relation to an authorised information matching programme, and, if so, the results of those audits or assessments:

(d) where an agency dispenses with the giving of notice under section 103, the reasons why such a dispensation is made, and the grounds in support of those reasons:

(e) the details of the operation of an authorised information matching programme, including:
(i) the number of matches undertaken:
(ii) the proportion of matches that revealed discrepancies in information involved in the matching:
(iii) the number of discrepancies so revealed:
(iv) the proportion of cases in which action was taken as a result of such discrepancies:
(v) the number of cases in which such action was taken:
(vi) the number of cases in which such action was taken even though the accuracy of the discrepancy was challenged:
(vii) the proportion of cases in which such action did not proceed after the individual concerned was notified of the discrepancy:
(viii) the number of cases in which action taken as a result of a discrepancy was successful:

(f) such other matters as the Commissioner considers relevant.

105.- Information matching programmes to be reported on in annual report

(1) The Commissioner shall include in every annual report of the Commissioner under section 150 of the Crown Entities Act 2004, in relation to each authorised information matching programme that is carried out (in whole or in part) during the year to which the report relates,:

(a) an outline of the programme; and

(b) an assessment of the extent of the programme’s compliance, during that year, with:
(i) sections 99 to 103; and
(ii) the information matching rules; and

(c) the details of each extension granted under section 102, the reasons why the extension was granted, and the grounds in support of those reasons; and

(d) the details of each approval given, during that year, under clause 3 of Schedule 4, the reasons why the approval was given, and the grounds in support of those reasons.

(2) Nothing in subsection (1) requires the Commissioner to include in any annual report, in respect of any authorised information matching programme, any information the disclosure of which would be likely to frustrate the objective of the programme.

(3) For the purposes of carrying out any assessment required by subsection (1)(b), Part 9 shall apply, with such modifications as are necessary, as if the assessment were an investigation under Part 8.

106.- Review of statutory authorities for information matching

(1) As soon as practicable after 1 January 1994, and then at intervals of not more than 5 years, the Commissioner shall:

(a) review the operation of every information matching provision since: (i) 19 December 1991 (in the case of the first review carried out under this paragraph); or
(ii) the date of the last review carried out under this paragraph (in the case of every subsequent review); and

(b) consider whether or not, in the Commissioner’s opinion,:
(i) the authority conferred by the information matching provision should be continued; and
(ii) any amendments to the provision are necessary or desirable; and

(2) As soon as practicable after receiving a report from the Commissioner under subsection (1)(c), the responsible Minister shall lay a copy of that report before the House of Representatives.

107.- Amendment of information matching rules

(1) For the purposes of this Part, the Governor-General may from time to time, by Order in Council, make such amendments to Schedule 4 as the Governor-General thinks fit.

(2) The power conferred by subsection (1) includes the power to repeal Schedule 4 and substitute a new schedule.

(3) No order that amends Schedule 4 shall be made otherwise than in accordance with the recommendations of the Commissioner.

Avoidance of controls on information matching

108.- Avoidance of controls on information matching through use of exceptions to information privacy principles

Despite section 97A, if the collection or disclosure of information is authorised by an information matching provision, nothing in subclause (2)(d)(i) of principle 2 or paragraph (e)(i) of principle 11 authorises or permits the collection or disclosure of that information for the purposes of:

(a) any authorised information matching programme; or

(b) any information matching programme the objective of which is similar in nature to any authorised information matching programme.

109.- Avoidance of controls on information matching through use of official information statutes

Notwithstanding anything in the Official Information Act 1982 or the Local Government Official Information and Meetings Act 1987, no public sector agency shall disclose pursuant to either of those enactments, to any other public sector agency, any personal information if the sole or principal purpose for which that information is sought is for use in an information matching programme.

Part 10.- AIdentity information

109A.- Purpose of Part

The purpose of this Part is to authorise accessing agencies, when carrying out specified functions, to verify the identity of an individual by accessing identity information held about that individual by a holder agency.

109B.- Relationship between Part 10A and other law relating to information disclosure

This Part does not:

(a) limit the collection, use, or disclosure of personal information that—

(i) is authorised or required by or under any enactment; or

(ii) is permitted by the information privacy principles:

(b) limit Part 9A, 10, or 11.

109C.- Interpretation

In this Part,:

access, in relation to a database, includes remote access to that database

accessing agency means an agency specified in the first column of Schedule 4A

biometric information, in relation to a person, means information that comprises:

(a) 1 or more of the following kinds of personal information:
(i) a photograph of all or any part of the person’s head and shoulders:
(ii) impressions of the person’s fingerprints:
(iii) a scan of the person’s irises; and

(b) an electronic record of the personal information that is capable of being used for biometric matching

database means any information recording system or facility used by an agency to store information

holder agency means an agency specified in the third column of Schedule 4A

identity information, in relation to an individual, means any information that identifies, or relates to the identity of, the individual, and includes (without limitation) the following information:

(a) the individual’s biographical details (for example, the individual’s name, address, date of birth, place of birth, and gender):

(b) the individual’s biometric information:

(d) details of the individual’s:
(i) New Zealand travel document; or
(ii) certificate of identity:

(e) details of any distinguishing features (including tattoos and birthmarks).

109D.- Access by agencies to identity information

An accessing agency may, for the purpose specified in the second column of Schedule 4A opposite the name of the accessing agency, have access to an individual’s identity information held by a holder agency specified in the third column of that schedule opposite the name of the accessing agency.

109E.- Manner and form of access

(1) Access to identity information permitted under section 109D may be facilitated between a holder agency and an accessing agency in the manner agreed by the agencies (for example, by direct access to information stored in a holder agency’s database, or by exchange of information between the agencies).

(2) Identity information that is held by a holder agency and accessed by an accessing agency under section 109D may be made available to the accessing agency in the form agreed by the agencies.

109F.- Annual reporting requirement

The chief executive of an accessing agency must include in every annual report prepared by the chief executive for the purposes of section 43 of the Public Finance Act 1989, or any other applicable enactment requiring an annual report to Parliament, details of the operation of this Part and Schedule 4A.

109G.- Amendment of Schedule 4A

(1) The Governor-General may, by Order in Council made on the recommendation of the responsible Minister given after consultation with the Privacy Commissioner,:

(a) add, remove, amend, or replace any item in Schedule 4A; or

(b) repeal Schedule 4A and substitute a new schedule.

(2) Before recommending the making of an Order in Council facilitating access by an accessing agency to identity information held by a holder agency, the responsible Minister must be satisfied that:

(a) the purpose for which the identity information is to be accessed relates to a specified function of the accessing agency; and

(b) the identity information to be accessed is no more than is reasonably necessary to enable the accessing agency to achieve that purpose; and

(c) any potential conflicts or inconsistencies between the sharing of personal information under Schedule 4A and any other enactment have been identified and appropriately addressed.

Part 11.- Law enforcement information

110.- Interpretation

In this Part, unless the context otherwise requires,:

accessing agency means any public sector agency for the time being specified in Schedule 5 as an agency to which law enforcement information held by a holder agency is available

holder agency means any public sector agency for the time being specified in Schedule 5 as an agency the records of which are available to an accessing agency or agencies

law enforcement information means any information that—
(a) is about an identifiable individual; and
(b) is specified in Schedule 5

local authority means a local authority or public body named or specified in Schedule 1 or Schedule 2 of the Local Government Official Information and Meetings Act 1987.

110A.- Relationship between Part 11 and other law relating to information disclosure

This Part does not:

(a) limit the collection, use, or disclosure of personal information that—
(i) is authorised or required by or under any enactment; or
(ii) is permitted by the information privacy principles:

(b) limit Part 9A, 10, or 10A.

111.-Access by accessing agencies to law enforcement information

An accessing agency may have access to law enforcement information held by a holder agency if such access is authorised by the provisions of Schedule 5.

112.- Local authorities may be authorised to have access to law enforcement information

(1) The responsible Minister may from time to time, by notice in the Gazette, authorise any local authority to have access to law enforcement information held by a holder agency, where access to that information by a local authority is permitted by the provisions of Schedule 5.

(2) Any authority may be granted under subsection (1) subject to such terms and conditions as the responsible Minister thinks fit and specifies in the notice.

(3) Any notice under subsection (1) may be in like manner amended or revoked at any time.

(4) Any notice given under section 4E of the Wanganui Computer Centre Act 1976 and in force immediately before the commencement of this section shall be deemed to have been given under this section.

113.- Amendment of Schedule 5

[Expired]

114.- Expiry of power to amend Schedule 5 by Order in Council

Section 113 shall expire on 1 July 1997, but the expiration of that section shall not affect the validity of any Order in Council that has been made under that section and that is in force immediately before that date.

Part 11A.- Transfer of personal information outside New Zealand

114A.- Interpretation

In this Part, unless the context otherwise requires,:

OECD Guidelines means the Organisation for Economic Co-operation and Development Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data

State includes any State, territory, province, or other part of a country

transfer prohibition notice means a notice given under section 114B prohibiting the transfer of personal information from New Zealand to another State.

114B.- Prohibition on transfer of personal information outside New Zealand

(1) The Commissioner may prohibit a transfer of personal information from New Zealand to another State if the Commissioner is satisfied, on reasonable grounds, that:

(a) the information has been, or will be, received in New Zealand from another State and is likely to be transferred to a third State where it will not be subject to a law providing comparable safeguards to this Act; and

(b) the transfer would be likely to lead to a contravention of the basic principles of national application set out in Part Two of the OECD Guidelines and set out in Schedule 5A.

(2) In determining whether to prohibit a transfer of personal information, the Commissioner must also consider, in addition to the matters set out in subsection (1) and section 14, the following:

(a) whether the transfer affects, or would be likely to affect, any individual; and

(b) the general desirability of facilitating the free flow of information between New Zealand and other States; and

(c) any existing or developing international guidelines relevant to transborder data flows, including (but not limited to):
(i) the OECD Guidelines:
(ii) the European Union Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.

(3) Subsection (1) does not apply if the transfer of the information, or the information itself, is:

(a) required or authorised by or under any enactment; or

(b) required by any convention or other instrument imposing international obligations on New Zealand.

114C.- Commissioner’s power to obtain information

(1) To enable the Commissioner to determine whether to prohibit a transfer of personal information, the Commissioner may hear or obtain information from such persons as the Commissioner considers necessary, and for this purpose Part 9 applies as if the Commissioner were carrying out an inquiry under section 13(1)(m).

(2) In exercising his or her powers under subsection (1), the Commissioner may regulate his or her procedure in such manner as the Commissioner thinks fit.

114D.- Transfer prohibition notice

(1) A prohibition under section 114B(1) is to be effected by the service of a transfer prohibition notice on the agency proposing to transfer the personal information concerned.

(2) A transfer prohibition notice must:

(a) state the name of the agency to whom it relates; and

(b) describe the personal information concerned; and

(c) state that the transfer of the personal information concerned from New Zealand to a specified State is prohibited either—
(i) absolutely; or
(ii) until the agency has taken the steps stated in the notice to protect the interests of any individual or individuals affected by the transfer; and

(d) state the time when the notice takes effect; and

(e) state the ground for the prohibition; and

(f) state that the agency on whom the notice is served may lodge an appeal against the notice to the Human Rights Review Tribunal, and the time within which the appeal must be lodged.

(3) The time when the notice takes effect under subsection (2)(d) must not be before the end of the period within which an appeal against the notice can be lodged.

(4) If an appeal is brought, the notice does not take effect pending the determination or withdrawal of the appeal.

(5) If the Commissioner, by reason of special circumstances, considers that the prohibition should take effect as a matter of urgency in relation to all or any part of the notice,:

(a) subsections (3) and (4) do not apply; and

(b) the notice takes effect on the sixth working day after the date on which the notice is served; and

(c) the notice must include:
(i) a statement that the Commissioner considers that the prohibition must take effect as a matter of urgency; and
(ii) a statement of the reasons why the Commissioner has reached that conclusion.

114E.- Commissioner may vary or cancel notice

(1) If, at any time, the Commissioner considers that all or any of the provisions of a transfer prohibition notice served on an agency need not be complied with in order to avoid a contravention of basic principles of privacy or data protection, the Commissioner may vary or cancel the transfer prohibition notice by serving notice to that effect on the agency concerned.

(2) An agency on whom a transfer prohibition notice has been served may, at any time after the end of the period during which an appeal under section 114G(1)(a) can be lodged, apply in writing to the Commissioner for the notice to be varied or cancelled under subsection (1).

(3) The Commissioner must, within 20 working days after the date on which an application under subsection (2) is received, notify the agency of:

(a) his or her decision; and

(b) his or her reasons, if the application is refused.

(4) If the Commissioner exercises his or her discretion under subsection (1), the variation or cancellation of the transfer prohibition notice takes effect on the day after the date on which notice of the Commissioner’s decision to vary or cancel the transfer prohibition notice is served.

114F.- Offence in relation to transfer prohibition notice

Every person who, without reasonable excuse, fails or refuses to comply with a transfer prohibition notice commits an offence and is liable on conviction to a fine not exceeding $10,000.

114G.- Appeals against transfer prohibition notice

(1) An agency on whom a transfer prohibition notice is served may appeal to the Human Rights Review Tribunal:

(a) against the whole or any part of the notice; or

(b) if the notice contains a statement by the Commissioner in accordance with section 114D(5)(c), against the decision to include that statement in respect of all or any part of the notice; or

(d) against the refusal of an application under section 114E(2) to vary or cancel the notice.

(2) An appeal under subsection (1) must be lodged,:

(a) in the case of an appeal under subsection (1)(a) or (b), within 15 working days from the date on which the transfer prohibition notice was served on the agency concerned:

(b) in the case of an appeal under subsection (1)(c) or (d), within 15 working days from the date on which notice of the decision or refusal was served on the agency concerned.

(3) The Tribunal must allow an appeal or substitute any other decision or notice that could have been made or served by the Commissioner if it considers that:

(a) the decision or notice against which the appeal is brought is not in accordance with the law; or

(b) to the extent that the decision or notice involved an exercise of discretion by the Commissioner, the Commissioner ought to have exercised his or her discretion differently.

(4) The Tribunal may review any determination of fact on which the decision or notice in question was based.

(5) On any appeal under subsection (1)(b), the Tribunal may:

(a) direct:
(i) that the notice in question must have effect as if it did not contain the statement that is mentioned in the notice; or
(ii) that the inclusion of the statement must not have effect in relation to any part of the notice; and

(b) make any modifications required to give effect to that direction.

114H.- Application of Human Rights Act 1993

Section 87 and Part 4 of the Human Rights Act 1993 apply, with all necessary modifications (if any), in relation to proceedings under section 114G as if they were proceedings under that Act.

Part 12.- Miscellaneous provisions

General

115.- Protection against certain actions

(1) Where any personal information is made available in good faith pursuant to principle 6,:

(a) no proceedings, civil or criminal, shall lie against the Crown or any other person in respect of the making available of that information, or for any consequences that follow from the making available of that information; and

(b) no proceedings, civil or criminal, in respect of any publication involved in, or resulting from, the making available of that information shall lie against the author of the information or any other person by reason of that author or other person having supplied the information to an agency.

(2) The making available of, or the giving of access to, any personal information in consequence of a request made underprinciple 6 shall not be taken, for the purposes of the law relating to defamation or breach of confidence or infringement of copyright, to constitute an authorisation or approval of the publication of the document or of its contents by the individual to whom the information is made available or the access is given.

116.- Commissioner and staff to maintain secrecy

(1) Every person to whom section 96 applies shall maintain secrecy in respect of all matters that come to that person’s knowledge in the exercise of that person’s functions under this Act.

(2) Notwithstanding anything in subsection (1), the Commissioner may disclose such matters as in the Commissioner’s opinion ought to be disclosed for the purposes of giving effect to this Act.

(3) Except where it is necessary to do so for the purposes of referring a matter to the Director of Human Rights Proceedings pursuant to section 77(2), the power conferred by subsection (2) of this section shall not extend to:

(a) any matter that might prejudice:
(i) the security, defence, or international relations of New Zealand (including New Zealand’s relations with the Government of any other country or with any international organisation); or
(ii) any interest protected by section 7 of the Official Information Act 1982; or
(iii) the prevention, investigation, or detection of offences; or

(b) any matter that might involve the disclosure of the deliberations of Cabinet; or

(c) any information, answer, document, or thing obtained by the Commissioner by reason only of compliance with a requirement made pursuant to section 95(1).

117.- Consultation with Ombudsmen

Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with an Ombudsman in relation to any matter relating to the functions of the Commissioner under this Act, including (without limitation) consultation:

(a) for the purposes of making a determination under section 72:

(b) in relation to any matter arising out of or in the course of an investigation under Part 8:

(c) in relation to any matter relating to privacy, whether or not the matter arises out of a particular complaint made under Part 8,
and, for the purposes of any such consultation, the Commissioner may disclose to an Ombudsman such information as the Commissioner considers necessary for that purpose.

117A.- Consultation with Health and Disability Commissioner

Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with the Health and Disability Commissioner under the Health and Disability Commissioner Act 1994 in relation to any matter relating to the functions of the Commissioner under this Act, including (without limitation) consultation:

(a) for the purposes of making a determination under section 72A:

(b) in relation to any matter arising out of or in the course of an investigation under Part 8:

(c) in relation to any matter that is within the jurisdiction of the Health and Disability Commissioner, whether or not the matter arises out of a particular complaint made under Part 8,
and, for the purposes of any such consultation, the Commissioner may disclose to the Health and Disability Commissioner such information as the Commissioner considers necessary for that purpose.

117B.- Consultation with Inspector-General of Intelligence and Security

Notwithstanding anything in section 116, the Commissioner may from time to time undertake consultation with the Inspector-General of Intelligence and Security under the Inspector-General of the Intelligence and Security Act 1996 in relation to any matter relating to the functions of the Commissioner under this Act, including (without limitation) consultation—

(a) for the purposes of making a determination under section 72B:

(b) in relation to any matter arising out of or in the course of an investigation under Part 8:

(c) in relation to any matter that is within the jurisdiction of the Inspector-General of Intelligence and Security, whether or not the matter arises out of a particular complaint made under Part 8,
and, for the purposes of any such consultation, the Commissioner may disclose to the Inspector-General of Intelligence and Security such information as the Commissioner considers necessary for that purpose.

118.- Corrupt use of official information [Repealed]

119.- Exclusion of public interest immunity

(1) Subject to subsection (2), the rule of law which authorises or requires the withholding of any document, or the refusal to answer any question, on the ground that the disclosure of the document or the answering of the question would be injurious to the public interest shall not apply in respect of;:

(a) any investigation by or proceedings before the Commissioner or the Tribunal under this Act; or

(b) any application under section 8 of the Judicial Review Procedure Act 2016 for the review of any decision under this Act;—
but not so as to give any party any information that he or she would not, apart from this section, be entitled to.

(2) Nothing in subsection (1) affects section 32.

120.- Adverse comment

The Commissioner shall not, in any report or statement made pursuant to this Act or the Crown Entities Act 2004, make any comment that is adverse to any person unless that person has been given an opportunity to be heard.

121.- Delegation of functions or powers of Commissioner [Repealed]

122.- Delegate to produce evidence of authority [Repealed]

123.- Revocation of delegations [Repealed]

124.- Delegation of powers by local authority

(1) A local authority may from time to time, either generally or particularly, delegate to any officer or employee of the local authority all or any of the powers of the local authority under this Act.

(2) Subject to any general or special directions given or conditions attached by the local authority, the officer or employee to whom any powers are delegated under this section may exercise those powers in the same manner and with the same effect as if they had been conferred on that officer or employee directly by this section and not by delegation.

(3) Until a delegation made under this section is revoked, it shall continue in force according to its tenor.

(4) Where a person purports to act pursuant to a delegation made under this section, that person shall be presumed to be acting in accordance with the terms of the delegation in the absence of proof to the contrary.

(5) Any delegation under this section may be made to a specified officer or employee, or may be made to the holder for the time being of a specified office.

(6) Every delegation made under this section shall be revocable at will and no such delegation shall prevent the exercise of any power by the local authority.

125.- Delegation of powers by officers of local authority

(1) Any officer or employee of a local authority may from time to time, by writing under that officer’s or employee’s hand, either generally or particularly, delegate to any other officer or employee of the local authority all or any of the powers exercisable by the first-mentioned officer or employee under this Act, except:

(a) the power to delegate under this section; and

(b) any power delegated to that officer or employee by a local authority pursuant to section 124, unless that delegation authorises that officer or employee to delegate that power to other officers or employees pursuant to this section.

(2) Subject to any general or special directions given or conditions attached by the officer or employee making the delegation, the officer or employee to whom any powers are delegated under this section may exercise those powers in the same manner and with the same effect as if they had been conferred on that officer or employee directly by this section and not by delegation.

(3) Until a delegation made under this section is revoked, it shall continue in force according to its tenor; and, in the event of the officer or employee by whom any such delegation has been made ceasing to hold office, the delegation shall continue to have effect as if made by the person for the time being holding the office of the officer or employee making the delegation.

(4) Any delegation under this section may be made to a specified officer or employee, or may be made to the holder for the time being of any specified office.

(5) Where any officer or employee purports to act pursuant to a delegation made under this section, that officer or employee shall be presumed to be acting in accordance with the terms of the delegation in the absence of proof to the contrary.

(6) Every delegation made under this section shall be revocable at will, and no such delegation shall prevent the exercise of any power by the officer or employee making the delegation.

Liability and offences

126.- Liability of employer and principals

(1) Subject to subsection (4), anything done or omitted by a person as the employee of another person shall, for the purposes of this Act, be treated as done or omitted by that other person as well as by the first-mentioned person, whether or not it was done with that other person’s knowledge or approval.

(2) Anything done or omitted by a person as the agent of another person shall, for the purposes of this Act, be treated as done or omitted by that other person as well as by the first-mentioned person, unless it is done or omitted without that other person’s express or implied authority, precedent or subsequent.

(3) Anything done or omitted by a person as a member of any agency shall, for the purposes of this Act, be treated as done or omitted by that agency as well as by the first-mentioned person, unless it is done or omitted without that agency’s express or implied authority, precedent or subsequent.

(4) In proceedings under this Act against any person in respect of an act alleged to have been done by an employee of that person, it shall be a defence for that person to prove that he or she or it took such steps as were reasonably practicable to prevent the employee from doing that act, or from doing as an employee of that person acts of that description.

127.- Offences

Every person commits an offence against this Act and is liable on conviction to a fine not exceeding $2,000 who,:

(a) without reasonable excuse, obstructs, hinders, or resists the Commissioner or any other person in the exercise of their powers under this Act:

(b) without reasonable excuse, refuses or fails to comply with any lawful requirement of the Commissioner or any other person under this Act:

(c) makes any statement or gives any information to the Commissioner or any other person exercising powers under this Act, knowing that the statement or information is false or misleading:

(d) represents directly or indirectly that he or she holds any authority under this Act when he or she does not hold that authority.

Regulations

128.- Regulations

The Governor-General may from time to time, by Order in Council, make regulations for all or any of the following purposes:

(a) providing the procedure for the service of notices and documents under this Act:

(aa) prescribing the matters that the Commissioner may specify to a lead agency as matters that are to be included in a report by the lead agency under section 96S(1)(b):

(b) providing for such matters as are contemplated by or necessary for giving full effect to this Act and for its due administration.

128A.- Power to amend Schedule 5A

The Governor-General may, by Order in Council,:

(a) amend Schedule 5A by making such amendments to the text of the basic principles of national application set out in that schedule as are required to bring that text up to date:

(b) repeal Schedule 5A, and substitute a new schedule setting out, in an up-to-date form, the text of the basic principles of national application.

Amendments, repeals, and revocations

129.- Amendments, repeals, and revocations

(1) The enactments specified in Schedule 6 are hereby amended in the manner indicated in that schedule.

(2) The enactments specified in Schedule 7 are hereby repealed.

(3) The orders specified in Schedule 8 are hereby revoked.

129A.- Amendment relating to Legislation Act 2012

Section 129B takes effect on the repeal of the Acts and Regulations Publication Act 1989 and the Regulations (Disallowance) Act 1989.

129B.- New section 96M substituted Amendment(s) incorporated in the Act(s).

Transitional provisions and savings

130.- Final report of Wanganui Computer Centre Privacy Commissioner

(1) As soon as reasonably practicable after 1 July 1993, the State Services Commissioner shall arrange for a final report of the Wanganui Computer Centre Privacy Commissioner to be sent to the Minister of State Services showing the Wanganui Computer Centre Privacy Commissioner’s operations for the financial period ending with the close of 30 June 1993, and shall attach to the report a copy of the Wanganui Computer Centre Privacy Commissioner’s accounts for that period certified by the Auditor-General.

(2) A copy of the report and accounts shall be laid before the House of Representatives as soon as practicable after their receipt by the Minister of State Services.

131.- Privacy Commissioner to complete work in progress of Wanganui Computer Centre Privacy Commissioner

Where:

(a) any request made under section 14(1) of the Wanganui Computer Centre Act 1976; or

(b) any complaint made under section 15 of that Act:
is pending at the commencement of this section, then, notwithstanding the repeal of that Act by section 129(2) of this Act,

(c) the Commissioner may deal with that request or, as the case requires, that complaint as if the Commissioner were the Wanganui Computer Centre Privacy Commissioner under that Act; and

(d) that Act shall continue and be in force for that purpose.

132.- Savings

For the avoidance of doubt, and without limiting the provisions of the Acts Interpretation Act 1924, it is hereby declared that the repeal, by section 129(2) of this Act, of the Wanganui Computer Centre Act 1976 shall not affect:

(a) the continued existence of the Wanganui Computer Centre continued by section 3(1) of that Act; or

(b) the computer system established in connection with that computer centre; or

133.- Transitional provision
The person who, immediately before the commencement of this section, was holding office as the Privacy Commissioner under the Privacy Commissioner Act 1991 shall, without further appointment, be deemed as from the commencement of this section for all purposes to have been appointed as the Privacy Commissioner under this Act, and that person’s instrument of appointment shall be construed accordingly.

26Sep/17

Decreto nº 6-2017, de 27 de febrero de 2017, que modifica el Código Penal

26 septiembre, 2017Decreto, Hondurasde 27 de febrero de 2017, Decreto nº 6-2017, Derecho Informático de Honduras, Legislación Hondureña, que modifica el Código PenalJosé Cuervo

Decreto nº 6-2017, de 27 de febrero de 2017, que modifica el Código Penal (La Gaceta nº 34.276, del lunes 27 de febrero de 2017. Diario Oficial de la República de Honduras)

CONSIDERANDO: Que conforme al Artículo 59 de la Constitución de la República “la persona humana es el fin supremo de la sociedad y del Estado. Todos tienen la obligación de respetarla y protegerla”.

CONSIDERANDO: Que de conformidad a lo establecido en el Artículo 61 de la Constitución de la República, ésta garantiza a los hondureños y extranjeros residentes en el país, el derecho a la inviolabilidad de la vida, a la seguridad individual, a la libertad, a la igualdad ante la ley y a la propiedad.

CONSIDERANDO: Que el delito de extorsión, previsto en el Artículo 222 del Código Penal, actualmente tiene una configuración legal insuficiente, que no corresponde con la realidad, ya que el mismo, por su carácter pluriofensivo, no solamente lesiona o pone en peligro el patrimonio de un individuo y aún y cuando, no llegue a configurarse un menoscabo patrimonial efectivo, dichas acciones ya han afectado otros bienes jurídicos individuales como la autonomía personal.

CONSIDERANDO: Que las razones principales para la existencia del Estado, es proteger la vida de las personas, así como su integridad física, moral, como sus bienes, estableciendo marcos legales que aseguren a su población bienestar y prosperidad en un ambiente de confianza, seguridad y garantía de los derechos señalados en la Constitución de la República, Convenios Internacionales y demás Leyes.

CONSIDERANDO: Que recientemente en nuestro país grupos de asociación ilícita, identificados como “maras” o “pandillas” han ejecutado diversas acciones que violentan gravemente los derechos humanos de poblaciones residentes en determinadas zonas del país, en las cuales estos grupos ejercen control, donde sólo puede circularse con permiso de las mismas e incluso desalojan de sus casas o barrios a quienes no se someten a su control, aumentando el número de muertes violentas, el desplazamiento forzado de cientos de familias que son extorsionadas o amenazadas, causando grave intimidación y temor.

CONSIDERANDO: Que en la actualidad los grupos de asociación ilícita han evolucionado su modus operandi, de tal forma que su actividad delictiva no solamente va dirigida a producir un daño específico contra sus víctimas, sino que utilizan este daño o amenaza, como medio para causar intimidación y temor en la población, con el objeto de coaccionar a la sociedad o al Estado para que hagan o dejen de hacer algo.

CONSIDERANDO: Que de conformidad con el Artículo 87 de la Constitución de la República, las cárceles son establecimientos de seguridad y defensa social, en los que se procurará la rehabilitación de las personas privadas de libertad y su preparación para el trabajo.

CONSIDERANDO: Que los establecimientos penales constituyen un componente esencial del Sistema de Justicia Penal del país para garantizar la seguridad de los habitantes de la República.

CONSIDERANDO: Que de conformidad al Artículo 205 Atribución 1) de la Constitución de la República es potestad del Congreso Nacional: crear, decretar, interpretar, reformar y derogar las leyes.

POR TANTO,

D E C R E T A:

ARTÍCULO 1º.-

Reformar los artículos 222 y 335; Adicionar los artículos 335-A y 335-B, del Decreto nº 144-83, de fecha 23 de Agosto de 1983, que contiene el CÓDIGO PENAL y sus reformas, los cuales deben leerse de la manera siguiente:

“Articulo 222.- Extensión

…

“Articulo 355.- Delito de Terrorismo

…

“Artículo 355-A

…

“Artículo 355-B.- Apología e Incitación de Actos de Terrorismo

…

ARTÍCULO 2º.-

Reformar el Artículo 2 numeral 3) literal b) del Decreto Legislativo nº 241-2010 publicado en el Diario Oficial “La Gaceta”, el 18 de Noviembre de 2010, que contiene la LEY CONTRA EL FINANCIAMIENTO DEL TERRORISMO, el cual debe leerse de la manera siguiente:

…

ARTÍCULO 3º.-

Adicionar un último párrafo al Artículo 173; Reformar el numeral 4 del Artículo 237-A; Reformar el último párrafo del Artículo 237 B; Reformar el Artículo 311 mediante la adición del numeral 7 y derogación del párrafo segundo, del Decreto Legislativo 9-99, emitido el 19 de Diciembre de 1999, contentivo del CÓDIGO PROCESAL PENAL y sus reformas, el cual se leerá así:

…

“ARTÍCULO 311. LECTURAS Y REPRODUCCIÓN DE MEDIOS AUDIOVISUALES AUTORIZADOS. Excepcionalmente podrán ser incorporados al juicio por lectura o reproducción, en su caso que hará el Secretario:

1) Los testimonios…;

2) Los testimonios…;

3) Los testimonios,…;

4) Las actas que…;

5) Los informes periciales…;

6) Las declaraciones …; y,

7) Los testimonios o diligencias relacionadas a las personas en estado de vulnerabilidad descritas en el Artículo 237-A de este Código, obtenidas a través de medios audiovisuales o dispositivos análogos, siempre y cuando se hayan cumplido los requisitos establecidos en el Artículo 237-B. El Tribunal tendrá… Ningún otro elemento…”

ARTÍCULO 4.-

Instruir a la Secretaría de Estado en el Despacho de Finanzas para que destine los recursos necesarios con la finalidad que se construyan y habiliten “Cámaras Gesell” u otros mecanismos o instrumentos de protección análogos, en los Juzgados de Letras Penales de los departamentos con una mayor incidencia en la comisión de los delitos de extorsión y asociación ilicita”.

ARTÍCULO 5.-

Adicionar un último párrafo al Artículo 29, del Título IX “Del Centro Nacional de Información”, Capítulo Único “Creación, Integración y Administración”, del Decreto Legislativo nº 211-2012, de fecha 18 de enero de 2013, contentivo de la LEY DE INTELIGENCIA NACIONAL, el cual se leerá así:

…

ARTÍCULO 6.-

Derogar el Segundo Párrafo del Artículo 1 y Reformar el Artículo 2 del Decreto nº 43-2015, de fecha 22 de abril de 2015, que contiene la Ley de Limitación de Servicios de Telecomunicaciones en Centros Penitenciarios, Granjas Penales y Centros de Internamiento de Niños y Niñas a Nivel Nacional, los cuales se leerán así:

“ARTÍCULO 1.- Se prohíbe, en los establecimientos penitenciarios…”

“ARTÍCULO 2.- Los operadores de los servicios de Telefonía Móvil Celular y Comunicaciones Personales (PCS) y las demás empresas que brindan los servicios descritos en el Artículo 1 de la presente Ley, están obligados a instalar las soluciones técnicas sugeridas por la Comisión Nacional de Telecomunicaciones (CONATEL) que permitan el bloqueo de sus señales en todos los resintos de los establecimientos penitenciarios, tales como: Centros Penitenciarios, Granjas Penales, Centros Preventivos y en los Centros de Internamiento de Niñas y Niños, previa instalación. Una vez instalados y verificada la operación efectiva por parte de tal Comisión, los operadores serán los responsables de su efectiva administración, operación y uso. El resguardo de los equipos instalados es responsabilidad del Instituto Nacional Penitenciario en el caso de los establecimienos penitenciarios y de la Dirección de la Niñez, Adolecencia y Familia (DINAF), para los centros de internamiento de niñas y niños.

En la presente Ley debe entenderse por señal todos los tipos de frecuencia radioelectrónica inalámbrica que permita cualquier forma de comunicación, ya sea transmisión de voz, datos o imágenes, tales como: telefonía celular, analógica o digital, telefonía satelital, sistemas de transmisión inalámbricas como ser WiFi, WiMax, Bluetooth, Sistemas de Posicionamiento Global (GPS), entre otras. Dichas soluciones técnicas… El costo… En los…”

ARTÍCULO 7.-

Reformar los artículos 27, 33 en su párrafo tercero y 41 del Decreto nº 243-2011, de fecha 08 de Diciembre de 2011, que contiene la LEY ESPECIAL SOBRE INTERVENCIÓN DE LAS COMUNICACIONES PRIVADAS, los que se leerán de la manera siguiente:

“ARTÍCULO 27.- CONTENIDO Y ENTREGA DE TRANSCRIPCIONES. La transcripción o sinopsis debe contener los datos necesarios para identificar la fuente de donde fue tomada y las circunstancias relativas a la intervención y deben ser entregadas en copias certificadas al Fiscal o Agente de la Procuraduría General de la República (PGR), asignado al caso cada siete (7) días, salvo que por razones de urgencia deba hacerse la entrega antes de este tiempo y una vez finalizado todo el proceso deben entregarlas en original al juez que ordenó la medida, en un plazo no mayor de veinte (20) días, bajo responsabilidad penal en caso de no hacerlo, adjuntando los soportes técnicos en los cuales esté guardada, grabada o registrada la información que respalda la transcripción. Los datos o informes que resulten de la intervención deben ser igualmente agregados a la investigación”.

“ARTÍCULO 33.- CREACIÓN DE LA UNIDAD DE INTERVENCIÓN DE LAS COMUNICACIONES (UIC)…

Estructura de U.I.C… Cuando los investigados, imputados a través de su Defensor o el Ministerio Público, requieran para sus alegatos, análisis de vinculaciones y hagan uso de peritos no oficiales, estos deben ser investidos por el órgano jurisdiccional competente en audiencia donde deben estar presentes las partes previamente notificadas”.

“ARTÍCULO 41. TRÁMITE DE LLAMADAS ENTRANTES Y SALIENTES. Para obtener el detalle de las llamadas entrantes y salientes requerido en un proceso de investigación se debe seguir el procedimiento de obtención a través de la Unidad de Intervención de las Comunicaciones (UIC), quien recibirá oficio remitido por el órgano jurisdiccional. No será objeto… Las empresas que brindan servicios de telefonía móvil y fija deben estar obligadas a garantizar sin limitaciones de días, horas y de personal técnico, el acceso de manera inmediata de los peritos especializados de la Unidad de Intervención de las Comunicaciones (UIC) a toda la información de la intervención y extracción que se pueda adquirir en un aparato telefónico, incluyendo realizar vaciados referentes al celdaje de las antenas, en el marco del control judicial”.

ARTÍCULO 8.-

Reformar el Artículo 2 y adicionar un nuevo Artículo denominado Artículo 2-A, en el Decreto nº 21-2014, de fecha 22 de abril de 2014, contentivo de la LEY DE RECOMPENSAS, el cual se leerá así:

“ARTÍCULO 2.- La Secretaría de Estado en el Despacho de Seguridad, la Dirección de Investigación e Inteligencia del Estado, la Policía Militar y del Orden Público y las Fuerzas Armadas (FFAA), pueden establecer pagos de recompensa por la información de aquellas personas que, sin haber intervenido en el delito, brinden datos útiles para lograr la aprehensión de quienes hubiesen tomado parte en la ejecución de los delitos. Para tal fin deben contar con los servicios de la línea 911 u otro que determine la autoridad con los estándares de seguridad, asimismo se deber crear la página Web de los más buscados en Honduras. La identidad…. El monto….”

“ARTÍCULO 2-A.- Se establece un pago de recompensa a aquellas personas que brinden información efectiva que produzca el comiso de dinero en efectivo, cuando se trate de asuntos de criminalidad organizada, crímenes de corrupción, a quien informe donde están los dineros que han sido saqueados del Estado, de criminalidad violenta protagonizada por grupos o bandas de delincuentes. El Consejo Nacional de Defensa y Seguridad debe definir el monto de dicha recompensa para lo cual debe elaborar la tabla correspondiente y emitir el reglamento que garantice la seguridad del informante”.

ARTÍCULO 9.-

Reformar los artículos 7, 8, 9, 10, 11,12,13, 15, 16, 18, 19, 20, 26, 27, 33, 38, 40, 46, 51, 56, 59, 66, 68, 73, 76, 83, 86, 88, 89, 91, 92, 114 y 115; Adicionar los artículos 18-A, 35-A, así como la denominación de la Sección I del Capítulo V, del Título II, la cual de ahora en adelante se denominará “DE LA LIBERTAD CONDICIONAL Y PRELIBERACIÓN”, 98-A, 98-B; y, Derogar los artículos 99, 106, 109, 110, 111, 112, 113 y 116, del Decreto nº 64-2012, de fecha 14 de mayo de 2012, contentivo de la LEY DEL SISTEMA PENITENCIARIO NACIONAL, los cuales se leerán así:

…

ARTÍCULO 10.-

Mientras se crean los centros de detención para los supuestos del último párrafo del Artículo 173 del Código Procesal Penal, dichas medidas se deben cumplir bajo la vigilancia o en la institución a la que pertenezca el encausado.

ARTÍCULO 11.-

El presente Decreto entrará en vigencia a partir del día de su publicación en el Diario Oficial “La Gaceta”.

Dado en la ciudad de Tegucigalpa, municipio del Distrito Central, en el Salón de Sesiones del Congreso Nacional, a los veintidós días del mes de febrero de dos mil diecisiete.

MAURICIO OLIVA HERRERA, PRESIDENTE

MARIO ALONSO PÉREZ LÓPEZ, SECRETARIO

JOSÉ TOMÁS ZAMBRANO MOLINA, SECRETARIO

Al Poder Ejecutivo

Por Tanto:

Ejecútese. Tegucigalpa, M.D.C., 27 de Febrero de 2017.

JUAN ORLANDO HERNÁNDEZ ALVARADO, PRESIDENTE DE LA REPÚBLICA

EL SECRETARIO DE ESTADO EN LOS DESPACHOS DE DERECHOS HUMANOS, JUSTICIA, GOBERNACIÓN Y DESCENTRALIZACIÓN. HECTOR LEONEL AYALA

24Sep/17

Law nº 20 of 2014 concerning Electronic Transactions

24 septiembre, 2017kuwait, LeyLaw nº 20 of 2014 concerning Electronic Transactions, Legislation kuwaitJosé Cuervo

– Having perused the constitution,

– Decree nº 5 of 1959 for the real estate registration law and its amending laws.

– The penal law promulgated by law nº 16 of 1960 and its amending laws.

– The penal procedures and trials law promulgated by law nº 17 of 1960 and its amending laws.

– The authentication law promulgated by Law nº 4 of 1961 and its amending laws.

– Law nº 5 of 1961 organizing legal relations with a foreign element.

– Law nº 32 of 1968 concerning cash, the Central Bank of Kuwait, regulation of the banking profession and its amending laws.

– The Decree Law nº 15 of 1979 concerning civil service and its amending laws.

– The Civil and Commercial Proceedings Law, promulgated by decree law nº 38 of 1980 and its amending laws.

– Decree law nº 39 of 1980 concerning proof in civil and commercial matters and its amending laws.

– The Civil Law issued under nº 67 of 1980 and its amending laws.

– The Law of Commerce promulgated by decree law nº 68 of 1980 and its amending laws.

– Law nº 22 of 1982 concerning civil information system.

– Law nº 51 of 1984 concerning civil status and its amending laws.

– Law nº 1 of 1993 concerning the protection of public funds and its amending laws.

– Law nº 64 of 1999 on the copyrights protection of intellectual property.

– Law nº 7 of 2010 concerning setting up the Capital Markets Authority and regulating the securities activity

– Law nº 7 of 2010 concerning setting up the Public Authority for AntiCorruption.

– And the Law Decree nº 24 of 2012 concerning the establishment of the Public Authority for Combating Corruption

– Companies Law Decree Law nº 25 of 2012 concerning companies Law.

– Law nº 106 of 2013 concerning Anti-Money Laundering and CounterTerrorism Financing

– Decree issued on 04.04.1979 concerning the civil service regulations

– Decree nº 266 of 2006 on the establishment of the Central Agency for Information Technology and the amending decrees.

– The National Assembly has approved the following Law, which we have ratified and promulgated.

Chapter One.- Definitions

Article 1

In the implementation of the provisions of this Law, the following words and expressions shall have the meanings set forth next to each of them as follows:

Electronic: Anything related to information technology having electrical, digital, magnetic, optical, electromagnetic capabilities or similar capabilities whether wired or wireless and the technologies developed in this field.

Electronic Writing: All letters, numbers, symbols or any other sings affixed to an electronic, digital, optical media or any other similar means that have an understood significance and can be retrieved later.

Electronic Data: Any data with electronic characteristics in the form of texts, symbols, sounds, drawings, pictures, computer programs or databases.

Electronic data processing system: An electronic system for the creation, entry, retrieval, sending, receiving, extraction, storage, display or processing of information or electronic messages.

Electronic Medium: An electronic means and mechanism used in electronic information storage.

Electronic Document or Record: A collection of data or information created, stored, extracted, copied, sent, communicated or received completely or partially via electronic means, either through a hard medium or any other electronic medium, and can be retrieved in perceivable form.

Electronic Message: Electronic data sent or received through electronic means regardless of the extraction method upon receipt.

Creator: The natural individual or juridical person that sends the document or record via an electronic message, or that is found to having created or sent the document or record before saving it. Shall not be considered a creator the person who provides services related to receiving, processing or saving the electronic document or record and other related services

Addressee: The natural individual or juridical person to whom the creator intended to send the document or record. Shall not be considered an addressee the person who provides services related to receiving, processing or saving the electronic document or record and other related services.

Electronic Transaction: Any transaction or agreement entered into or executed fully or partially via electronic means and correspondence.

Automated Electronic System: An electronic computer software or system especially designed to independently initiate an action or respond to an action, completely or partially, without the intervention or supervision of any natural person at the time of initiating an action or responding to the same.

Electronic Signature: The data that take the form of letters, numbers, symbols, signs or others. Such data is necessarily listed in, attached to or associated with an electronic document or record through electronic, digital, optical or other means. The data has the nature that identifie and distinguishes the person who signed the document or record.

Protected Electronic Signature: The electronic signature fulfilling the conditions of Article 19 of this law.

Electronic Signature Tool: A program or electronic data prepared uniquely to work independently or jointly with other programs and electronic data on placing the electronic signature of a certain person on the document. Such process includes any systems or devices that generate or capture unique data such as symbols, algorithms, letters, numbers, private keys or profile identification numbers or properties.

Signatory: The natural individual or juridical person who owns the data and tool for the creation of an electronic signature. He shall sign for himself or on behalf of his deputy or legal representative the electronic document, record or message using such tool and data.

Electronic Payment: The process of transferring and paying money via electronic means.

Means of Electronic Payment: The means through which the person can make electronic payments.

Financial Institution: The bank, financial company or investment company “financing activity” or exchange company subject to the supervision of the Central Bank of Kuwait or any instruction authorized to make cash transfers or electronic payments in accordance with the provisions of the applicable laws.

Illegal Record: Any financial record on the account of the customer as a result of an electronic message sent in his name without his knowledge, consent or authorization.

Authentication Services Provider: The natural individual or juridical person who is authorized or licensed by the competent authority to issue electronic authentication certificates, provide any other services or carry out tasks related thereto and to the electronic signatures and organized under the provisions of the law.

Electronic Authentication Certificate: A certificate issued by the licensee body, legalizing that the electronic signature is affixed by a specific person and confirming the relation between the person affixing the signature and the signature creation data, pursuant to accredited authentication procedures.

Time Stamp: The information provided by the authentication services provider, whereby the date and time of the creating, sending and receiving the electronic documents and messages is accurately specifies to be deemed an evidence against all.

The Competent Authority: The body which the state assigns to supervise the issuance of licenses necessary for carrying out electronic authentication and electronic signature services and other services in the field of electronic transactions and information.

Encryption: The process of converting a simple text, text document, or electronic message into encoded or scattered symbols that cannot be read without being decoded to the original status.

The Competent Minister: The minister assigned by the Council of Ministers.

Chapter Two.- General Provisions

Article 2

The provisions of this law shall govern the electronic records, messages, transactions, documents and signatures related to the civil, commercial and administrative transactions. They shall also govern any dispute arising out of the use of the same unless the parties agree otherwise or if it is found that another law is applicable.

However, the provisions of this law shall not apply to the following:

A) Transactions and issues related to personal status, endowment, and wills;

B) Real estate title deeds and the resulting original or consequential real rights;

C) Promissory notes and negotiable bills of exchange; and

D) Any event that the law requires to be expressed in a written document or to be documented or the making of which is subject to a specific provision in another law.

Article 3

Each of the electronic record, document, message, transaction and signature, in the field of civil, commercial and administrative transactions, shall have the same legal effects of written records, documents, and signatures in terms of its binding effect upon the parties thereto or its force as proof or evidence whenever carried out pursuant to the provisions of this law.

Article 4

No person is obliged to accept dealing through electronic means without his consent. The consent of the person shall be concluded through his positive behavior that the case circumstances shall leave no doubt in indicating. The approval of government bodies to electronic dealing should be explicit regarding the electronic data to which they are a party.

Article 5

The approval, acceptance and all matters related to contracting, including any amendment, or recantation in approval or acceptance, may be expressed wholly or partially via electronic transactions. The expression shall not lose its validity, effect or enforceability just because it has been carried out via one electronic correspondence or more.

Article 6

The hard copy of the electronic document or record shall be deemed an evidence against all before the court for the official document, and shall be deemed an evidence against the person who placed his electronic signature on the unoffical document to the extent each of them confirms to the original document. The same applies whenever the electronic document or record and the electronic signature are uploaded to the electronic medium in accordance with the conditions set forth in Articles 19 and 20 of this law.

Article 7

Provisions of the Law of Evidence in Civil and Commercial Matters shall govern the authentication of the official and unofficial electronic documents or records, their hard copies, the electronic signature and the electronic writing regarding what has not been provided for in this law or its executive bylaws.

Chapter Third.- Document or electronic record

Article 8

Two automated electronic systems including two electronic information systems or more may enter into a contract if such systems are pre-prepared and programmed to carry out such tasks. The contract shall be valid, in force and effective at law whenever its conditions have been fulfilled and whenever such systems carry out their tasks properly in spite of the absence of any personal or direct intervention by any natural person in the process of concluding the contract. The legal action may be completed between an electronic system, owned by a natural or a juridical person, and a natural person only if the later is aware or should have been aware of the fact that that system will complete this legal action.

Article 9

The electronic document or record effective at law should fulfill the following conditions together:

A) The electronic document or record should be saved the way it was created, sent or received, or in any other way easy to prove the accuracy of data contained therein upon creation, sending or receiving.

B) The data contained in the electronic document or record should be maintainable and storable so as to be retrieved at any time.

C) The data contained in the electronic document or record should identify the creator or sender, date and time of sending or receiving the same.

D) The document or record should be saved in an electronic format pursuant to the conditions and rules set by the competent authority to which supervision of this activity is subject.

The provisions of this Article shall not prejudice the provision of any other law which explicitly stipulates saving the document, record, data or information in a specific electronic format according to a specific electronic processing system or following specific procedures, or sending the same via a specific electronic medium. Additionally, the provisions of this Article shall not be incompatible with any additional requirements established by the government concerning the storage of electronic records subject to its jurisdiction.

Article 10

The data associated with the document or record for the purpose of facilitating its sending or receiving should not necessarily fulfill the conditions set forth in the preceding Article.

Any person may use the services of another person who obtains a license in storing and retrieving documents and data if required by law to be saved subject to the fulfillment of the conditions set forth in the preceding Article.

The provisions of the preceding Article shall not prejudice the provisions or other laws or any specific procedures established by the government concerning the storage of documents.

Article 11

A) If the creator has himself issued the document or record.

B) If the addressee has used an election data processing system, which he has already, agreed with the creator to be used for this purpose.

C) If the addressee has received the electronic document or record as a result of procedures done by any person who belongs to the creator or his representative who have access to the electronic means used by either of them to identify the creator.

The electronic document or report may not be deemed an evidence against the creator in the two following cases:

If a notice is served to the addressee informing him that the electronic document or record is not issued by the creator. Therefore, the addressee should act on the basis that the creator has not issued the document or record. The creator shall hold the responsibility for any consequences that occurred prior to the receipt of such notice unless proven that the electronic document or record is not actually issued by the creator.
If the addressee becomes aware or was able to learn that the creator did not issue the electronic document or record.
The addressee shall have the right to consider each electronic message received as an independent correspondence. He shall act accordingly unless he learnt or was able to learn, if he exercised the due diligence of the natural person or used any agreed procedure, that the electronic message was a duplicate.

Article 12

If the addressee is requested by the creator, by means of an electronic document or record, to serve a notice to the latter acknowledging the receipt of the electronic document or record or has agreed previously on the same, the addressee’s notice to the creator served through an electronic means or any other means, or the taking of any act or procedure indicating that he received the electronic document or record shall be considered a consent to that request or an implementation of the agreement.

If the creator makes the effect of the electronic document or record conditional upon receiving a notice from the addressee acknowledging receipt of the electronic document or register, the electronic document or register shall have no legal effect unless such notice is received.

If the creator requested the addressee to serve a notice acknowledging the receipt of the electronic document or record and the latter did not serve such notice, the creator shall have the right, within a reasonable period, to serve a warning to the addressee informing him that he should send a notice within a specific period. Otherwise, the electronic document or record will be deemed void if the creator did not receive the notice within this period.

The notice acknowledging the receipt shall not be considered in itself an indication that the content of the electronic document or record that received by the addressee is identical to the content of the electronic document or record sent by the creator.

Article 13

The electronic document or record shall not be binding to the addressee if the creator precludes the possibility of retrieving, printing, storing or maintaining the electronic document or record by the addressee.

Article 14

The electronic document or record may be kept for the purposes of evidence, documentation or any other purpose. The same shall be considered an evidence binding the parties thereto, all unless a specific provision in another law requires the keeping of a written evidence.

Article 15

The electronic document or record shall be deemed sent from the time it was entered into data processing system which is not subject to the control of the creator or the person who sent the electronic document or record on his behalf unless otherwise agreed between the creator and addressee.

If the addressee has agreed with the creator on the electronic data processing system for receiving the electronic document or record, the same will be deemed delivered when entered to the system. If the message was sent to a system other than the one agreed upon, it shall be deemed sent from the time it was sent for the first time by the creator and seen by the addressee.

If the addressee did not agree with the creator on processing system to receive data messages, the time of messages receipt shall be the time it was entered to the electronic data processing system of the addressee. This applies if the creator and addressee were not using the same electronic data processing system, then the sending in this case shall be deemed complete from the time this electronic document or record came into the attention of the addressee.

Article 16

The electronic document or record shall be deemed sent from the place where the creator’s headquarter is located, and shall be deemed received in the place where the addressee’s headquarter is located. If either has a headquarter, his place of residence shall be deemed his headquarter unless the creator of the electronic document or record and the addressee have agreed otherwise.

If the creator or the addressee had more than one headquarter, the headquarter more relevant to the transaction shall be deemed the place of sending or receipt. In case approximation was not possible, the principal headquarter of each shall be deemed the place of sending or receipt.

Article 17

The time stamp affixed by the authentication services provider on any electronic document or record that is electronically signed, shall be deemed an evidence of date and time of creating, sending and receiving the electronic document or record.

Chapter Four.- Electronic Signature

Article 18

The legal effect of the electronic signature shall not be disregarded in terms of its validity and applicability merely because it is in an electronic form. The protected electronic signature in the domain of civil, commercial and administrative transactions shall have the same effect allocated to the written signature as stipulates in the provisions of the Law of Evidence in Civil and Commercial Matters whenever the technical controls set out in this law and the Executive By-law hereof in respect of the creation and completion thereof have been observed.

Article 19

The signature shall be deemed a protected electronic signature if it meets the following conditions:

The possibility of identifying the signatory.

Exclusively linking the signature with the signatory himself.

The implementation of the signature using a sage signature tool under the exclusive control of the signatory himself at the time of signing.

The possibility of detecting any change in the data associated with the protected signature or in the relationship between the date and the signatory.

The Executive By-law of this law specifies the technical controls to do the same.

Article 20

The person who uses the protected electronic signature shall submit the electronic authentication certificate indicating the validity of the signature pursuant to the nature of limitations and conditions imposed on the certificate; while taking the steps required to verify the validity of the signature, and the certificate and the validity thereof, and subject to to any agreement or past dealing of the party who relies on such certificate and the party that has certified the data contained therein or the party to which the issue of the certificate is attributed.

Article 21

A) The signatory must take into account the following matters:

a) To take reasonable care and precaution to avoid the illegal use of his signature tool and data by others.

b) To initiate without delay to notify the competent authority or concerned persons, when he has sufficient evidence, that his electronic signature has been subject to unlawful use.

c) To pay careful attention in using the electronic authentication certificate, to ensure the accuracy and completeness of the significant data relevant to this certificate throughout the validity period thereof.

Article 22

The competent authority referred to shall regulate carrying out electronic authentication services and electronic signature services, and proceeds in particular with the following:

A) To issue and renew licenses necessary for the conduct of electronic authentication services and electronic signature services, monitor and supervise the activities of electronic authentication services providers pursuant to the provisions of the law, the Executive B-law thereof and regulations of the authority.

B) To specify the standards of the electronic verification and the electronic signature with a view to setting the technical specifications thereof.

C) To receive complaints concerning the electronic verification and the electronic signature and take the necessary action.

D) To verify the technical advice on the dispute that may arise between the parties concerned with electronic verification and the electronic signature activities.

Article 23

The Public Authority for Civil Information, in coordination with the competent authority, shall supervise the construction, design and management of the infrastructure of both the electronic authentication and signature in the State of Kuwait. The authorities set forth in the preceding Article of this law undertake the liaison and coordination with the Public Authority for Civil Information in accordance with the controls and conditions set by the Public Authority for Civil Information in coordination with the competent authorities in this regard.

Article 24

The activity of issuing electronic authentication certificates may not be carried out without obtaining the license from the competent authority pursuant to the procedures, conditions and guarantees set forth in the Executive By-Law of this Law. The licensee shall be responsible for the proper implementation of such procedures, conditions and guarantees. The said authority shall approve the foreign competent authorities in the field of electronic authentication certificates issuance in which case such certificates shall have the same strength as evidence allocated to the similar certificates issued by similar local issuers all pursuant to the rules and procedures set forth by the Executive Bylaw.

Article 25

The competent authority shall, at any time, in the case of any violations, issue a decisions to cancel the license, withdraw the accreditation of the foreign authority specialized in the issuance of electronic authentication certificates, to stop the force of either until removing causes of the violations, especially in the following two cases:

A) Violating the terms of the license or accreditation,

B) Losing any of the conditions or guarantees on the basis of which the license or accreditation was granted. And such shall be applied pursuant to the procedures and laws set forth in the Executive By-law of this law.

Chapter Five.- Use of the electronic documents and signatures by the government

Article 26

Without prejudice to any of the provisions of any other law, any governmental entity may, for the purpose of carrying out its competencies, do the following:

A) Accept the deposit, submittal, creation or maintenance of documents in the format of electronic documents or records.

B) Issue any permit, license, decisions or approval in the format of electronic documents or records.

C) Accept the fees or any other payments settled electronically.

D) Offer government tenders of any type and receive the offers electronically.

Article 27

If any governmental entity stipulates to perform any of the tasks set forth in the preceding Article electronically, it shall have the right to determine the following:

A) The method of format through which the electronic documents will be created, deposited, saved, submitted or issued without prejudice to the provisions of data privacy and protection.

B) The method, style, manner and procedures of offering tenders and receiving offers.

C) The type of the required electronic signature.

D) The method and format through which such electronic signature will be attached to the electronic document or record, as well as the standard to which the authentication service provider when it is given the document or record to maintain or deposit shall fulfill within the limit of standards and specifications set by the competent authority pursuant to Article 22 of this law and the Executive B-law thereof.

E) Appropriate control processes and procedures to ensure the integrity, security, and confidentiality of the electronic documents and records, payments or fees.

F) Any other properties, conditions or provisions which govern the process of sending paper documents, pursuant to what the Executive By-law of this law stipulates.

Chapter Six.- Electronic Payment

Article 28

Money transfer via electronic means is an acceptable way for settling payments. This law does not, in any way, affect the rights of others established under the laws or any other agreement.

Article 29

Any financial institution which carries out electronic payment business pursuant to the provisions of this law and the Executive By-Law therefore, and the regulations issued thereto, shall comply with the following:

A) Adhere to the provisions of Law nº 32 of 1968 concerning cash, the Central Bank of Kuwait, regulation of the banking profession and other laws and instructions issued in this regard, and Law nº 106 of 2013 Anti-Money Laundering and Counter-Terrorism Financing.

B) Take the necessary procedures for the provision of safe services to the customers and maintain the banking secrecy in accordance with the legal standards followed in this

Article 30

The customer shall not hold the responsibility of any illegal record on his bank account by electronic payment if he initiates to inform the financial institution, before making such record, that he stopped the force of his electronic signature due to concerns that others might have access to this account, that he may lose the electronic payment means, or that it has been found that others have access to his electronic signature

The customer shall hold the responsibility for any illegal usage of his account by electronic payment if it is proved that his negligence has led or contributed basically and that the institution has done its duty to prevent the illegal use of that account.

In electronic payments, no amendment or change shall be made to the electronic document or record once sent by the creator. Any cancellations must be done using an independent electronic document or record.

Article 31

The Central Bank shall issue the necessary instructions for the banking and financial institutions subject to its supervision regarding the regulation of electronic payment including the adoption of electronic payment means; the consequences of the record resulting from the illegal transfer; procedures of errors correction and disclosure of data, and any other matters related to electronic banking including the data which the Central Bank obliges the financial institutions to provide according to the law.

The penalties set forth in Article 85 of the said Law nº 32 of 1968 shall apply to the institution violating the instructions.

Chapter Seven.- Privacy and Data Protection

Article 32

In none of the causes authorized by law, governmental bodies, agencies, public institutions, companies, non-governmental bodied or employees thereof may not unlawfully access, disclose or publish any personal data or information registered in the records or systems of electronic processing related to positional affairs, personal status, health status or elements of the financial disclosure of persons or other personal information registered at the authorities referred to in this Article or employees thereof by virtue of their positions, unless such was done with the approval of the concerned person to which such data or information belong or his legal representative or by means of a reasoned judicial statement.

The institutions referred to in the above paragraph of this article shall state the purpose of collecting the mentioned data and information. The collection of such data and information shall be carried out within the limits of this stated purpose.

Article 33

Except for the personal data and information, which the government security bodies keep in its records and electronic processing systems for reasons of national security of the country, the person may request any of the above mentioned entities to access the personal data or information registered as set forth in the preceding article, if such information or data belong to him or any of his legal representatives. Hey may also obtain a formal extract of this data and information. The said bodies should respond his request.

The Executive By-law of this law sets forth the procedures and controls which govern the individual’s access of such personal data and information.

Article 34

Without prejudice to the provisions of preceding articles, government bodies, specific natural person and individuals may obtain from the bodies set forth in Article 32 above whatever they need of the information registered in their own records or electronic processing systems. Such shall be obtained subject to the approval of the concerned body after the verification of the applicant’s status, nature of this data or information, usefulness or purpose of the same of any other conditions deemed necessary.

The body to which the application is submitted, may reject the request and inform the applicant thereof within thirty days of submission. The lapse of the specifies period without deciding on the request will be considered a rejection thereof. The applicant may complain against the rejection decision to the president of the authority within sixty days from the date of his being notified of the rejection decision or the lapse of the period provided for in the preceding paragraph without deciding on the request.

The decisions of the head of the administrative body or the lapse of thirty days from the date of complain without deciding on the request shall be deemed a final decision of rejection.

The person who obtains any data pursuant to the provisions of this Article may not use the same for any purpose other than the purpose on which the body agreed to grant him the information.

The Executive By-law of this law sets forth the controls to be followed in this regard and the states fees thereof.

Article 35

All bodies mentioned in Article 32 may not do the following:

A) Collect, register, or process any personal data or information of these mentioned in Article 32 in illegal methods or way or without the consent of the concerned person or his representative.

B) Use the referred personal data or information registered in their documents or information system for purposes other than those to which it was collected.

The bodies shall do the following:

A) Verify the accuracy of personal information or data stated in Article 32 and registered in their information systems, complete and update the same regularly.

B) Take the appropriate measure to protect the personal data and information referred to in Article 32 against loss, damage, disclosure, replacement with incorrect data or information, or addition of untrue information thereto.

Article 36

A) Individuals are allowed to request the bodies referred to in Article 32 to delete or amend any of their personal data or information which the bodies keep in their records or electronic processing systems if they were found to be invalid or non-conforming with reality. The Individuals may also request such information to be replaced according to the amendments thereto.

B) The Executive By-law of this law sets forth the procedures and controls that must be followed regarding the requests submitted by individuals for the deletion or amendment of their personal data registered at one of the aforementioned bodies.

Chapter Eight.- Penalties

Article 37

Without prejudice to any stricter penalty stipulates by any other law, shall be punished with imprisonment for a period of three years as a maximum and a fine of no less than five thousand dinars and not exceeding twenty thousand dinars as, or either of them, any person who:

A) Deliberately and illegitimately logs-in the electronic data processing system, prevents access to the system, causes damage of the same, or obtains the numbers or data of credit cards or other electronic cards to be used to steal the funds of others.

B) Issues an electronic authentication certificate or carries out any of the electronic authentication services without first obtaining a licenses from the competent authority.

C) Cases damage or defect to an electronic signature, system, signature tool, document or record or forged any of the same by way of synthesis, modification or alteration in any other way.

D) Knowingly uses a defective or false electronic signature, system, signature tool, document or record.

E) Unlawfully access, by any means, an electronic signature, system, document or record, breaks into the system, hinders or vacates the performance of the same.

F) Violates the provisions of Article 32 and items “a and b” of the first paragraph of Article 35 of this law. The tools, programs or devices used in the commission of this crime may be confiscated without prejudice to the rights of persons acting in good faith.

In all cases, the summary of the final judgment of convention shall be published in two daily newspapers issued in Arabic Language at the expense of the convicted person. The same shall be published on the open electronic communication network in accordance with the rules set forth by the Executive By-law. The punishment shall be doubled in the event where any of the said crimes is repeated.

Article 38

Shall be punished by imprisonment for a period of one year as a maximum and a fine not less than thousand dinars and not exceeding ten thousand dinars as a maximum, or either of them, any licensee who obtains the license for providing electronic authentication services if he provides any incorrect data in the application for registration submitted to the competent authority or violates the terms of the license.

Article 39

Without prejudice to the personal criminal responsibility of the perpetrator, the person responsible for the actual management of the juridical person shall be punished with the same penalties for the acts committed in violation of the provisions of this law if his negligence and breach of duties imposed by such managed have contributed to the occurrence of the crime knowingly. The juridical person shall be jointly responsible for the judged financial penalties and compensation if the violation was committed by one of the employees working on behalf of this person or for him.

Article 40

The public prosecution alone shall have jurisdiction over investigation, action and pleading in the crimes set forth under this Law and related crimes.

Article 41

The competent personnel who are specifies by the competent minister in a resolution issued by him, shall have the judicial power to monitor the implementation of this law, by-laws and decisions implementing the same; write the necessary minutes in case of violation of its provisions; and forward the same to the public prosecution for investigation and taking action.

Article 42

The public prosecution may accept the request for a conciliation submitted by the person who has committed, for the first time, one of the crimes provided for in this law whenever the accused submits a conciliation request to the public prosecution, and pays an amount of one thousand dinars to the treasury of the court before referring the case to the competent court. The acceptance of the conciliation request shall terminate the criminal case and all the effects thereof.

Article 43

The provisions of this law shall not be included in the provisions of special legislations.

Article 44

The competent minister shall issue the Executive By-law of this Law within a period of six months from the date of its publication in the Official Gazette.

Article 45

The prime minister and ministers, each within his field of jurisdiction, shall enforce this law.

Article 46

This Law shall be published and shall be effective from the date of the publishing hereof in the Official Gazette.

Amir of Kuwait

Sabah Al-Ahmad Al-Jabber Al-Sabah

Issued at Al-Seif Palace on 11 Rabi Al-Akhir 1435 AH Corresponding to: 11 February 2014 AD

24Sep/17

Law nº 47/2007. Law on Securing the Right to Information Access

24 septiembre, 2017Jordania, LeyLaw Jordan, Law nº 47/2007. Law on Securing the Right to Information AccessJosé Cuervo

Article 1

This Law shall be nominated “Law on Securing the Right to Information Access 2007”, and come into force as of the date it is published in the Official Gazette.

Article 2

Unless the context otherwise so requires, the following words and sentences wherever mentioned in the present Law shall have the meanings attributed thereto below:

Information: any oral or written data, written, copied, recorded or electronically stored records, statistics or documents or stored by any other means falling within the scope of the control or liability of the official in charge.

Classified Documents: any oral information or written, printed, typed or electronically or otherwise stored documents, documents printed on waxed or copying paper, recording tapes or solar films, films, schemes or the like that are classified as confidential or protected under the provisions of the applicable legislations.

Ordinary Documents: any unclassified documents under the control or the liability of the official in charge.

Department: the ministry, department, authority, entity or any public institution, public official institution or company that is in charge of the management of a public facility.

Official in Charge: the ministers, chairman or director of the department.

Board: the information board formed under the Provisions of the herein law.

Chairman: the Chairman of the Board/Minister of Culture.

Information Commissioner: the Director of the National Library Department along with his/her base position.

Article 3

a) A board shall be formed by virtue of the herein Law under the name of Information Board, to be formed as follows:

Minister of Culture Chairman
Information Commissioner Vice-Chairman
Secretary General of Ministry of Justice Member
Secretary General of Ministry of Interior Member
Secretary General of the Media Higher Council Member
Director of Public Statistics Department Member
Director of National Information Technology Center Member
Director of the Armed Forces Abstract Direction Member
Human Rights Commissioner Member

b) The Chairman and the Members of the Board have no right to any remunerations from the State’s Treasury.

Article 4

The Board shall be competent to the following tasks and terms of reference:

a) The Board shall ensure the provision of information for their requesters within the limits of this Law.

b) The Board shall consider the complaints submitted thereto by the information requesters and resolve the same as per the instructions made for this purpose.

c) The Board shall approve the information request forms.

d) The Board shall issue bulletins and undertake appropriate activities to explain and enhance the right of knowledge and obtaining information culture.

e) The Board shall approve the annual report on the enforcement of the right of obtaining information submitted by the Information Commissioner and present the same to the Prime Minister.

Article 5

a) The Board shall meet at least once a month or whenever it is necessary to do so by convention by the Chairman or Vice-chairman or at the request of at least four 4 members of the Board to consider the matters set out in this request.

b) The meeting shall only be valid if it is attended by at least five 5 members, including the Chairman or the Vice-Chairman, and resolutions are made either unanimously or by majority of the members’ votes.

c) The Board has the right to invite any person of competence or expertise to attend its meetings without having the right to vote on decision-making.

Article 6

a) The Information Commissioner shall be competent to the following tasks and terms of reference:

The Information Commissioner shall prepare the Information Request Form in cooperation with the Department and submit the same to the Board.
The Information Commissioner shall prepare the instructions related to the acceptance, resolution and submission of complaints to the Board for resolution.
The Information Commissioner shall receive complaints from the Information requesters and present the same to the Board for resolution.
The Information Commissioner shall take administrative and professional procedures required for the execution of the duties and powers vested therein.

b) The “National Library Department” shall render the administrative and professional services required to fulfill the duties and liabilities vested in the Board and Information Commissioner under the Provisions of this Law.

Article 7

Subject to the provisions of the applicable legislations, each Jordanian citizen has the right to obtain the information he/she requires according to the Provisions of this Law should he/she has a lawful interest or justification.

Article 8

The Official in Charge shall facilitate the obtaining of information and ensure the prompt disclosure thereof in the manner set forth in this Law.

Article 9

a) The information request shall be presented in the form approved for this purpose, including the requester’s name, domicile, profession and any other data, as the Boars may deem necessary.

b) The requester shall clearly set forth the subject of the information he/she desires.

c) The Official in Charge shall reply to or reject the request within thirty 30 days as of the date following the date of request submission.

d) In case the request is rejected, the resolution shall be justifiable and the refrainment from reply within the set period shall be deemed as a decision of rejection.

Article 10

No information bearing the nature of religious, racial, ethnic, sexual or color discrimination shall be requested.

Article 11

a) The requester shall bear the cost emerging from the photocopy of the requested information required by technological means and the requester may peruse the information if this information is stored in a manner that is impossible to copy.

b) In case a part of this information is classified and the other part is not, the request shall be replied within the limits set forth in the Provisions of this Law.

c) In case the information is classified, the classification of the same shall be preceding to the date of information request.

Article 12

In case the information required is unavailable or destroyed by the passage of time, the Official in Charge shall clarify the matter to the requester.

Article 13

Subject to the provisions of the applicable legislations, the Official in Charge shall refrain from the disclosure of the information related to:

a) The secrets and documents protected under another legislation.

b) The documents classified as confidential and protected and to be granted by an agreement with another country.

c) The secrets related to national defense, state security or foreign policy.

d) The information that includes analysis, recommendations, proposals or consultations to be submitted to the Official in Charge before a decision is made in their concern. This includes the correspondences or information exchanged between the different governmental departments.

e) The personal information and files related to educational or medical persons, professional records, bank accounts and transfers and professional confidentialities.

f) The correspondences with personal or confidential nature, whether in the form of post, cable, phone call or any other technological means, with governmental departments and the replies thereto.

g) The information whose disclosure will affect negotiations between the Kingdom and any other state or authority.

h) The investigations made by the prosecution, judicial system or security authorities concerning any crime or lawsuit within their scope of power, as well as the investigations made by the appropriate authorities for unveiling financial, customs or banking breaches, unless the appropriate authority permits the disclosure thereof.

i) The information with commercial, industrial or economic nature, information on scientific bids or researches or technology, whose disclosure will lead to the violation of its copyright, rights of intellectual property or fair or lawful competition or to illegal profit or loss for any person.

Article 14

a) Each department shall index and organize the information and documents as per professional and technical practices and classify the part thereof as confidential and protected according to the legislations in force within a period not exceeding three 3 months as of the date of their being gazetted.

b) In case the execution of the Provisions of Paragraph a of the this Article is incomplete within the period set forth, the Official in Charge shall obtain the approval of the Prime Minister for extending this period for a period not exceeding three 3 months.

Article 15

When the Director of the National Library department assumes the terms of reference of the Information Commissioner beside his/her base profession, his/her legal liability shall be limited to the information kept with his/her department.

Article 16

The Official in Charge may delegate any of his/her powers under this Law to any of the senior staff of the Department, provided that such delegation should be fixed and in writing.

Article 17

a) The Higher Justice Court shall be appropriate to regard the information request rejection decision, provided that the requester should file the lawsuit against the Official in Charge within thirty 30 days as of the date following the expiry of the period given under this Law to have the request approved, rejected or refrained.

b) The Requester may file a complaint against the Official in Charge to the Board by the Information Commissioner in case of his/her rejection or the Official in Charge’s refrainment from the provision of the information required within the legally fixed period.

c) The Board shall make a decision concerning the complaint within thirty 30 days as of its date of submission, otherwise, the complaint shall be deemed rejected, which complaint shall cut the date of the challenge filed against the Official in Charge under Paragraph a of this Article and the duration of challenge shall commence as of the date on which the complainer is informed of his/her complaint rejection or the expiry date of the duration for the decision of the Board on the complaint.

Article 18

A decree by the Prime Minister shall fix any amount received by the Department for the copying of the information required, based on the Board’s point of view.

Article 19

The Cabinet shall issue the rules required to put in place the Provisions of this Law, including the rule that fixes the protected documents that may be disclosed and kept for a period no less than thirty 30 years.

Article 20

The Prime Minister and the Ministers shall execute the Provisions of this Law.

23Sep/17

Constitutión of The Arab Republic of Egypt January 18, 2014

23 septiembre, 2017Constitución, Egipto2014, Constitución Egipto, Constitutión of The Arab Republic of Egypt January 18, Derecho Informatico EgiptoJosé Cuervo

In the Name of Allah, Most Gracious, Most Merciful
This is Our Constitution, Egypt is the gift of the Nile for Egyptians and the gift of Egyptians to humanity.

With its unique location and history, Egypt is the Arab heart of the world. It is the meeting point of world civilizations and cultures and the crossroads of its maritime transportation and communications. It is the head of Africa on the Mediterranean and the estuary of its greatest river: the Nile.

This is Egypt, an immortal homeland for Egyptians, and a message of peace and love to all peoples.

In the outset of history, the dawn of human conscience arose adn shone forth in the hearts of our great ancestors, whose goodwill banded together to found the first central State that regulated and organized the life of Egyptians on the banks of the Nile. It is where they created amazing wonders of civilization, and where their hearts looked up to heavens before earth knew the three
Abrahamic religions.

Egypt is the cradle of belief and the banner of glory of the revealed religions.

On its land, Prophet Moses – to whom Allah spoke – grew up and on Mount Sinai, the Revelation of Allah shone on his heart and Divine message descended.

On its land, Egyptians harbored in their bosoms Virgin Mary and her baby and offered thousands of martyrs in defense of the Church of Jesus, Peace Be Upon Him.

When the Seal of the Messengers Mohammad (Peace and Blessings Be Upon Him) was sent to all mankind to perfect the sublime morals, our hearts and minds were opened to the light of Islam, and we, labeled the best soldiers on Earth fighting for the cause of Allah, disseminated the message of truth and sciences of religion across the world.

This is Egypt, a homeland in which we live and in our souls it lives.

In modern age, minds were enlightened, humanity became mature, and nations and peoples progressed on the path of knowledge, raising the banners of freedom and equality. Mohamed Ali founded the modern Egyptian State with a national army as its pillar. Refaa, the Azharian, called for having the homeland “… a place of happiness shared by all its people.” We, Egyptians, strived to keep up with the pace of advancement and offered up martyrs and made sacrifices in several uprisings and revolutions until our patriotic army stood up for the overwhelming will of the people in the “Jan 25 – June 30” Revolution that called for freedom, human dignity and social justice for all, and for Egypt to regain its independent will.

This revolution is continuation of national struggle whose brightest symbols were Ahmed Oraby, Mostafa Kamel, and Mohamed Farid, and is a culmination of two great revolutions in our modern history:

The 1919 revolution that had rid Egypt and the Egyptians of the British protection, established the principle of citizenship and equality for all the people. Its leader, Saad Zaghloul, and his successor, Mosfata El-Nahhas, in adopting democracy asserted that “Right is above power and the nation is above government”. During this revolution, Talaat Harb laid down the cornerstone of the national economy.

The July 23, 1952 revolution led by Gamal Abdel Nasser and embraced by the popular will rendered true the dream of generations for independence and evacuation of foreign forces. Egypt affirmed its Arab allegiance, opened up to its African continent and Muslim world, supported liberation movements across continents, and took firm steps on the path of development and social justice.

This revolution is an extension of the revolutionary march of Egyptian patriotism, and enhances the strong bond between the Egyptian people and their national army that assumed the duty and shouldered the responsibility of protecting the homeland, by virtue of which we achieved victory in our greatest battles including driving off the 1956 Tripartite Aggression to defeating our defeat through the glorious victory of October 1973 that gave President Sadat a special place in our recent history.

Compared to major revolutions in the history of mankind, the Jan 25 – June 30 Revolution is unique with its high density of popular participation – estimated to be in the tens of millions – and the prominent role of youth aspiring at a brighter future. It is also unique in that the masses transcended class and ideology divides to reach out to more expansive horizons, the people’s will was defended by their army, and that it had the blessings of Al-Azhar and the Egyptian church. This Revolution is further unique because of its peacefulness and ambition to achieve freedom and social justice combined.

This revolution is both a sign and a good omen; a sign of a past that is still present and a good omen of a future at which all humanity aspires.

The world is about to turn the last few leaves of this era that has been torn up by conflicts of interest between the East and the West, and the North and the South; an era where disputes and wars erupted between classes and peoples, where dangers grew threatening the existence of mankind and life on Earth which Allah entrusted us to preserve. As humanity hopes to move from the age of maturity to the age of wisdom to build a new world where truth and justice prevail, and where freedoms and human rights are protected, we, Egyptians, believe that our revolution is a resumption of our contribution to drafting a new history for humanity.

We believe that we are capable of using the past as an inspiration, stirring up the present, and making our way to the future. We are capable of raising this homeland and rising with it.

We believe that every citizen is entitled to live in this homeland safe and secure, and that every citizen has the right to live at present and in the future.

We believe in democracy as a path, a future, and mode of living, political pluralism and the peaceful rotation of power. We affirm the right of the people to make and determine their future. The Egyptian people, is the sole source of authority. Freedom, human dignity, and social justice are the rights of every citizen. We and our future generations are masters in a sovereign homeland that is master of its destiny.

We are now drafting a Constitution that embodies the dream of generations for a prosperous consolidated society and a just State that realizes the present and future ambitions for the individual and the community.

We are now drafting a Constitution that seeks the completion of building a modern democratic State having a civil government.

We are drafting a Constitution that prevents any corruption or tyranny and by which we heal the wounds of the past, from the days of the old Eloquent Peasant to the victims of negligence and the martyrs of the revolution in our present time, and relieve our people who have – for long – been suffering injustice.

We are drafting a Constitution that affirms that the principles of Islamic Sharia are the principal source of legislation, and that the reference for the interpretation of such principles lies in the body of the relevant Supreme Constitutional Court Rulings.

We are drafting a Constitution that paves the way to the future for us, and which is consistent with the Universal Declaration of Human Rights which we participated in drafting and adopted.

We are drafting a Constitution that maintains our freedom and protects our nation against any peril that threatens it or our national unity.

We are drafting a Constitution that holds all of us equal in rights and duties without discrimination of any kind.

We the citizens, women and men, the Egyptian people, sovereigns in a sovereign homeland, this is the manifestation of our volition, this is the Constitution of our revolution.

This is our Constitution.

Part I.- The State

Article (1)
The Arab Republic of Egypt is a sovereign, united, indivisible State, where no part may be given up, having a democratic republican system that is based on citizenship and rule of law.

The Egyptian people are part of the Arab nation seeking to enhance its integration and unity. Egypt is part of the Islamic world, belongs to the African continent, cherishes its Asian dimension, and contributes to building human civilization.

Article (2)
Islam is the religion of the State and Arabic is its official language. The principles of Islamic Sharia are the main source of legislation.

Article (3)
The principles of Christian and Jewish Sharia of Egyptian Christians and Jews are the main source of legislations that regulate their respective personal status, religious affairs, and selection of spiritual leaders.

Article (4)
Sovereignty belongs only to the people, who shall exercise and protect it. The people are the source of powers, and safeguard their national unity that is based on the principles of equality, justice and equal opportunities among all citizens, as stated in the Constitution.

Article (5)
The political system is based on political and partisan pluralism, peaceful rotation of power, separation and balance of powers, the inevitable correlation between powers and responsibilities, and respect for human rights and freedoms, as stated in the Constitution.

Article (6)
Nationality is a right to anyone born to an Egyptian father or an Egyptian mother, and legal recognition through official papers proving his/her personal data, is a right guaranteed and regulated by Law.

Requirements for acquiring nationality shall be specified by law.

Part II.- Basic Components of the Society

Chapter One.- Social Components

Article (7)
Al-Azhar is an independent Islamic scientific institution, with exclusive competence over its own affairs. It is the main reference for religious sciences and Islamic affairs. It is responsible for calling to Islam, as well as, disseminating religious sciences and the Arabic language in Egypt and all over the world.

The State shall provide sufficient financial allocations thereto so that it can achieve its purposes.

Al-Azhar’s Grand Sheikh is independent and may not be dismissed. The Law shall regulate the method of appointing the Grand Sheikh from amongst the members of Council of Senior Scholars.

Article (8)
Society is based on social solidarity.

The State shall achieve social justice and provide the means to achieve social interdependence, in order to ensure a decent life for all citizens, as regulated by Law.

Article (9)
The State shall ensure equal opportunities for all citizens without discrimination.

Article (10)
The family is the nucleus of society, and is founded on religion, morality, and patriotism. The State shall ensure its cohesion, stability and the establishment of its values.

Article (11)
The State shall ensure the achievement of equality between women and men in all civil, political, economic, social, and cultural rights in accordance with the provisions of this Constitution.

The State shall take the necessary measures to ensure the appropriate representation of women in the houses of representatives, as specified by Law. The State shall also guarantee women’s right of holding public and senior management offices in the State and their appointment in judicial bodies and authorities without discrimination.

The State shall protect women against all forms of violence and ensure enabling women to strike a balance between family duties and work requirements.

The State shall provide care to and protection of motherhood and childhood, female heads of families, and elderly and neediest women.

Article (12)
Work is a right, duty and honor guaranteed by the State. No citizen may be forced to work except as required by Law and for the purpose of performing a public service for a fixed period in return for a fair consideration, and without prejudice to the basic rights of those obliged to carry out such work.

Article (13)
The State shall protect workers’ rights and strive to build balanced work relationships between both parties to the production process. It shall ensure means for collective negotiations, protect workers against work risks, guarantee the fulfillment of the requirements of security, safety and occupational health, and prohibit unfair dismissal, all as regulated by Law.

Article (14)
Public offices are a competence-based right for all citizens without bias or favoritism, and are deemed a mandate to serve the people. The State shall ensure the rights and protection of public servants and that they perform their respective duties in serving the interests of the people. They may not be dismissed without disciplinary procedures except in the cases specified by Law.

Article (15)
Peaceful strike is a right regulated by Law.

Article (16)
The State shall honor the martyrs of the nation; shall care for revolution-wounded persons, veterans and wounded warriors, families of those missing in war and its equivalents, and persons wounded in security operations, as well as their wives, children and parents; and shall strive to provide all of them with job opportunities, all as regulated by Law.

The State shall encourage the participation of the civil society organizations in achieving those objectives.

Article (17)
The State shall ensure that social insurance services are provided.

All citizens who do not benefit from the social insurance system have the right to social security, in a manner that ensures a decent life in the event of being incapable to provide for themselves and their families, as well as in cases of incapacity to work, old age or unemployment.

In accordance with Law, the State shall strive to provide suitable pensions to small farmers, agricultural workers and fishermen, and irregular labor.

The funds of social insurance and pensions are deemed private funds that enjoy all aspects and forms of protection afforded to public funds. Those funds along with their returns are the rights of their respective beneficiaries; they shall be safely invested, and shall be managed by an independent entity in accordance with the Law.

The State shall guarantee social insurance and pension funds.

Article (18)
Every citizen has the right to health and to comprehensive health care which complies with quality standards. The State shall maintain and support public health facilities that provide health services to the people, and shall enhance their efficiency and their equitable geographical distribution.

The State shall allocate a percentage of government spending to health equivalent to at least 3% of Gross National Product (GNP), which shall gradually increase to comply with international standards.

The State shall establish a comprehensive health insurance system covering all diseases for all Egyptians; and the Law shall regulate citizens’ contribution to or exemption from its subscriptions based on their income rates.

Refusing to provide any form of medical treatment to any human in emergency or lifethreatening situations is a crime.

The State shall improve the conditions of physicians, nursing staff, and health sector workers.

All health facilities as well as health-related products, materials and means of advertisement shall be subject to State control. The State shall encourage the participation of private and nongovernmental sectors in providing health care services according to the Law.

Article (19)
Every citizen has the right to education. The goals of education are to build the Egyptian character, preserve the national identity, root the scientific method of thinking, develop talents and promote innovation, establish cultural and spiritual values, and found the concepts of citizenship, tolerance and non-discrimination. The State shall observe the goals of education in the educational curricula and methods, and provide education in accordance with international quality standards.

Education is compulsory until the end of the secondary stage or its equivalent. The State shall provide free education in the various stages in the State’s educational institutions according to the Law.

The State shall allocate a percentage of government spending to education equivalent to at least 4% of the Gross National Product (GNP), which shall gradually increase to comply with international standards.

The State shall supervise education to ensure that all public and private schools and institutes abide by its educational policies.

Article (20)
The State shall encourage and develop technical and technological education as well as vocational training, and expand all their types in accordance with international quality standards and in accordance with labor market needs.

Article (21)
The State shall guarantee the independence of universities and scientific and linguistic academies, and provide university education in accordance with international quality standards.

It shall develop and ensure free provision of, university education in State universities and institutes according to the Law.

The State shall allocate a percentage of government spending to university education equivalent to at least 2% of the Gross National Product (GNP), which shall gradually increase to comply with international standards.

The State shall encourage the establishment of non-profit, non-governmental universities. The State shall guarantee the quality of education in private and non-governmental universities, ensure that they comply with international quality standards and the = build their own faculty members and researchers, and allocate a sufficient percentage of their returns to educational and research development.

Article (22)
Teachers, and faculty members and their assistants, are the main pillars of education. The State shall guarantee the development of their academic competencies and professional skills and shall care for their financial and moral rights in order to ensure the quality of education and achieve its goals.

Article (23)
The State shall ensure freedom of scientific research and encourage scientific research institutions as a mean to achieve national sovereignty and build a knowledge economy. The State shall sponsor researchers and inventors and allocate a percentage of government spending to scientific research equivalent to at least 1% of the Gross National Product (GNP), which shall gradually increase to comply with international standards.

The State shall ensure effective means of contribution by private and non-governmental sectors and the participation of Egyptian expatriates in the progress of scientific research.

Article (24)
Arabic Language, Religious Education and National History, in all its stages, are core subjects in public and private pre-university education. Universities shall teach human rights and professional values and ethics of the various academic disciplines.

Article (25)
The State shall develop a comprehensive plan to eradicate alphabetical and digital illiteracy among citizens of all ages. The State shall develop its implementation mechanisms with the participation of civil society organizations within a definite timeline.

Article (26)
The creation of civil titles is prohibited.

Chapter Two.-Economic Components

Article (27)
The economic system aims at achieving prosperity through sustainable development and social justice so as to raise the real growth rate of the national economy and the standard of living, increase job opportunities, reduce unemployment rates and eliminate poverty.

The economic system shall adhere to transparency and good governance standards; enhance pillars of competitiveness, encourage investment, ensure balanced geographical, sectorial, and environmental growth, prohibit monopolistic practices, maintain financial and trade balances and a fair tax system, in the context of a regulated economy guaranteeing the various types of ownership and striking a balance between the interests of various stakeholders preserving the rights of workers and protecting consumers.

From a social perspective, the economic system shall ensure equal opportunities and fair distribution of development returns, reduce the differences among incomes and adhere to a minimum wage and pension ensuring a decent life, as well as a maximum one in State agencies for every salaried employee according to the Law.

Article (28)
The productive, service and information related economic activities are key components of the economy. The State shall protect them and strive to increase their competiveness; provide investment-attracting environment, increase productivity, encourage exports, and regulate imports.

The State shall pay special attention to small, medium and micro enterprises in all fields, and shall regulate and rehabilitate the informal sector.

Article (29)
Agriculture is a basic component of the economy.

The State shall protect and expand agricultural land, and shall criminalize encroachments thereon. It shall develop rural areas; raise the standard of living of their population and protect them from environmental risks; and shall strive to on develop agricultural and animal production and encourage industries based thereon.

The State shall provide agricultural and animal production requirements, and shall buy basic agricultural crops at suitable prices generating profit margins for farmers in agreement with agricultural unions, syndicates and associations. The State shall also allocate a percentage of reclaimed lands to small farmers and youth graduates, and protect farmers and agricultural workers against exploitation. All the foregoing shall be as regulated by Law.

Article (30)
The State shall protect fish resources, as well as protect and support fishermen and empower them to carry out their work without jeopardizing ecosystems, as regulated by Law.

Article (31)
The security of cyberspace is an integral part of the economic system and national security. The State shall take the necessary measures to preserve it as regulated by Law.

Article (32)
The State’s natural resources belong to the people. The State shall preserve and effectively exploit them, may not deplete them, and shall observe the rights of future generations to them. The State shall make the best use of renewable energy sources, motivate investment therein, and encourage relevant scientific research. The State shall encourage the manufacture of raw materials and increase their added value as per economic feasibility.

Disposing of State’s public properties is prohibited. Granting the right of exploitation of natural resources or public utility concessions shall be by virtue of a law for a period not exceeding thirty (30) years.

Granting the right of exploitation of quarries, small mines and slatterns, or granting public utility concession shall be based on a law for a period not exceeding fifteen (15) years.

The Law shall define provisions of disposing of the State’s private properties as well as the regulating rules and procedures.

Article (33)
The State shall protect ownership with its three types: the public, the private and the cooperative.

Article (34)
Public properties are inviolable and may not be infringed upon. Protection thereof is a duty according to the Law.

Article (35)
Private properties shall be protected, and the right to inheritance thereto is secured. It is not permissible to impose guardianship thereon except in the cases defined by Law and by virtue of a court judgment. Expropriation shall be allowed only in the public interest and for its benefit, and against fair compensation to be paid in advance according to the Law.

Article (36)
The State shall motivate the private sector to undertake its social responsibility in serving the economy and society.

Article (37)
Cooperative ownership shall be protected. The State shall give due care to cooperatives, and the Law shall guarantee their protection, support and independence.

It is prohibited to dissolve cooperatives or their board of directors except by virtue of a court judgment.

Article (38)
The tax system, as well as other public liabilities, aim at developing State resources and achieving social justice and economic development.

Public taxes may not be created, altered, or cancelled except by a law; and exemption therefrom may only be made in the cases defined by the law. No person may be required to pay other taxes or fees except as provided for in the Law.

Multi sources shall be observed in imposing taxes. Progressive multi bracket taxes shall be imposed on incomes of individuals according to their respective financial capabilities. Taxation system shall ensure promoting labor-intensive economic activities and motivating their role in the economic, social and cultural development.

The State shall improve the taxation system and develop modern systems that guarantee efficiency, easiness and control in tax collection. The Law shall define the methods and tools of collecting taxes, charges and any other sovereign proceeds, and amounts thereof to be deposited into the State public treasury.

Tax payment is a duty and tax evasion is a crime.

Article (39)
Saving is a national duty protected and encouraged by the State that shall guarantee savings, as regulated by the law.

Article (40)
General confiscation of properties is prohibited.

Specific confiscation is impermissible except by virtue of a court judgment.

Article (41)
The State shall implement a population program aiming at striking a balance between population growth rates and available resources; and shall maximize investments in human resources and improve their characteristics in the framework of achieving sustainable development.

Article (42)
Workers shall have a share in the management and profits of enterprises according to the law, and shall develop production and implement the respective plans of their productive units.

Preserving production tools is a national duty.

Workers shall be represented by 50% of the elected members of the boards of directors of public sector units. Their representation in the boards of directors of public enterprise sector companies shall be subject to the Law.

The Law shall regulate the representation of small farmers and craftsmen with a mínimum representation percentage of 80% in the boards of directors of agricultural, industrial and handicraft cooperatives.

Article (43)
The State shall protect and develop the Suez Canal and preserve it as an international waterway owned by the State. The State shall also develop the Canal sector as a distinguished economic center.

Article (44)
The State shall protect the River Nile, preserve Egypt’s historical rights thereto, rationalize and maximize its use, and refrain from wasting or polluting its water. The State shall also protect groundwater; adopt necessary means for ensuring water security; and support scientific research in that regard.

Every citizen is guaranteed the right to enjoy the River Nile. It is prohibited to trespass the riverbank reserve or harm the riverine environment. The State shall guarantee eliminating any trespass against the River Nile as regulated by Law.

Article (45)
The State shall protect its seas, shores, lakes, waterways and natural protectorates.

Trespassing, polluting or misusing any of them is prohibited. Every citizen is guaranteed the right of enjoying them. The State shall protect and develop the green space in the urban areas; preserve plant, animal and fish resources and protect those under the threat of extinction or danger; guarantee humane treatment of animals, all according to the law.

Article (46)
Every person has the right to a sound healthy environment. Environment protection is a national duty. The State shall take necessary measures to protect and ensure not to harm the environment; ensure a rational use of natural resources so as to achieve sustainable development; and guarantee the right of future generations thereto.

Chapter Three.- Cultural Components

Article (47)
The State shall maintain the Egyptian cultural identity with its diversified branches of civilization.

Article (48)
Culture is a right to every citizen. The State shall secure and support this right and make available all types of cultural materials to all strata of the people, without any discrimination based on financial capability, geographic location or others. The State shall give special attention to remote areas and the neediest groups.

The State shall encourage translation from and into Arabic.

Article (49)
The State shall protect and preserve monuments and give due care to monumental sites.

It shall also maintain and restore them; recover stolen antiquities; and organize and supervise excavation operations.

Presenting monuments as gifts or exchanging them is prohibited.

Aggression against or trafficking in monuments is a crime that is not subject to prescription.

Article (50)
Egypt’s civilization and cultural heritage, whether physical or moral, including all diversities and principal milestones – namely Ancient Egyptian, Coptic, and Islamic – is a national and human wealth. The State shall preserve and maintain this heritage as well as the contemporary cultural wealth, whether architectural, literary or artistic, with all diversities. Aggression against any of the foregoing is a crime punished by Law. The State shall pay special attention to protecting components of cultural pluralism in Egypt.

Part III.- Public Rights, Freedoms & Duties

Article (51)
Dignity is the right of every human being and may not be violated. The State shall respect and protect human dignity.

Article (52)
Torture in all forms and types is a crime that is not subject to prescription.

Article (53)
All citizens are equal before the Law. They are equal in rights, freedoms and general duties, without discrimination based on religion, belief, sex, origin, race, color, language, disability, social class, political or geographic affiliation or any other reason.

Discrimination and incitement of hatred is a crime punished by Law.

The State shall take necessary measures for eliminating all forms of discrimination, and the Law shall regulate creating an independent commission for this purpose.

Article (54)
Personal freedom is a natural right, shall be protected and may not be infringed upon. Except for the case of being caught in flagrante delicto, it is not permissible to arrest, search, detain, or restrict the freedom of anyone in any way except by virtue of a reasoned judicial order that was required in the context of an investigation.

Every person whose freedom is restricted shall be immediately notified of the reasons therefore; shall be informed of his/her rights in writing; shall be immediately enabled to contact his/her relatives and lawyer; and shall be brought before the investigation authority within twenty four (24) hours as of the time of restricting his/her freedom.

Investigation may not start with the person unless his/her lawyer is present. A lawyer shall be seconded for persons who do not have one. Necessary assistance shall be rendered to people with disability according to procedures prescribed by Law.

Every person whose freedom is restricted, as well as others, shall have the right to file grievance before the court against this action. A decision shall be made on such grievance within one (1) week as of the date of action; otherwise, the person must be immediately released.

The Law shall regulate the provisions, duration, and causes of temporary detention, as well as the cases in which damages are due on the state to compensate a person for such temporary detention or for serving punishment thereafter cancelled pursuant to a final judgment reversing the judgment by virtue of which such punishment was imposed.

In all events, it is not permissible to present an accused for trial in crimes that may be punishable by imprisonment unless a lawyer is present by virtue of a power of attorney from the accused or by secondment by the court.

Article (55)
Every person who is either arrested, detained, or his freedom is restricted shall be treated in a manner that maintains his dignity. He/she may not be tortured, intimidated, coerced, or physically or morally harmed; and may not be seized or detained except in places designated for that purpose, which shall be adequate on human and health levels.

The State shall cater for the needs of people with disability.

Violating any of the aforementioned is a crime punished by Law.

An accused has the right to remain silent. Every statement proved to be made by a detainee under any of the foregoing actions, or threat thereof, shall be disregarded and not be relied upon.

Article (56)
A prison is a place of correction and rehabilitation.

Prisons and places of detention shall be subject to judiciary supervision, where actions inconsistent with human dignity or which endanger human health shall be prohibited.

The Law shall regulate the provisions of reform and rehabilitation of convicted persons and facilitating decent lives after their release.

Article (57)
The right to privacy may not be violated, shall be protected and may not be infringed upon.

Postal, telegraphic and electronic correspondences, telephone calls, and other means of communication are inviolable, and their confidentiality is guaranteed.

They may not be confiscated, revealed or monitored except by virtue of a reasoned judicial order, for a definite period, and only in the cases defined by Law.

The State shall protect citizens’ right to use all forms of public means of communications.

Interrupting or disconnecting them, or depriving the citizens from using them, arbitrarily, is impermissible. This shall be regulated by Law.

Article (58)
Privacy of homes is inviolable. Except for cases of danger or call for help, homes may not be entered, inspected, monitored or eavesdropped except by a reasoned judicial warrant specifying the place, the time and the purpose thereof. This is to be applied only in the cases and in the manner prescribed by Law. Upon entering or inspection, the residents of houses must be apprised and have access to the warrant issued in this regard.

Article (59)
Everyone has the right to a safe life. The State shall provide security and reassurance for its citizens and all those residing in its territory.

Article (60)
The human body is inviolable and any assault, deformation or mutilation committed against it shall be a crime punishable by Law. Organs trade shall be prohibited, and it is not permissible to perform any medical or scientific experiment thereon without a certified free consent according to established principles in medical sciences and as regulated by Law.

Article (61)
Tissue and organ donation is a gift for life. Every person shall have the right to donate his body organs either during his lifetime or after his death by virtue of consent or a certified will. The State shall develop a mechanism regulating the rules of organ donation and transplantation in accordance with the Law.

Article (62)

Freedom of movement, residence and emigration shall be guaranteed.

No citizen may be expelled from the State territory or prevented from returning thereto.

No citizen may be prevented from leaving the State territory, paced under house arrest or prevented from residing in a certain place except by a reasoned judicial order for a specified period of time and in the cases as defined by the Law.

Article (63)
All forms and types of arbitrary forced displacement of citizens shall be prohibited and shall be a crime that does not lapse by prescription.

Article (64)
Freedom of belief is absolute.

The freedom of practicing religious rituals and establishing worship places for the followers of Abrahamic religions is a right regulated by Law.

Article (65)
Freedom of thought and opinion is guaranteed.

Every person shall have the right to express his/her opinion verbally, in writing, through imagery, or by any other means of expression and publication.

Article (66)
Freedom of scientific research is guaranteed. The State is committed to sponsor researchers and inventors and to provide protection for and endeavor to apply their innovations.

Article (67)
Freedom of artistic and literary creativity is guaranteed. The State shall encourage arts and literature, sponsor creative artists and writers and protect their productions, and provide the means necessary for achieving this end.

No lawsuit may be initiated or filed to stop or confiscate any artistic, literary, or intelectual works, or against their creators except by the Public Prosecutor. No freedom restricting sanction may be inflicted for crimes committed because of the publicity of artistic, literary or intelectual product. As for crimes related to the incitement of violence, discrimination between citizens, or impingement of individual honor, the Law shall specify the penalties therefore.

In such cases, the court may obligate the sentenced to pay punitive compensation to the victim of the crime, in addition to the original compensations due to the victim for the damages incurred.

All the foregoing shall be in accordance with the Law.

Article (68)
Information, data, statistics and official documents are the property of the People and the disclosure thereof from their various sources is a right guaranteed by the State for all citizens.

The State is committed to provide and make them available to citizens in a transparent manner.

The Law shall regulate the rules for obtaining them and terms for their availability and confidentiality; the rules for their deposit and storage; and the rules for and filing complaints against the refusal to provide them. The Law shall also impose penalties for withholding information or deliberately providing wrong information.

The State institutions shall deposit official documents with the National Library and Archives once they are no longer in use. The State institutions shall also protect, and secure such documents against loss or damage, as well as restoring and digitizing them using all modern means and instruments according to the Law.

Article (69)
The State shall protect all types of intellectual property rights in all fields, and establish a specialized agency to uphold such rights and their legal protection as regulated by Law.

Article (70)
Freedom of the press, printing and paper, visual, audio and electronic publication is guaranteed.

Every Egyptian – whether being natural or legal, public or private person – shall have the right to own and issue newspapers and establish visual, audio and digital media outlets.

Newspapers may be issued once notification is given as regulated by Law. The Law shall regulate the procedures of establishing and owning visual and radio broadcast stations and online newspapers.

Article (71)
It is prohibited to censor, confiscate, suspend or shut down Egyptian newspapers and media outlets in any way. By way of exception, they may be subject to limited censorship in times of war or general mobilization.

No freedom restricting penalty shall be imposed for publication or publicity crimes. As for crimes related to the incitement of violence, discrimination between citizens, or impingement of individual honor, the Law shall stipulate the penalties therefor.

Article (72)
The State shall ensure the independence of all State-owned press institutions and media outlets, in a manner ensuring their neutrality and presentation of all political and intellectual opinions and trends as well as social interests and also guaranteeing equality and equal opportunities in addressing public opinion.

Article (73)
Citizens shall have the right to organize public meetings, marches, demonstrations and all forms of peaceful protests, without carrying arms of any kind, by serving a notification as regulated by Law.

The right to peaceful and private assembly is guaranteed without need for prior notification.

Security forces may not attend, monitor or eavesdrop on such meetings.

Article (74)
All citizens shall have the right to form political parties by notification as regulated by Law. No political activity may be practiced and no political parties may be formed on the basis of religión or discrimination based on sex, or origin, or on sectarian basis or geographic location. No activity that is hostile to democratic principles, secretive, or of military or quasi-military nature may be practiced.

Political parties may not be dissolved except by virtue of a court judgment.

Article (75)
All citizens shall have the right to form non-governmental associations and foundations on democratic basis, which shall acquire legal personality upon notification.

Such associations and foundations shall have the right to practice their activities freely, and administrative agencies may not interfere in their affairs or dissolve them, or dissolve their boards of directors or boards of trustees save by a court judgment.

The establishment or continuation of non-governmental associations and foundations, whose statutes or activities are secretive or conducted in secret or which are of military or quasi-military nature is prohibited as regulated by Law.

Article (76)
The establishment of syndicates and federations on democratic basis is a right guaranteed by Law. Syndicates and federations shall acquire legal personality, shall have the right to practice their activities freely, shall improve the level of efficiency among their members and defend their rights and interests.

The State shall guarantee the independence of all syndicates and federations and their boards of directors may only be dissolved by a court judgment.

No syndicate or federation may be established in the military or police agencies.

Article (77)
The Law shall regulate the establishment of professional syndicates and the administration thereof on a democratic basis, shall guarantee their independence and shall specify their resources and the manner of recording their members, and holding them accountable for their conduct in practicing their professional activities according to the codes of ethics and professional conduct.

No profession may have more than one syndicate for the regulation of its affairs. Receivership may not be imposed on any syndicate. Administrative bodies may not interfere in the affairs thereof. The board of directors of any syndicate may not be dissolved save by a court judgment.

The opinion of the syndicate shall be sought on draft legislations pertaining to it.

Article (78)
The State shall ensure the citizens’ right to adequate, safe and healthy housing in a manner which preserves human dignity and achieves social justice.

The State shall devise a national housing plan which upholds the environmental particularity and ensures the contribution of personal and collaborative initiatives in its implementation. The State shall also regulate the use of State lands and provide them with basic utilities within the framework of comprehensive urban planning which serves cities and villages and a population distribution strategy. This is to be applied in a manner serving the public interest, improving the quality of life for citizens and safeguards the rights of future generations.

The State shall also devise a comprehensive national plan to address the problem of unplanned slums, which includes re-planning, provision of infrastructure and utilities, and improvement of the quality of life and public health. In addition, the State shall guarantee the provision of resources necessary for implementing such plan within a specified period of time.

Article (79)
Each citizen has the right to healthy and sufficient food and clean water. The State shall ensure food resources to all citizens. The State shall also ensure sustainable food sovereignty and maintain agricultural biological diversity and types of local plants in order to safeguard the rights of future generations.

Article (80)
Anyone under the age of 18 shall be considered a child. Each child shall have the right to a name, identity documents, free compulsory vaccination, health and family or alternative care, basic nutrition, safe shelter, religious education, and emotional and cognitive development.

The State shall ensure the rights of children with disabilities, their rehabilitation and their integration in the society.

The State shall provide children with care and protection from all forms of violence, abuse, mistreatment and commercial and sexual exploitation.

Every child shall be entitled to acquire early education in a childhood center until the age of six.

It is prohibited to employ children before the age of completing their preparatory education (six years of primary and three years of preparatory) or in jobs which subject them to danger.

The State shall also develop a judicial system for children that have been victims and or are witnesses. Children may not be held criminally accountable or detained save as provided in the Law and for the period of time specified therein. In such a case, they shall be provided with legal assistance and detained in appropriate locations separate from those allocated for the detention of adults.

The State shall endeavor to achieve the best interest of children in all measures taken against them.

Article (81)
The State shall guarantee the health, economic, social, cultural, entertainment, sporting and educational rights of persons with disabilities and dwarves, strive to provide them with job opportunities, allocate a percentage of job opportunities to them, and adapt public facilities and their surrounding environment to their special needs. The State shall also ensure their exercise of all political rights and integration with other citizens in compliance with the principles of equality, justice and equal opportunities.

Article (82)
The State shall guarantee the provision of care to the youth and youngsters shall endeavour to discover their talents; develop their cultural, scientific, psychological, physical and creative abilities, encourage their engagement in group and volunteer activities and enable them to participate in public life.

Article (83)
The State shall guarantee the health, economic, social, cultural and entertainment rights of the elderly people, provide them with appropriate pensions which ensure a decent life for them, and enable them to participate in public life. In its planning of public facilities, the State shall take into account the needs of the elderly. The State shall encourage civil society organizations to participate in taking care of the elderly people.

All the foregoing is to be applied as regulated by Law.

Article (84)
Everyone has the right to exercise sports. The State institutions and civil society shall endeavor to discover and sponsor the talented athletes and take the necessary measures to encourage the exercise of sports.

The Law shall regulate the affairs of sports and non-governmental sporting agencies in accordance with international standards and shall regulate the manner of settling sporting disputes.

Article (85)
Every individual shall have the right to address public authorities in writing and under his own signature. Public authorities may not be addressed in the name of any groups except for any entity having a legal personality e.

Article (86)
Protecting national security is a duty. The responsibility of all parties to uphold national security is guaranteed by the Law .

Defending the nation and the protection of its land are an honor and a sacred duty.

Military service is mandatory according to the Law.

Article (87)
Participation of citizens in the public life is a national duty. Every citizen shall have the right to vote, run for elections, and express his/her opinion in referendums. The Law shall regulate the exercise of these rights. There may be exemption from the performance of this duty in certain cases to be specified by Law.

The State shall be responsible for entering the name of each citizen in the voters database without request therefrom provided he/she satisfies the conditions for voting. The State shall also purge this database on a periodic basis in pursuance of the Law. The State shall guarantee the safety, neutrality and integrity of referendum and election procedures. It is prohibited to use public funds, government agencies, public facilities, worship places, business sector institutions and non-governmental organizations and institutions for political purposes or election publicity.

Article (88)
The State shall safeguard the interests of Egyptians living abroad, protect them and protect their rights and freedoms, enable them to perform their public duties towards the State and society, and encourage their contribution to the development of the nation.

The Law shall regulate the participation of Egyptians living abroad in elections and referéndums in a manner consistent with their particular circumstances, without being restricted by the provisions of voting, counting of ballots and announcing of results, set forth in this Constitution.

This is without prejudice to providing guarantees to ensure the integrity and neutrality of the election and referendum process.

Article (89)
All forms of slavery, oppression, forced exploitation of human beings, sex trade, and other forms of human trafficking are prohibited and criminalized by Law.

Article (90)
The State shall encourage the charitable endowment system for the establishing and sponsoring of scientific, cultural, health, social institutions and others, and shall ensure the Independence thereof. The affairs of such institutions shall be managed in accordance with the conditions set by the person who created the endowment, as regulated by Law.

Article (91)
The State may grant political asylum to any foreigner persecuted for defending the interests of people, human rights, peace or justice.

Extradition of political refugees is prohibited. All of the foregoing shall be according to the Law.

Article (92)
Inalienable rights and freedoms of citizens may not be suspended or reduced.

No law regulating the exercise of rights and freedoms may restrict such rights and freedoms in a manner prejudicing the substance and the essence thereof.

Article (93)
The State shall be bound by the international human rights agreements, covenants and conventions ratified by Egypt, and which shall have the force of law after publication in accordance with the prescribed conditions.

Part IV.- Rule of Law

Article (94)
The rule of law shall be the basis of governing in the State.

The State shall be governed by Law. The independence, immunity and impartiality of the judiciary are essential guarantees for the protection of rights and freedoms.

Article (95)
Penalties are personal. There shall be no crime or punishment except pursuant to a law, and a penalty may only be inflicted by a court judgment. Penalty shall only be imposed for acts committed after the effective date of the law imposing it.

Article (96)
The accused person is presumed innocent until proven guilty in a fair legal trial in which the right to defend himself is guaranteed.

The law shall regulate the appeal of judgments passed on felonies.

The State shall provide protection to victims, witnesses, accused and informants as necessary and in accordance with the Law.

Article (97)
Litigation is a right that is safeguarded and an inalienable right for all. The State shall guarantee the accessibility of judicature for litigants and rapid adjudication on cases. It is prohibited to immunize any administrative act or decision from judicial review. No person may be tried except before the ordinary judge. Exceptional courts are prohibited.

Article (98)
The right of defense either in person or by proxy is guaranteed. The independence of the legal profession and the protection of its rights is a guarantee for the right of defense.

The law shall provide all means by which those who are financially unable can resort to justice and defend their rights.

Article (99)
Any violation of personal freedom, or the sanctity of the private life of citizens, or any other public rights and freedoms which are guaranteed by the Constitution and the Law is a crime. The criminal and civil lawsuit arising of such crime shall not abate by prescription. The affected party shall have the right to bring a direct criminal action.

The State shall guarantee fair compensation for the victims of such violations. The National Council for Human Rights may file a complaint with the Public Prosecution of any violation of these rights, and it may intervene in the civil lawsuit in favor of the affected party at its request.

All of the foregoing is to be applied in the manner set forth by Law.

Article (100)
Court judgments shall be issued and enforced in the name of the People. The State shall guarantee the means of the enforcement thereof as regulated by Law. Refraining from or delay in the enforcement of such judgments by the competent public servants is a crime punishable by Law. In such a case, the party in favor of whom the judgment is passed shall have the right to bring a direct criminal action before the competent court.. The Public Prosecution shall, at the request of the party in favor of whom the judgment is passed, initiate criminal action against the public servant refraining from executing the judgment or interrupting such execution.

Part V.- The System of Government

Chapter One.- The Legislative Power (House of Representatives)

Article (101)
In the manner stated in the Constitution, the House of Representatives is entrusted with the authority to enact legislations and approve the general policy of the State, the general plan of economic and social development and the State budget. It exercises oversight over the actions of the executive power.

Article (102)
The House of Representatives is composed of no less than four hundred and fifty members elected by direct secret public ballot.

A candidate for the membership of the House must be an Egyptian citizen, enjoying civil and political rights, a holder of at least the certificate of basic education, and should not be below 25 Gregorian years of age on the day of opening candidacy registration.

Other candidacy requirements, the electoral system, and division of electoral constituencies shall be defined by law in a manner which observes fair representation of the population and governorates and equitable representation of voters. Elections based on the plurality voting system or proportional list, or a combination of both at whatsoever ratio may be adopted.

The President of the Republic may appoint no greater than 5% of the members, the method of nomination thereof shall be stipulated by Law.

Article (103)
A member of the House of Representatives shall devote him/herself on a full time basis for the tasks of membership and his/her post shall be reserved for him/her in accordance with the Law.

Article (104)
As a condition for undertaking his/her duties, a House of Representatives member shall take the following oath: “I swear by The Almighty God to loyally uphold the republican system, respect the Constitution and the Law, fully uphold the interests of the People, and to safeguard the independence of the nation and the integrity and safety of .”

Article (105)
A House of Representatives member shall receive a remuneration determined by Law. In case the remuneration is changed, such change will only come into force at the commencement of the legislative term following the one during which the change was adopted.

Article (106)
The term of membership in the House of Representatives is five calendar years, commencing from the date of its first session.

Elections for a new House of Representatives shall be held during the sixty days preceding the end of the term of previous House.

Article (107)
The Court of Cassation shall have jurisdiction over the validity of membership in the House of Representatives. Appeals shall be submitted to the Court of Cassation within a period not exceeding thirty days from date on which the final election results are announced. Appeals shall be adjudicated within sixty days from the date of the receipt thereof.

In the event that a judgment declares a membership invalid, the invalidity of the membership shall be effective as of the date on which the court judgment is notified to the House.

Article (108)
In case a seat of a House of Representatives becomes vacant at least six months prior to the expiry of his tenure, the vacant position must be filled in accordance with Law within sixty days from the date on which the House reports the vacancy.

Article (109)
Throughout its membership tenure, no House of Representatives member may, whether in person or by proxy, buy, rent or lease any asset owned by the State or a public-law legal persons or a public sector company or a public enterprise sector company; sell to or barter with the state any part of its own property or conclude a contract with the State as a vendor, supplier, contractor or otherwise as set out by Law. Any of such acts shall be void.

A member must submit a financial estate disclosure upon taking membership and at the end of membership and at the end of each year of membership.

In case a House of Representatives member receives cash or in-kind gift because of or in connection with his/her membership, title thereto shall devolve to the State public treasury.

All the foregoing shall be as regulated by Law.

Article (110)
Membership in the House of Representatives may only be dropped or cancelled if a member has lost confidence and esteem or ceases to satisfy any membership condition based on which he was elected or if he has violated the duties of membership.

The decision of cancellation must be issued by a majority of two-thirds of the members of the House of Representatives.

Article (111)
The House of Representatives shall accept resignation of its members, which must be submitted in writing. To be accepted, a resignation must not be submitted after the House has initiated procedures for cancelling the membership of the resigning member.

Article (112)
A House of Representatives member shall not be held accountable for any opinions expressed concerning the performance of his duty in the House or its committees.

Article (113)
Except in cases of flagrante delicto, it shall be prohibited to take any criminal action, under the Articles of felonies and misdemeanors, against a House of Representatives member without the prior permission from the House. In case the House of Representatives is not in session, a permission must be obtained from the House’s Bureau, and the House must be notified at its first session.

In all cases, a decision should be taken on any motion for permission to take legal action against a House of Representatives member within thirty days; otherwise, the motion shall be deemed accepted.

Article (114)
The seat of the House of Representatives shall be in Cairo.

However, in exceptional circumstances, the House may hold its sessions elsewhere, at the request of the President of the Republic or one-third of the members of the House of
Representatives.

Any meetings held otherwise and any resolutions passed thereby shall be void.

Article (115)
The President of the Republic shall invite the House of Representatives for its annual ordinary session before the first Thursday of October; failing such invitation, the House is required by the Constitution to meet on the stated day.

The ordinary session shall continue for at least nine months. The President of the Republic shall bring each session to close with the approval of the House. This shall not be permissible except after State’s General Budget has been approved.

Article (116)
At the President of the Republic’s request or upon a motion signed by at least one tenth of the House members, the House of Representatives may hold an extraordinary meeting to consider an urgent issue.

Article (117)
At the first meeting of its annual regular session, the House of Representatives shall elect, from among its members, a speaker and two deputies for the full legislative term. If the office of any of the aforementioned persons becomes vacant, a substitute shall be elected by the House. The House’s internal regulations shall provide for the rules and procedures of election. If any of the aforementioned persons fails to fulfill the duties of his office, one-third of the House members may request to relieve him of his office. The relevant decision shall be issued by a majority of two-thirds of the members.

In all cases, neither the Speaker nor any of the two deputies may be elected for more than two consecutive legislative terms.

Article (118)
The House of Representatives shall set its own internal regulations of its work and the manner of exercising its authorities and maintaining order therein. Such internal regulations shall be issued by a law.

Article (119)
The House of Representatives shall be competent to maintain order therein and this duty shall be incumbent upon the Speaker of the House.

Article (120)
The sessions of the House of Representatives shall be held in public.

The House may hold a secret session at the request of the President of the Republic, the Prime Minister, the Speaker of the House, or at least twenty of the House members. By the majority of its members, the House shall decide whether the discussion in question is to be conducted in a public or a secret session.

Article (121)
The meetings of the House and resolutions passed thereby shall not be deemed valid unless attended by the majority of its members.

In cases other than those requiring a special majority, resolutions shall be passed by the absolute majority of the members present. In case there is a tie of votes, the subject matter in deliberation shall be deemed rejected.

Laws shall be issued by the absolute majority of the members present, provided that such majority constitutes not less than one third of the House members.

The Laws deemed complementary to the Constitution shall be issued by a majority of of two thirds of the House members. Laws regulating presidential or parliamentary or municipal elections, political parties, the judiciary, related to judicial bodies and judicial organizations, and those regulating the rights and freedoms stipulated in the Constitution shall be deemed complementary to the Constitution.

Article (122)
The President of the Republic, the Cabinet, and every House member shall have the right to propose laws.

Every bill presented by the government or one tenth of the House members shall be referred to the competent specialized committees of the House for review and submission of a report to the House. A committee may seek the opinion of experts on the matter in question.

No bill presented by a member can be referred to the specialized committee unless it has been permitted by the committee responsible for proposals and approved by the House. If the committee responsible for proposals rejects a bill, it must provide a reasoned decision.

Any bill or proposed law rejected by the House may not be re-presented during the same legislative term.

(Article 123)
The President of the Republic has the right to issue laws or reject them.

If the President of the Republic objects to a draft law approved by the House of Representatives, he/she shall refer it back to the House of Representatives within thirty (30) days as of the date when the House of Representatives notified the President of such approval. If the President does not refer the draft law back to the House of Representatives within this period, the draft law shall be deemed a Law and shall be issued.

If the draft law is referred back to the House of Representatives within the aforementioned period and approved again by a majority of two-thirds of its members, it shall be deemed a Law and shall be issued.

Article (124)
The State budget shall include all of its revenues and expenditures without exception. The draft budget shall be submitted to the House of Representatives at least ninety (90) days before the beginning of the fiscal year; and shall not be effective unless approved thereby. Voting thereon shall be made on a section-by-section basis.

The House of Representatives may alter the expenditures stated in the draft budget, except for those allocated to honor a specific State liability.

Should such alteration result in an increase in total expenditures, the House of Representatives must reach an agreement with the Government on the means to procure sources of revenue so as to restore a balance between both. The State budget shall be issued by a law which may include an amendment of another existing law to the extent necessary to achieve such balance.

In all cases, the budget law may not include any provision that puts new burdens on citizens.

The Law shall specify the fiscal year, the method of preparing the State budget, and the
provisions of the budgets of public bodies and organizations and their accounts.

The House of Representatives must approve the transfer of any funds from one section of the State budget to another, as well as any expenditure not included therein or in excess of its estimate. Such approval shall be issued by a law.

Article (125)
The final accounts of the State budget must be submitted to the House of Representatives within a period not exceeding six (6) months as of the end of the fiscal year. The annual report of the Central Auditing Organization (CAO) and the latter’s notes on the final accounts shall be submitted therewith.

The final accounts shall be put to vote on a section-by-section basis and shall be issued by a law.

The House of Representatives has the right to ask CAO for any additional data or reports.

Article (126)
The Law shall regulate the basic rules for the collection of public funds and the procedures for their disbursement.

Article (127)
The executive power may not obtain a loan or funding or engage in a project that is not listed in the approved State budget which entails expenditure from the State treasury within a subsequent period, except with the approval of the House of Representatives.

Article (128)
The Law shall specify the rules for setting salaries, pensions, indemnities, subsidies, and bonuses which are paid from the State treasury; and shall set out the cases in which exception from such rules may be made, as well as, the authorities in charge of their application.

Article (129)
Every member of the House of Representatives may direct any question to the Prime Minister, or one of his/her deputies, or a minister, or one of his/her deputies on any matter that falls within their respective authorities; and the latter must respond to such question during the same anual session.

The member may withdraw the question at any time. A question may not be converted to an interrogation in the same session.

Article (130)
Every member of the House of Representatives may direct an interrogation to the Prime Minister, or one of his/her deputies or a minister or one of his/her deputies in order to hold them accountable for matters that fall within their respective authorities.

The House of Representatives shall discuss the interrogation at least seven (7) days after its submission, within a maximum of sixty (60) days, except in cases of urgency as determined by the House and agreed by the Government.

Article (131)
The House of Representatives may decide to withdraw confidence from the Prime Minister, or one of his/her deputies or a minister or one of his/her deputies.

Filing a motion of no confidence may not be made except after an interrogation and upon a proposal submitted by at least one-tenth of the members of the House of Representatives. The House of Representatives shall issue a decision after considering the interrogation. Withdrawal of confidence requires the affirmative vote of a majority of the House members.

In all cases, a no-confidence motion may not be filed in connection with an issue that has already been decided upon in the same annual session.

If the House of Representatives decides to withdraw confidence from the Prime Minister, or one of his/her deputies, or a minister or one of his/her deputies, with whom the Government has announced its solidarity with before voting, then that Government must resign. If the noconfidence resolution concerns a certain member of the Government, that member must resign.

Article (132)
At least 20 members of the House of Representatives may request the discussion of a public issue for the purpose of seeking a clarification on the Government’s policy relating to such issue.

Article (133)
Any member of the House of Representatives may present a proposed recommendation on a public issue to the Prime Minister or one of his/her deputies, or a minister or one of his/her deputies.

Article (134)
Every member of the House of Representatives may submit an early day motion or urgent statement to the Prime Minister or one of his/her deputies, or a minister or one of his/her deputies in relation to urgent matters of public importance.

Article (135)
The House of Representatives may form a special fact-finding committee or entrust one of its existing committees with finding facts on a public matter or inspect the activities of an administrative body, public agency or public projects, for the purpose of finding facts on a specific issue, and inform the House of Representatives of the true financial, administrative or economic status, or to conduct investigations on a past activity or otherwise. The House of Representatives shall decide what it deems appropriate in this regard.

In order to carry out its mission, such a committee may collect the evidence it deems necessary and may summon individuals to give statements. All bodies shall comply with the committee’s requests and place at its disposal all the documents, evidence, or anything otherwise required.

In all cases, every member of the House of Representatives is entitled to obtain any data or information from the executive power which is related to its performance of his/her duties at the House of Representatives.

Article (136)
The Prime Minister and his deputies, and the ministers and their deputies may attend the sessions of either the House of Representatives or any of its committees. Their attendance shall be obligatory if requested by the House. They may seek assistance from senior officials of their choice.

They must be heard whenever they request to speak. They must answer questions relating to issues under discussion, without having the right to vote.

Article (137)
The President of the Republic may not dissolve the House of Representatives except in cases of necessity, by a reasoned decision and following a public referendum. The House of Representatives may not be dissolved for the same reason which caused the dissolution of the previous House.

The President of the Republic shall issue a decision to suspend the sessions of the House and hold a referendum on the dissolution within no more than twenty days. If the voters agree by majority of valid votes, the President of the Republic shall issue the decision of dissolution, and call for new elections within no more than thirty days from the date of the stated decision. The new House shall convene within the ten days following the announcement of final the results.

Article (138)
Every citizen may submit written proposals to the House of Representatives regarding public issues, and may also submit complaints to the House of Representatives to be referred to the competent ministers. If the House of Representatives so requests, the Minister must provide clarifications, and the concerned person shall be informed of the result.

Chapter Two.- The Executive Power

Branch I.- The President of the Republic

Article (139)
The President of the Republic is the head of State and the head of executive power. He shall care for the interests of the people, safeguard the independence of the nation and the territorial integrity and safety of its lands, abide by the provisions of the Constitution, and assume his authorities as prescribed therein.

Article (140)
The President of the Republic shall be elected for a period of four calendar years, commencing from the day following the termination of the term of his predecessor. The President may only be reelected once.

The procedures for electing the President of the Republic shall be initiated at least one hundred twenty days prior to the end of the presidential term. The result must be announced at least thirty days prior to the end of such term.

The President of the Republic may not hold any partisan position throughout his presidential term.

Article (141)
A presidential candidate must be an Egyptian born to Egyptian parents, and neither he or his parents or his spouse may have held any other nationality. He must enjoy civil and political rights, must have performed the military service or have been exempted therefrom by law, and shall not be less than forty calendar years of age on the day of commencing candidacy registration. Other requirements for candidacy shall be set out by Law.

Article (142)
To be accepted as a candidate for the presidency, candidates must receive the recommendation of at least twenty elected members of the House of Representatives, or support from at least twenty five thousand citizens enjoying the right to vote, in at least fifteen governorates, with a mínimum of one thousand supporter from each governorate.

In all cases, no one can support more than one candidate as regulated by Law.

Article (143)
The President of the Republic shall be elected by direct secret ballot, with an absolute majority of valid votes.

Procedures for electing the President of the Republic are regulated by Law.

Article (144)
As a condition for assuming his duties, the President of the Republic shall take the following oath before the House of Representatives: “I swear by The Almighty God to loyally uphold the republican system, respect the Constitution and the Law, fully uphold the interests of the People and to safeguard the independence of the nation and the integrity and safety of its territories.”

In case of the absence of the House of Representatives, the oath shall be taken before the General Assembly of the Supreme Constitutional Court.

Article (145)
The salary of the President of the Republic shall be determined by Law. The President may not receive any other salary or remuneration. No modification to the salary may come into effect during the presidential term during which it is approved. Throughout his presidential term, the President may not, whether in person or by proxy, be self-employed, engage in commercial, financial or industrial activity, buy, rent or lease any property owned by the state or by a publiclaw legal person, or a public enterprise sector company, sell or barter any part of his own property with the State, or conclude a contract with the State as a vendor, supplier, contractor or otherwise as set out by Law. Any of such acts shall be void.

The President must submit a financial estate disclosure upon taking office, upon leaving it, and at the end of each year of service. Such financial estate disclosure is to be published in the Official Gazette.

Throughout the presidential term, the President of the Republic may not award himself any orders, decorations or medals.

In case the President of the Republic receives, in person or by proxy a cash or in-kind gift because of or in connection with the presidential office, title thereto shall devolve to the State public treasury.

Article (146)
The President of the Republic shall assign a Prime Minister to form the government and introduce his/her program to the House of Representatives. If his government does not win the confidence of the majority of the members of the House of Representatives within thirty days at the most, the President shall appoint a Prime Minister who is nominated by the party or the coalition that holds the majority or the highest number of seats in the House of Representatives.

If the government of such prime minister fails to win the confidence of the majority of the members of the House of Representatives within thirty days, the House shall be deemed dissolved, and the President of the Republic shall call for the election of a new House of Representatives within sixty days from the date on which the dissolution is announced.

In all cases, the total periods for choice of government set forth in this Article shall not exceed sixty days.

In case the House of Representatives is dissolved, the Prime Minister shall present to the new House of Representatives the formation of his government and its program, at its first session.

In the event the government is chosen from the party or the coalition that holds the majority or the highest number of seats in the House of Representatives, the President of the Republic shall, in consultation with the Prime Minister, choose the Ministers of Defense, Interior, Foreign Affairs and Justice.

Article (147)
The President of the Republic may relieve the government from carrying out its duties, subject to the approval of the majority of the members of the House of Representatives.

The President of the Republic may conduct a cabinet reshuffle after consultation with the Prime Minister and approval of the House of Representatives by an absolute majority of the members present , which must not be less than one third of its members.

Article (148)
The President of the Republic may delegate some of his powers to the Prime Minister, his deputies, ministers, or governors. None of them may delegate such authorities to others. All of the foregoing shall be regulated by Law.

Article (149)
The President of the Republic may call the government to convene a meeting to consult on important issues, and the President shall preside over the meetings that he attends.

Article (150)
Jointly with the Cabinet, the President of the Republic shall set the State’s General Policy and oversee its implementation as stated in the Constitution.

The President of the Republic may deliver a statement on the State’s General Policy before the House of Representatives at the opening of its annual regular session.

The President may deliver other statements or address other messages to the House.

Article (151)
The President of the Republic shall represent the State in its foreign relations and conclude treaties and ratify them after the approval of the House of Representatives. Such treaties shall acquire the force of law following their publication in accordance with the provisions of the Constitution.

Voters must be called for referendum on the treaties related to making peace and alliance, and those related to the rights of sovereignty. Such treaties shall only be ratified after the announcement of their approval in the referendum.

In all cases, no treaty may be concluded which is contrary to the provisions of the Constitution or which results in ceding any part of state territories.

Article (152)
The President of the Republic is the Supreme Commander of the Armed Forces. The President shall not declare war, or send the armed forces to a combat mission outside the State borders, except after consultation with the National Defense Council and obtaining the approval of the House of Representatives by a majority of two-thirds of the members.

In case the House of Representatives has not been elected, the Supreme Council of the Armed Forces (SCAF) must be consulted and the approval of both the Cabinet and National Defense Council must be obtained.

Article (153)
The President of the Republic shall appoint and dismiss civil and military employees and political representatives and accredit political representatives of foreign States and bodies in accordance with the Law.

Article (154)
After consultation with the Cabinet, the President of the Republic may declare the state of emergency as regulated by Law. Such declaration must be presented to the House of Representatives within the following seven days to decide thereon as it deems fit.

If the declaration takes place while the House of Representatives is not in regular session, the House must be invited to convene immediately in order to consider such declaration.

In all cases, the declaration of the state of emergency must be approved by a majority of the members of the House of Representatives. The state of emergency shall be declared for a specified period not exceeding three months, which may only be extended for another similar period after obtaining the approval of two-thirds of the House members. In case the House of Representatives has not been elected, the matter shall be referred to the Cabinet for approval provided, however, that it is presented to the new House of Representatives at its first session.

The House of Representatives may not be dissolved while the state of emergency is in force.

Article (155)
After consultation with the Cabinet, the President of the Republic may issue a pardon or reduce a sentence.

General amnesty may only be granted by virtue of a law, ratified by the majority of the members of the House of Representatives.

Article (156)
In case an event which requires taking urgent measures, which cannot be delayed, occurs while the House of Representatives is not in session, the President of the Republic shall call the House for an urgent meeting to present the matter thereto. If the House of Representatives has not been elected, the President of the Republic may issue decrees having the force of law, provided that they are then presented to, discussed and approved by the new House of Representatives within fifteen days from the commencement of its session. If such decrees are neither presented nor discussed by the House, or if they are presented but not ratified thereby, their force of law shall retroactively be revoked without need for issuing a decision to that effect, unless the House confirms its effectiveness during the previous period or decides to settle the consequences thereof.

Article (157)
Without prejudice to the provisions of the Constitution, the President of the Republic may call for a referendum on issues relating to the supreme interests of the State.

In case a call for referendum involves more than one issue, voting must be made separately on each issue.

Article (158)
The President of the Republic may submit his resignation to the House of Representatives. If the House has not been elected, he shall submit the same to the General Assembly of the Supreme Constitutional Court.

Article (159)
Accusing the President of the Republic of violating the provisions of the Constitution, treason or any other felony must be based on a motion signed by at least the majority of the members of the House of Representatives. The indictment shall only be issued by the majority of two-thirds of the members of the House of Representatives and after carrying an investigation by the Prosecutor General. In case the Prosecutor General is prevented from same, he shall be replaced by one of his assistants.

As soon as this indictment is issued, the President of the Republic shall be stopped from carrying out his duties; this is considered as a temporary impediment precluding the President from performing his competences until a verdict is issued in the case.

The President of the Republic shall be tried before a special court headed by the President of the Supreme Judicial Council with the membership of the most senior deputy of the President of the Supreme Constitutional Court, the most senior deputy of the President of the State Council, and the two most senior Presidents of the Courts of Appeal; prosecution is to be carried out before such court by the Prosecutor General. In case one of the aforementioned persons is prevented from serving, he shall be replaced by the person following him in seniority. The court verdicts shall be final and not subject to appeal.

The Law shall regulate the investigation and trial procedures. In case of conviction, the President of the Republic shall be relieved of his post without prejudice to any other penalties.

Article (160)
In case the President of the Republic is temporarily prevented from assuming his powers, the Prime Minister shall act in his place.

If the President of the Republic’s office becomes vacant due to his resignation, death, or permanent inability to work, the House of Representatives shall announce the vacancy. If such vacancy is attributable to any other reason, such announcement shall be made by a majority of at least two thirds of the members of House of Representatives. The House of Representatives shall then notify the National Electoral Commission, and the Speaker of the House of Representatives shall temporarily assume the powers of the President of Republic.

In case the House of Representatives has not been elected, the General Assembly of the Supreme Constitutional Court and its Chairman shall replace the House of Representatives and its Speaker with respect to the above.

In all events, a new President must be elected within a period not exceeding ninety (90) days as of the date of vacancy. In such a case, the presidential term shall start as of the date of announcement of the election results.

The interim President may not run for presidency or request any amendment to the Constitution or dissolve the House of Representatives or dismiss the Government.

Article (161)
The House of Representatives may propose to withdraw confidence from the President of the Republic and hold early presidential elections upon filing a reasoned motion to be signed by at least the majority of the members of the House of Representatives and upon approval of twothirds of its members. The motion may only be filed once for the same reason within the presidential term.

Upon approval of the proposal to withdraw confidence, the matter of withdrawing confidence from the President of the Republic and holding early presidential elections shall be put to public referendum to be called by the Prime Minister. If the majority approves the decision to withdraw confidence, the President of the Republic shall be relieved from his office, the office of the President of the Republic shall be deemed vacant, and early presidential elections shall be held within sixty (60) days as of the date of announcing the results of referendum. If the result of the referendum is in the negative, the House of Representatives shall be deemed dissolved, and the
President of the Republic shall call for election of a new House of Representatives within thirty (30) days as of the date of dissolution.

Article (162)
If the vacancy of the presidential office coincides with the holding of a referendum or the election of the House of Representatives, the presidential elections shall be given priority. The then existing House of Representatives shall remain in place until the completion of the presidential elections.

Branch II.- The Government

Article (163)
The government is the supreme executive and administrative body of the State, and consists of the Prime Minister, his/her deputies , the Ministers, and their deputies.

The Prime Minister shall head the government, oversee its work, and direct the performance of its functions.

Article (164)
The Prime Minister shall be an Egyptian citizen born to Egyptian parents and neither he/she nor his/her spouse may hold the nationality of any other country, shall enjoy civil and political rights, shall have been drafted into or legally exempted from the military service, and shall be at least thirty five (35) Gregorian years of age at the time of appointment.

Anyone appointed as a member of the government shall be an Egyptian citizen, shall enjoy all civil and political rights, shall have been drafted into or legally exempted from the military service, and shall be at least thirty (30) Gregorian years of age at the time of appointment.

It is prohibited to combine between the membership of the government and the membership of the House of Representatives.

If a member of the House of Representatives is appointed to the government, the seat thereof in the House shall become vacant as at the date of this appointment.

Article (165)
As a condition for assuming their duties, the Prime Minister and members of government shall take the following oath before the President of the Republic: “I swear by Allah, the Almighty, to loyally uphold the republican system, to respect the Constitution and the law, to fully uphold the interest of the People, and to safeguard the independence of the nation and the integrity and safety of its territories.”

Article (166)
The salary of the Prime Minister and the members of government shall be defined by Law, and they may not receive any other salary or remuneration, nor engage, throughout the term of their respective offices, whether in person or through an intermediary, in self-professions, or commercial, financial or industrial business activities. Further, they shall not buy or rent any property owned by the state or a public legal person or a public sector company, or a public enterprise sector company, nor lease or sell any of their property to, or barter the same with the State, nor conclude a contract with the State as vendors, suppliers, contractors or otherwise. Any such actions shall be deemed null and void.

The Prime Minister and the members of government shall submit a financial estate disclosure upon taking office, upon leaving the same, and at the end of each year of service. The financial estate disclosure shall be published in the Official Gazette.

If the Prime Minister or any of the members of government receive cash or in-kind gifts, because of or in relation to their posts, the ownership thereof shall transfer to the State’s treasury. The foregoing shall be regulated by Law.

Article (167)
The government shall particularly exercise the following functions:

1- To collaborate with the President of the Republic in developing the general policy of the State, and to supervise its implementation;

2- To maintain the security of the nation, and to protect the rights of citizens and the interest of the State;

3- To direct, coordinate and follow up on the work of the ministries and their affiliated public bodies and organizations;

4- To prepare draft bills and decrees;

5- To issue administrative decrees in accordance with the law, and to follow up on their implementation;

6- To develop the draft for the general plan of the State;

7- To prepare the draft annual budget of the State;

8- To conclude loan contracts and to grant the same in accordance with the provisions of the Constitution;

9- To implement the laws.

Article (168)
Within the framework of the State’s general policy, the minister shall develop the Ministry’s general policy in collaboration with the competent authorities, supervise the implementation thereof and provide guidance and oversight.

Top management posts in all ministries shall include a permanent undersecretary to ensure institutional stability and raising the level of efficient implementation of its policy.

Article (169)
Any member of the government may make a statement before the House of Representatives, or one of its committees, concerning any matters falling within his/her mandate.

The House or the committee shall discuss such statement and convey its opinion regarding it.

Article (170)
The Prime Minister shall issue the necessary regulations for the execution of laws, in a manner that shall not involve any disruption of, amendment to, or exemption from their execution, and shall have the right to delegate others in issuing them, unless the law designates who shall issue the required executive regulations.

Article (171)
Upon the approval of the Council of Ministries, the Prime Minister shall issue the decrees necessary for the creation and organization of public utilities and services.

Article (172)
Upon the approval of the Council of Ministries, the Prime Minister shall issue the disciplinary regulations.

Article (173)
The Prime Minister and the members of the government shall be subject to the general rules governing investigation and trial procedures, in case that they commit crimes while or by reason of exercising the functions of their posts. The end of their term of service shall not preclude the institution or resumption of prosecution against them.

In case that the Prime Minister or any of the members of the government is accused of treason, the provisions stipulated in Article 159 herein shall apply.

Article (174)
In case of resignation of the Prime Minister, the letter of resignation shall be submitted to the President of the Republic. If a minister offers resignation, it shall be submitted to the Prime Minister.

Branch III.- The Local Administration

Article (175)
The State shall be divided into administrative units that enjoy legal personality. Such units shall include governorates, cities and villages. Other administrative units that have the legal personality may be established, if public interest so requires.

When establishing or abolishing local units or amending their boundaries, the economic and social conditions shall be taken into account. All the foregoing shall be regulated by Law.

Article (176)
The state shall ensure administrative, financial, and economic decentralization. The law shall regulate the methods of empowering administrative units to provide, improve, and well manage public facilities, and shall define the timeline for transferring powers and budgets to the local administration units.

Article (177)
The State shall ensure the fulfillment of the needs of local units in terms of scientific, technical, administrative and financial assistance, and the equitable distribution of facilities, services and resources, and shall bring development levels in these units to a common standard and achieve social justice between these units, as regulated by Law.

Article (178)
Local units shall have independent financial budgets.

The resources of local units shall include, in addition to the resources allocated to them by the State, taxes and duties of a local nature, whether primary or auxiliary. The same rules and procedures for the collection of public funds by the State shall apply to collection of such taxes and duties.

The foregoing shall be regulated by law.

Article (179)
The law shall regulate the manner in which governors and heads of other local administrative units are appointed or elected, and shall determine their competences.

Article (180)
Every local unit shall elect a local council by direct and secret ballot for a term of four years. A candidate shall be at lease twenty one (21) Gregorian years of age. The law shall regulate the other conditions for candidacy and procedures of election, provided that one quarter of the seats shall be allocated to youth under thirty five (35) years of age and one quarter shall be allocated for women, and that workers and farmers shall be represented by no less than 50 percent of the total number of seats, and these percentages shall include an appropriate representation of Christians and people with disability.

Local councils shall be competent to follow up the implementation of the development plan, f monitor of the different activities, exercise of oversight over the executive authorities using tolos such as providing proposals, and submitting questions, briefing motions, interrogations and others, and to withdraw confidence from the heads of local units, as regulated by Law.

The law shall define the competences of other local councils, their financial sources, guarantees of their members, and the independence of such councils.

Article (181)
Local councils’ resolutions that are issued within their respective mandates shall be final. They shall not be subject to the interference by the executive authority, except to prevent the council from overstepping its jurisdiction, or causing damage to the public interest or the interest of other local councils.

Any dispute pertaining to the jurisdiction of these local councils in villages, centers or towns shall be settled by the governorate-level local council. Disputes regarding the jurisdiction of governorate-level local councils shall be resolved, as a matter of urgency, by the General Assembly of the Legal Opinion and Legislation Departments of the State Council. The foregoing shall be regulated by Law.

Article (182)
Every local council shall develop its own budget and final accounts, as regulated by Law.

Article (183)
Local councils shall not be dissolved by virtue of a general administrative action.

The Law shall regulate the manner of dissolving and re-electing local councils.

Chapter Three.- The Judiciary

Branch I.- General Provisions

Article (184)
The Judiciary is an autonomous authority that carries out its tasks through courts of all types and degrees. Courts shall issue their rulings in accordance with the law, and the law shall define the jurisdiction of the courts. Interference in the affairs of the courts or in the lawsuits under their consideration shall constitute a crime that does not lapse by prescription.

Article (185)
Each judicial body or organization shall manage its own affairs, and shall have an independent budget, the components of which shall be fully examined by the House of Representatives. Upon its approval, this budget shall be included in the State budget under one budget line. Each judicial body or organization shall be consulted with regards to the bills regulating its affairs.

Article (186)
Judges are independent and immune to dismissal, are subject to no other authority but the law, and are equal in rights and duties. The conditions and procedures for their appointment, secondment and retirement shall be regulated by the law. The law shall further regulate their disciplinary accountability. They may not be fully or partly seconded except to the agencies determined by the law and to perform the tasks set forth therein. All the foregoing shall be in the manner that maintains the independence and impartiality of the judiciary and judges, and shall prevent conflicts of interest. The rights, duties and guarantees granted to them shall be specified by Law.

Article (187)
Court sessions shall be public, unless the court decides on its secrecy to safeguard public order or public morals. In all cases, court judgments shall be pronounced in publicly held sessions.

Branch II.- The Judiciary & The Prosecution

Article (188)
The judiciary shall decide on all disputes and crimes, except those falling within the jurisdiction of other judicial bodies. It shall solely have the jurisdiction to settle disputes relating to its own members. The affairs of the judiciary shall be managed by a Supreme Council, the structure and jurisdiction of which shall be regulated by Law.

Article (189)
The Public Prosecution is an integral part of the judiciary. It shall carry out the investigation and prosecution of criminal cases, except those excepted by the law. The law shall determine its other jurisdictions.

The Prosecutor General shall be in charge of the Public Prosecution. He shall be chosen by the Supreme Council of the Judiciary from among those ranked as Vice presidents of the Court of Cassation, or from those ranked as Presidents of the Courts of Appeal or from the Assistants to the Prosecutor General. He shall be appointed by virtue of a Presidential Decree for four years or for the remaining years until he reaches the age of retirement whichever is earlier, and this appointment shall be only once during his term of service.

Branch III.- The State Council

Article (190)
The State Council is an autonomous judicial body, and it shall have the exclusive jurisdiction to settle administrative disputes and disputes relevant to the execution of all its rulings. It shall have jurisdiction over disciplinary suits and appeals, and the exclusive jurisdiction to provide advice regarding legal issues to the administrative bodies determined by the law. It shall also review and draft bills and decrees of legislative nature, and shall review draft contracts to which the state or any other public authority is a party. The law shall determine its other jurisdictions.

Chapter Four.- The Supreme Constitutional Court

Article (191)
The Supreme Constitutional Court is an autonomous and independent judicial body having its headquarters in Cairo. However, in cases of emergency it may, upon the approval of its General Assembly, hold its sessions elsewhere in Egypt. It shall have an independent budget, which shall be fully examined by the House of Representatives. Upon its approval, this budget shall be included in the State budget under one budget line. The General Assembly of the court shall manage its affairs and it shall be consulted regarding bills relevant to its affairs.

Article (192)
The Supreme Constitutional Court shall be solely competent to decide on the constitutionality of laws and regulations, to interpret legislative provisions, and to adjudicate on disputes pertaining to the affairs of its members, on jurisdictional disputes between judicial bodies and entities that have judicial jurisdiction, on disputes pertaining to the implementation of two final contradictory judgments, one of which is rendered by a judicial body or an authority with judicial jurisdiction and the other is rendered by another , and on disputes pertaining to the execution of its judgments
and decisions.

The law shall determine the Court’s other competences and regulate the procedures that are to be followed before the Court.

Article (193)
The Court shall be composed of a President and a sufficient number of deputies to the President.

The Commissioners of the Supreme Constitutional Court shall have a President and a sufficient number of Commission presidents, advisors and assistant advisors.

The General Assembly of the Court shall elect its President from among the most senior three vice-presidents of the Court. It shall further choose the vice-presidents and the members of its Commissioners, and the appointment thereof shall be made by virtue of a decree by the President of the Republic. The foregoing shall be regulated by Law.

Article (194)
The President and the vice-presidents of the Supreme Constitutional Court, and the President and members of its Commissioners are independent and immune to dismissal, and are subject to no other authority but the law. The law shall set out the conditions they must meet. The Court shall be responsible for their disciplinary accountability, as stated by the law. All rights, duties and guarantees granted to other members of the judiciary shall apply to them.

Article (195)
The judgments and decisions issued by the Supreme Constitutional Court shall be published in the Official Gazette, and they shall be binding upon everyone and all of the State authorities.

They shall have Res judicata vis-à-vis all of them.

The law shall regulate the consequences of a judgment rendering a text of law unconstitutional.

Chapter Five.- Judicial Organizations

Article (196)
The State Lawsuits Authority is an independent judicial organization. It undertakes the legal representation of the State in lawsuits filed by or against the State, and of proposing amicable settlement of disputes at any stage of litigation. It shall further have technical oversight on the departments of legal affairs of the State administrative bodies with regard to cases handled thereby. It shall draft contracts referred thereto by administrative bodies and to which the State is party. The foregoing shall be regulated by Law.

Other competences of the Organization shall be defined by the law. Its members shall have all of the guarantees, rights and duties assigned to other members of the Judiciary. Their disciplinary accountability shall be regulated by the law.

Article (197)
The Administrative Prosecution is an independent judicial organization. It undertakes investigations into financial and administrative violations, and also those referred to it.

Regarding these violations, the Administrative Prosecution shall have the authorities of the administrative body to impose disciplinary penalties. Challenges against the decision of the Prosecution shall be filed before the competent disciplinary court at the State Council. It shall further initiate actions, appeals, and disciplinary proceedings before the State Council courts. All the foregoing shall be regulated by Law.

Other competences of the Administrative Prosecution shall be defined by law. All guarantees, rights and duties assigned to other members of the Judiciary shall apply to its members. Their disciplinary accountability shall be regulated by the law.

Chapter Six.- The Legal Profession

Article (198)
The legal profession is a free profession which participates with the Judicial Authority in the establishment of justice and the rule of law, and ensures the right to defense. It shall be practiced by independent attorneys, and attorneys of public authorities, public sector companies and public enterprise sector companies. All attorneys shall have, while performing their duties to uphold the right to defense before the courts, the guarantees and protection granted to them by the law. Such rights shall also be granted to them before investigation and inquiry authorities. Except in cases of flagrante delicto, the arrest or detention of attorneys while exercising their right to defense shall be prohibited. The foregoing shall be determined by the law.

Chapter Seven.- Experts

Article (199)
Judicial experts, forensic medicine experts, and notary public’s technical staff undertake their duties independently, and shall have the guarantees and protection required for them to perform their tasks, as regulated by the Law.

Chapter Eight.- The Armed Forces & The Police

Branch I.- The Armed Forces

Article (200)
The Armed Forces belong to the People, and their duty is to protect the country, and preserve its security and the integrity of its territories. Only the State shall be entitled to establish the Armed Forces. No individual, organization, entity, or group shall be allowed to create military or quasimilitary squadrons, groups or organizations.

The Armed Forces shall have a supreme council, as regulated by Law.

Article (201)
The Minister of Defense is the Commander in Chief of the Armed Forces, and shall be appointed from among its officers.

Article (202)
The Law regulates the military mass mobilization, and determines the conditions of the military service, promotion and retirement in the Armed Forces.

The judicial committees for officers and personnel of the Armed Forces shall be solely competent to adjudicate on all administrative disputes pertaining to decisions affecting them. The Law regulates the rules and procedures for challenging the decisions made by these committees.

Branch II.- National Defense Council

Article (203)
National Defense Council shall be chaired by the President of the Republic and comprise the membership of the Prime Minister, the Speaker of the House of Representatives, the Minister of Defense, the Minister of Foreign Affairs, the Minister of Finance and the Minister of Interior, the Chief of the General Intelligence Service, the Chief of Staff of the Armed Forces as well as the Commanders of the Navy, the Air Forces and Air Defense, the Chief of Operations of the Armed Forces, and the Head of Military Intelligence.

The Council shall be competent to examine the matters pertaining to preserving the security and integrity of the country, and to discuss the budget of the Armed Forces, which shall be included in the State budget under one budget line. The opinion of the Council shall be obtained on the bills concerning the Armed Forces.

Other competences of the Council shall be specified by Law.

Upon discussing the budget, the Head of the Financial Affairs Department of the Armed Forces and the heads of the Planning and Budgeting Committee and the National Security Committee at the House of Representatives shall join the Council.

The President of the Republic may invite any person having relevant expertise to attend the Council’s meetings without having the right to vote.

Branch III.- Military Courts

Article (204)
The Military Court is an independent judicial body exclusively competent to adjudicate on all crimes pertaining to the Armed Forces, the officers and personnel thereof, and their equivalents, and on the crimes committed by the personnel of the General Intelligence while and by reason of performing their duties.

No civilian shall face trial before the Military Court, except for crimes that constitute a direct assault against military facilities or camps of the Armed Forces, or their equivalents, against military zones or border zones determined as military zones, against the Armed Forces’ equipment, vehicles, weapons, ammunition, documents, military secrets, or its public funds, or against military factories; crimes pertaining to military service; or crimes that constitute a direct assault against the officers or personnel of the Armed Forces by reason of performing their duties.

The law shall define such crimes, and specify the other competences of the Military Court.

Members of the Military Court shall be independent and shall be immune to dismissal. They shall have all the guarantees, rights and duties stipulated for the members of other judicial bodies.

Branch IV.- National Security Council

Article (205)
The National Security Council shall be chaired by the President of the Republic, and comprise the membership of the Prime Minister, the Speaker of the House of Representatives, the Minister of Defense, the Minister of Interior, the Minister of Foreign Affairs, the Minister of Finance, the Minister of Justice, the Minister of Health, the Minister of Communication and the Minister of Education, the Chief of the General Intelligence Service, and the Head of the Committee of Defense and National Security at the House of Representatives.
The Council shall be responsible for adopting strategies for establishing the security of the country and facing disasters and crises of all kinds, shall take the necessary measures to contain them, to identify sources of threat to the Egyptian national security, inside the country or abroad, and to undertake the necessary actions to address them at both official and popular levels.

The Council may invite any person having relevant expertise to attend its meetings without having the right to vote.

The law shall determine the other competences of the Council and its regulations.

Branch V.- The Police

Article (206)
The police force is a statutory civil body that is dedicated to the service of the People and its loyalty shall be to the People. It shall ensure safety and security of the citizens, preserve public order and morality. It shall comply with the duties set out in the Constitution and the law, and shall respect human rights and fundamental freedoms. The State shall guarantee that the staff of the Police force perform their duties, and the relevant guarantees shall be regulated by Law.

Article (207)
A supreme police council shall be formed from among the most senior officers of the pólice force and the Head of the Legal Opinion Department at the State Council. The Council shall be competent to assist the Minister of Interior in the organization of the Police force and management of the affairs of its staff members. The other competences of the Council shall be determined by Law. The Council shall be consulted in connection with any laws pertaining to the police force.

Chapter Nine.- National Elections Commission

Article (208)
The National Elections Commission is an independent authority and shall be solely competent to administer referenda and elections of the president, the parliament and the local councils. Such administration shall include the development and updating of a database for voters, proposing the division of constituencies, determination of controls for promotion and funding of electoral campaigns, as well as electoral expenditure, the disclosure of such expenditure, the supervisión of such controls, the facilitation of the procedures for out-of-country voting by expatriate Egyptians, and other procedures till the announcements of the results.

The foregoing shall be regulated by law.

Article (209)
The National Elections Commission shall be administered by a board composed of 10 members to be equally assigned on full time basis from among those ranked as Vice-presidents of the Court of Cassation, those ranked as Presidents of the Courts of Appeal, Vice-presidents of the State Council, the State Lawsuits Organization and the Administrative Prosecution. They shall be selected by the Supreme Judicial Council and special councils of the aforementioned judicial bodies and organizations, as the case may be, provided that they are not members thereof. They shall be appointed by virtue of a decree by the President of the Republic. They shall be assigned to work on a full time basis at the Commission for one term of six years. The Commission shall be chaired by the most senior judge at the Court of Cassation.

Half of the members of the Council shall be replaced every three years.

The Commission may seek the assistance of independent public figures, specialists, and those deemed to have relevant expertise in the field of elections. They shall not have the right to vote.

The Commission shall have a permanent executive body. The law shall determine the composition and constitution of such executive body, and the rights, duties and guarantees of its members in a way that achieves their neutrality, independence and integrity.

Article (210)
Voting and counting of votes in referenda and elections shall be administered by members of the Commission under the overall supervision of its Board. It may seek the help of members of judicial organizations.

The voting and counting of votes in elections and referenda which take place during the 10 years following the effective date of this Constitution shall be totally overseen by members of judicial bodies and organizations according to the Law.

The High Administrative Court shall be competent to adjudicate on challenges filed against the Commission’s decisions pertaining to referenda, presidential and parliamentary elections, and the results thereof. Challenges against elections of local councils shall be filed before the Administrative Courts. Dates to file challenges against these decisions shall be specified by law, provided that challenges shall be finally decided within ten days from the date of recording the challenge.

Chapter Ten.- Supreme Council for the Regulation of Media

Article (211)
The Supreme Council for the Regulation of Media is an independent entity that has a legal personality, and enjoys technical, financial and administrative independence, and has an independent budget.

The Council shall be competent to regulate the affairs of audio and visual media and regulate the printed and digital press, and other media means.

The Council shall bear the responsibility for guaranteeing and protecting the freedom of press and media as stipulated in the Constitution, safeguarding its independence, neutrality, plurality and diversity, preventing monopolistic practices, monitoring the legality of the sources of funding of press and media institutions and developing the controls and criteria necessary to ensure compliance by the press and media outlets with the professional and ethical standards, and national security needs as stated in the Law.
The law shall determine the composition and regulations of the Council, and the employment conditions for its staff.

The Council shall be consulted with respect to the bills and regulations related to its scope of competence.

Article (212)
The National Press Organization is an independent organization that shall manage and develop state-owned press institutions and their assets, as well as ensure their modernization, independence, neutrality and their adherence to good professional, administrative and economic standards.

The law shall determine the composition and regulations of the Organization, and the employment conditions for its staff.

It shall be consulted with respect to the bills and regulations pertaining to its scope of work.

Article (213)
The National Media Organization is an independent organization that shall manage and develop state-owned visual, audio and digital media outlets and their assets, as well as ensure their development, independence, neutrality and their adherence to good professional, administrative and economic standards.

The law shall determine the composition and regulations of the Organization and the employment conditions for its staff.

It shall be consulted with respect to the bills and regulations pertaining to its scope of work.

Chapter Eleven.- National Councils, Autonomous Organizations & Control Agencies

Branch I.- National Councils

Article (214)
The law shall specify the independent national councils, including the National Council for Human Rights, the National Council for Women, the National Council for Childhood and Motherhood, and the National Council for Disabled Persons. The law shall state the composition, mandates, and guarantees for the independence and neutrality of their respective members. Each council shall have the right to report to the competent authorities any violations pertaining to their fields of work.

These councils shall have legal personalities and shall be technically, financially, and administratively independent. They shall be consulted with respect to the bills and regulations pertaining to their affairs and fields of work.

Branch II.- Autonomous Organizations and Control Agencies

Article (215)
Autonomous Organizations and control agencies shall be specified by Law. These organizations and agencies shall have legal personality, and shall be technically, financially and administratively independent. They shall be consulted with respect to the bills and regulations that relate to their fields of work. These bodies and agencies shall include the Central Bank, the Egyptian Financial Supervisory Authority (EFSA), the Central Auditing Organization (CAO), and the Administrative Control Authority.

Article (216)
The formation of each individual autonomous organization or regulatory agency shall be enacted by a law defining its competences and regulations, and stipulating guarantees for its independence, the necessary protection for its members, and their employment conditions in a way that ensures their neutrality and independence.

The President of the Republic shall appoint the heads of such organizations and regulatory agencies, upon the approval of the House of Representatives by a majority of its members, for a one-time renewable term of four years. They shall not be dismissed, except in the cases stated in the law. The same prohibitions applicable to the Ministers shall apply to these heads.

Article (217)
Autonomous organizations and control agencies shall submit annual reports to the President of the Republic, the House of Representatives and the Prime Minister, immediately after their issuance.

The House of Representatives shall examine such reports and take the appropriate action within a period not exceeding four months from the date of receipt. The reports shall be made available to the public.

Autonomous organizations and control agencies shall notify the competent investigation authorities of any evidence discovered in relation to violations or crimes. They shall take the necessary measures with regards to these reports within a specified period of time. The foregoing shall be regulated by Law.

Article (218)
The State shall fight corruption, and the competent control agencies and organizations shall be identified by Law.

Competent control agencies and organizations shall coordinate their activities in combating corruption, enhancing the values of integrity and transparency in order to ensure the sound performance of public functions and preserve public funds, and shall develop and follow up execution of a national strategy to combat corruption in collaboration with other competent agencies and organizations, as regulated by Law.

Article (219)
The Central Auditing Organization shall be responsible for monitoring the funds of the State, the funds of the State public and independent legal persons and other authorities as specified by Law; s well as being responsible for monitoring the implementation of the State budget and independent budgets and for auditing its final accounts.

Article (220)
The Central Bank shall be responsible for developing and overseeing the implementation of monetary, credit, and banking polices, and for monitoring the performance of banks. It is solely entitled to issue banknotes. It shall maintain the integrity of the monetary and banking system, and the stability of prices within the framework of the State general economic policy, as regulated by Law.

Article (221)
The Egyptian Financial Supervisory Authority (EFSA) shall be responsible for monitoring and supervising financial non-banking markets and instruments including capital markets, futures exchanges, insurance activities, mortgage finance, financial leasing, and factoring and securitization, as regulated by Law.

Part VI.- General & Transitional Provisions

Chapter One.- General Provisions

Article (222)
The city of Cairo is the capital of the Arab Republic of Egypt.

Article (223)
The national flag of the Arab Republic of Egypt consists of three colors; black, white, and red with an eagle taken from the “Eagle of Salah El Din” in golden yellow. The emblem, decorations, insignia, seal and the national anthem shall be determined by Law.

Desecration of the Egyptian flag shall be a crime punishable under the law.

Article (224)
All the provisions stipulated by laws and regulations prior to the promulgation of this Constitution shall remain in force, and they may neither be amended nor repealed except in accordance with the regulations and procedures prescribed herein.

The state shall be obliged to issue laws executing the provisions of this Constitution.

Article (225)
Laws shall be published in the Official Gazette within 15 days from the date of their issuance, to be effective after 30 days from the day following the date of publication, unless the law specifies a different date.

Provisions of the laws shall only apply from the date of their entry into force. However, in articles pertaining to non-criminal and non-tax-related matters, the contrary may be provided for in the law, upon approval by a majority of two thirds of the members of House of Representatives.

Article (226)
The amendment of one or more articles of the Constitution may be requested by the President of the Republic or one-fifth of the members of the House of Representatives. The request shall specify the articles requested to be amended and the reasons for such amendment.

In all cases, the House of Representatives shall discuss the amendment request within 30 days from the date of its receipt. The House shall issue its decision to accept the request in whole or in part by a majority of its members.

If the request is rejected, the same articles may not be requested to be amended again before the next legislative term.

If the amendment request is approved by the House, it shall discuss the text of the articles requested to be amended within 60 days from the date of approval. If approved by a two-thirds majority of the House’s members, the amendment shall be put to a public referendum within 30 days from the date the approval is issued. The amendment shall be effective from the date on which the referendum’s result and the approval of a valid majority of the participants in the referendum are announced.

In all cases, texts pertaining to the re-election of President of the Republic or the principles of freedom or equality stipulated in this Constitution may not be amended, unless the amendment brings more guarantees.

Article (227)
The Constitution and its preamble and all its provisions constitute an integral text and an indivisible whole, and its provisions constitute one coherent unit.

Chapter Two.- Transitional Provisions

Article (228)
The High Electoral Committee and the Presidential Election Committee existing at the time this Constitution comes into force shall undertake the full supervision of the first parliamentary and presidential elections following the effective date of the Constitution. The funds of the two committees shall be transferred to the National Electoral Commission, immediately upon its formation.

Article (229)
The elections of the House of Representatives following the date on which this Constitution comes into effect shall take place in accordance with the provisions of Article 102 hereof.

Article (230)
Election of the President of the Republic or the House of Representatives shall take place as regulated by Law, provided that the first of either elections shall take place within a period not less than 30 days and not more than 90 days after the date on which this Constitution comes into effect.

In all cases, the following electoral procedures shall commence within a period not exceeding six months as of the date on which the Constitution comes into effect.

Article (231)
The presidential term following the effective date of this Constitution shall commence as of the date on which the final result of the election is announced.

Article (232)
The Interim President of the Republic shall continue to exercise presidential powers stipulated herein until the elected President of the Republic takes the constitutional oath.

Article (233)
If the Interim President of the Republic is rendered unable to exercise his powers by reason of a temporary impediment, the Prime Minister shall replace him.

If the Interim Presidential office becomes vacant due to resignation, death, permanent disability or any other reason, the most senior Vice-President of the Supreme Constitutional Court shall replace him with the same powers.

Article (234)
The Minister of Defense shall be appointed upon the approval of the Supreme Council of the Armed Forces. The provisions of this article shall remain in force for two full presidential terms starting from the date on which this Constitution comes into effect.

Article (235)
In its first legislative term following the effective date of this Constitution, the House of Representatives shall issue a law to regulate constructing and renovating churches, in a manner that guarantees the freedom to practice religious rituals for Christians.

Article (236)
The State shall guarantee setting and implementing a plan for the comprehensive economic and urban development of border and underprivileged areas, including Upper Egypt, Sinai, Matrouh, and Nubia. This shall be made with the participation of the residents of these areas in the development projects, and they shall be given a priority in benefiting therefrom, taking into account the cultural and environmental patterns of the local community, within ten years from the date that this Constitution comes into effect, as regulated by Law.

The State shall work on setting and implementing projects to bring back the residents of Nubia to their original territories and develop such territories within 10 years, as regulated by law.

Article (237)
The State shall fight all types and forms of terrorism, and track its funding sources as a threat to the nation and its citizens, within a specific timeframe while guaranteeing basic rights and freedoms.

The law shall regulate the provisions and procedures of fighting terrorism, and fair compensation for the damages resulting therefrom and because thereof.

Article (238)
The State guarantees gradual performance of its obligation to allocate the minimum government expenditure rates on education, higher education, health and scientific research that are stipulated in this Constitution as at the date on which it enters into effect, provided it is fully compliant in the State budget of the fiscal year 2016/2017.

The State shall provide compulsory education until the completion of the secondary stage in a gradual manner to be completed by school year 2016/2017.

Article (239)
The House of Representatives shall issue a law organizing the rules for assigning judges and members of judicial bodies and organizations, ensuring the cancellation of full and partial assignment to non-judicial bodies or committees with judicial jurisdiction, or for managing justice affairs or overseeing elections, within a period not exceeding five years from the date on which this Constitution comes into effect.

Article (240)
The State shall ensure providing financial and human resources necessary to appealing the judgments issued by criminal courts on felonies within 10 years from the date on which this Constitution comes into effect. The foregoing shall be regulated by Law.

Article (241)
In its first legislative term after the enforcement of this Constitution, the House of Representatives shall issue a law on transitional justice that ensures revealing the truth, accountability, proposing frameworks for national reconciliation, and compensating victims, in accordance with international standards.

Article (242)
The existing system of municipal administration shall continue to be in force until the system stipulated herein is gradually implemented within five years of the date of entry into force of this Constitution, without prejudice to Article 180 thereof.

Article (243)
The State shall endeavor that workers and farmers be appropriately represented in the first House of Representatives to be elected after this Constitution is approved, as regulated by law.

Article (244)
The State shall endeavor that youth, Christians, persons with disability and Egyptians living abroad be appropriately represented in the first House of Representatives to be elected after this Constitution is approved, as regulated by law.

Article (245)
The employees of the Shoura Council who are still in service on the date that this Constitution comes into force shall be transferred to the House of Representatives with the same job levels and seniority on that date. Their salaries, allowances, bonuses, and their other financial entitlements granted to them on an individual basis shall be maintained. All funds of the Shoura Council shall be transferred to the House of Representatives.

Article (246)
The Constitutional Declaration issued on July 5th, 2013, the Constitutional Declaration issued on July 8th, 2013, and any constitutional texts or provisions of the Constitution issued in 2012 but not covered by this constitutional document shall be deemed repealed as of the date that this Constitution comes into effect. Their consequential effects shall however remain in force.

Article (247)
This Constitution shall come into effect as at the date on which it is announced that the People have approved it in a referendum through a majority of valid votes of the participants.

22Sep/17

Constitution of the Syrian Arab Republic – 2012

22 septiembre, 2017Constitución, SiriaConstitution of the Syrian Arab Republic - 2012, Legislación Derecho InformáticoJosé Cuervo

Preamble

Arab civilization, which is part of human heritage, has faced through its long history great challenges aimed at breaking its will and subjecting it to colonial domination, but it has always rose through its own creative abilities to exercise its role in building human civilization.

The Syrian Arab Republic is proud of its Arab identity and the fact that its people are an integral part of the Arab nation. The Syrian Arab Republic embodies this belonging in its national and pan-Arab project and the work to support Arab cooperation in order to promote integration and achieve the unity of the Arab nation.

The Syrian Arab Republic considers international peace and security a key objective and a strategic choice, and it works on achieving both of them under the International Law and the values of right and justice.

The Syrian Arab role has increased on the regional and international levels over the past decades, which has led to achieving human and national aspirations and achievements in all fields and domains. Syria has occupied an important political position as it is the beating heart of Arabism, the forefront of confrontation with the Zionist enemy and the bedrock of resistance against colonial hegemony on the Arab world and its capabilities and wealth. The long struggle and sacrifices of our people for the sake of its independence, progress and national unity has paved the way for building the strong state and promoting cohesion between the people and their Syrian Arab army which is the main guarantor and protector of the homeland’s sovereignty, security, stability and territorial integrity; thus, forming the solid foundation of the people’s struggle for liberating all occupied territories.

The Syrian society with all its components and constituents and through its popular, political and civil institutions and organizations, has managed to accomplish achievements that demonstrated the depth of civilizational accumulation represented by the Syrian society, its unwavering will and its ability to keep pace with the changes and to create the appropriate environment to maintain its human role as a historical and effective power in the march of human civilization.

Since the beginning of the 21st century, Syria, both as people and institutions had faced the challenge of development and modernization during tough regional and international circumstances which targeted its national sovereignty. This has formed the incentive to accomplish this Constitution as the basis for strengthening the rule of law.

The completion of this Constitution is the culmination of the people’s struggle on the road to freedom and democracy. It is a real embodiment of achievements, a response to shifts and changes, an evidence of organizing the march of the state towards the future, a regulator of the movement of its institutions and a source of legislation. All of this is attainable through a system of fundamental principles that enshrines independence, sovereignty and the rule of the people based on election, political and party pluralism and the protection of national unity, cultural diversity, public freedoms, human rights, social justice, equality, equal opportunities, citizenship and the rule of law, where the society and the citizen are the objective and purpose for which every national effort is dedicated. Preserving the dignity of the society and the citizen is an indicator of the civilization of the country and the prestige of the state.

Title I.- Basic Principles

Chapter I.- Political Principles

Article 1

The Syrian Arab Republic is a democratic state with full sovereignty, indivisible, and may not waive any part of its territory, and is part of the Arab homeland; The people of Syria are part of the Arab nation.

Article 2

The system of governance in the state shall be a republican system; Sovereignty is an attribute of the people; and no individual or group may claim sovereignty. Sovereignty shall be based on the principle of the rule of the people by the people and for the people; The People shall exercise their sovereignty within the aspects and limits prescribed in the Constitution.

Article 3

The religion of the President of the Republic is Islam; Islamic jurisprudence shall be a major source of legislation; The State shall respect all religions, and ensure the freedom to perform all the rituals that do not prejudice public order; The personal status of religious communities shall be protected and respected.

Article 4

The official language of the state is Arabic.

Article 5

The capital of the state is Damascus.

Article 6

The flag of the Syrian Arab Republic consists of three colors: red, white and black, in addition to two stars, each with five heads of green color. The flag is rectangular in shape; its width equals two thirds of its length and consists of three rectangles evenly spaced along the flag, the highest in red, the middle in white and lowest in black, and the two stars are in the middle of the white rectangle; The law identifies the state’s emblem, its national anthem and the respective provisions.

Article 7

The constitutional oath shall be as follows: “I swear by the Almighty God to respect the country’s constitution, laws and Republican system, to look after the interests and freedoms of the people, to safeguard the homeland’s sovereignty, independence, freedom and to defend its territorial integrity and to act in order to achieve social justice and the unity of the Arab Nation”.

Article 8

1. The political system of the state shall be based on the principle of political pluralism, and exercising power democratically through the ballot box;

2. Licensed political parties and constituencies shall contribute to the national political life, and shall respect the principles of national sovereignty and democracy;

3. The law shall regulate the provisions and procedures related to the formation of political parties;

4. Carrying out any political activity or forming any political parties or groupings on the basis of religious, sectarian, tribal, regional, class-based, professional, or on discrimination based on gender, origin, race or color may not be undertaken;

5. Public office or public money may not be exploited for a political, electoral or party interest.

Article 9

As a national heritage that promotes national unity in the framework of territorial integrity of the Syrian Arab Republic, the Constitution shall guarantee the protection of cultural diversity of the Syrian society with all its components and the multiplicity of its tributaries.

Article 10

Public organizations, professional unions and associations shall be bodies that group citizens in order to develop society and attain the interests of its members. The State shall guarantee the independence of these bodies and the right to exercise public control and participation in various sectors and councils defined in laws; in areas which achieve their objectives, and in accordance with the terms and conditions prescribed by law.

Article 11

The army and the armed forces shall be a national institution responsible for defending the security of the homeland and its territorial integrity. This institution shall be in the service of the people’s interests and the protection of its objectives and national security.

Article 12

Democratically elected councils at the national or local level shall be institutions through which citizens exercise their role in sovereignty, state-building and leading society.

Chapter II.- Economic Principles

Article 13

1. The national economy shall be based on the principle of developing public and private economic activity through economic and social plans aiming at increasing the national income, developing production, raising the individual’s living standards and creating jobs;

2. Economic policy of the state shall aim at meeting the basic needs of individuals and society through the achievement of economic growth and social justice in order to reach comprehensive, balanced and sustainable development;

3. The State shall guarantee the protection of producers and consumers, foster trade and investment, prevent monopoly in various economic fields and work on developing human resources and protecting the labor force in a way that serves the national economy.

Article 14

Natural resources, facilities, institutions and public utilities shall be publicly owned, and the state shall invest and oversee their management for the benefit of all people, and the citizens’ duty is to protect them.

Article 15

Collective and individual private ownership shall be protected in accordance with the following basis:

1. General confiscation of funds shall be prohibited;

2. Private ownership shall not be removed except in the public interest by a decree and against fair compensation according to the law;

3. Confiscation of private property shall not be imposed without a final court ruling;

4. Private property may be confiscated for necessities of war and disasters by a law and against fair compensation;

5. Compensation shall be equivalent to the real value of the property.

Article 16

The law shall determine the maximum level of agricultural ownership and agricultural investment to ensure the protection of the farmer and the agricultural laborer from exploitation and to ensure increased production.

Article 17

The right of inheritance shall be maintained in accordance with the law.

Article 18

1. Taxes, fees and overhead costs shall not be imposed except by a law;

2. The tax system shall be based on a fair basis; and taxes shall be progressive in a way that achieves the principles of equality and social justice.

Chapter III.- Social Principles

Article 19

Society in the Syrian Arab Republic shall be based on the basis of solidarity, symbiosis and respect for the principles of social justice, freedom, equality and maintenance of human dignity of every individual.

Article 20

1. The family shall be the nucleus of society and the law shall maintain its existence and strengthen its ties;

2. The state shall protect and encourage marriage, and shall work on removing material and social obstacles that hinder it. The state shall also protect maternity and childhood, take care of young children and youth and provide the suitable conditions for the development of their talents.

Article 21

Martyrdom for the sake of the homeland shall be a supreme value, and the State shall guarantee the families of the martyrs in accordance with the law.

Article 22

1. The state shall guarantee every citizen and his family in cases of emergency, sickness, disability, orphan-hood and old age;

2. The state shall protect the health of citizens and provide them with the means of prevention, treatment and medication.

Article 23

The state shall provide women with all opportunities enabling them to effectively and fully contribute to the political, economic, social and cultural life, and the state shall work on removing the restrictions that prevent their development and participation in building society.

Article 24

The state shall shoulder, in solidarity with the community, the burdens resulting from natural disasters.

Article 25

Education, health and social services shall be the basic pillars for building society, and the state shall work on achieving balanced development among all regions of the Syrian Arab Republic.

Article 26

1. Public service shall be a responsibility and an honor the purpose of which is to achieve public interest and to serve the people;

2. Citizens shall be equal in assuming the functions of public service, and the law shall determine the conditions of assuming such functions and the rights and duties assigned to them.

Article 27

Protection of the environment shall be the responsibility of the state and society and it shall be the duty of every citizen.

Chapter IV.- Educational and Cultural Principles

Article 28

The educational system shall be based on creating a generation committed to its identity, heritage, belonging and national unity.

Article 29

1. Education shall be a right guaranteed by the state, and it is free at all levels. The law shall regulate the cases where education could not be free at universities and government institutes;

2. Education shall be compulsory until the end of basic education stage, and the state shall work on extending compulsory education to other stages;

3. The state shall oversee education and direct it in a way that achieves the link between it and the needs of society and the requirements of development;

4. The law shall regulate the state’s supervision of private educational institutions.

Article 30

Physical education shall be an essential pillar in building society; and the state shall encourage it to prepare a generation which is physically, morally and intellectually fit.

Article 31

The state shall support scientific research and all its requirements, ensure the freedom of scientific, literary, artistic and cultural creativity and provide the necessary means for that end. The state shall provide any assistance for the progress of sciences and arts, and shall encourage scientific and technical inventions, creative skills and talents and protect their results.

Article 32

The state shall protect antiquities, archaeological and heritage sites and objects of artistic, historical and cultural value.

Title II.- Rights, Freedoms and the Rule of Law

Chapter I.- Rights and Freedoms

Article 33

1. Freedom shall be a sacred right and the state shall guarantee the personal freedom of citizens and preserve their dignity and security;

2. Citizenship shall be a fundamental principle which involves rights and duties enjoyed by every citizen and exercised according to law;

3. Citizens shall be equal in rights and duties without discrimination among them on grounds of sex, origin, language, religion or creed;

4. The state shall guarantee the principle of equal opportunities among citizens.

Article 34

Every citizen shall have the right to participate in the political, economic, social and cultural life and the law shall regulate this.

Article 35

Every citizen shall be subjected to the duty of respecting the Constitution and laws.

Article 36

1. The inviolability of private life shall be protected by the law;

2. Houses shall not be entered or inspected except by an order of the competent judicial authority in the cases prescribed by law.

Article 37

Confidentiality of postal correspondence, telecommunications and radio and other communication shall be guaranteed in accordance with the law.

Article 38

1. No citizen may be deported from the country, or prevented from returning to it;

2. No citizen may be extradited to any foreign entity;

3. Every citizen shall have the right to move in or leave the territory of the state, unless prevented by a decision from the competent court or the public prosecution office or in accordance with the laws of public health and safety.

Article 39

Political refugees shall not be extradited because of their political beliefs or for their defense of freedom.

Article 40

1. Work shall be a right and a duty for every citizen, and the state shall endeavor to provide for all citizens, and the law shall organize work, its conditions and the workers’ rights;

2. Each worker shall have a fair wage according to the quality and output of the work; this wage shall be no less than the minimum wage that ensures the requirements of living and changes in living conditions;

3. The state shall guarantee social and health security of workers.

Article 41

Payment of taxes, fees and public costs shall be a duty in accordance with the law.

Article 42

1. Freedom of belief shall be protected in accordance with the law;

2. Every citizen shall have the right to freely and openly express his views whether in writing or orally or by all other means of expression.

Article 43

The state shall guarantee freedom of the press, printing and publishing, the media and its independence in accordance with the law.

Article 44

Citizens shall have the right to assemble, peacefully demonstrate and to strike from work within the framework of the Constitution principles, and the law shall regulate the exercise of these rights.

Article 45

Freedom of forming associations and unions shall be based on a national basis, for lawful purposes and by peaceful means which are guaranteed in accordance with the terms and conditions prescribed by law.

Article 46

1. Compulsory military service shall be a sacred duty and is regulated by a law;

2. Defending the territorial integrity of the homeland and maintaining the secrets of state shall be a duty of every citizen.

Article 47

The state shall guarantee the protection of national unity, and the citizens’ duty is to maintain it.

Article 48

The law shall regulate the Syrian Arab citizenship.

Article 49

Election and referendum are the right and duty of the citizens and the law shall regulate their exercise.

Chapter II.- The Rule of Law

Article 50

The rule of law shall be the basis of governance in the state.

Article 51

1. Punishment shall be personal; no crime and no punishment except by a law;

2. Every defendant shall be presumed innocent until convicted by a final court ruling in a fair trial;

3. The right to conduct litigation and remedies, review, and the defense before the judiciary shall be protected by the law, and the state shall guarantee legal aid to those who are incapable to do so, in accordance with the law;

4. Any provision of the law shall prohibit the immunity of any act or administrative decision from judicial review.

Article 52

Provisions of the laws shall only apply to the date of its commencement and shall not have a retroactive effect, and it may apply otherwise in matters other than criminal.

Article 53

1. No one may be investigated or arrested, except under an order or decision issued by the competent judicial authority, or if he was arrested in the case of being caught in the act, or with intent to bring him to the judicial authorities on charges of committing a felony or misdemeanor;

2. No one may be tortured or treated in a humiliating manner, and the law shall define the punishment for those who do so;

3. Any person who is arrested must be informed of the reasons for his arrest and his rights, and may not be incarcerated in front of the administrative authority except by an order of the competent judicial authority;

4. Every person sentenced by a final ruling, carried out his sentence and the ruling proved wrong shall have the right to ask the state for compensation for the damage he suffered.

Article 54

Any assault on individual freedom, on the inviolability of private life or any other rights and public freedoms guaranteed by the Constitution shall be considered a punishable crime by the law.

Title III.- State Authorities

Chapter I.- Legislative Authority

Article 55

The legislative authority of the state shall be assumed by the People’s Assembly in accordance with the manner prescribed in the Constitution.

Article 56

The People’s Assembly term shall be for four calendar years from the date of its first meeting and it may not be extended except in case of war by a law.

Article 57

Members of the People’s Assembly shall be elected by the public, secret, direct and equal vote in accordance with the provisions of the Election Law.

Article 58

A member of the People’s Assembly shall represent the whole people, and his/her commission may not be defined by a restriction or condition, and shall exercise duties under the guidance of hi/hers honor and conscience.

Article 59

Voters shall be the citizens who have completed eighteen years of age and met the conditions stipulated in the Election Law.

Article 60

1. The system of electing members of the People’s Assembly, their number and the conditions to be met by the candidates shall be determined by a law;

2. Half of the members of the People’s Assembly at least shall be of the workers and farmers, and the law shall state the definition of the worker and the farmer.

Article 61

The Election Law shall include the provisions that ensure:

1. The freedom of voters to choose their representatives and the safety and integrity of the electoral procedures;

2. The right of candidates to supervise the electoral process;

3. Punishing those who abuse the will of the voters;

4. Identifying the regulations of financing election campaigns;

5. Organizing the election campaign and the use of media outlets.

Article 62

1. Elections shall be held during the sixty days preceding the expiry date of the mandate of the People’s Assembly term;

2. The People’s Assembly shall continue its meetings if no other Assembly is elected and it shall remain in place until a new Assembly is elected.

Article 63

If the membership of a member of the People’s Assembly is vacant for some reason, an alternative shall be elected within sixty days from the date of the membership vacancy, provided that the remaining term of the Assembly is no less than six months. The membership of the new member shall end by the expiry date of the mandate of the Assembly’s term, and the Election Law shall determine the cases of vacant membership.

Article 64

1. The People’s Assembly shall be called to convene by a decree issued by the President of the Republic within fifteen days from the expiry date of the mandate of the existing Assembly or from the date of announcing the election results in case of not having such an Assembly. The People’s Assembly shall be definitely convened on the sixteenth day if the call-to-convene decree is not issued;

2. The Assembly shall elect, at its first meeting, its speaker and members who shall be annually re-elected.

Article 65

1. The Assembly shall call for three regular sessions per year; the total of which should not be less than six months, and the Assembly’s rules of procedure shall set the time and duration of each of them;

2. The Assembly may be invited to extraordinary sessions upon the request of the Speaker, one third of the members of the Assembly or the Assembly’s office;

3. The last legislative session of the year shall remain open until the approval of the state budget.

Article 66

1. The Supreme Constitutional Court shall have jurisdiction to consider appeals related to the elections of the members of the People’s Assembly.

2. Appeals shall be submitted by the candidate within three days from the date of announcing the results; and the court shall decide its final judgments within seven days from the expiry date of submitting appeals.

Article 67

Members of the People’s Assembly shall swear-in the constitutional oath mentioned in Article 7 of the Constitution.

Article 68

The emoluments and compensations of members of the People’s Assembly shall be determined by a law.

Article 69

The People’s Assembly shall put its rules of procedure to regulate the manner of working in it and the way of exercising its functions, and define terms of reference of the Assembly’ office.

Article 70

Members of the People’s Assembly shall not be questioned in a civil or criminal manner because of events or opinions they express or during a vote in public or private meetings and during the work of the committees.

Article 71

Members of the People’s Assembly shall enjoy immunity for the mandate duration of the Assembly. Criminal proceedings against any member of them shall be taken after having a prior permission from the Assembly unless caught in the act. In non-session cases, permission shall be taken from the Assembly’s office, and the Assembly shall be notified by any action taken at its first meeting.

Article 72

1. No member may take advantage of membership in any business;

2. The law shall specify the business which may not be combined with the membership in the Assembly.

Article 73

1. The speaker of the People’s Assembly shall represent the Assembly, sign and speak on its behalf;

2. The People’s Assembly shall have special guards under the authority of the Speaker of the Assembly; and no armed force may enter the Assembly without the permission of its Speaker.

Article 74

Members of the People’s Assembly shall exercise the right of proposing laws and directing questions and inquiries to the cabinet or a minister in accordance with the rules of procedure of the Assembly.

Article 75

The People’s Assembly undertakes the following functions:

1. Approval of laws;

2. Discussing the statement of the cabinet;

3. Perform a vote of no-confidence in the cabinet or a minister;

4. Approval of the general budget and final accounts;

5. Approval of development plans;

6. Approval of international treaties and conventions related to the safety of the state, including treaties of peace, alliance and all treaties related to the rights of sovereignty or conventions which grant privileges to foreign companies or institutions as well as treaties and conventions entailing additional expenses not included in its budget; or treaties and conventions related to loans’ contract or that are contrary to the provisions of the laws in force and requires new legislation which should come into force;

7. Approval of a general amnesty;

8. Accepting or rejecting the resignation of one of the members of the Assembly.

Article 76

1. The Prime Minister shall present the cabinet’s statement within thirty days from the date of its formation to the People’s Assembly for discussion;

2. The cabinet shall be responsible for the implementation of its statement before the People’s Assembly;

3. If the Assembly is not in a regular session, it shall be invited to convene an extraordinary session.

Article 77

1. A vote of no-confidence can only be conducted after the cabinet or one of its ministers is questioned in the Assembly; a vote of no-confidence should be upon a proposal made by at least a fifth of the members of the People’s Assembly and it must be obtained with a majority of the members;

2. If a vote of no-confidence is obtained, the Prime Minister shall submit the cabinet’s resignation to the President, so should the minister who got a vote of no-confidence.

Article 78

The Assembly might form temporary committees from among its members to collect information and find facts on the issues related to exercising its authorities.

Article 79

1. For every fiscal year there shall be one budget; and the beginning of fiscal year shall be determined by a law;

2. The law states the method of preparing the state’s general budget;

3. The draft budget should be presented to the people’s Assembly at least two months before the beginning of the fiscal year.

Article 80

1. The Assembly votes on the budget title by title; and the budget shall not enter into force unless approved by the Assembly;

2. If the Assembly did not complete the process of approving the budget until the beginning of the new fiscal year, the budget of the previous years is used until the new year budget is approved and the revenues are collected in accordance with the laws and regulations in force;

3. Appropriations cannot be transferred from one title to another except according to the provisions of the law;

4. The Assembly might not increase the estimates of total revenues or expenditures while examining the budget.

Article 81

The people’s Assembly might, after approving the budget, approve laws which could create new expenditures and new revenues to cover them.

Article 82

The final accounts of the fiscal year shall be presented to the People’s Assembly within a period not longer than one year as of the end of this year. The final account is done by a law; and the same procedures in approving the budget apply to the final account period.

Chapter Two.- The Executive Authority

(1) The President of the Republic

Article 83

The President of the Republic and the Prime Minister exercise executive authority on behalf of the people within the limits provided for in the constitution.

Article 84

The candidate for the office of President of the Republic should:

1. Have completed forty years of age;

2. Be of Syrian nationality by birth, of parents who are of Syrian nationality by birth;

3. Enjoy civil and political rights and not convicted of a dishonorable felony, even if he was reinstated;

4. Not be married to a non-Syrian wife;

5. Be a resident of the Syrian Arab Republic for no less than 10 years continuously upon being nominated.

Article 85

The nomination of a candidate for the office of President of the Republic shall be as follows:

1. The Speaker of the People’s Assembly calls for the election of the President of the Republic before the end of the term of office of the existing president by no less than 60 days and no more than 90 days;

2. The candidacy application shall be made to the Supreme Constitutional Court, and is entered in a special register, within 10 days of announcing the call for electing the president;

3. The candidacy application shall not be accepted unless the applicant has acquired the support of at least 35 members of the People’s Assembly; and no member of the assembly might support more than one candidate;

4. Applications shall be examined by the Supreme Constitutional Court; and should be ruled on within 5 days of the deadline for application;

5. If the conditions required for candidacy were met by only one candidate during the period set for applying, the Speaker of the people’s assembly should call for fresh nominations according to the same conditions.

Article 86

1. The President of the Republic shall be elected directly by the people;

2. The candidate who wins the election for the President of the Republic is the one who gets the absolute majority of those who take part in the elections. If no candidate receives that majority, a rerun is carried out between the two candidates who receive the largest number of votes;

3. The results shall be announced by the Speaker of the People’s Assembly.

Article 87

1. If the People’s Assembly was dissolved during the period set for electing a new President of the Republic, the existing President of the Republic continues to exercise his duties until after the new Assembly is elected and convened; and the new President of the Republic shall be elected within the 90 days which follow the date of convening this Assembly;

2. If the term of the President of the Republic finished and no new president was elected, the Existing President of the Republic continues to assume his duties until the new president is elected.

Article 88

The President of the Republic is elected for 7 years as of the end of the term of the existing President. The President can be elected for only one more successive term.

Article 89

1. The Supreme Constitutional Court has the jurisdiction to examine the challenges to the election of the President of the Republic;

2. The challenges shall be made by the candidate within 3 days of announcing the results; and the court rules on them finally within 7 days of the end of the deadline for making the challenges.

Article 90

The President of the Republic shall be sworn in before the People’s Assembly before assuming his duties by repeating the constitutional oath mentioned in Article 7 of the Constitution.

Article 91

1. The President of the Republic might name one or more deputies and delegate to them some of his authorities;

2. The Vice-president is sworn in before the President of the Republic by repeating the constitutional oath mentioned in Article 7 of the Constitution.

Article 92

If an impediment prevented the President of the Republic from continuing to carry out his duties, the Vice-president shall deputize for him.

Article 93

1. If the office of the President of the Republic becomes vacant or if he is permanently incapacitated, the first Vice-president assumes the President’s duties for a period of no more than 90 days of the President of the Republic’s office becoming vacant. During this period new presidential elections shall be conducted;

2. If the office of the President of the Republic becomes vacant, and he does not have a Vice-president, his duties shall be assumed temporarily by the Prime Minister for a period of no more than 90 days of the date of the President of the Republic’s office becoming vacant. During this period new presidential elections shall be conducted.

Article 94

If the President of the Republic resigned from office, he should address the resignation letter to the People’s Assembly.

Article 95

The protocol, privileges and allocations required for the office of President of the Republic shall be set out in a law.

Article 96

The President of the Republic shall insure respect for the Constitution, the regular running of public authorities, protection of national unity and survival of the state.

Article 97

The President of the Republic shall name the Prime Minister, his deputies, ministers and their deputies, accept their resignation and dismiss them from office.

Article 98

In a meeting chaired by him, the President of the Republic lays down the general policy of the state and oversees its implementation.

Article 99

The President of the Republic might call the Council of Ministers to a meeting chaired by him; and might ask for reports from the Prime Minister and the ministers.

Article 100

The President of the Republic shall pass the laws approved by the People’s Assembly. He might also reject them through a justified decision within one month of these laws being received by the Presidency. If they are approved a second time by the People’s Assembly with a two thirds majority, they shall be passed by the President of the Republic.

Article 101

The President of the Republic shall pass decrees, decisions and orders in accordance with the laws.

Article 102

The President of the Republic declares war, calls for general mobilization and concludes peace agreements after obtaining the approval of the People’s Assembly.

Article 103

The President of the Republic declares the state of emergency and repeals it in a decree taken at the Council of Ministers chaired by him with a two thirds majority, provided that the decree is presented to the People’s Assembly in its first session. The law sets out the relevant provisions.

Article 104

The President of the Republic accredits heads of diplomatic missions in foreign countries and accepts the credentials of heads of foreign diplomatic missions in the Syrian Arab Republic.

Article 105

The President of the Republic is the Commander in Chief of the army and armed forces; and he issues all the decisions necessary to exercise this authority. He might delegate some of these authorities.

Article 106

The President of the Republic appoints civilian and military employees and ends their services in accordance with the law.

Article 107

The President of the Republic concludes international treaties and agreements and revokes them in accordance with provisions of the Constitution and rules of international law.

Article 108

The President of the Republic grants special amnesty and might reinstate individuals.

Article 109

The President of the Republic has the right to award medals and honors.

Article 110

The President of the Republic might address letters to the People’s Assembly and make statements before it.

Article 111

1. The President of the Republic might decide to dissolve the People’s Assembly in a justified decision he makes;

2. Elections for a new People’s Assembly shall be conducted within 60 days of the date of dissolution;

3. The People’s Assembly might not be dissolved more than once for the same reason.

Article 112

The President of the Republic might prepare draft laws and refer them to the People’s Assembly to consider them for approval.

Article 113

1. The President of the Republic assumes the authority of legislation when the People’s Assembly is not in session, or during sessions if absolute necessity requires this, or in the period during which the Assembly is dissolved.

2. These legislation shall be referred to the Assembly within 15 days of its first session;

3. The Assembly has the right to revoke such legislation or amend them in a law with a majority of two thirds of the members registered for attending the session, provided it is no less than the absolute majority of all its members. Such amendment or revocation shall not have a retroactive effect. If they are not amended or revoked, they shall be considered approved.

Article 114

If a grave danger and a situation threatening national unity, the safety and integrity of the territories of the homeland occurs, or prevents state institutions from shouldering their constitutional responsibilities, the President of the Republic might take the quick measures necessitated by these circumstances to face that danger.

Article 115

The President of the Republic might set up special bodies, councils and committees whose tasks and mandates are set out in the decisions taken to create them.

Article 116

The President of the Republic might call for a referendum on important issues which affect the higher interests of the country. The result of the referendum shall be binding and come into force as of the date of its announcement; and it shall be published by the President of the Republic.

Article 117

The President of the Republic is not responsible for the acts he does in carrying out his duties except in the case of high treason; and the accusation should be made through a People’s Assembly decision taken by the Assembly in a public vote and with a two thirds majority in a secret session based on a proposal made by at least one third of the members. He shall be tried before the Supreme Constitutional Court.

(2) The Council of Ministers

Article 118

1. The Council of Ministers is the highest executive and administrative authority of the state. It consists of the Prime Minister, his deputies and the ministers. It supervises the implementation of the laws and regulations and oversees the work of state institutions;

2. The Prime Minister supervises the work of his deputies and the ministers.

Article 119

The allocations and benefits of the Prime Minister, his deputies and the ministers shall be set out in a law.

Article 120

The Prime Minister, his deputies and the ministers shall be sworn in before the President of the Republic when a new government is formed by repeating the constitutional oath mentioned in Article 7 of the Constitution before they start their work. When the government is reshuffled, only the new ministers shall be sworn in.

Article 121

The Prime Minister, his deputies and the ministers shall be responsible before the President of the Republic and the People’s Assembly.

Article 122

The minister is the highest administrative authority in his ministry, and he shall implement the state’s public policy in relation to his ministry.

Article 123

While in office, ministers shall be barred from being members of the boards of private companies or agents for such companies and from carrying out, directly or indirectly, any commercial activity or private profession.

Article 124

1. The Prime Minister, his deputies and the ministers shall be responsible for their acts, from a civil and penal perspective, in accordance with the law;

2. The President of the Republic has the right to refer the Prime Minister, his deputies and the ministers to the courts for any crimes any of them commits while in office or because of such crimes;

3. The accused shall be suspended from office as soon as an indictment is made until a ruling is passed on the accusation made against him. His resignation or dismissal does not prevent his trial. Procedures are conducted as stated in the law.

Article 125

1. The cabinet shall be considered as resigned in the following cases:

a. Upon the end of the term of office of the President of the Republic;

b. Upon the election of a new People’s Assembly;

c. If the majority of the ministers resigned.

2. The cabinet carries on in a care taker capacity until a decree is passed naming a new cabinet.

Article 126

An individual can be a minister and a member of the People’s Assembly at the same time.

Article 127

Provisions applying to ministers apply to deputy ministers.

Article 128

The mandate of the Council of Ministers is as follows:

1. It draws the executive plans of the state’s general policy;

2. It guides the work of ministers and other public bodies;

3. It draws the state’s draft budget;

4. It drafts laws;

5. It prepares development plans and plans for upgrading production and the exploitation of national resources and everything that could support and develop the economy and increase national income;

6. It concludes loan contracts and grants loans in accordance with provisions of the constitution;

7. Concludes treaties and agreements in accordance with provisions of the constitution;

8. Follows up on enforcing the laws and protects the interests and the security of the state and protects the freedoms and rights of the population;

9. Passes administrative decisions in accordance with the laws and regulations and oversees their implementation.

Article 129

The Prime Minister and the ministers exercise the authorities provided for in the laws in force in a manner that does not contravene the authorities given to other authorities in the Constitution, in addition to the other authorities stated in its provisions.

(3) Local Councils

Article 130

The Syrian Arab Republic consists of administrative units; and the law states their number, boundaries, authorities and the extent to which they enjoy the status of a legal entity, financial and administrative independence.

Article 131

1. The organization of local administration units is based on applying the principle of decentralization of authorities and responsibilities. The law states the relationship between these units and the central authority, their mandate, financial revenues and control over their work. It also states the way their heads are appointed or elected, their authorities and the authorities of heads of sectors.

2. Local administration units shall have councils elected in a general, secret, direct and equal manner.

Chapter III.- The Judicial Authority

(1) The Courts and Attorney General’s Office

Article 132

The judicial authority is independent; and the President of the Republic insures this independence assisted by the Supreme Judicial Council.

Article 133

1. The Supreme Judicial Council is headed by the President of the Republic; and the law states the way it shall be formed, its mandate and its rules of procedures;

2. The Supreme Judicial Council insures the provision of the guarantees necessary for the independence of the judiciary.

Article 134

1. Judges are independent and there is no authority over them except that of the law;

2. The judges’ honor, conscience and impartiality constitute the guarantees for people’s rights and freedoms.

Article 135

The law regulates the different branches, categories and degrees of the judicial system. It also states the rules for the mandates of different courts.

Article 136

The law states the conditions for appointing judges, promoting, transferring, disciplining and dismissing them.

Article 137

The Attorney General’s Office is a single judicial institution headed by the Minister of Justice. The law regulates its function and mandate.

Article 138

1. Judicial rulings are made in the name of the Arab people of Syria;

2. Not implementing judicial rulings or obstructing their implementation is a crime punished in accordance with provisions of the law.

(2) Administrative Judiciary

Article 139

The State’s Council is in charge of Administrative Judiciary. It is an independent judicial and advisory body. The law states its mandate and conditions for appointing, promoting, transferring, disciplining and dismissing them.

Title Four.- The Supreme Constitutional Court

Article 140

The Supreme Constitutional Court is an independent judicial body based in Damascus.

Article 141

The Supreme Constitutional Court consists of at least seven members, one of them shall be named president in a decree passed by the President of the Republic.

Article 142

An individual cannot be a member of the Supreme Constitutional Court and a minister or a member of the People’s Assembly at the same time. The law states the other jobs that cannot be done by a member of the Court.

Article 143

The duration of membership of the Supreme Constitutional Court shall be four years renewable. Article 144 Members of the Supreme Constitutional Court cannot be dismissed from its membership except in accordance with the law.

Article 145

President and members of the Supreme Constitutional Court shall be sworn in before the President of the Republic in the presence of the Speaker of the People’s Assembly before they assume their duties. They repeat the following oath: “I swear by the Great Almighty to respect the Constitution and the laws of the country and to carry out my responsibilities with integrity and impartiality”.

Article 146

The mandate of the Supreme Constitutional Court is as follows:

1. Control over the constitutionality of the laws, legislative decrees, bylaws and regulations;

2. Expressing opinion, upon the request of the President of the Republic, on the constitutionality of the draft laws and legislative decrees and the legality of draft decrees;

3. Supervising the election of the President of the Republic and organizing the relevant procedures;

4. Considering the challenges made to the soundness of the measures of electing the President of the Republic and members of the People’s Assembly and ruling on these challenges;

5. Trying the President of the Republic in the case of high treason;

6. The law states its other authorities.

Article 147

1. The Supreme Constitutional Court is charged with control over the constitutionality of the laws as follows:

a. If the President of the Republic or a fifth of the members of the People’s Assembly object to a law before it is passed, on the grounds of its unconstitutionality, it shall be suspended until the Court rules on it within 15 days of the date of lodging the objection at the Court. If the law is urgently needed, the Court shall rule on it within 7 days;

b. If a fifth of the members of the People’s Assembly object to a legislative decree, on the grounds of its unconstitutionality within 15 days of it is being presented to the Assembly, the Court shall rule on it within 15 days of lodging the objection at the Court;

c. If the Court ruled that the law, the legislative decree or the bylaw was unconstitutional, the items found to be unconstitutional shall be annulled with retroactive effect and all their consequences shall be removed.

2. Considering the claim of the unconstitutionality of a law or a legislative decree and ruling on it takes place as follows:

a. If an opponent making a challenge claimed the unconstitutionality of a legal text applied by the court whose ruling is being challenged, and if the court considering the challenge found that the claim was serious and should be ruled on, it halts the proceedings of the case and refers it to the Supreme Constitutional Court;

b. The Supreme Constitutional Court shall rule on the claim within 30 days of being entered in its register.

Article 148

The Supreme Constitutional Court shall not consider the constitutionality of the laws put by the President of the Republic to a referendum and obtained the approval of the people.

Article 149

The law regulates the principles of considering and ruling on the issues under the mandate of the Supreme Constitutional Court. The law states the number of its staff and the conditions which need to be met by its members. It also states their immunity, responsibilities, salaries and privileges.

Title Five.- Amending the Constitution

Article 150

1. The President of the Republic, and so does a third of the members of the People’s Assembly, might propose amending the Constitution;

2. The proposal for amending the Constitution shall state the text proposed to be amended and the reasons for making the amendment;

3. As soon as the People’s Assembly receives the proposal for amendment, it sets up a special committee to examine it.

4. The Assembly discusses the proposal for amendment. If it approved it with a three quarters majority, the amendment shall be considered final provided that it is also approved by the President of the Republic.

Title Six.- General and Transitional Provisions

Article 151

The Preamble of the Constitution is considered part and parcel of the Constitution

Article 152

No person carrying another nationality, in addition to the nationality of the Syrian Arab Republic, might occupy the office of President of the Republic, Vice-president, Prime Minister, deputy prime ministers, ministers, members of the People’s Assembly or members of the Supreme Constitutional Court.

Article 153

This constitution shall not be amended before 18 months of coming into force.

Article 154

The legislation in force and passed before approving this Constitution remain in force until they are amended in accordance with its provisions, provided that the amendment is done within a period of no longer than 3 years.

Article 155

The term of office of the current President of the Republic terminates after 7 years of his being sworn in as President. He has the right to stand again for the office of President of the Republic. Provisions of Article 88 of this Constitution apply to him as of the next presidential elections.

Article 156

Elections for the first People’s Assembly under this Constitution shall be held within 90 days of the date of its being approved through referendum.

Article 157

This Constitution shall be published in the official bulletin and enters into force as of being approved.

13Sep/17

Privacy Amendment Act nº 12, 2017 Australia

13 septiembre, 2017Australia, Ley2017 Australia, Legislación Australiana, Legislación Derecho Informático, Privacy Amendment Act nº 12José Cuervo

An Act to amend the Privacy Act 1988, and for related purposes

(Assented to 22 February 2017)

The Parliament of Australia enacts:

1.- Short title

This Act is the Privacy Amendment (Notifiable Data Breaches) Act 2017.

2.- Commencement

Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.

Commencement information

Column 1 Column 2 Column 3

Provisions Commencement Date/Details

Sections 1 The day this Act receives the Royal 22 February 2017

To 3 and Assent.

anything in

this Act not

elsewhere

covered by this

table

Schedule 1 A single day to be fixed by

Proclamation.

However, if the provisions do not

Commence within the period of 12

Months beginning on the day this

Act receives the Royal Assent, they

Commence on the day after the end

of that period.

Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.

(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.

3.- Schedules

Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.

Schedule 1.- Amendments

Privacy Act 1988

1.- Subsection 6(1)

Insert:

at risk from an eligible data breach has the meaning given by section 26WE.

eligible data breach has the meaning given by Division 2 of Part IIIC.

2.- After subsection 13(4)

Insert:

Notification of eligible data breaches etc.

(4A) If an entity (within the meaning of Part IIIC) contravenes subsection 26WH(2), 26WK(2), 26WL(3) or 26WR(10), the contravention is taken to be an act that is an interference with the privacy of an individual.

3.- After Part IIIB

Insert:

Part IIIC.- Notification of eligible data breaches

Division 1.-Introduction

26WA.- Simplified outline of this Part

This Part sets up a scheme for notification of eligible data breaches.
An eligible data breach happens if:

(a) there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and

(b) the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

An entity must give a notification if:

(a) it has reasonable grounds to believe that an eligible data breach has happened; or

(b) it is directed to do so by the Commissioner.

26WB.- Entity

For the purposes of this Part, entity includes a person who is a file number recipient.

26WC.- Deemed holding of information

Overseas recipients

(1) If:

(a) an APP entity has disclosed personal information about one or more individuals to an overseas recipient; and

(b) Australian Privacy Principle 8.1 applied to the disclosure of the personal information; and

this Part has effect as if:

(d) the personal information were held by the APP entity; and

(e) the APP entity were required under section 15 not to do an act, or engage in a practice, that breaches Australian Privacy Principle 11.1 in relation to the personal information.

Bodies or persons with no Australian link

(2) If:

(a) either:

(i) a credit provider has disclosed, under paragraph 21G(3)(b) or (c), credit eligibility information about one or more individuals to a related body corporate, or person, that does not have an Australian link; or

(ii) a credit provider has disclosed, under subsection 21M(1), credit eligibility information about one or more individuals to a body or person that does not have an Australian link; and

(b) the related body corporate, body or person holds the credit eligibility information;

this Part has effect as if:

(d) the credit provider were required to comply with subsection 21S(1) in relation to the credit eligibility information.

Note: See section 21NA.

26WD.- Exception-notification under the My Health Records Act 2012

If:

(a) an unauthorised access to information; or

(b) an unauthorised disclosure of information; or

has been, or is required to be, notified under section 75 of the My Health Records Act 2012, this Part does not apply in relation to the access, disclosure or loss.

Division 2.- Eligible data breach

26WE.- Eligible data breach

Scope

(1) This section applies if:

(a) both:

(i) an APP entity holds personal information relating to one or more individuals; and

(ii) the APP entity is required under section 15 not to do an act, or engage in a practice, that breaches Australian Privacy Principle 11.1 in relation to the personal information; or

(b) both:

(i) a credit reporting body holds credit reporting information relating to one or more individuals; and

(ii) the credit reporting body is required to comply with section 20Q in relation to the credit reporting information; or

(i) a credit provider holds credit eligibility information relating to one or more individuals; and

(ii) the credit provider is required to comply with subsection 21S(1) in relation to the credit eligibility information; or

(d) both:

(i) a file number recipient holds tax file number information relating to one or more individuals; and

(ii) the file number recipient is required under section 18 not to do an act, or engage in a practice, that breaches a section 17 rule that relates to the tax file number information.

Eligible data breach

(2) For the purposes of this Act, if:

(a) both of the following conditions are satisfied:

(i) there is unauthorised access to, or unauthorised disclosure of, the information;

(ii) a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or

(b) the information is lost in circumstances where:

(i) unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and

(ii) assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;

then:

(c) the access or disclosure covered by paragraph (a), or the loss covered by paragraph (b), is an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; and

(d) an individual covered by subparagraph (a)(ii) or (b)(ii) is at risk from the eligible data breach.

(3) Subsection (2) has effect subject to section 26WF.

26WF.- Exception-remedial action

Access to, or disclosure of, information

(1) If:

(a) an access to, or disclosure of, information is covered by paragraph 26WE(2)(a); and

(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the access or disclosure; and

(c) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before the access or disclosure results in serious harm to any of the individuals to whom the information relates; and

(d) as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to any of those individuals;

the access or disclosure is not, and is taken never to have been:

(e) an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f) an eligible data breach of any other entity.

(2) If:

(a) an access to, or disclosure of, information is covered by paragraph 26WE(2)(a); and

(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the access or disclosure; and

(c) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before the access or disclosure results in serious harm to a particular individual to whom the information relates; and

(d) as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to the individual;

this Part does not require:

(e) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f) any other entity;

to take steps to notify the individual of the contents of a statement that relates to the access or disclosure.

Loss of information

(3) If:

(a) a loss of information is covered by paragraph 26WE(2)(b); and

(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and

(c) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before there is unauthorised access to, or unauthorised disclosure of, the information; and

(d) as a result of the action, there is no unauthorised access to, or unauthorised disclosure of, the information;

the loss is not, and is taken never to have been:

(e) an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f) an eligible data breach of any other entity.

(4) If:

(a) a loss of information is covered by paragraph 26WE(2)(b); and

(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and

(i) after there is unauthorised access to, or unauthorised disclosure of, the information; and

(ii) before the access or disclosure results in serious harm to any of the individuals to whom the information relates; and

(d) as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to any of those individuals;

the loss is not, and is taken never to have been:

(e) an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f) an eligible data breach of any other entity.

(5) If:

(a) a loss of information is covered by paragraph 26WE(2)(b); and

(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and

(i) after there is unauthorised access to, or unauthorised disclosure of, the information; and

(ii) before the access or disclosure results in serious harm to a particular individual to whom the information relates; and

(d) as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to the individual;

this Part does not require:

(e) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f) any other entity;

to take steps to notify the individual of the contents of a statement that relates to the loss.

26WG.- Whether access or disclosure would be likely, or would not be likely, to result in serious harm-relevant matters

For the purposes of this Division, in determining whether a reasonable person would conclude that an access to, or a disclosure of, information:

(a) would be likely; or

(b) would not be likely;

to result in serious harm to any of the individuals to whom the information relates, have regard to the following:

(d) the sensitivity of the information;

(e) whether the information is protected by one or more security measures;

(f) if the information is protected by one or more security measures-the likelihood that any of those security measures could be overcome;

(g) the persons, or the kinds of persons, who have obtained, or who could obtain, the information;

(h) if a security technology or methodology:

(i) was used in relation to the information; and

(ii) was designed to make the information unintelligible or meaningless to persons who are not authorised to obtain the information;

the likelihood that the persons, or the kinds of persons, who:

(iii) have obtained, or who could obtain, the information; and

(iv) have, or are likely to have, the intention of causing harm to any of the individuals to whom the information relates;

have obtained, or could obtain, information or knowledge required to circumvent the security technology or methodology;

(i) the nature of the harm;

(j) any other relevant matters.

Note: If the security technology or methodology mentioned in paragraph (h) is encryption, an encryption key is an example of information required to circumvent the security technology or methodology.

Division 3.- Notification of eligible data breaches

Subdivision A.- Suspected eligible data breaches

26WH.- Assessment of suspected eligible data breach

Scope

(1) This section applies if:

(a) an entity is aware that there are reasonable grounds to suspect that there may have been an eligible data breach of the entity; and

(b) the entity is not aware that there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity.

Assessment

(2) The entity must:

(a) carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity; and

(b) take all reasonable steps to ensure that the assessment is completed within 30 days after the entity becomes aware as mentioned in paragraph (1)(a).

Note: Section 26WK applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.

26WJ.- Exception-eligible data breaches of other entities

If:

(a) an entity complies with section 26WH in relation to an eligible data breach of the entity; and

(b) the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities;

that section does not apply in relation to those eligible data breaches of those other entities.

Subdivision B.- General notification obligations

26WK.- Statement about eligible data breach

Scope

(1) This section applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.

Statement

(2) The entity must:

(a) both:

(i) prepare a statement that complies with subsection (3); and

(ii) give a copy of the statement to the Commissioner; and

(b) do so as soon as practicable after the entity becomes so aware.

(3) The statement referred to in subparagraph (2)(a)(i) must set out:

(a) the identity and contact details of the entity; and

(b) a description of the eligible data breach that the entity has reasonable grounds to believe has happened; and

(d) recommendations about the steps that individuals should take in response to the eligible data breach that the entity has reasonable grounds to believe has happened.

(4) If the entity has reasonable grounds to believe that the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities, the statement referred to in subparagraph (2)(a)(i) may also set out the identity and contact details of those other entities.

26WL.- Entity must notify eligible data breach

Scope

(1) This section applies if:

(a) an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity; and

(b) the entity has prepared a statement that:

(i) complies with subsection 26WK(3); and

(ii) relates to the eligible data breach that the entity has reasonable grounds to believe has happened.

Notification

(2) The entity must:

(a) if it is practicable for the entity to notify the contents of the statement to each of the individuals to whom the relevant information relates-take such steps as are reasonable in the circumstances to notify the contents of the statement to each of the individuals to whom the relevant information relates; or

(b) if it is practicable for the entity to notify the contents of the statement to each of the individuals who are at risk from the eligible data breach-take such steps as are reasonable in the circumstances to notify the contents of the statement to each of the individuals who are at risk from the eligible data breach; or

(i) publish a copy of the statement on the entity’s website (if any); and

(ii) take reasonable steps to publicise the contents of the statement.

Note: See also subsections 26WF(2) and (5), which deal with remedial action.

(3) The entity must comply with subsection (2) as soon as practicable after the completion of the preparation of the statement.

Method of providing a statement to an individual

(4) If the entity normally communicates with a particular individual using a particular method, the notification to the individual under paragraph (2)(a) or (b) may use that method. This subsection does not limit paragraph (2)(a) or (b).

26WM.- Exception-eligible data breaches of other entities

If:

(a) an entity complies with sections 26WK and 26WL in relation to an eligible data breach of the entity; and

(b) the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities;

those sections do not apply in relation to those eligible data breaches of those other entities.

26WN.- Exception-enforcement related activities

If:

(a) an entity is an enforcement body; and

(b) the chief executive officer of the enforcement body believes on reasonable grounds that there has been an eligible data breach of the entity; and

(c) the chief executive officer of the enforcement body believes on reasonable grounds that compliance with section 26WL in relation to the eligible data breach would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, the enforcement body;

paragraph 26WK(3)(d) and section 26WL do not apply in relation to:

(d) the eligible data breach of the entity; and

(e) if the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities—such an eligible data breach of those other entities.

26WP.- Exception-inconsistency with secrecy provisions

Secrecy provisions

(1) For the purposes of this section, secrecy provision means a provision that:

(a) is a provision of a law of the Commonwealth (other than this Act); and

(b) prohibits or regulates the use or disclosure of information.

(2) If compliance by an entity with subparagraph 26WK(2)(a)(ii) in relation to a statement would, to any extent, be inconsistent with a secrecy provision (other than a prescribed secrecy provision), subsection 26WK(2) does not apply to the entity, in relation to the statement, to the extent of the inconsistency.

(3) If compliance by an entity with section 26WL in relation to a statement would, to any extent, be inconsistent with a secrecy provision (other than a prescribed secrecy provision), section 26WL does not apply to the entity, in relation to the statement, to the extent of the inconsistency.

Prescribed secrecy provisions

(4) For the purposes of this section, prescribed secrecy provision means a secrecy provision that is specified in the regulations.

(5) For the purposes of a prescribed secrecy provision:

(a) subparagraph 26WK(2)(a)(ii); and

(b) section 26WL;

are taken not to be provisions that require or authorise the use or disclosure of information.

(6) If compliance by an entity with subparagraph 26WK(2)(a)(ii) in relation to a statement would, to any extent, be inconsistent with a prescribed secrecy provision, subsection 26WK(2) does not apply to the entity in relation to the statement.

(7) If compliance by an entity with section 26WL in relation to a statement would, to any extent, be inconsistent with a prescribed secrecy provision, section 26WL does not apply to the entity in relation to the statement.

26WQ.- Exception-declaration by Commissioner

(1) If the Commissioner:

(a) is aware that there are reasonable grounds to believe that there has been an eligible data breach of an entity; or

(b) is informed by an entity that the entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity;

the Commissioner may, by written notice given to the entity:

(i) the eligible data breach of the entity; and

(ii) if the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities—such an eligible data breach of those other entities; or

(d) declare that subsection 26WL(3) has effect in relation to:

(i) the eligible data breach of the entity; and

(ii) if the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities-such an eligible data breach of those other entities;

as if that subsection required compliance with subsection 26WL(2) before the end of a period specified in the declaration.

(2) The Commissioner’s power in paragraph (1)(d) may only be used to extend the time for compliance with subsection 26WL(2) to the end of a period that the Commissioner is satisfied is reasonable in the circumstances.

(3) The Commissioner must not make a declaration under subsection (1) unless the Commissioner is satisfied that it is reasonable in the circumstances to do so, having regard to the following:

(a) the public interest;

(b) any relevant advice given to the Commissioner by:

(i) an enforcement body; or

(ii) the Australian Signals Directorate of the Defence Department;

(4) Paragraph (3)(b) does not limit the advice to which the Commissioner may have regard.

(5) The Commissioner may give a notice of a declaration to an entity under subsection (1):

(a) on the Commissioner’s own initiative; or

(b) on application made to the Commissioner by the entity.

Applications

(6) An application by an entity under paragraph (5)(b) may be expressed to be:

(a) an application for a paragraph (1)(c) declaration; or

(b) an application for a paragraph (1)(d) declaration; or

(i) a paragraph (1)(c) declaration; or

(ii) in the event that the Commissioner is not disposed to make such a declaration—a paragraph (1)(d) declaration.

(7) If an entity applies to the Commissioner under paragraph (5)(b):

(a) the Commissioner may refuse the application; and

(b) if the Commissioner does so—the Commissioner must give written notice of the refusal to the entity.

(8) If:

(a) an application for a paragraph (1)(d) declaration nominates a period to be specified in the declaration; and

(b) the Commissioner makes the declaration, but specifies a different period in the declaration;

the Commissioner is taken not to have refused the application.

(9) If an entity applies to the Commissioner under paragraph (5)(b) for a declaration that, to any extent, relates to an eligible data breach of the entity, sections 26WK and 26WL do not apply in relation to:

(a) the eligible data breach; or

(b) if the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities-such an eligible data breach of those other entities;

until the Commissioner makes a decision in response to the application for the declaration.

(10) An entity is not entitled to make an application under paragraph (5)(b) in relation to an eligible data breach of the entity if:

(a) the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities; and

(b) one of those other entities has already made an application under paragraph (5)(b) in relation to the eligible data breach of the other entity.

Extension of specified period

(11) If notice of a paragraph (1)(d) declaration has been given to an entity, the Commissioner may, by written notice given to the entity, extend the period specified in the declaration.

Subdivision C.- Commissioner may direct entity to notify eligible data breach

26WR.- Commissioner may direct entity to notify eligible data breach

(1) If the Commissioner is aware that there are reasonable grounds to believe that there has been an eligible data breach of an entity, the Commissioner may, by written notice given to the entity, direct the entity to:

(a) prepare a statement that complies with subsection (4); and

(b) give a copy of the statement to the Commissioner.

(2) The direction must also require the entity to:

(i) publish a copy of the statement on the entity’s website (if any); and

(ii) take reasonable steps to publicise the contents of the statement.

Note: See also subsections 26WF(2) and (5), which deal with remedial action.

(3) Before giving a direction to an entity under subsection (1), the Commissioner must invite the entity to make a submission to the Commissioner in relation to the direction within the period specified in the invitation.

(4) The statement referred to in paragraph (1)(a) must set out:

(a) the identity and contact details of the entity; and

(b) a description of the eligible data breach that the Commissioner has reasonable grounds to believe has happened; and

(d) recommendations about the steps that individuals should take in response to the eligible data breach that the Commissioner has reasonable grounds to believe has happened.

(5) A direction under subsection (1) may also require the statement referred to in paragraph (1)(a) to set out specified information that relates to the eligible data breach that the Commissioner has reasonable grounds to believe has happened.

(6) In deciding whether to give a direction to an entity under subsection (1), the Commissioner must have regard to the following:

(a) any relevant advice given to the Commissioner by:

(i) an enforcement body; or

(ii) the Australian Signals Directorate of the Defence Department;

(b) any relevant submission that was made by the entity:

(i) in response to an invitation under subsection (3); and

(ii) within the period specified in the invitation;

(7) Paragraph (6)(a) does not limit the advice to which the Commissioner may have regard.

(8) If the Commissioner is aware that there are reasonable grounds to believe that the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities, a direction under subsection (1) may also require the statement referred to in paragraph (1)(a) to set out the identity and contact details of those other entities.

Method of providing a statement to an individual

(9) If an entity normally communicates with a particular individual using a particular method, the notification to the individual mentioned in paragraph (2)(a) or (b) may use that method. This subsection does not limit paragraph (2)(a) or (b).

Compliance with direction

(10) An entity must comply with a direction under subsection (1) as soon as practicable after the direction is given.

26WS.- Exception-enforcement related activities

An entity is not required to comply with a direction under subsection 26WR(1) if:

(a) the entity is an enforcement body; and

(b) the chief executive officer of the enforcement body believes on reasonable grounds that compliance with the direction would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, the enforcement body.

26WT.- Exception-inconsistency with secrecy provisions

Secrecy provisions

(1) For the purposes of this section, secrecy provision means a provision that:

(a) is a provision of a law of the Commonwealth (other than this Act); and

(b) prohibits or regulates the use or disclosure of information.

(2) If compliance by an entity with paragraph 26WR(1)(b) or subsection 26WR(2) in relation to a statement would, to any extent, be inconsistent with a secrecy provision (other than a prescribed secrecy provision), paragraph 26WR(1)(b) or subsection 26WR(2), as the case may be, does not apply to the entity, in relation to the statement, to the extent of the inconsistency.

Prescribed secrecy provisions

(3) For the purposes of this section, prescribed secrecy provision means a secrecy provision that is specified in the regulations.

(4) For the purposes of a prescribed secrecy provision:

(a) paragraph 26WR(1)(b); and

(b) subsection 26WR(2);

are taken not to be provisions that require or authorise the use or disclosure of information.

(5) If compliance by an entity with paragraph 26WR(1)(b) or subsection 26WR(2) in relation to a statement would, to any extent, be inconsistent with a prescribed secrecy provision, paragraph 26WR(1)(b) or subsection 26WR(2), as the case may be, does not apply to the entity in relation to the statement.

4 .- After paragraph 96(1)(b)

Insert:

(ba) a decision under subsection 26WQ(7) to refuse an application for a declaration;

(bb) a decision to make a declaration under paragraph 26WQ(1)(d);

(bc) a decision under subsection 26WR(1) to give a direction;

5.- After subsection 96(2)

Insert:

(2A) An application under paragraph (1)(ba) may only be made by:

(a) the entity that made the application for a declaration; or

(b) if another entity’s compliance with subsection 26WL(2) is affected by the decision to refuse the application for a declaration—that other entity.

(2B) An application under paragraph (1)(bb) may only be made by:

(a) the entity to whom notice of the declaration was given; or

(b) if another entity’s compliance with subsection 26WL(2) is affected by the declaration-that other entity.

(2C) An application under paragraph (1)(bc) may only be made by the entity to whom the direction was given.

(2D) For the purposes of subsections (2A), (2B) and (2C), entity has the same meaning as in Part IIIC.

6.- Application of amendments-eligible data breaches

(1) Paragraph 26WE(2)(a) of the Privacy Act 1988 (as amended by this Schedule) applies to an access or disclosure that happens after the commencement of this item.

(2) Paragraph 26WE(2)(b) of the Privacy Act 1988 (as amended by this Schedule) applies to a loss that happens after the commencement of this item.

13Sep/17

Copyright Amendment Bill B13-2017

13 septiembre, 2017Ley, SudafricaCopyright Amendment Bill B13-2017, Legislación Derecho Informático, Legislación SudáfricaJosé Cuervo

(As introduced in the National Assembly (proposed section 75); explanatory summary of Bill published in Government Gazette nº 40121 of 5 July 2016)

BILL
To amend the Copyright Act, 1978, so as to define certain words and expressions; to allow for the reproduction of copyright work; to provide for the protection of copyright in artistic work; to provide for the accreditation and registration of Collecting Societies; to provide for the procedure for settlement of royalties disputes; to allow fair use of copyright work; to provide for access to copyright works by persons with disabilities; to provide for the protection of authorship of orphan works by the State; to provide for the establishment of the Intellectual Property Tribunal; to provide for the appointment of members of the Intellectual Property Tribunal; to provide for the powers and functions of the Intellectual Property Tribunal; to provide for prohibited conduct in respect of technological protection measures; to provide for prohibited conduct in respect of copyright management information; to provide for management of digital rights; to provide for certain new offences; and to provide for matters connected therewith.

BE IT ENACTED by the Parliament of the Republic of South Africa, as
follows:
Amendment of section 1 of Act 98 of 1978, as amended by section 1 of Act 56 of 1980, section 1 of Act 66 of 1983, section 1 of Act 52 of 1984, section 1 of Act 13 of 1988, section 1 of Act 125 of 1992, section 50 of Act 38 of 1997, section 1 of Act 9 of 2002, section 224 of Act 71 of 2008 and section 3 of Act 28 of 2013

1. Section 1 of the Copyright Act, 1978 (hereinafter referred to as ‘‘the principal Act’’), is hereby amended :

(a) by the insertion before the definition of ‘‘adaptation’’ of the following
definition: ‘‘ ‘accessible format copy’ means a copy of a work in an alternative
manner or form which gives a person with a disability access to the work
and which permits such person to have access as feasibly and
comfortably as a person without disability;’’;

(b) by the insertion after the definition of ‘‘artistic work’’ of the following
definition: ‘‘ ‘audiovisual fixation’ has the meaning ascribed to it in section 1 of the
Performers’ Protection Act, 1967 (Act nº 11 of 1967);’’;

(c) by the insertion after the definition of ‘‘collecting society’’ of the following
definition: ‘‘ ‘commercial’ means to obtain direct economic advantage or financial
gain in connection with the business or trade of the user of the work in
question;’’;

(d) by the insertion after the definition of ‘‘community protocol’’ of the following
definition:
‘‘ ‘Companies Act’ means the Companies Act, 2008 (Act nº 71 of 2008);’’;

(e) by the insertion after the definition of ‘‘copyright’’ of the following definition:
‘‘ ‘copyright management information’ means information, including
meta-data, attached to or embodied in a copy of a work that :
(a) identifies the work and its author or copyright author; or
(b) identifies or indicates some or all of the terms and conditions for using the work or indicates that the use of the work is subject to terms and conditions;’’;

(f) by the insertion after the definition of ‘‘National Trust’’ of the following
definition:
‘‘ ‘orphan work’ means a work in which copyright still subsists but none of the rights holders in that work is identified or, even if one or more of them are identified, none is located;’’;

(g) by the insertion after the definition of ‘‘performance’’ of the following
definitions:
‘‘ ‘performer’ has the meaning ascribed to it in section 1 of the Performers’ Protection Act, 1967 (Act nº 11 of 1967);
‘person with a disability’ includes a person who has a perceived or actual physical, intellectual, neurological or sensory impairment which, as a result of communication, physical or information barriers, requires an accessible format copy in order to access and use a work;’’;

(h) by the insertion after the definition of ‘‘sound recording’’ of the following
definitions:
‘‘ ‘technologically protected work’ means a work that is protected by a
technological protection measure;
‘technological protection measure’ :
(a) means any process, treatment, mechanism, technology, device, system or component that in the normal course of its operation is designed to prevent or restrict infringement of work; and
(b) does not include a process, treatment, mechanism, technology, device, system or component, to the extent that it controls any access to a work for non-infringing purposes;
‘technological protection measure circumvention device’ means a device primarily designed, produced or adapted for purposes of enabling or facilitating the unlawful circumvention of a technological protection measure;’’; and

(i) by the insertion after the definition of ‘‘traditional work’’ of the following
definition:
‘‘ ‘Tribunal’ means the Intellectual Property Tribunal established by section 29;’’.

Insertion of section 2A in Act 98 of 1978

2. The following section is hereby inserted in the principal Act after section 2:

‘‘Scope of copyright protection

2A.

(1) Copyright protection extends to expressions and not to:
(a) ideas, procedures, methods of operation or mathematical concepts; or
(b) in the case of computer programs, to interface specifications.

(2) Tables and compilations which, by reason of the selection or arrangement of their contents, constitute the author’s own intellectual creation shall be protected as such by copyright.

(3) The copyright protection of tables and compilations shall :
(a) not extend to their contents; and (b) be without prejudice to any rights subsisting in their contents.

(4) Notwithstanding the provisions of section 2, no protection shall :
(a) extend to an expression :
(i) inextricably merged with an idea such that the idea can be expressed intelligibly only in one or a limited number of ways; or
(ii) when the particular expression is directed by law or regulation such that only one form of expression will meet regulatory requirements, for example on a safety label;
(b) subsist in :
(i) official texts of a legislative, administrative or legal nature or in official translations of those texts;
(ii) speeches of a political nature, in speeches delivered in the course of legal proceedings or in news of the day that are mere items of press information: Provided that the maker of the speeches referred to in this subparagraph shall have the exclusive right of making a collection of the speeches in question.’’.

Amendment of section 5 of Act 98 of 1978, as amended by section 5 of Act 52 of 1984 and section 5 of Act 125 of 1992

3. Section 5 of the principal Act is hereby amended by the substitution for subsection (2) of the following subsection:
‘‘(2)

(a) Copyright shall be conferred by this section on every work which is
eligible for copyright and which is made by, funded by or under the direction or
control of the state or [such] an international [organizations as may be
prescribed] or local organisations.

(b) Copyright conferred in terms of paragraph (a) shall be owned by the state or organisation in question.’’.

Amendment of section 6 of Act 98 of 1978, as amended by section 3 of Act 56 of 1980 and section 6 of Act 125 of 1992

4. Section 6 of the principal Act is hereby amended:

(a) by the insertion after paragraph (e) of the following paragraph:
‘‘(eA) communicating the work to the public, by wire or wireless means,
including by means of internet access and the making of the work available to the public in such a way that any member of the public may access the work from a place and at a time chosen by that person, whether interactively or non-interactively;’’;

(b) by the substitution for paragraph (g) of the following paragraph:
‘‘(g) doing, in relation to an adaptation of the work, any of the acts specified in relation to the work in paragraphs (a) to [(e)] (eA) inclusive[.]’’; and

(c) by the addition of the following proviso:
‘‘: Provided that, notwithstanding the transfer of copyright in a literary or
musical work by the user, performer, owner, producer or author, the user,
performer, owner, producer or author of such work shall have the right to claim an equal portion of the royalty payable for the use of such copyright work.’’.

Amendment of section 7 of Act 98 of 1978, as amended by section 4 of Act 56 of 1980 and section 7 of Act 125 of 1992

5. Section 7 of the principal Act is hereby amended:

(a) by the insertion after paragraph (d) of the following paragraph:
‘‘(dA) communicating the work to the public, by wire or wireless means, including by means of internet access and the making of the work available to the public in such a way that any member of the public may access the work from a place and at a time chosen by that person, whether interactively or non-interactively;’’;

(b) by the substitution for paragraph (f) of the following paragraph:
‘‘(f) doing, in relation to an adaptation of the work, any of the acts specified in relation to the work in paragraphs (a) to [(d)] (dA) inclusive[.]’’; and

(c) by the addition of the following proviso:
‘‘Provided that, notwithstanding the transfer of copyright in an artistic work by the user, performer, owner, producer or author, the user, performer, owner, producer or author of such work shall have the right to claim an equal portion of the royalty payable for use of the copyright work.’’.

Substitution of section 8 of Act 98 of 1978, as amended by section 5 of Act 56 of 1980, section 6 of Act 52 of 1984, section 1 of Act 61 of 1989 and section 8 of Act 125 of 1992

6. The following section is hereby substituted for section 8 of the principal Act:

‘‘Nature of copyright in cinematograph films and audiovisual fixations

(1) Copyright in a cinematograph film or an audiovisual fixation vests the exclusive right to do or to authorize the doing of any of the following acts in the Republic:

(a) Reproducing the film or fixation in any manner or form, including making a still photograph therefrom;

(b) causing the film or fixation, in so far as it consists of images, to be seen in public, or, in so far as it consists of sounds, to be heard in public;

(d) causing the film or fixation to be transmitted in a diffusion service, unless such service transmits a lawful television broadcast, including the film or fixation, and is operated by the original broadcaster;

(dA) communicating the film or fixation to the public, by wire or wireless
means, including by means of internet access and the making of the film or fixation available to the public in such a way that any member of the public may access the film or fixation from a place and at a time chosen by that person, whether interactively or non-interactively;

(e) making an adaptation of the film or fixation;

(f) doing, in relation to an adaptation of the film or fixation, any of the acts
specified in relation to the film or fixation in paragraphs (a) to [(d)] (dA) inclusive;

(g) letting, or offering or exposing for hire by way of trade, directly or
indirectly, a copy of the film or fixation: Provided that, notwithstanding the transfer of copyright in a cinematograph
film or an audiovisual fixation by the user, performer, owner, producer or author, the user, performer, owner, producer or author of such film or fixation shall have the right to claim an equal portion of the royalty payable for use of the copyright film or fixation.’’.

Amendment of section 9 of Act 98 of 1978, as substituted by section 2 of Act 9 of 2002

7. Section 9 of the principal Act is hereby amended by the substitution for paragraph (e) of the following paragraph:
‘‘(e) communicating the sound recording to the public, by wire or wireless means, including by means of internet access and the making of the sound recording available to the public in such a way that any member of the public may access the sound recording from a place and at a time chosen by that person, whether interactively or non-interactively.’’.

Substitution of section 9A of Act 98 of 1978, as inserted by section 3 of Act 9 of 2002

8. The following section is hereby substituted for section 9A of the principal Act:

‘‘Royalties

9A.

(1)

(a) In the absence of an agreement to the contrary or unless
otherwise authorised by law, no person may, without payment of a royalty to the owner of the relevant copyright:
(i) broadcast[,] a sound recording as contemplated in section 9(c);
(ii) cause the transmission of a sound recording as contemplated in section
9(d); or [play] (iii) communicate a sound recording to the public as contemplated in [section 9(c), (d) or (e) without payment of a royalty to the owner of the relevant copyright] section 9(e).

(aA) Any person who intends to perform an act contemplated in section 9(c), (d), or (e) must, at any time before performing that act, submit a prescribed notice in the prescribed manner to the copyright user, performer, owner, producer, author, collecting society or indigenous community, community trust or National Trust, as the case may be, of his or her intention to perform that act, and must, in that notice:
(i) indicate, where practicable, the date of the proposed performance and the proposed terms and conditions of the payment of a royalty; and
(ii) request the copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust to sign the proposal attached to the notice in question.

(aB) If the person referred to in paragraph (aA) has failed to submit the required notice to the copyright user, performer, owner, producer, author,
collecting society, indigenous community, community trust or National Trust before performing an act contemplated in section 9(c), (d), or (e), that person must forthwith:
(i) notify the copyright user, performer, owner, producer, author, collecting
society, indigenous community, community trust or National Trust of such act;
(ii) pay the generally applicable licence fees as per the proposal or as
published by the collecting society in respect of that person’s category of use; and
(iii) pay retrospective fees calculated from the date of first use, but not in
respect of use prior to the coming into operation of the Copyright
Amendment Act, 2017.

(aC) The copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust must as soon as is reasonably practicable upon receipt of such notice respond to such proposal.

(aD) If the copyright user, performer, owner, producer, author, collecting
society, indigenous community, community trust or National Trust rejects such proposal, or if the copyright user, performer, owner, producer, author,
collecting society, indigenous community, community trust or National Trust proposes different terms and conditions to such proposal and the proposal is rejected after negotiations, any party may in the prescribed manner refer the matter to the Tribunal.

(aE) The Tribunal must adjudicate the matter as soon as is reasonably
practicable and, if possible, before the performance which is the subject of the application make an order it deems fit, including, but not limited to, an order that a provisional payment of a royalty must be made into a trust account of an attorney nominated by the copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust pending the finalisation of the terms and royalty payable: Provided that such amount shall be paid over to the copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust as such amount represents the difference, if any, between the amount determined as the appropriate royalty and the amount already paid, and any balance must be repaid.

(b) The amount of any royalty contemplated in paragraph (a) shall be
determined by an agreement between the user of the sound recording, the
performer and the owner of the copyright, or between their [representative] collecting societies.

(c) In the absence of an agreement contemplated in paragraph (b), the user, performer or owner may refer the matter to the [Copyright] Tribunal [referred to in section 29(1)] or they may agree to refer the matter for arbitration in terms of the Arbitration Act, 1965 (Act nº 42 of 1965).

(2)

(a) The user, performer, owner, producer, author, collecting society,
indigenous community, community trust or National Trust of the copyright who receives payment of a royalty in terms of this section shall share such royalty with any performer whose performance is featured on the sound recording in question and who would have been entitled to receive a royalty in that regard as contemplated in section 5 of the Performers’ Protection Act, 1967 (Act nº 11 of 1967): Provided that the royalty payable for the use of a sound recording shall be divided equally between the copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust on the one hand and the performer on the other hand or between the recording company, user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust.

(b) The performer’s share of the royalty shall represent fair and equitable
remuneration determined by an agreement between the performer and the
owner of copyright, or between their [representative] collecting societies.

(c) In the absence of an agreement contemplated in paragraph (b), the
performer or owner may refer the matter to the [Copyright] Tribunal [referred to in section 29 (1)], or they may agree to refer the matter for arbitration in terms of the Arbitration Act, 1965 (Act nº 42 of 1965).

(d) Any payment made by the user of the sound recording in terms of this
subsection shall be deemed to have discharged any obligation which that user might have to make any payment in respect of his or her use of a corresponding fixation in terms of section 5 of the Performers’ Protection
Act, 1967 (Act nº 11 of 1967).

(3) In the event of any right to a royalty being assigned to any successor in title, either by contractual arrangement, operation of law, testamentary
disposition or otherwise, any successor in title shall be entitled to enforce such right to a royalty against the person who in terms of this section is obliged to pay or against his or her successor in title.’’.

Insertion of sections 9B to 9F in Act 98 of 1978

9. The following sections are hereby inserted in the principal Act after section 9A:

‘‘Resale of royalty right

9B.

(1) The author of an artistic work shall enjoy an inalienable right to receive royalties on the commercial resale of his or her work subsequent to the first transfer by the user of that work (in this Chapter referred to as the ‘‘resale royalty right’’).

(2)

(a) Royalties in respect of artistic works shall be payable at the rate
prescribed by the Minister after consultation with the Minister responsible for arts and culture.

(b) The Minister must, before prescribing the rate referred to in paragraph (a), publish the rate proposed once in the Gazette and call for written comments by any interested party to be provided within 30 days after such publication.

(3) The user, performer, owner, producer or author of an artistic work
shall be entitled to receive a resale royalty if:

(a) at the time when the resale is concluded:
(i) the author is a South African citizen or is resident in the Republic; and
(ii) the term of validity of the resale royalty right has not expired;

(b) in the case of a deceased author, the deceased was at the time of death a South African citizen or was resident in the Republic;

(c) the resale or any part of the transaction takes place in the Republic or in any country contemplated in Article 1 of the Berne Convention for the Protection of Literary and Artistic Works; and

(d) the resale of the work is recognisable after the commencement of section 9 of the Copyright Amendment Act, 2017.

(4) A resale royalty right applies whether or not the author:

(a) is or was the first user, performer, owner, producer or author of any
copyright in the work; or

(b) has entered into an agreement with any person to assign, waive or charge a resale royalty right in contravention of this Act.

Proof of user, performer, owner, producer or author

9C.

(1) Where a mark or name purporting to identify a person as the author of an artistic work appears on such work, the person whose name appears, is, in the absence of evidence to the contrary, presumed to be the user, performer, owner, producer or author of such work.

(2) If it is found that an artistic work is a work of more than one user,
performer, owner, producer or author, the presumption in subsection (1)
applies to each artist linked with such artistic work.

(3) If it is found that an artistic work includes indigenous knowledge of a community, such community is entitled to an equitable share in the resale
royalty payable.

Duration of resale royalty right

9D.

(1) The resale royalty right of a user, performer, owner, producer or author of an artistic work expires at the end of the period of 50 years calculated from the end of the calendar year in which the author concerned died.

(2) In the case of :

(a) an artistic work created by an unknown author, the resale royalty right of the work expires at the end of the period of 50 years calculated from the end of the calendar year in which the work was first made available to the public, including by exhibition in public;

(b) an artistic work by more than one author, the resale royalty right continues:(i) if the identity of all the authors are known, until the end of the period of 50 years calculated from the end of the calendar year in which the last of the authors dies; or
(ii) if the identity of one or more, but not all, of the authors are known, until the end of the period of 50 years calculated from the date on which the last author whose identity is known dies.

(3) After the expiry of the resale royalty right of an artistic work created by an unknown author contemplated in subsection (2)(a), the resale right in that work revives if the identity of the author becomes known.

Assignment or waiver

9E.

(1) Assignment or waiver of a resale royalty right is unlawful.

(2) Any term of an agreement which purports to assign or waive a resale
royalty right is unenforceable.

Transmission of resale royalty right

9F.

(1) A resale royalty right may be transmitted on the death of the holder of the right in the following manner:

(a) The right passes to a person by testamentary disposition made by the
holder; or

(b) if there is no such direction by testamentary disposition by the holder,
by operation of law.

(2) In the case of a bequest of an artistic work by an author who did not
transfer authorship of that work in his or her lifetime, the bequest must be
read as including the resale royalty right.

(3) If a resale royalty right that passes to a person in accordance with
subsection (1)(a) may be exercised by two or more persons, the resale
royalty right may be exercised by each of them independently of the other:
Provided that if the resale royalty right is indivisible, the successors in title
of such right may not render the right commercially valueless.

(4) If resale royalties are recovered by a collecting society and an
indigenous community after the death of a holder of a resale royalty right,
those resale royalties must be treated as part of the estate of the deceased
holder.’’.

Amendment of section 12 of Act 98 of 1978, as amended by section 11 of Act 125 of 1992 and section 54 of Act 38 of 1997

10. Section 12 of the principal Act is hereby amended by the substitution for
subsection (1) of the following subsection:
‘‘(1)

(a) In addition to uses specifically authorised, fair use in respect of a work
or the performance of that work, for the following purposes, does not infringe
copyright in that work:
(i) Research, private study or personal use, including the use of a lawfully
possessed work at a different time or with a different device;
(ii) criticism or review of that work or of another work;
(iii) reporting current events;
(iv) scholarship, teaching and education;
(v) comment, illustration, parody, satire, caricature or pastiche;
(vi) preservation of and access to the collections of libraries, archives and
museums;
(vii) expanding access for underserved populations; and
(viii) ensuring proper performance of public administration.

(b) In determining whether an act done in relation to a work constitutes fair
dealing or fair use, all relevant factors shall be taken into account, including but not limited to :
(i) the nature of the work in question;
(ii) the amount and substantiality of the part of the work affected by the act in
relation to the whole of the work;
(iii) the purpose and character of the use, including whether: (aa) such use serves a purpose different from that of the work affected; and
(bb) it is of a commercial nature or for non-profit research, library or
educational purposes; and
(iv) the substitution effect of the act upon the potential market for the work in
question.

(c) For the purposes of paragraphs (a) and (b) and to the extent reasonably
practicable and appropriate, the source and the name of the author shall be
mentioned.’’.

Insertion of sections 12A and 12B in Act 98 of 1978

11. The following sections are hereby inserted in the principal Act after section 12:

‘‘General exceptions from copyright protection

12A.

(1) Copyright in a work shall not be infringed by any of the following acts:

(a) Any quotation, including a quotation from articles in a newspaper or
periodical, that is in the form of a summary of that work: Provided that the quotation shall be compatible with fair use in that the extent thereof shall not exceed the extent reasonably justified by the purpose:
Provided further that, to the extent that it is practicable, the source and the name of the author, if it appears on or in the work, shall be mentioned in the quotation;

(b) teaching or any illustration in a publication, broadcast, sound or visual
record: Provided that such use shall be compatible with fair practice in that the extent thereof shall not exceed the extent justified by the purpose: Provided further that, to the extent that it is practicable, the source and the name of the author, if it appears on or in the work, shall be mentioned in the act of teaching or in the illustration in question;

(c) the reproduction of such work by a broadcaster by means of its own
facilities where such reproduction or any copy of the reproduction is intended exclusively for lawful broadcasts of the broadcaster and is destroyed before the expiration of a period of six months immediately following the date of the making of the reproduction, or such longer period as may be agreed to by the owner of the relevant part of the copyright in the work: Provided that any such reproduction of a work may, if it is of an exceptional documentary nature, be preserved in the archives of the broadcaster, but shall, subject to the provisions of this Act, not be used for broadcasting or for any other purpose without the consent of the owner of the relevant part of the copyright in the work;

(d) the reproduction in the press or by broadcasting of a lecture, address or
other work of a similar nature which is delivered in public, if such reproduction or broadcast is for information purposes: Provided that the author of the lecture, address or other work so reproduced shall have the exclusive right of making a collection thereof;

(e) subject to the obligation to indicate the source and the name of the
author in so far as it is practicable : (i) the reproduction by the press, in a broadcast, transmission or other communication to the public of an article published in a newspaper or periodical on current economic, political or religious topics, and of broadcast works of the same character in cases in which the reproduction, broadcasting or such communication thereof is not expressly reserved;
(ii) the reporting of current events, or the reproduction and the broadcasting or communication to the public of excerpts of a work seen or heard in the course of those events, to the extent justified by the purpose; and
(iii) the reproduction in a newspaper or periodical, or the broadcasting or communication to the public, of a political speech, lecture, address, sermon or other work of a similar nature delivered in public, or a speech delivered during legal proceedings, to the extent justified by the purpose of providing current information;

(f) the translation of such work by a person giving or receiving instruction: Provided that:
(i) such translation is not done for commercial purposes;
(ii) such translation is used for personal, educational, teaching, judicial proceedings, research and professional advice purposes only; or
(iii) such work is translated and communicated to the public for non-commercial public information purposes;

(g) the use of such work in a bona fide demonstration of electronic equipment to a client by a dealer in such equipment;

(h) the use of such work is for the purposes of judicial proceedings or
preparing a report of judicial proceedings;

(i) the reasonable use of such work for the purposes of cartoon, parody, satire, pastiche, tribute or homage; and

(j) the making of a copy of such work by an individual of:
(i) the individual’s own copy of the work; or
(ii) a personal copy of the work made by the individual for the individual’s personal use and made for ends which are not commercial.

(2) For the purposes of subsection (1)(j), permitted personal uses include:

(a) the making of a back-up copy;

(b) time or format-shifting; or

(c) the making of a copy for the purposes of storage, which storage may
include storage in an electronic storage area accessed by means of the
internet or similar means which is accessible only by the individual
and the person responsible for the storage area.

(3) The provisions of subsection (1) shall also apply with reference to the
making or use of an adaptation of a work and shall also include the right to
use the work either in its original language or in a different language.

(4) An authorisation to use a literary work as the basis for the making of a cinematograph film or audiovisual fixation, or as a contribution of the
literary work to such making, shall, in the absence of an agreement to the
contrary, include the right to broadcast such film or fixation.

Parallel importation

12B.

(1) Notwithstanding anything to the contrary in this Act, the Trademark Act, 1993 (Act nº 194 of 1993), and the Counterfeit Goods Act, 1997 (Act nº 37 of 1997), the first sale of or other transfer of ownership of a transferred original or copy of a work in the Republic or outside the Republic, shall exhaust the rights of distribution and importation locally and internationally in respect of such transferred original or copy.’’.

Insertion of sections 13A and 13B in Act 98 of 1978

12. The following sections are hereby inserted in the principal Act after section 13:

‘‘Temporary reproduction and adaptation

13A.

(1) Any person may make transient or incidental copies of a work, including reformatting an integral and essential part of a technical process, if the purpose of those copies or adaptations is:

(a) to enable the transmission of the work in a network between third parties by an intermediary or any other lawful use of the work; or

(b) to adapt the work to allow use on different technological devices, such
as mobile devices, as long as there is no independent economic significance to these acts.

Reproduction for educational and academic activities

13B.

(1) Any person may make copies of works, recordings of works and
broadcasts in radio and television for the purposes of educational and
academic activities if the copying does not exceed the extent justified by the
purpose.

(2)

(a) Educational establishments may incorporate the copies made under subsection (1) in printed and electronic course packs, study packs, resource lists and in any other material to be used in a course of instruction or in virtual learning environments, managed learning environments, virtual research environments and library environments hosted on a secure network and accessible only by the persons giving and receiving instruction at or from the educational establishment making such copies.

(b) Establishments referred to in paragraph (a) shall not include all or
substantially all of a book or journal issue, unless a licence to do so is not
available from the author or collecting society, or representative if it is an
indigenous community, on reasonable terms and conditions.

(3) Any person receiving instruction may incorporate portions of works in printed or electronic form in assignments and portfolios, thesis and
dissertations for personal use and library deposit, including institutional
repositories.

(4)

(a) The author of a scientific or other contribution, which is the result of a research activity publicly-funded by at least 50 per cent and which has
appeared in a collection, has the right, even after granting the publisher or
editor an exclusive right of use, to make the contribution available to the
public under a public licence or by means of an open access institutional repository in the final accepted manuscript version peer-reviewed post print.

(b) In the case of a contribution published in a collection that is issued
periodically at least once per year, an agreement may provide for a delay in
the exercise of the author’s right for up to 12 months from the date of the
first periodical publication.

(d) Third parties, such as librarians, may carry out these activities on behalf of the author.

(e) Any agreement to the detriment of the author shall be void, except as
provided for in this section.

(5) The source of the work reproduced and the name of the author shall be indicated as far as is practicable on all copies made under subsections (1)
to (4).

(6) The permission under subsection (1) shall not extend to reproductions for commercial purposes but the permission shall include the reproduction of a whole textbook:

(a) where the textbook is out of print;

(b) where the owner of the right cannot be found; or

(c) where authorised copies of the same edition of the text book are not for
sale in the country or cannot be obtained at a price reasonably related
to that normally charged in the country for comparable works.’’.

Amendment of section 16 of Act 98 of 1978, as substituted by section 14 of Act 125 of 1992

13. Section 16 of the principal Act is hereby amended by the deletion of
subsection (1).

Repeal of section 17 of Act 98 of 1978

14. Section 17 of the principal Act is hereby repealed.

Repeal of section 18 of Act 98 of 1978

15. Section 18 of the principal Act is hereby repealed.

Repeal of section 19A of Act 98 of 1978

16. Section 19A of the principal Act is hereby repealed.

Substitution of section 19B of Act 98 of 1978, as inserted by section 18 of Act 125 of 1992

17. The following section is hereby substituted for section 19B of the principal Act:

‘‘General exceptions regarding protection of computer programs

19B.

(1) A person having a right to use a copy of a computer program may, without the authorisation of the rights holder, observe, study or test the functioning of the program in order to determine the ideas and principles which underlie any element of the program if that person does so while performing any of the acts of loading, displaying, running, transmitting or storing the program which he or she is entitled to perform.

(2) The authorisation of the rights holder shall not be required where
reproduction of the code and translation of its form are indispensable in order to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs, if the following conditions are met:

(a) The acts referred to in subsection (1) are performed by the licensee or
another person having a right to use a copy of the program, or on their
behalf by a person authorised to do so;

(b) the information necessary to achieve interoperability has not previously
been readily available to the persons referred to in paragraph (a); and

(c) those acts are confined to the parts of the original program which are
necessary in order to achieve interoperability.

(3) The information obtained through the application of the provisions of
subsection (2) may not be:

(a) used for goals other than those to achieve the interoperability of the
independently created computer program;

(b) given to others except when necessary for the interoperability of the
independently created computer program;

(c) used for the development, production or marketing of a computer
program substantially similar in its expression to the program contemplated in subsection (1); or

(d) used for any other act which infringes copyright.

(4) For the purposes of this section, ‘‘ ‘interoperability’ means the ability to exchange information and to use the information which has been
exchanged.’’.

Insertion of sections 19C and 19D in Act 98 of 1978

18. The following sections are hereby inserted in the principal Act after section 19B:

‘‘General exceptions regarding protection of copyright work for libraries, archives, museums and galleries

19C.

(1) A library, archive, museum or gallery may, without the authorisation of the copyright owner, use a copyright work to the extent appropriate to its activities in accordance with subsections (2) to (13) if the work is not used for commercial purposes.

(2) A library, archive, museum or gallery may lend a copyright work
incorporated in tangible media to a user or to another institution.

(3) A library, archive, museum or gallery may provide temporary access to a copyright work in digital or other intangible media, to which it has lawful access, to a user or to another library.

(4) A library, archive, museum or gallery may, for educational or research
purposes, permit a user to view a whole film or audiovisual fixation, listen
to a full digital video disc, compact disc or other sound recording or musical
work on its premises, in an institutional classroom or lecture theatre, or
view such film or fixation or listen to such digital video disc, compact disc or other sound recording or musical work by means of a secure computer
network, without permission from rights owners, but may not permit a user to make a copy or recording of the work for commercial purposes.

(5) A library, archive, museum or gallery may make:

(a) a copy of any work in its collection for the purposes of back-up and
preservation; and

(b) copies of publicly accessible websites for the purposes of preservation.

(6) If a work or a copy of such work in the collection of a library, archive,
museum or gallery is incomplete, such library, archive, museum or gallery
may make or procure a copy of the missing parts from another institution.

(7) A library, archive, museum or gallery may, without the consent of the
author, engage in format-shifting or conversion of works from ageing or
obsolete technologies to new technologies in order to preserve the works
for perpetuity, and to make the resulting copies accessible consistent with
this section.

(8) This Act does not prevent the making of copies in accordance with
section 5 of the Legal Deposit Act, 1997 (Act nº 54 of 1997).

(9) A library, archive, museum or gallery may make a copy of a copyright
work when the permission of the author or other owner of copyright,
collecting society or representative of the indigenous community concerned
cannot after reasonable endeavour be obtained or where the work is not available by general trade or from the publisher.

(10) Notwithstanding any other section, a library, archive, museum or gallery may buy, import or otherwise acquire any copyright work that is legally available in any country.

(11) A library, archive, museum or gallery may reproduce in any format any copyright work which has been retracted or withdrawn from public access, but which has previously been communicated to the public or made available to the public by the author or other rights holder, and make such work available for preservation, research or any other legal use.

(12)

(a) A library, archive, museum or gallery may make a copy of any copyright work and make it available for institutional or public exhibition of a non-profit nature for the purposes of commemorating any historical or cultural event or for educational and research purposes.

(b) A library, archive, museum or gallery contemplated in paragraph (a)
may also, for the purposes of that paragraph:
(i) take and show a photograph of such work or show video footage of such work;
(ii) create other images such as paintings of buildings; or
(iii) photograph artworks on public buildings such as wall art and graffiti,
memorial sites, sculptures and other artworks which are permanently located in a public place.

(13)

(a) Subject to paragraph (b), a library may supply to any other library with a copy of a copyright work in its collection, whether by post, fax or secure electronic transmission.

(b) The receiving library must delete any electronic file received from the
other library immediately after supplying the patron who has requested it
with an electronic or paper copy of the work.

(14) An institutional officer or employee acting within the scope of his or her duties, shall be protected from any claim for damages, from criminal liability and from copyright infringement when the duty is performed in good faith and where there are reasonable grounds for believing that:

(a) the work is being used as permitted within the scope of an exception in this Act or in a way that is not restricted by copyright; or

(b) the copyright work, or material protected by related rights, is in the public domain or licensed to the public under a public or open licence.

(15) Nothing in this section shall diminish any rights that a library, archive, museum or gallery otherwise enjoy pursuant to other provisions of this Act, including those in sections 12 and 12A: Provided that, in exercising rights provided for in this section or elsewhere in the Act, such library, archive, museum or gallery shall take reasonable steps to ensure that any digital copy supplied by it is accompanied by information concerning the appropriate use of that copy.

General exceptions regarding protection of copyright work for persons
with disability

19D.

(1) Any person may, without the authorisation of the author, make an accessible format copy for the benefit of a person with a disability, supply that accessible format copy to a person with a disability by any means, including by non-commercial lending or by electronic communication by wire or wireless means, and undertake any intermediate steps to achieve these objectives, if the following conditions are met:

(a) The person wishing to undertake any activity under this subsection must have lawful access to the copyright work or a copy of that work;

(b) the copyright work must be converted into an accessible format copy,
which may include any means necessary to create such accessible format copy but which does not introduce changes other than those needed to make the work accessible to a person with a disability; and

(2)

(a) A person with a disability to whom the work is communicated by wire or wireless means as a result of an activity under subsection (1) may, without the authorisation of the author of the copyright work, reproduce the work for personal use.

(b) The provisions of paragraph (a) are without prejudice to any other
limitations or exceptions that the person referred to in that paragraph may
enjoy.

(3) A person with a disability or an organisation that serves persons with
disabilities may, without the authorisation of the author, export to or import
from another country any copy of an accessible format copy of a work
referred to in subsection (1), as long as such activity is undertaken on a
non-profit basis by that person or organisation.

(4) The exception created by this section is subject to the obligation of
indicating the source and the name of the author on any accessible format
copy in so far as it is practicable.’’.

Amendment of section 20 of Act 98 of 1978, as substituted by section 19 of Act 125 of 1992

19. Section 20 of the principal Act is hereby amended:

(a) by the substitution for subsections (1) and (2) of the following subsections,
respectively:
‘‘(1) Notwithstanding the transfer of the copyright in a [literary, musical or artistic work, in a cinematograph film or in a computer program] work, the author shall have the right to claim authorship of the work, subject to the provisions of this Act, and to object to any distortion, mutilation or other modification of the work where such action is or would be prejudicial to the honour or reputation of the author: Provided that an author who authorizes the use of his or her work in a sound recording or cinematograph film or [a television broadcast] audiovisual fixation an author of a computer program or a work associated with a computer program may not prevent or object to modifications that are absolutely necessary on technical grounds or for the purpose of commercial exploitation of the work.

(2) Any infringement of the provisions of this section shall be treated as an infringement of copyright under Chapter 2, [and] except that, for the purposes of the provisions of the said Chapter, the author shall be deemed [to be] to have the right to complain of any infringement, rather than the owner of the copyright in question.’’; and

(b) by the addition of the following subsections:

‘‘(3) A right contemplated in subsection (1) lapses on the date of the death of the author of the work, if any, and in the case of works created by more than one author the right lapses on the date of the death of the author who dies last.

(4) A right contemplated in subsection (1) is non-transferable and, where applicable, limitations and exceptions provided for in this Act, including those specified in sections 12 and 12A, shall apply to this section with the changes required by the context.’’.

Amendment of section 21 of Act 98 of 1978, as substituted by section 9 of Act 56 of 1980

20. Section 21 of the principal Act is hereby amended by the substitution in subsection (1) for paragraph (c) of the following paragraph:
‘‘(c) Where a person commissions the taking of a photograph, the painting or
drawing of a portrait, the making of a gravure, the making of a cinematograph film or audiovisual fixation or the making of a sound recording and pays or agrees to pay for it in money or money’s worth, and the work is made in pursuance of that commission, [such person shall, subject to the provisions of paragraph (b), be the owner of any copyright subsisting therein by virtue of section 3 or 4] the ownership of any copyright subsisting in the work shall be governed by contract:
Provided that in the absence of valid contract, ownership shall vest in the person commissioning the work and the author of the work shall have a licence to exercise any right which by virtue of this Act would, apart from the licence, be exercisable exclusively by such author.’’

Amendment of section 22 of Act 98 of 1978

21. Section 22 of the principal Act is hereby amended:

(a) by the substitution for subsection (1) of the following subsection:
‘‘(1) Subject to the provisions of this section, copyright shall be
transmissible as movable property by assignment, testamentary disposition
or operation of law: Provided that copyright owned by, vested in or under the custody of the state may not be assigned.’’;

(b) by the substitution for subsections (3) and (4) of the following subsections,
respectively:
‘‘(3) No assignment of copyright and no exclusive licence to do an act which is subject to copyright shall have effect unless it is in writing signed by or on behalf of the assignor, the [licenser] licensor or, in the case of an exclusive [principal act] sub-licence, the exclusive [sublicenser, as the case may be] sub-licensor, as stipulated in Schedule 2:
Provided that assignment of copyright shall be valid for a period of 25 years from the date of agreement of such assignment.
(4) A non-exclusive licence to do an act which is subject to copyright may be [written or oral] verbal or in writing, or may be inferred from conduct, and may be revoked at any time: Provided that such a licence granted [by contract] in writing or its electronic equivalent shall not be revoked, either by the person who granted the licence or his or her successor in title, except as the contract may provide, [or by a further contract] by a further contract or by operation of law.’’; and

(c) by the substitution for subsection (8) of the following subsection:
‘‘(8) Unless otherwise prohibited from doing so, a licensee may grant a sub-licence for the doing of any act that falls within the terms of the licence, including any implied term, without the consent of the original licensor.’’

Insertion of section 22A in Act 98 of 1978

22. The following section is hereby inserted in the principal Act after section 22:

‘‘Assignment and licences in respect of orphan works

22A.

(1) A person who wishes to obtain a licence to do an act which is subject to copyright in respect of an orphan work must make an application to the Commission in the prescribed manner.

(2) Before making an application in terms of subsection (1), the applicant
must publish his or her intention to make such application by notice in the
Gazette and in English and any other official language in two daily
newspapers having general circulation throughout the national territory of
the Republic.

(3) An application in terms of subsection (1) must be made in such form
as may be prescribed and must be accompanied by copies of the published
advertisement contemplated in subsection (2) and such fee as may be
prescribed.

(4) When the Commission receives an application in terms of subsection
(1), the Commission may, after holding such inquiry as may be prescribed,
grant to the applicant a licence to perform any act which is subject to
copyright, subject to subsections (5) and (6) and the payment of a royalty.

(5) A licence issued in terms of subsection (4) is non-exclusive and is
subject to such terms and conditions as the Commission may determine.

(6) The Commission may not issue the licence in terms of subsection (4)
unless the Commission is satisfied that the applicant has undertaken the
following steps in locating the copyright author:

(a) Conducted a search of the database of the register of copyright maintained by the Commission that is available to the public through either the internet or any other means relevant to identifying and locating registered copyright authors;

(b) conducted a search of reasonably available sources of copyright
authorship and authorship information and where appropriate, licensor
information;

(c) conducted a search using appropriate technology tools, printed
publications and enlisted, where reasonable, internal or external expert
assistance;

(d) conducted a search using any other database available to the public,
including any database that is available to the public through the
internet; and

(e) undertaken actions that are reasonable and appropriate in terms of the
facts relevant to the search, including:
(i) actions based on facts known at the start of the search and facts
uncovered during the search;
(ii) actions directed by the Commission; and
(iii) the review of any records not available to the public through the internet that are known to be useful in identifying and locating the copyright author.

(7) Where a licence is granted in terms of subsection (4), the Commission
may direct the applicant to deposit the amount of the royalty determined in
a particular account so as to enable the author of the copyright or, as the
case may be, his or her heirs, executors or legal representatives to claim
such royalty at any time.

(8) The copyright author may, not later than five years after the expiration
of a licence issued in terms of this section, collect the royalties fixed in the
licence or in default of payment by initiating a legal suit to recover such
royalties.

(9) Any person who can adduce evidence for the purposes of proving that
he or she is the author of an orphan work, may have the copyrighted work
returned to him or her with a claim in law to recover any fees that accrued
to the copyright work after such return.’’.

Insertion of Chapter 1A in Act 98 of 1978

23. The following Chapter is hereby inserted in the principal Act after Chapter 1:

‘‘CHAPTER 1A.- COLLECTING SOCIETIES

Registration

22B.

(1) Any person who intends to act as a representative collecting
society by:

(a) administering rights on behalf of any copyright owners or authors or
on behalf of an organisation representing copyright authors, has the
right to receive payment of a royalty in terms of this Act; or

(b) administering rights on behalf of performers or owners, on behalf of a
performers’ or owners’ organisation, has the right to receive payment of a royalty in terms of section 5(1)(b) of the Performers’ Protection Act, 1967 (Act nº 11 of 1967), and must be registered and accredited by the Commission.

(2) Any person contemplated in subsection (1)(b) may, in the prescribed
manner, lodge a written application with the Commission for registration.

(3) The Commission may, for purposes of issuing a registration certificate, consult with any person and may grant such registration and issue a registration certificate on such terms and conditions as may be determined by the Commission.

(4) The Commission shall not register and issue a registration certificate
to any applicant unless the Commission is satisfied that:

(a) having scrutinised the application and supporting documents, the
applicant is able to ensure adequate, efficient and effective administration
relating to collection of royalties; and

(b) the applicant may satisfactorily comply with any condition for accreditation and the relevant provisions of the Companies Act, 2008 (Act nº 71 of 2008), the Broad-Based Black Economic Empowerment Act, 2013 (Act nº 46 of 2013), and any other applicable legislation.

(5) A registration certificate issued in terms of this section is valid for a
period not exceeding five years and, unless it is suspended or cancelled,
may, in the prescribed manner, be renewed on such terms and conditions as
may be determined by the Commission.

(6) The Commission shall only register one collecting society for each
right or related right granted under copyright.

(7) Where there is no collecting society for a right or related right granted
under copyright, the user, performer, owner, producer or author may enter
into such contractual arrangements as may be prescribed.

Administration of rights by collecting society

22C. (1) Subject to such terms and conditions as may be prescribed:

(a) a collecting society or Community Trust may accept from a user,
performer, owner, producer, author, community trust or another
collecting society of rights exclusive authorisation to administer any
right in any work by the issuing of licences or the collecting of licence
fees, or both; and

(b) a user, performer, owner, producer, author, community trust or other
collecting society of rights may withdraw such authorisation without
prejudice to the right of the collecting society or Community Trust
concerned.

(2) A collecting society may:

(a) enter into an agreement with any foreign society or organisation
administering rights corresponding to rights that the collecting society
administer under this Act; and

(b) entrust to such foreign society or organisation the administration in the
foreign country in question of rights administered by the said collecting society in the Republic: Provided that no such collecting society, foreign society or organisation shall permit any discrimination in respect of the terms of a licence or the distribution of royalties collected.

(3) Subject to such conditions as may be prescribed, a collecting society
may:

(a) issue a licence in respect of any rights under this Act;

(b) collect royalties in pursuance of such a licence;

(c) distribute such collected royalties among users, performers, owners,
producers, authors, community trusts or collecting societies of rights
after deducting a prescribed amount from the collected royalties for its
own expenses;

(d) perform any other prescribed function; and

(e) negotiate royalty rates with publishers.

Control of collecting society or Community Trust by users, performers,
owners, producers or authors of rights

2D.

(1) A collecting society or Community Trust is subject to the control
of the users, performers, owners, producers or authors of rights under this
Act whose rights that collecting society or Community Trust administers,
and the collecting society or Community Trust shall, in such manner as may
be prescribed:

(a) obtain the approval of those users, performers, owners, producers or
authors of rights for its procedures of collection and distribution of
royalties;

(b) obtain the approval of those authors for the utilisation of any amounts
collected as royalties for any purpose other than the distribution of the
royalties to the user, performer, owner, producer or author of rights; and

(c) provide to those users, performers, owners, producers or authors
regular, full and detailed information concerning all the activities of
the collecting society in respect of the administration of the rights of
those authors.

(2) Royalties distributed among the authors of rights shall, as far as may
be possible, be distributed in proportion to the actual use of their works.

Submission of returns and reports

22E.

(1) A collecting society or Community Trust shall submit to the
Commission at the prescribed time such returns and reports as may be
prescribed.

(2) The Commission may call for a report and specific records from a
collecting society for the purposes of satisfying the Commission that:

(a) the affairs of the collecting society are conducted in a manner
consistent with the registration conditions of that collecting society; or

(b) the royalties collected by the collecting society in respect of rights
administered by that collecting society are being utilised or distributed
in accordance with the provisions of this Act.

Suspension and cancellation of registration of collecting society

22F.

(1) The Commission may issue a compliance notice or apply to the
Tribunal for an order to institute an inquiry into the affairs of a collecting
society, if the Commission is satisfied that the collecting society is being
managed in a manner that contravenes the registration conditions of that
collecting society or is managed in a manner detrimental to the interests of
the authors of rights concerned.

(2) The Commission may, if it is of the opinion that it will be in the interest of the authors of rights concerned, apply to the Tribunal for an order suspending the registration of such collecting society pending an inquiry for such period as may be specified in the order.

(3) The Commission may, after such inquiry and if it is of the opinion that it will be in the interest of the authors of rights concerned, apply to the Tribunal for an order of cancellation of the registration of the collecting society in question.

(4) The Commission shall be responsible for the administration and
discharge of the functions of the collecting society during the period of
suspension or cancellation of the registration of the collecting society in
question following the order of the Tribunal: Provided that the Tribunal
may, on application by the Commission, appoint any suitable person to
assist the Commission in the administration and discharging of the
functions of that collecting society.’’.

Amendment of section 23 of Act 98 of 1978, as amended by section 20 of Act 125 of 1992

24. Section 23 of the principal Act is hereby amended:

(a) by the substitution for subsection (1) of the following subsection:
‘‘(1) Copyright shall be infringed by any person[,]:
(a) not being the owner of the copyright, who, without the licence of such owner, does or causes any other person to do, in the Republic, any act which the owner has the exclusive right to do or to authorise;
(b) who tampers with any information kept by any other person in order to administer copyright in terms of this Act;
(c) who omits to pay the performer, owner, producer or author of copyright work a royalty fee as and when the copyright work is used;
(d) who omits to pay the author of artistic work a royalty fee as prescribed by this Act as and when the artistic work is sold;
(e) who misuses copyright and technological protection measures in order to constitute a defence to any claim of copyright liability or any independent cause of action that may be pursued either as a counterclaim in an action for infringement or instituted independently.’’; and

(b) by the deletion in subsection (2) of paragraph (b).

Amendment of section 27 of Act 98 of 1978, as amended by section 11 of Act 52 of 1984, section 3 of Act 61 of 1989 and section 24 of Act 125 of 1992

25. Section 27 of the principal Act is hereby amended by the addition of the following subsection:

‘‘(7) Any person who, at the time when copyright subsists in a work that is
protected by a technological protection measure applied by the owner of the
copyright:

(a) make, import, sell, distribute, let for hire, offer or expose for sale or hire or
advertise for sale or hire, a technological protection measure circumvention
device if:
(i) such person knows, or has reason to believe, that that device will or is
likely to be used to infringe copyright in a work protected by a technological protection measure;
(ii) such person provides a service to another person to enable or assist such
other person to circumvent a technological protection measure; or
(iii) such person knows or has reason to believe that the service contemplated
in subparagraph (ii) will or is likely to be used by another person to infringe copyright in a work protected by a technological protection measure;

(b) publishes information enabling or assisting any other person to circumvent a technological protection measure with the intention of inciting another person to unlawfully circumvent a technological protection measure in the Republic; or

(c) circumvent such technological protection measure when he or she is not
authorised to do so, shall be guilty of an offence and shall upon conviction be liable to a fine or to imprisonment for a period not exceeding five years, or to both a fine and such imprisonment.’’.

Amendment of section 28 of Act 98 of 1978, as substituted by section 12 of Act 52 of 1984 and amended by section 25 of Act 125 of 1992

26. Section 28 of the principal Act is hereby amended:

(a) by the substitution for subsection (2) of the following subsection:
‘‘(2) This section shall apply to any copy of the work in question made
outside the [Republic which if it had been made in the Republic would be an infringing copy of the work] Republic, if the making of such copy constituted an infringement of copyright in the country in which the work was made.’’; and

(b) by the substitution for subsection (5) of the following subsection:
‘‘(5) This section shall [mutatis mutandis], with the necessary changes, apply with reference to an exclusive licensee who has the right to import into the Republic any work published elsewhere, which would be an infringing copy of the work in the country in which it was made.’’.

Insertion of sections 28O to 28S in Act 98 of 1978

27. The following section is hereby inserted in the principal Act after section 28N:

‘‘Prohibited conduct in respect of technological protection measures

28O. (1) No person may make, import, sell, distribute, let for hire, offer or expose for sale, hire or advertise for sale a technological protection measure circumvention device if such a person knows or has reason to believe that it will or is likely to be used to infringe copyright in a technologically protected work.

(2) No person may provide a service to any other person if:

(a) such other person intends to use the service to circumvent an effective
technological protection measure; or

(b) such person knows or has reason to believe that the service will or is
likely to be used by another person to infringe copyright in a
technologically protected work.

(3) No person may publish information enabling or assisting another
person to circumvent an effective technological protection measure with the
specific intention of inciting another person to unlawfully circumvent a
technological protection measure in the Republic.

(4) No person may, during the subsistence of copyright in a work and
without a licence of the author of the copyright in such work, circumvent an
effective technological protection measure applied by the author of the
copyright to such work.

(5) A technological protection measure shall be deemed to be effective if
the use of the work is controlled by the author, exclusive licensee or person
assigned copyright in such work through the application of an access
control or protection process, such as encryption, scrambling or other
transformation of the work or a copy control mechanism which achieves the
protection objective.

(6) The provisions of this section must be read together with the provisions of sections 86, 87 and 88 of the Electronic Communications and Transactions Act, 2002 (Act nº 25 of 2002).

Exceptions in respect of technological protection measure

28P.

(1) For the purposes of this Act and of section 86 of the Electronic
Communications and Transactions Act, 2002 (Act nº 25 of 2002), nothing
in this Act shall prevent any person from using a technological protection
measure circumvention device to perform any of the following:

(a) An act permitted in terms of any exception provided for in this Act; or

(b) the sale, offer to sell, procurement for use, design, adaptation for use,
distribution or possession of any device or data, including a computer
program or a component, which is designed primarily to overcome security measures for the protection of data in order to enable the performance of any act permitted in terms of paragraph (a).

(2) A person or user of a technologically protected work who wishes to
circumvent a technological protection measure so as to perform a permitted
act contemplated in subsection (1) but cannot practically do so because of
such technological protection measure, may:

(a) apply to the copyright author for assistance to enable such person or
user to circumvent such technological protection measure in order to
perform such permitted act; or

(b) if the copyright author has refused such person’s or user’s request or
has failed to respond to it within reasonable time, engage the services
of any other person for assistance to enable such person or user to
circumvent such technological protection measure in order to perform
such permitted act.

(3) The person or user engaging the services of another person for
assistance to enable such person or user to circumvent a technological
measure in terms of subsection (2)(b) shall maintain a complete record of
the particulars of the:

(a) other person, including his or her name, address and all other relevant
information necessary to identify him or her; and

(b) purpose for which the services of such other person has been engaged.

Enforcement by Commission

28Q. The Commission must enforce this Act by:

(a) performing all the relevant functions contemplated in section 187 of
the Companies Act in respect of this Act;

(b) referring matters to and appearing before the Tribunal; and

Prohibited conduct in respect of copyright management information

28R. No person may:

(a) in respect of any copy of a work, remove or modify any copyright
management information; and

(b) in the course of business make, import, sell, let for hire, offer or expose
for sale, advertise for sale or hire a copy of a work if any copyright
management information has been removed or modified without the
authority of the copyright author.

Exceptions in respect of copyright management information

28S. The prohibition in section 28R does not apply if a person:

(a) is authorised by the user, performer, owner, producer or author to
remove or modify the copyright management information;

(b) does not know and has no reason to believe that the removal or
modification of the copyright management information will induce,
enable, facilitate or conceal an infringement of the copyright in the
work; or

(c) does not know or has no reason to believe that the copyright
management information has been removed or modified without the
authority of the copyright user, performer, owner, producer or
author.’’.

Substitution of heading of Chapter 3 of Act 98 of 1978

28. The following heading is hereby substituted for the heading of Chapter 3 of the principal Act:

‘‘[COPYRIGHT TRIBUNAL] REGULATORY AND ENFORCEMENT
AGENCIES’’.

Substitution of section 29 of Act 98 of 1978, as amended by section 26 of Act 125 of 1992

29. The following section is hereby substituted for section 29 of the principal Act:

‘‘Establishment of Tribunal

29.

(1) There is hereby established a juristic person to be known as the
Intellectual Property Tribunal, which:

(a) has jurisdiction throughout the Republic;

(b) is independent and subject only to the Constitution and the law; and

(2) Each organ of state must assist the Tribunal to maintain its
independence and impartiality, and to perform its functions effectively.

(3) In carrying out its functions, the Tribunal may:

(a) have regard to international developments in the intellectual property
arena; and

(b) consult any person, organisation or institution with regard to any
matter within its jurisdiction.

(4) The Tribunal consists of a chairperson, deputy chairperson and not
less than nine members appointed by the Minister, on a full-time or
part-time basis.’’

Insertion of sections 29A to 29S in Act 98 of 1978

30. The following sections are hereby inserted in the principal Act after section 29:

‘‘Functions of Tribunal

29A.

(1) The Tribunal must carry out the functions entrusted to it in terms
of this Act or any other legislation.

(2) The Tribunal may:

(a) adjudicate any application or referral made to it in terms of this Act,
the Companies Act or any other relevant legislation, and may make
any appropriate order in respect of an application or referral;

(b) only hear matters referred to it by the Commission, a dispute
resolution institution or any regulatory authority, if the dispute relates
to intellectual property rights;

(c) review any decision of the Commission, dispute resolution institution
or any regulatory authority if it relates to intellectual property rights;

(d) adjudicate any application or referral made to it by any person,
institution or regulatory authority where the dispute can only be
directly referred to the Tribunal in terms of this Act and such dispute
relates to intellectual property rights; and

(e) settle disputes relating to payment of royalties or terms of agreements
entered into as required by this Act or agreements entered into in order
to regulate any other matter in relation to intellectual property rights.

Appointment of members of Tribunal

29B.

(1) The Minister must appoint as members of the Tribunal persons
who have adequate and appropriate qualifications and experience in
economics, law, commerce or public affairs.

(2) The Minister must designate a member of the Tribunal as chairperson
and another member as deputy chairperson of the Tribunal.

(3) The deputy chairperson shall perform the functions of the chairperson
whenever:

(a) the office of chairperson is vacant; or

(b) the chairperson is for any other reason temporarily unable to perform
those functions.

(4) The Minister, in consultation with the Minister of Finance, must
determine the remuneration, allowances, benefits and other terms and
conditions of employment of members of the Tribunal.

Qualifications for appointment

29C.

(1) To be eligible for appointment as a member of the Tribunal and to continue to hold that office, a person must, in addition to satisfying any other specific requirements set out in this Act:

(a) not be subject to any disqualification set out in subsection (2); and

(b) have submitted to the Minister a written declaration stating that he or
she is not disqualified in terms of subsection (2).

(2) A person may not be appointed or continue to be a member of the
Tribunal, if that person:

(a) is an office-bearer of any political party, political movement or
political organisation;

(b) has or through a related person acquires a personal financial interest
that may conflict or interfere with the proper performance of the duties of a member of the Tribunal;

(d) is subject to an order of court holding that person to be mentally unfit or disordered;

(e) has been found in any civil or criminal proceedings by a court of law,
whether in the Republic or elsewhere, to have acted fraudulently,
dishonourably, in breach of a fiduciary duty or of any other offence for which such person has been sentenced to direct imprisonment without the option of a fine;

(f) has been removed from a position of trust; or

(g) has at any time found to be in contravention of this Act.

Terms of office of members of Tribunal

29D.

(1) Each member of the Tribunal, including the chairperson and deputy chairperson, serves for a term of five years which may be renewed
only once for a further period of five years.

(2) The chairperson may, on one month written notice addressed to the
Minister:

(a) resign from the Tribunal; or

(b) resign as chairperson, but remain as a member of the Tribunal.

(3) A member of the Tribunal other than the chairperson may resign by
giving at least one month written notice to the Minister.

(4) In the event of the expiry of the term of office of a member of the
Tribunal, the member has a matter pending for adjudication before the
Tribunal, the member may continue to act as a member in respect of that
matter only.

Removal or suspension of members of Tribunal

29E. The Minister may, at any time, remove or suspend a member of the
Tribunal from office if such a member:

(a) becomes subject to any of the disqualifications referred to in section
29C(2);

(b) repeatedly fails to perform the duties of the Tribunal;

(d) is found guilty of a serious misconduct; or

(e) engages in any activity that may undermine the integrity of the Tribunal.

Conflict and disclosure of interest

29F.

(1) A member of the Tribunal may not represent any person before
the Tribunal.

(2) If, during a hearing in which a member of the Tribunal is participating, it appears to the member that the matter concerns a financial or other interest of the member contemplated in section 29C(2)(b), the member must:

(a) immediately and fully disclose the fact and nature of such interest to the chairperson, deputy chairperson and the presiding member at that hearing, as the case may be; and

(b) withdraw from any further involvement in that hearing.

(3) A member must not:

(a) make private use of or profit from confidential information obtained as
a result of performing his or her official duties as a member of the Tribunal; or

(b) divulge any information referred to in paragraph (a) to a third party, except as required and as part of the official functions as a member of the Tribunal.

Proceedings of Tribunal

29G.

(1) The chairperson is responsible for managing the case files of the
Tribunal, and must, taking into account the complexity of a matter, assign
the matter to:

(a) a member of the Tribunal; or

(b) a panel composed of any three members of the Tribunal.

(2) When assigning a matter to a panel in terms of subsection (1)(b), the
chairperson must:

(a) ensure that at least one member of the panel is a person with suitable
legal qualifications and experience; and

(b) designate a member of the panel to preside over the proceedings of the
Tribunal.

(3) If a member of the panel is unable to complete the proceedings in a
matter assigned to that panel due to resignation, illness, death, removal,
suspension or withdrawal from a hearing in terms of this Act, the
chairperson may:

(a) direct that the hearing of that matter proceed before the remaining
members of the panel, subject to the requirements of subsection (2)(a); or

(b) terminate the proceedings before that panel and constitute a new panel
which may include any member of the original panel and direct the new panel to conduct the hearing afresh.

(4) The decision of a Tribunal on a matter referred to it must be in writing
and must include reasons for that decision.

(5) A decision of a single member of the Tribunal hearing a matter in terms of subsection (1)(a), or of a majority of the members of a panel in any other case, is the decision of the Tribunal.

(6) A decision, judgment or order of the Tribunal may be served, executed and enforced as if it were an order of the High Court and is binding subject to review or appeal to a High Court.

Hearings before Tribunal

29H.

(1) The Tribunal must conduct its hearings in public:

(a) in an inquisitorial manner;

(b) as expeditiously as possible;

(d) in accordance with the principles of natural justice.

(2) Notwithstanding the provisions of subsection (1), a Tribunal member
presiding at a hearing may exclude members of the public, specific persons
or categories of persons from attending the hearing if:

(a) evidence to be presented is confidential information, but only to the
extent that the information cannot otherwise be protected;

(b) the proper conduct of the hearing requires it; or

Right to participate in hearing

29I. The following persons may participate in a hearing before the
Tribunal, in person or through a representative, and may put questions to
witnesses and inspect any books, documents or items presented at the
hearing:

(a) The Commission;

(b) the applicant, complainant and respondent; and

(c) any other person who has a material interest in the hearing, unless, in
the opinion of the presiding member of the Tribunal, such interest is
adequately represented by any other person participating at the hearing.

Powers of member presiding at hearing

29J. The member of the Tribunal presiding at a hearing may:

(a) direct or summon any person to appear before the Tribunal at any
specified time and place;

(b) question any person under oath or affirmation;

(c) summon or order any person to:
(i) produce any book, document or item necessary for the purposes of the hearing; or (ii) perform any other act in relation to this Act; and

(d) give direction prohibiting or restricting the publication of any evidence adduced during a Tribunal hearing.

Rules of procedure

29K. Subject to the rules of procedure of the Tribunal, a member of the
Tribunal presiding at a hearing may determine any matter of procedure for
that hearing, with due regard to the circumstances of the case and the
requirements of the applicable provision of this Act.

Appeals and reviews

29L.

(1) A participant in a hearing before a single member of the Tribunal may appeal against the decision of that member to a full panel of the Tribunal.
(2) Subject to the rules of the High Court, a participant in a hearing before a full panel of the Tribunal may:

(a) apply to the High Court to review the decision of the Tribunal; or

(b) appeal to the High Court against the decision of the Tribunal.

Interim relief

29M.

(1) Any person may apply at any time, whether or not a hearing has
commenced, to the Tribunal for an interim order in respect of the matter
before the Tribunal.

(2) The Tribunal may grant such an order if:

(a) there is prima facie evidence that the allegations may be true;

(b) an interim order is reasonably necessary to:
(i) prevent serious, irreparable damage to that person; or
(ii) prevent the purposes of this Act from being frustrated;

(c) the respondent has been given a reasonable opportunity to be heard,
having regard to the urgency of the proceedings; and

(d) the balance of convenience favours the granting of the order.

(3) An interim order in terms of this section must not extend beyond the
earlier of:

(a) the date of the conclusion of a hearing into the matter before the
Tribunal; or

(b) six months after the date of the issue of the interim order extension of
that order in terms of subsection (4).

(4) If an interim order has been granted and a hearing into that matter has
not been concluded within six months after the date of that order, the
Tribunal may, on good cause shown, extend the interim order for a further
period not exceeding six months.

Orders of Tribunal

29N. In addition to the powers in terms of this Act and the Companies
Act, the Tribunal may make any appropriate order in relation to a matter
brought before it, including:

(a) declaring particular conduct to constitute an infringement of this Act
and as such prohibited;

(b) interdicting conduct which constitutes an infringement of this Act;

(c) imposing an administrative fine in terms of section 175 of the
Companies Act, with or without the addition of any other order in
terms of this Act;

(d) confirming a consent agreement in terms of section 173 of the
Companies Act as an order of the Tribunal;

(e) condoning any non-compliance of its rules and procedures on good
cause shown;

(f) confirming an order against an unregistered person to cease engaging
in any activity that is required to be registered in terms of this Act;

(g) suspending or cancelling the registrant’s registration or accreditation
subject to any such terms and conditions the Tribunal deems fit; or

(h) any other appropriate order required to give effect to a right
contemplated in this Act or any other relevant legislation.

Witnesses

29O.

(1) Every person giving evidence at a hearing of the Tribunal must
answer any relevant question.

(2) The law regarding a witness’s privilege in a criminal case in a court
of law applies to a person giving evidence at a hearing of the Tribunal.

(3) The Tribunal may order a person to answer any question or to produce
any article or document, even if it is self-incriminating to do so.

Costs

29P.

(1) Subject to subsection (2), each party participating in a hearing of
the Tribunal shall bear its own costs.

(2) If the Tribunal:

(a) has not made a finding against a respondent, the member of the
Tribunal presiding at the hearing may award costs to the respondent
and against a complainant who referred the complaint to the Tribunal; or

(b) has made a finding against a respondent, a member of the Tribunal
presiding at a hearing may award costs against the respondent and to
a complainant who referred the complaint to the Tribunal.

Appointment of staff of Tribunal

29Q. The Chairperson or any delegated member of the Tribunal may:

(a) appoint staff and enter into an agreement with or hire independent
contractors to assist the Tribunal in carrying out its functions; and

(b) in consultation with the Minister and the Minister of Finance,
determine the remuneration, allowances, benefits and other terms and
conditions of members of staff of the Tribunal or those contracted or
hired to assist the Tribunal.

Finances

29R.

(1) The Tribunal is financed from:

(a) money appropriated by Parliament;

(b) any fees or fines payable in terms of this Act or any relevant legislation;

(d) other money accruing from any source.

(2) The Tribunal may invest or deposit money that is not immediately
required for contingencies or to meet current expenditures:

(a) on a call or short-term fixed deposit with any registered bank or
financial institution in the Republic; or

(b) in an investment account with the Corporation for Public Deposits
established by section 2 of the Corporation for Public Deposits Act,
1984 (Act nº 46 of 1984).

Reviews and reports to Minister

29S.

(1) The Minister may, at any time, conduct an audit review of the
performance by the Tribunal of its functions.

(2) In addition to any other reporting requirement set out in this Act or
any other legislation, the Tribunal must report to the Minister annually on
its performance and activities as required by the Public Finance Management
Act, 1999 (Act nº 1 of 1999).

(3) As soon as practicable after receiving a report of a review contemplated in subsection (1), or after receiving a report contemplated in subsection (2), the Minister must transmit and table a copy of the report in Parliament.’’.

Repeal of sections 30, 31, 32, 33 and 36 of Act 98 of 1978

31. Sections 30, 31, 32, 33 and 36 of the principal Act are hereby repealed.

Amendment of section 39 of Act 98 of 1978, as amended by section 4 of Act 9 of 2002 and section 5 of Act 28 of 2013

32. Section 39 of the principal Act is hereby amended:

(a) by the deletion of the word ‘‘and’’ at the end of paragraph (cD);

(b) by the insertion of the following paragraphs after paragraph (cE):
‘‘(cF) prescribing rules regulating the processes and proceedings of the
Tribunal;
(cG) prescribing compulsory and standard contractual terms to be included in agreements to be entered in terms of this Act;
(cH) prescribing permitted acts for circumvention of technological protection measures contemplated in section 28B after due consideration of the following factors:
(i) The availability for use of works protected by copyright;
(ii) the availability for use of works for non-profit archival and educational purposes;
(iii) the impact of the prohibition on the circumvention of technological protection measures applied to works or protected by copyright on criticism, comment, news reporting, teaching, scholarship or research; or
(iv) the effect of the circumvention of technological protection measures on the market for or value of works protected by copyright;
(cI) prescribing royalty rates or tariffs for various forms of use;
(cJ) prescribing the percentage and period within which distribution of
royalties must be made by Collecting Societies;
(cK) prescribing the terms and manner relating to the management of
unclaimed royalties, code of conduct and any other matter relating to the reporting, operations, activities and better collection processes
of royalties by a Collecting Society; and (cL) in consultation with the Minister responsible for communication,
prescribing the local music content for television and radio broadcasting;’’; and

(c) by the addition of the following subsection, the existing section becoming
subsection (1):
‘‘(2) Before making any regulations in terms of subsection (1), the
Minister must publish the proposed regulations for public comment for a
period of not less than 30 days.’’.

Insertion of section 39B in Act 98 of 1978

33. The following section is hereby inserted in the principal Act after section 39A:

‘‘Unenforceable contractual term

39B.

(1) To the extent that a term of a contract purports to prevent or restrict the doing of any act which by virtue of this Act would not infringe copyright or which purport to renounce a right or protection afforded by this Act, such term shall be unenforceable.

(2) This section does not prohibit or otherwise interfere with public and
open licences to do any act which is subject to copyright or moral rights,
settlement agreements, terms of service licences and the voluntary
dedication of a work to the public domain.’’

Insertion of Schedule 2 in Act 98 of 1978

34. The following Schedule is hereby added to the principal Act, the existing
Schedule becoming Schedule 1:

‘‘Schedule 2
(Section 22(3))

Part A.- Translation Licences

Application of provisions in Part A

1. The provisions in this Part apply to copyright works which have been
published in printed or analogous forms of reproduction.

Application for licence to translate copyrighted work

(1) Any person may apply to the Commission for a licence to make a
translation of the work in order in printed or analogous forms of
reproduction, into any language that is an official language within the
Republic, or a foreign language that is regularly used in the Republic, for
use by readers located in the Republic.

(2) Any person may apply to the Commission for a licence to translate
copyrighted work in order to make the work into a usable or analogous form
of reproduction.

(3) No licence shall be granted until the expiration of the following
applicable periods:

(a) A period of one week from the date of the first publication of the original copyrighted work, where the application is for a licence for translation into specified languages;

(b) a period of three months from the date of the first publication of the
original copyrighted work, where the application is for a licence for
translation into specified languages in general use or any other language in general use; and

c) a period of one year from the date of the first publication of the of the
original copyrighted work, where the application is for a licence for
translation into any language that is not stipulated in this Act or
languages that are not generally used in the Republic covered in
subitem (1).

Granting of licence

(1) Before granting a licence the Tribunal shall determine that:

(a) no translation of the work into the language in question of the
copyrighted work has been established in printed or analogous form of
reproduction by or with the authorisation of the user, performer,
owner, producer or author of the right of translation or any previous
editions in that language are out of print;

(b) the applicant for the licence has established that he or she has
requested and has been denied authorisation from the author of the
right of translation after due diligence on his or her part was unable to
find such user, performer, owner, producer or author;

(c) at the same time as addressing the request referred to in paragraphs (a)
and (b) with the user, performer, owner, producer or author, the
applicant for the licence has informed any organisation designated for
the purpose of his or her request in which the publisher of the work to
be translated is believed to have his or her principal place of business;

(d) if the applicant could not find the user, performer, owner, producer or
author of the copyrighted work requiring translation by registered mail
or electronic mail (with proof of service), a copy of his or her
application to the publisher whose name appears on the work and a
copy to any principal place of business referred to in paragraph (c);

(e) no licence shall be granted unless the user, performer, owner, producer
or author of the copyrighted work requiring translation is known or located and has been given an opportunity to be heard;

(f) no licence shall be granted until the expiration of:
(i) a further period of two days, where one week referred to in item 2(3)(a) applies;
(ii) a further period of two weeks, where three months referred to in item 2(3)(b) applies; or
(iii) a further period of three months, where one year referred to in item 2(3)(c) applies;

(g) such further period shall be computed from the date on which the
applicant complies with the requirements mentioned in paragraphs (a)
to (e) or where the identity or the address of the user, performer,
owner, producer or author of the copyright work requiring translation
is unknown from the date on which the applicant also complies with
the requirement mentioned in paragraphs (a) to (e); and

(h) if, during either of the said further periods, a translation into the
language in question of the copyright work has been published in
printed or analogous form of reproduction by or with the authorisation
of the user, performer, owner, producer or author of the translation
right, no licence shall be granted.

(2) For works composed mainly of illustrations, a licence shall be
granted only if the conditions stipulated in paragraphs (a) to (e) are also
fulfilled.

(3) No licence shall be granted when the user, performer, owner,
producer or author has withdrawn all copies of the work from circulation.

Scope and conditions of licence

(1) Any licence granted under this Part shall:

(a) be for the purpose of teaching only;

(b) be for training, scholarship or research;

(c) be to allow publication in a printed or analogous form of reproduction
consistently with the conditions set out in item 3, if:
(i) the Tribunal certifies that facilities do not exist for such printing or reproduction or that existing facilities are incapable for economic or practical reasons of ensuring such reproduction, the preparation may be made outside the country and if:
(aa) all copies reproduced are sent to the licensee in one or more bulk shipments for distribution exclusively in the Republic and the contract between the licensee and the establishment doing the work of reproduction so requires;
(bb) the said contract provides that the establishment engaged for doing the work of reproduction guarantees that the work of reproduction is lawful in the country where it is done; and
(cc) the licensee does not entrust the work of reproduction to an establishment specially created for the purpose of having copies reproduced of works for a licence granted under this Part;
(ii) the publication does not extend to the export of copies made under the licence, except as provided in subparagraph (i);
(iii) the licence is non-exclusive; and
(iv) the licence is transferable.

(2) Copies of a translation published under a licence may be sent abroad
by the Government or other public entity if: .

(a) the translation is into a language other than the language used in the
Republic that will be of use;

(b) the recipients of the copies are individuals who are South African
nationals or are organisational groupings that are nationals in the
Republic;

(d) both the sending of the copies abroad and their subsequent distribution
to the recipients are without any commercial purposes; and

(e) the government of the foreign country to which the copies are sent, has
agreed to the receipt or distribution, or both, of the copies in that
country.

(3) The licence shall provide for just compensation in favour of the user,
performer, owner, producer or author of the right of translation that is
consistent with standards of royalties normally operating in the case of
licences freely negotiated between persons in the Republic and authors of
translation rights in the country of the author of the right of translation.

(4) If the licensee is unable to transmit the compensation to the user,
performer, owner, producer or author of the right of translation due to
conversion of currency, he or she shall report the fact to the Tribunal who
shall make all efforts, by the use of international machinery, to ensure that
such transmittal is in internationally convertible currency or its equivalent.

(5) As a condition of maintaining the validity of the licence, the
translation must be correct for such use and all published copies must
include the following:

(a) The original title and name of the user, performer, owner, producer or
author of the work;

(b) a notice in the language of the translation stating that the copy is
available for distribution only in the Republic; and

(6) The licence shall terminate if:

(a) a translation of the work is in the same language of the copyrighted
work with substantially the same content as the original publication
under the licence; and

(b) a translation of the work is published in printed or analogous form of
reproduction in the country by or with the authorisation of the user,
performer, owner, producer or author at a price reasonably related to
the price normally charged in the country for comparable works.

(7) Any copies of the work already made before the licence terminates
may continue to be distributed until stocks are exhausted.

Licence for broadcasting organisation

(1) A licence under this Part may also be granted to a domestic
broadcasting organisation if the following conditions are met:

(a) The translation is made from a copy made and acquired in accordance
with the laws of the country;

(b) the translation is for use in broadcasts intended exclusively for
teaching or for the dissemination of the results of specialised technical
or scientific research to experts in a particular profession only;

(c) the translation is used exclusively for the purpose specified in
paragraph (b) through broadcasts that are lawfully made and that are
intended for recipients in the Republic, including broadcasts made
through the medium of sound or visual recording that have been made
lawfully and for the sole purposes of such broadcasts;

(d) sound or visual recordings of the translation may not be used by
broadcasting organisations other than those having their headquarters
in the country; and

(e) all uses made of the translation are without commercial purpose.

(2) A licence may also be granted to a domestic broadcasting organisation under all of the conditions provided in subitem (1) to translate any text incorporated in an audiovisual fixation that was itself prepared and
published for the sole purpose of being used in connection with systematic
instructional activities.

Part B.- Reproduction Licences

Application of provisions in Part B

1. The provisions in this Part apply to works which have been published
in printed or analogous forms of reproduction.

Application for licence

(1) Any person may apply to the Intellectual Property Tribunal for a
licence to reproduce and publish a particular edition of the work in printed
or analogous forms of reproduction (hereinafter referred to as ‘‘the
licence’’).

(2) No licence shall be granted until the expiration of the following
applicable periods, commencing from the date of first publication of the
particular edition of the work:

(a) Three years for works of technology and the natural and physical
sciences including mathematics;

(b) seven years for works of fiction, poetry, drama and music, and for art
books; and

Grant of licence

(1) Before the granting of a licence, the Tribunal shall determine
that:

(a) no distribution by, or without authorisation of, the user, performer,
owner, producer or author of the right of reproduction of copies in
printed or analogous forms of reproduction of that particular edition
has taken place in the country to the general public or in connection
with systematic activities at a price reasonably related to that normally
charged in the country or that, under the same conditions, such copies
have not been on sale in the country for a continuous period of at least
six months;

(b) the applicant for the licence has established that he or she either has
requested, and has been denied, authorisation from the user, performer,
owner, producer or author of the right of reproduction or that,
after due diligence on his or her part, he or she was unable to find such
user, performer, owner, producer or author;

(c) at the same time as addressing the request referred to in paragraph (b)
to the user, performer, owner, producer or author, the applicant for the
licence has informed any national or international organisation
designed for the purpose of his or her application in which the
publisher of the work to be reproduced is believed to have his or her
principal place of business; and

(d) if the applicant for the licence could not find the user, performer,
owner, producer or author of the right of reproduction, the applicant
has sent, by registered mail or electronic mail (with proof), a copy of
his or her application to the publisher whose name appears on the work
and a copy of his or her application to any principal place of business
referred to in paragraph (c).

(2) No licence shall be granted unless the user, performer, owner,
producer or author of the right of reproduction is known, located or has
been given an opportunity to be heard.

(3) Where the three-year period referred to in item 2(2)(a) applies, no
licence shall be granted until the expiration of six months calculated from
the date on which the applicant complies with the requirements mentioned
in subitem (2)(a) and (b) or, where the identity or the address of the user,
performer, owner, producer or author of the right of reproduction is
unknown, from the date on which the applicant also complies with the
requirements mentioned in this Part.

(4) Where the seven-year or five-year periods referred to in paragraphs
(b) and (c) of item 2(2) apply and where the identity or the address of the
user, performer, owner, producer or author of the right of reproduction is
unknown, no licence shall be granted until the expiration of six months
calculated from the date on which the copies referred to have been mailed.

(5) If, during the period of six or three months referred to in subitem (3)
or (4), a distribution or placing on sale has taken place, no licence shall be
granted.

(6) No licence shall be granted if the user, performer, owner, producer or
author has withdrawn from circulation all copies of the edition which is the
subject of the application.

(7) Where the edition which is the subject of an application for a licence
under this Part is a translation, the licence shall only be granted if the
translation is in a language required by, or with the authorisation of, the
user, performer, owner, producer or author of the right of translation.

Scope and condition of licence

(1) Any licence under this Part shall:

(a) be for use in connection with systematic instructional activities only;

(b) allow publication only in a printed or analogous form of reproduction
at a price reasonably related to or lower than that normally charged in
the country for comparable work;

(d) if the Tribunal certifies that facilities do not exist in the country and the
contract between the licensee and the establishment doing the work of
reproduction so requires, allow reproduction outside the country as
long as:
(i) all copies reproduced are sent to the licensee in one or more
bulk shipments for distribution exclusively in the country and
the contract between the licensee and the establishment doing
the work of reproduction so requires;
(ii) the said contract provides that the establishment engaged for
doing the work of reproduction guarantees that the work of
reproduction is lawful in the country where it is done;
(iii) the licensee does not entrust the work of reproduction to an
establishment created for the purpose of having copies
reproduced of works for which a licence has been granted under this Part;
(iv) the licence is non-exclusive; and
(v) the licence is transferable.

(2) The licence shall provide for just compensation in favour of the user,
performer, owner, producer or author of the right of reproduction that is
consistent with standards of royalties normally operating in the case of
licences freely negotiated between persons in the country and users,
performers, owners, producers or authors of reproduction rights in the
Republic.

(3) If the licensee is unable, by reason of currency regulations, to
transmit the compensation to the user, performer, owner, producer or author
of the right of reproduction, he or she shall report the fact to the Tribunal
who shall make all efforts, by the use of international machinery, to ensure
such transmittal in internationally convertible currency or its equivalent.

(4) As a condition of maintaining the validity of the licence, the
reproduction of that particular edition must be accurate and all published
copies must include the following:

(a) The title and name of the user, performer, owner, producer or author of
the work;

(b) a notice in the language of the publication stating that the copy is
available for distribution only in the Republic; and

(5) The licence shall terminate if:

(a) copies of an edition of the work in printed or analogous form of
reproduction are distributed in the Republic, by or with the
authorisation of the user, performer, owner, producer or author of the
right of reproduction and in connection with systematic instructional
activities, at a price reasonably related to that normally charged in the
Republic; and

(b) such edition is in the same language and is substantially the same in
content as the edition which was published under the licence.

(6) Any copies of an edition of the work already made before the licence
terminates may continue to be distributed until stocks are exhausted.

Licence for audiovisual fixations

5. Under the conditions provided in this Part, a licence may also be
granted:

(a) to reproduce in audio-visual form a lawfully made audio-visual
fixation, including any protected work incorporated in it if that fixation
was prepared and published for the sole purpose of being used in
connection with systematic instructional activities; and

(b) to translate any text incorporated in that fixation into a language
generally used in the Republic.’’.

Short title and commencement

35. This Act is called the Copyright Amendment Act, 2017, and comes into operation on a date fixed by the President by proclamation in the Gazette.

MEMORANDUM ON THE OBJECTS OF THE COPYRIGHT AMENDMENT BILL

1. BACKGROUND

1.1 The Copyright Amendment Bill (‘‘the Bill’’) seeks to align copyright with the
digital era and developments at a multilateral level. The existing Copyright
Act, 1978 (Act nº 98 of 1978) (‘‘the Act’’), is outdated and has not been
effective in a number of areas. The creative industry is impacted upon;
educators are hampered in carrying out their duties; researchers are restricted
to further developing research; and people with disabilities are severely
disadvantaged by having limited access to copyright works. For this reason, a
need exists for Intellectual Property (‘‘IP’’) legislation to be consonant with
the ever evolving digital space; to allow reasonable access to education; to
ensure that access to information and resources are available for persons with
disabilities; and to ensure that artists do not die as paupers due to ineffective
protection. The latter is supported by the experience of the power imbalance,
vulnerabilities and abuse taking place in the music industry which Government
was called to address.

1.2 The Bill is consistent with the Draft National Policy as commented on and the recommendations of the Copyright Review Commission (‘‘the CRC’’)
chaired by retired judge Ian Farlam, and is linked to the National
Development Plan (‘‘NDP’’), in that it seeks to ensure consistency and
coherence in aligning the approach of various Government Departments to IP
matters. The proposed provisions in the Bill are strategically aligned with the
treaties that South Africa reviewed, amongst others, the World Intellectual
Property Organisation (‘‘WIPO’’) digital treaties namely the WIPO Copyright
Treaty (‘‘WCT’’); the WIPO Performance and Phonograms Treaty
(‘‘WPPT’’); the Beijing Treaty for the Protection of Audio Visual Performances;
and the Marrakesh Treaty to Facilitate Access to Published Works for
Persons Who Are Blind, Visually Impaired, or Otherwise Print Disabled. The
alignment is for purposes of ensuring effective governance, social protection,
employment creation and reduction of inequalities.

1.3 The amendment of the Act means that South Africa will be able to accede to international treaties and conventions which require domestic legislation to be consistent with international imperatives.

2. OVERVIEW OF BILL

2.1 The purpose of the proposed amendments to the Act is to protect the economic interests of authors and creators of work against infringement by promoting the progress of science and useful creative activities. It is also envisaged that the proposed legislation will reward and incentivise authors of knowledge and art. Various sectors within the South African Copyright regime are dissatis-fied. Ranking highest are local performers and composers, who have not benefitted due to the lack of access to the Copyright system. (CRC report 2011). Thus, the Bill aims to make copyright consistent with the digital era, developments at a multilateral level, international standards and introduce
improved exceptions and limitations into Copyright law. The Bill also aims to
enhance access to and use of copyright works, to promote access to
information for the advancement of education and research and payment of
royalties to alleviate the plight of the creative industry.

2.2 The objectives of the Bill are:

● to develop a legal framework on Copyright and related rights that will
promote accessibility to producers, users and consumers in a balanced
manner; this includes flexibilities and advancements in the digital space that
should empower all strata of the citizens of South Africa;

● to address the licensing of Copyright works or material in relation to
commissioned work to facilitate commercial exploitation by any person so
licensed.

2.3 The Bill introduces provisions which deal with matters pertaining to
Collective Management. Collecting Societies will only be allowed to collect
for their registered members, and all Collecting Societies have to be registered with the Companies and Intellectual Property Commission (‘‘CIPC’’). Collecting Societies will only be allowed to collect for one set of Copyright Rights (Performance, Mechanical and Needle time).

2.4 The Bill deals with the protection of works and rights of authors in the digital environment.

2.5 The Bill provides for the availability of accessible formats of a work to
accommodate persons with disabilities. This provision extends beyond
matters pertaining to the blind but to other disabilities such as learning
disabilities, dyslexia etc.

2.6 The Bill introduces an Artist Resale Royalty. This resale right means that an artist could be entitled to a royalty even when their work is resold.

2.7 Scope is left for the reproduction of copyright material for certain uses or
purposes without obtaining permission and without paying a fee and without
paying a royalty. Limited circumstances have been provided for in this regard.
Furthermore, this provision stipulates the factors that need to be considered in
determining whether the use of a copyright amounts to fair use.

2.8 The Bill proposes a new structure for the tribunal that will settle disputes in
the area of all domains of IP. The current Tribunal process takes long to settle
disputes and was found to be ineffective by the CRC in providing speedy
redress to rights holders. There is clear justification to follow the route taken
in respect of the Companies, Trade Marks and Competition Tribunals which
are good examples in this regard. This will be a Tribunal to deal with all IP
matters.

3. ANALYSIS OF BILL

3.1 Clause 1 of the Bill proposes the insertion into the Act of a range of new
definitions necessitated by certain amendments embodied in the Bill.

3.2 Clause 2 proposes the insertion of section 2A in the Act, circumscribing the extent of copyright protection.

3.3 Clause 3 of the Bill proposes an amendment to section 5 of the Act by
providing for State ownership of copyright funded by the State.

3.4 Clause 4 of the Bill proposes an amendment to section 6 of the Act by
providing for communication to the public of a musical work, by wire or
wireless means, including internet access and making available to the public
a work in such a way that members of the public may access such work from
a place and at a time individually chosen by them, whether interactively or
non-interactively.

3.5 Clause 5 of the Bill proposes an amendment to section 7 by providing for
communication to the public of an artistic work by wire or wireless means,
including internet access.

3.6 Clause 6 of the Bill proposes an amendment to section 8 of the Act by
providing for communication to the public of a cinematograph film or
audiovisual fixation by wire or wireless means, including internet access.

3.7 Clause 7 of the Bill proposes an amendment to section 9 of the Act providing for communication to the public of a sound recording by wire or wireless means, including internet access. Furthermore, by providing for a person who intends to broadcast, cause transmission of or make any work available to the public, to give the author, collecting society or indigenous community a notice in the prescribed manner of his or her intention to perform such acts, indicating where practicable, the date of the proposed performance, proposed terms and conditions for the payment of royalties and requires the copyright author, collecting society or indigenous community to sign the proposal attached thereto.

3.8 Clause 8 of the Bill proposes the substitution of section 9A of the Act. It
embodies a variety of additions and amendments pertaining to the payment of
royalties in respect of intellectual property rights.

3.9 Clause 9 of the Bill proposes the insertion into the Act of sections 9B to 9F,
providing for the resale, duration, assignment or waiver of royalty rights. It
also provides for authors to enjoy the inalienable resale royalty right on the
commercial resale of his or her work of art, subsequent to the first transfer by
the author of such work of art.

3.10 Clause 10 of the Bill proposes an amendment to section 12, providing for fair dealings and uses of copyright work.

3.11 Clause 11 of the Bill proposes the insertion of section 12A in the Act,
providing for the general exceptions from copyright protection and section
12B providing for the first sale or transfer of ownership of copyright to
exhaust the rights of distribution and importation locally and internationally in
respect of the transfer of the original or copy.

3.12 Clause 12 of the Bill proposes the insertion of sections 13A and 13B in the Act providing for the permission to make transient or incidental copies of a work, including reformatting, an integral and essential part of a technical process.

3.13 Clause 13 of the Bill proposes an amendment to section 16 of the Act,
providing for the deletion of subsection (1).

3.14 Clauses 14 and 15 proposes the repeal of sections 17 and 18 of the Act,
respectively.

3.15 Clause 16 of the Bill proposes the repeal of section 19A of the Act.

3.16 Clause 17 of the Bill proposes an amendment to section 19B of the Act by providing that the person having a right to use a copy of a computer program shall be entitled, without the authorisation of the rights holder, to observe, study or test the functioning of the program in order to determine the ideas and principles which underlie any element of the program, if he or she does so while performing any of the acts of loading, displaying, running, transmitting or storing the program which he or she is entitled to do.

3.17 Clause 18 of the Bill proposes the insertion of sections 19C and 19D into the Act by providing general exceptions regarding protection of copyright work
for archives, libraries, museums and galleries, also exceptions regarding
protection of copyright work for persons with disability.

3.18 Clause 19 of the Bill proposes an amendment to section 20 of the Act, thereby providing for an author to have the right to claim authorship of the work, and to object to any distortion, mutilation or other modification of the work where such action is or would be prejudicial to the honour or reputation of the author.

3.19 Clause 20 of the Bill proposes an amendment to section 21 of the Act by
providing for the ownership of any copyright subsisting in the work between the person commissioning the work and the author who executes the
commission.

3.20 Clause 21 of the Bill proposes an amendment to section 22 of the Act by
providing that copyright owned by, vesting in or under the custody of the State
may not be assigned.

3.21 Clause 22 of the Bill proposes the insertion into the Act of a new section 22A, making provision for assignment and licences in respect of orphan works.

3.22 Clause 23 of the Bill proposes the insertion of a new Chapter 1A into the Act and provides for the registration and regulation of Collecting Societies.

3.23 Clause 24 of the Bill proposes an amendment to section 23 of the Act by
providing for an offence if a person tampers with information managing
copyright, omits to pay the author of the copyright work a royalty fee as and
when the copyright work is used and omits to pay the author of artistic work
royalty fees as and when the artistic work is sold as prescribed by the Act.

3.24 Clause 25 of the Bill proposes an amendment to section 27 of the Act by
inserting a new subsection which provides for an offence if a person
unlawfully circumvents technological protection measures applied by the
author.

3.25 Clause 26 of the Bill proposes amendments to section 28 of the Act, which provides for the copying of a work to constitute an infringement of copyright, if such copying would have constituted infringement in the country in which the work was made.

3.26 Clause 27 of the Bill proposes the insertion of sections 28O, 28P, 28Q, 28R, 28S in the Bill providing for prohibited conduct in respect of technological
protection measures; exceptions in respect of technological protection
measures; and prohibited conduct in respect of copyright management
information and exceptions.

3.27 Clause 28 of the Bill proposes an amendment to the heading in Chapter 3 of the Act [Copyright Tribunal] by replacing it with the heading ‘‘Regulatory and Enforcement Agencies’’.

3.28 Clauses 29 and 30 of the Bill propose the insertion of sections 29A to 29S into the Act, which provide for, amongst others, the establishment of the
Intellectual Property Tribunal; its functions; appointment of its members;
qualifications for such appointment; term of office; removal and suspensions;
and procedural matters on the conduct of hearings of the Tribunal.

3.29 Clause 31 of the Bill proposes the repeal of sections 30, 31, 32, 33 and 36 of the Act.

3.30 Clause 32 of the Bill proposes an amendment to section 39 of the Act by
providing for ministerial powers to prescribe regulations relating amongst
others to the procedure for the conduct of Tribunal hearings and relating to
Collecting Societies.

3.31 Clause 33 of the Bill proposes a new section 39B, and provides that a term in a contract that purports to prevent or restrict any act which by virtue of the Act would not infringe copyright or which purport to renounce a right or
protection afforded by the Act will be unenforceable.

3.32 Clause 34 of the Bill proposes the insertion into the Act of a new Schedule 2, providing for ‘‘Translation Licences’’ and ‘‘Reproduction Licences’’.

3.33 Clause 35 of the Bill provides for the short title and commencement.

4. DEPARTMENTS/BODIES/PERSONS CONSULTED

The Department of Trade and Industry consulted various stakeholders in different sectors within the South African Copyright regime such as Departments and their agencies, local performers, composers, academics, non-government organisations, copyright consultants and the general public, through meetings and a conference.
The consultation took place pre- and post-Cabinet approval.

5. FINANCIAL IMPLICATIONS FOR STATE

Any financial requirement will accommodated within the existing budget.

7. PARLIAMENTARY PROCEDURE

Tagging

7.1 The Constitution of the Republic of South Africa, 1996 (‘‘the Constitution’’)
distinguishes between four categories of Bills: Bills amending the Constitution
(section 74); ordinary Bills not affecting provinces (section 75); ordinary
Bills affecting provinces (section 76); and money Bills (section 77). A Bill
must be correctly tagged otherwise it would be constitutionally invalid.

7.2. The Bill must be considered against the provisions of the Constitution relating to the tagging of Bills, and against the functional areas listed in Schedule 4 and Schedule 5 to the Constitution.

7.3 The crux of tagging has been explained by the courts, especially the
Constitutional Court in the case of Tongoane and Others v Minister of
Agriculture and Land Affairs and Others1. The Constitutional Court in its
judgment stated as follows:

‘‘[58] What matters for the purpose of tagging is not the substance or
the true purpose and effect of the Bill, rather, what matters is whether
the provisions of the Bill ‘in substantial measure fall within a
functional area listed in schedule 4’. This statement refers to the test to
be adopted when tagging Bills. This test for classification or tagging is
different from that used by this court to characterise a Bill in order to
determine legislative competence. This ‘involves the determination of
the subject matter or the substance of the legislation, its essence, or
true purpose and effect, that is, what the [legislation] is about.’’
(footnote omitted).

[60] The test for tagging must be informed by its purpose. Tagging is
not concerned with determining the sphere of government that has the
competence to legislate on a matter. Nor is the process concerned with
preventing interference in the legislative competence of another
sphere of government. The process is concerned with the question of
how the Bill should be considered by the provinces and in the NCOP,
and how a Bill must be considered by the provincial legislatures
depends on whether it affects the provinces. The more it affects the
interests, concerns and capacities of the provinces, the more say the
provinces should have on its content.’’

7.4 In light of what the Constitutional Court stated in the abovementioned case, the test essentially entails that ‘‘any Bill whose provisions in substantial
measure’’ fall within a specific Schedule must be classified in terms of that
Schedule

7.5 The Act regulates copyright. In terms of section 2 of the Act, and subject to the provisions of the Act, the following works, if they are original, are eligible for copyright, namely literary works, musical works, artistic works, cinematograph films, sound recordings, broadcasts, program-carrying signals,
published editions and computer programs.

7.6 The Bill, amongst others things, seeks to provide for certain exceptions in
respect of infringement of copyright for educational purposes, e.g. the new
section 13B [clause 12 of the Bill] which regulates the making of copies of
works, recordings of works and broadcasts in radio and television for the
purposes of educational and academic activities if the copying does not
exceed the extent justified by the purpose. ‘‘Education at all levels, excluding
tertiary education’’is a functional area listed in Schedule 4 to the Constitution.
The Bill also proposes general exceptions regarding protection of copyright
work for archives, libraries, museums and galleries. ‘‘Archives other than
national archives’’, ‘‘Libraries other that national libraries’’ and ‘‘Museums
other than national museums’’ are functional areas listed in Schedule 5 to the
Constitution. The question is whether or not the abovementioned provisions
of the Bill in substantial measure fall within a functional are listed in Schedule
4 or 5. The purpose of the Bill is to regulate copyright and not to regulate any
matter falling under the functional areas in question. The Constitutional
Court, in paragraph 71, stated the following with regard to the test for tagging:

‘‘[71] . . . the ‘substantial measure’ test permits a consideration of
the provisions of the Bill and their impact on matters that substantially
affect the provinces. This test ensures that legislation that affects the
provinces will be enacted in accordance with a procedure that allows
the provinces to fully and effectively play their role in the law-making
process. This test must therefore be endorsed.’’ (emphasis added).
The subject matter of the Bill is the regulation of copyright in the Republic
and does not impact on matters that substantially affect the provinces.

7.7 Since none of the provisions of the Bill in substantial measure fall within a
functional area listed in Schedule 4 or 5, the Bill must be dealt with in
accordance with the procedure set out in section 75 of the Constitution.

Referral of Bill to House of Traditional Leaders

7.8 According to section 18(1) of the Traditional Leadership and Governance
Framework Act, 2003 (Act nº 41 of 2003), ‘‘(a)ny parliamentary Bill
pertaining to customary law or customs of traditional communities must,
before it is passed by the house of Parliament where it was introduced, be
referred by the Secretary to Parliament to the National House of Traditional
Leaders for its comments.’’.

7.9 Indigenous works will in terms of the Act be eligible for the payment of
royalties. An ‘‘indigenous work’’ means a literary, artistic or musical work
with an indigenous or traditional origin, including indigenous cultural
expressions or knowledge which was created by persons who are or were
members, currently or historically, of an indigenous community and which
literary, artistic or musical work is regarded as part of the heritage of such
indigenous community. The Bill provides for the registration of collecting
societies to administer rights on behalf of copyright owners or authors. Since
the Bill pertains to ‘‘customs of traditional communities’’ it would be
necessary to refer the Bill to the House of Traditional Leaders.

08Sep/17

Telecommunications (Amendment) Act, 2012

8 septiembre, 2017Jamaica, Ley2012, Legislación Derecho Informático, Legislación Jamaica, Telecommunications (Amendment) ActJosé Cuervo

A BILL

ENTITLED

AN ACT to Amend the Telecommunications Act.

24th, day of May, 2012

BE IT ENACTED by The Queen’s Most Excellent Majesty, by and with the advice and consent of the Senate and the House of Representatives of Jamaica, and by the authority of the same, as follows:

1.- This Act may be cited as the Telecommunications (Amendment) Act, 2012 and shall be read and construed as one with the Telecommunications Act (hereinafter referred to as the Principal Act”) and all amendments thereto.

2.- Subsection (1) of section 2 of the principal Act is amended:

(a) by inserting next after the definition of”assign” the following definitions

“Authority” means the Spectrum Management Authority established under section 21;

“authorized officer” means:

a) for the purposes ofsection 4(1), a member of the Jamaica Constabulary Force or the Island Special Constabulary Force, member of staff of the office or any other authorized by the Office to assist it in the performance of its functions under this Act;

b) for the purposes of section 23A(9), a member of the Jamaica Constabulary Force or the Island Special Constabulary Force, and any member ofstaff of the office or any other person authorized by the Authority to assist it in the performance of its functions under this Act;

“Board” means the Board of Management of the Universal Service Fund established under section 38C;”;

(b) by deleting the definition of”customer” and substituting therefor the following definition:

“court” means the Supreme Court ofJudicature ofJamaica;

“customer” means a person who is provided with a facility or specified service by a service provider or carrier and includes the end user ofthat service or facility;”;

(c) in the definition of”interconnection”, by deleting the word”voice”;

(d) by deleting the definitions of”licence” and”licensee” and substituting therefor next after the definition of”internet access” the following definition:

“licence”, means a licence other than a spectrum licence granted under this Act and”licensee” shall be construed accordingly;”;

(e) by deleting the definitions of”subscriber television service” and”specified service” and substituting therefor the following:

“specified service” means a telecommunications service or such other service as may be prescribed;

“spectrum licence” means a licence granted under Part IV and ”spectrum licensee” shall be construed accordingly;

“subscriber television service” has the same meaning as in the· Broadcasting and Radio Rediffusion Act; and

(f) by inserting next after the definition of ”uncontrollable forces” the following definition:

“Universal Service Fund” or ”Fund” means the fund established under section 38A;”.

3.- Section 4 of the principal Act is amended:

(a) in subsection (1), by:

(i) renumbering paragraphs (c) to (i) as paragraphs (d) to U) respectively and inserting the following as paragraph (c):

“(c) make such recommendations to the Minister as the Office considers necessary or desirable as to whether a licence should be suspended for such period as the Office considers appropriate or should be revoked;”;

(ii) deleting paragraph (e) as renumbered and substituting therefor the following:

“(e) carry out, on its own initiative or at the request of any person, investigations in relation to a licensee’s conduct as will enable it to determine whether, and to what extent, the licensee is acting in contravention of this Act and in exercise of this function the Office may:

(i) summon and examine witnesses

(ii) sununon the production by a licensee of equipment, records, documents or other information so maintained or stored, in whatever manner, as it considers necessary;

(iii) require that any equipment, record, document or other information so produced, be verified by affidavit;

(iv) enter and search, in the company ofan authorized officer, the premises or other property of a licensee, and inspect, or seal or remove, such equipment, records, documents or other information referred to in subparagraph (ii); and

(v) conduct or make any other necessary enquiries;”;

(b) by deleting subsection (4) and substituting therefor the following:

“(4) The Office may, in the exercise ofits functions, in writing:

(a) direct any licensee to maintain such records, documents or other information for such period as the Office may specify; and

(b) require a licensee to furnish, to the Office, such records, documents or other information in relation to that licensee’s operations, .within such reasonable time and for such reason, as the Office may specify.”; and

4.- Section 7 of the principal Act is amended:

(a) in subsection (1), by inserting after the word” Licences” the words”or spectrum licences, as the case may be,” and inserting after the word”licensees” the words”or spectrum licensees, as the case may be,”;

(b) in subsection (2), by inserting next after the words” the Office” the words” or Authority. as the case may be”;

(c) in subsection (3):

(i) in paragraph (a):

(A) by deleting sub-paragraph (iii) and substituting therefor the following as

“(iii) to the Minister, an agent ofor consultant providing professional services to the Office or Authority, as the case may be, or the F airTrading Commission,”;

(B) in paragraph (iv), by inserting immediately after the word ”Office” the words”or the Authority, as the case may be,” and by inserting immediately after the semicolon appearing at the end of the paragraph the word”or”;

“(v) to any person carrying out regulatory or other functions under this Act;”;

(ii) in paragraph (b), by inserting immediately after:

(A) the word ”Office” wherever it appears, the words”or the Authority, as the case may be”; and;

(B) the word ”licensee” wherever it appears, the words”or spectrum licensee, as the case may be:’;

the word”Office” wherever it appears, the words” or the Authority, as the case may be”;

(iii) in paragraph (c), by deleting the full stop appearing at the end of the paragraph and substituting therefor the symbol and word”; or”; and

(iv) by inserting next after paragraph (c) the following as paragraph (d);

“(d) disclosure is required under any other enactment.”; and

(d) by deleting subsection (6) and substituting therefor the following:

“(6) Subject to section 7A, in this section”confidential information” means any information classified by the Office or the Authority, as the case may be, as confidential, in accordance with the following procedure:

(a) any licensee or spectrum licensee or applicant for a licence or spectrum licence who submits information to the Office or the Authority, as the case may be ( hereinafter called”the submitting party”) may, in so doing, claim that the information is confidential for any of the following reasons, namely that:

(i) the information is a trade secret;

(ii) the information is subject to a claim of legal professional privilege;

(iii) the disclosure of the information would or could reasonably be expected to:

(A) result in significant financial loss or gain to any person;

(B) prejudice significantly the competitive position of any person; or

(iv) the information relates to the private affairs of an individual and publication of that information would or might seriously and prejudicially affect the interests of that individual;

(b) where the submitting party makes a claim that any document or part thereof is confidential for the purposes of this section, and one of the reasons indicates that specific direct hann would be caused to the submitting party or will seriously and prejudicially affect the interests ofan individual, details shall be provided as to the nature and extent ofsuch hann or prejudice;

(i) specific direct hann or prejudice would be likely to result and outweighs any public interest in disclosing the information, the Office or the Authority, as the case may be, shall classify the information as confidential;

(ii) no specific direct hann or prejudice would be likely to result from disclosure, or where any such specific direct hann or prejudice is shown but is not sufficient to outweigh the public interest in disclosing the information, the Office or the Authority, as the case may be, shall not classifY the information as confidential.

5.– The principal Act is amended by inserting next after section 7 the following as section 7 A:

7 A. For the purposes of section 7, the following information is not required to be regarded and dealt with as secret and confidential namely:

(a) information that will facilitate customers in their choice of facilities or specified services and development of the telecommunications industry; and

(b) information relating to:

(i) quality ofservice measurements;

(ii) prices charged to customers or other Licences;

(iii) network coverage of licensees;

(iv) the market share of licensees;

(v) the volume of services of licensees however measured;

(vi) the subscriber base of licensees; and

(vii) the capticity and usage of international submarine cables.”.

6.– Section 14 of the principal Act is amended:

(a) by deleting subsection (4) and substituting therefor the following

“(4) Where a licensee fails to comply with any requirement of a notice under subsection (1), the Office may recommend to the Minister that the licence:

(a) be suspended for such period as the Office considers appropriate; or

(b) be revoked.”; and

(b) in subsection (6) by deleting from:

(i) paragraph (b) the word”would” and substituting therefor the word”may”

(ii) paragraphs (c) and (d) the word”wilfully” wherever it appears;

(iii) paragraph (e) the word”violated” and substituting therefor the word”contravened”;

(iv) paragraph (h) the word”obligation”; and

(c) in subsection (7) , by deleting the numeral”(1)” and substituting therefor the numeral”(6)”.

7.– Subsection (2) ofsection 20 of the principal Act is amended section 20 of by deleting paragraphs (c) and (d) and substituting therefor the principal Act. following:

“(c) issue spectrum licences, authorizing the use ofspecified portions of the spectrum, on condition that the spectrum is to be used and operated:

(i) in an efficient manner; and

(ii) in accordance with international best practices;

(d) institute procedures for ensuring the compliance by spectrum licensees with any obligation regarding the use and operation of the spectrum, imposed by or under the spectrum licence, any provisions of this Act or any regulations made hereunder.”.

8.– Subsection (1) of section 21 of the principal Act is amended by:

(a) inserting immediately after the word”establish” the words” a body to be known as the”;

(b) deleting the words” (hereinafter referred to as”the Authority”)”,

9.- Subsection (1) of section 23 of the principal Act is amended by deleting the words”licence (hereinafter referred to as a”spectrum licence”)” and substituting therefor the words”spectrum licence”,

10.– The principal Act is amended by inserting next after section 23 the following as section 23A:

23A.:

(1) Where the Authority has reason to believe that a spectrum licensee has contravened any term or condition of the spectrum licence or has failed to pay any amount required under section 23(7) or 26, the Authority shall give to that spectrum licensee notice in Writing:

(a) specifying the particulars of the contravention; and

(b) requiring the spectrum licensee to justify its actions to the Authority, or otherwise, take such remedial action within such time as may be specified in the notice.

(2) Where the Authority gives any notice under subsection (1), the Authority shall send a copy thereof to the Minister, for his information.

(3) Where a spectrum licensee fails to justify its actions to the satisfaction of the Authority or fails or refuses to take any remedial action specified in the notice issued under subsection (I), the Authority shall notify the Minister, in writing, of the fact ofsuch failure or refusal.

(4) Where a spectrum licensee fails to comply with any requirements ofa notice under subsection (1), the Authority may recommend to the Minister that the spectrum licence:

(a) be suspended for such period as the Authority considers appropriate; or

(b) be revoked.

(5) Before suspending orrevoking a spectrum licence, the Minister shall direct the Authority to notify the spectrum licensee accordingly and shall afford the spectrum licensee an opportunity to show cause why the spectrum licence should not be suspended or revoked.

(6) Subject to subsection (8), the Authority may recommend to the Minister that a spectrum licence be suspended or revoked, as the case may be, if, on its own initiative or on representations made by any other person, the Authority is satisfied that the spectrum licensee has:

(a) knowingly made any false statement in an application for a spectrum licence or in any statement made to the Authority;

(b) knowingly failed to provide information or evidence that may have resulted in a refusal to grant a spectrum licence;

(d) contravened any provision of this Act or any rules or regulations made under this Act;

(e) contravened or failed to comply with a cease and desist order under this Act;

(f) provided services not authorized by its spectrum licence;

(g) failed to pay in a timely manner any fee determined or imposed pursuant to section 23(7) or 26;

(h) failed to utilize the spectrum efficiently at all.

(7) Where a licensee holds both a licence (in this section called a”telecommunications licence”) and a spectrum licence, the Minister may, upon the recommendation of the Authority, revoke the spectrum licence in any case where it has been proposed that the telecommunications licence be assigned or where the control of the licensee’s operations are being transferred (whether directly or indirectly).

(8) Before taking action under subsection (6), the Authority shall carry out such investigations as may be necessary and afford the spectrum licensee concerned an opportunity to be heard.

(9) For the purposes of this section, the Authority may:

(a) summon and examine witnesses;

(b) summon the production by the spectrum licensee concerned ofequipment, records, documents or other information maintained or stored by the spectrum licensee in whatever manner;

(d) enter and search, in the company of an authorized officer, the premises or other property of a spectrum licensee and inspect, or seal or remove such equipment, records, documents or other information for the purpose of carrying out its investigations.

(l0) If a person fails or refuses without reasonable cause, to furnish any equipment, record, document or other information to the Authority when required to do so or obstructs the Authority in the exercise ofits functions under this section, the Authority may apply to the Court for an order to compel the person to comply with the requirements of the Authority.”

11.- Section 27 of the principal Act is amended:

(a) by deleting the definition of”dominant public voice carrier” and substituting therefor the following:

“dominant public telecommunications carrier” means a public telecommunications carrier that holds a dominant position in the telecommunications market in Jamaica within the meaning ofsection 19 of the Fair Competition Act;”;

(b) in the definition of”interconnection provider”, by deleting the words”voice carrier” wherever they appear and substituting therefor, in each case, the words”telecommunications carrier”;

(c) in the definition of ”interconnection seeker”, by deleting the words”voice carrier” wherever they appear and substituting therefor, in each case, the words ”telecommunications carrier”;

(d) in the definition of ”point ofinterconnection”, by deleting the word”voice”;

(e) by deleting the definition of”public voice carrier”, and substituting therefor the following:

“public telecommunications carrier” means a carrier who owns and operates a public network used to provide telecommunications service to the public;

(f) by deleting the definition of ”reference interconnection offer” and substituting therefor the following

“reference interconnection offer” means an offer document setting out matters relating to the charges and terms and conditions under which a public telecommunications carrier will permit interconnection to its public network.”.

12.– Section 28 of the principal Act is amended by deleting from:

(a) subsection (1), the words ”voice carriers” and substituting therefor the words”telecommunications carriers”; and

(b) subsection (3), the words ”voice carrier” and substituting therefor the words ”telecommunications carrier”.

13.- Section 29 of the principal Act is amended:

(a) in subsection (1), by deleting:

(i) the words ”public voice network” wherever they appear and substituting therefor. in each case, the words ”public network”; and

(ii) the words ”voice services” and substituting therefor the words”telecommunications services”;

(b) in subsection (2), by deleting:

(i) the words”voice carrier” and substituting therefor the words”telecommunications carrier”; and

(ii) from paragraph (a), the words ”public voice network” wherever they appear and substituting therefor, in each case, the words ”public network”;

“(4) The Office may:

(a) on its own initiative, in assessing an interconnection agreement, make a determination of the tenns and conditions, including charges; or

(b) resolve post–contract disputes; and in resolving such disputes brought by a licensee before the Office for resolution:

(i) make such detennination as it thinks fit; and

(ii) the provisions ofsubsections (2) and (3) of section 34 apply, with such modifications as are appropriate, as they apply to pre-contract disputes.

(5) When making a detennination of an operator’s interconnection charges, the Office shall have regard to:

(a) the principles of cost orientation or reciprocity;

(b) local or international benchmarks; or

(6) Any detennination of the Office made pursuant to subsection (4) shall be binding on the operator.

(7) For the purposes ofsubsections (4) and (5):

“reciprocity” means basing a carrier’s interconnection charges on the interconnection charges ofanother carrier; and

“post-contract dispute” means a dispute between the parties to an interconnection agreement arising out ofthat agreement.”.

-The principal Act is amended by inserting next after section 29 the following as section 29A:

29A:

(1) Subject to subsection (3) the Office may:

(a) impose an infrastructure sharing obligation on a licensee, where the Office considers it to be justified having regard to any of the following considerations:

(i) matters relating to public health or to the environment or town planning or other development considerations;

(ii) economic inefficiencies; or

(iii) physical or technical impracticability; and

(b) determine the terms and conditions ofany infrastructure sharing obligation imposed pursuant to paragraph (a); and

(c) hear and determine complaints made by licensees and disputes in respect of charges and other terms and conditions of the infrastructure sharing arrangement.

(2) All infrastructure sharing arrangements made by the Office shall include the making of rales, after consultation with the Minister, for the apportionment of the costs of sharing infrastructure; and the rules shall be made in accordance with the principles set out in section 33.

(3) In determming whether to impose an infrastructure sharing obligation on a licensee, or in determining the terms and conditions of an infrastructure sharing obligation imposed under subsection (1), the Office shall consult with licensees, the relevant environmental and planning authorities and the Authority.

(4) In this section:

“infrastructure sharing” means the provision to licensees of access to tangibles used in connection with a public network or intangibles facilitating the utilization ofa public network;

“intangibles” includes agreements, arrangements, leases, licences, franchises, rightsof-way, easements and, other similar interests;

“tangibles” includes:

(a) lines, cables and wires;

(b) equipment and apparatus;

(d) conduits, tunnels and ducts;

(e) manholes and other holes and pits;

(f) poles and antennae;

(g) hats and landing stations; and

(h) land, building and other real property.”

15.- Section 30 of the principal Act is amended by deleting from:

(a) subsection (1):

(i) the words ”voice carrier” and substituting therefor the words”telecommunications carrier”; and

(ii) the words ”public voice network” and substituting therefor the words ”public network”; and

(b) subsection (2), the words ”voice carrier” and substituting therefor the words”telecommunications carrier”,

16.– Section 32 of the principal Act is amended:

(a) in subsection (I), by deleting:

(i) the words”public voice network” and substituting therefor the words”public network”; and

(ii) the words “’voice services” and substituting therefor the words ”telecommunications services”;

(b) in subsection (2), by deleting:

(i) the words “voice carrier” and substitutlrig therefor the words”telecommunications carrier”; and

(ii) the words “voice services” and substituting therefor the words”telecommunications services”;

(c) in subsection (3), by deleting the word ”prescribed” and substituting therefor the words ”specified by the Office and shall remain in force for a period not exceeding five years or such shorter period as the Office considers necessary having regard to technology and market developments”; and

(d) in subsection (4), by deleting the words”in the prescribed manner” and substituting therefor the words”and all existing interconnection agreements executed by the filing carrier shall be amended in accordance with the approved reference interconnection offer and until actually amended are deemed to be so amended”,

17.– Section 33 of the principal Act is amendecd:

(a) in subsection (l):

(i) by deleting the words”prices at which interconnection is to be provided” and . substituting therefor the words”charges for the provision ofinterconnection”;

(ii) by deleting from paragraph (e) the words”prices for interconnection” and substituting therefor the words”with the exception of interconnection charges for wholesale termination services, interconnection charges”;

(iii) by deleting the full stop appearing at the end of paragraph (f) and substituting therefor a semicolon; and

(iv) by inserting next after paragraph (f) the following as paragraph (g):

“(g) in the case of charges for wholesale termination services, charges shall be calculated on the basis of forward looking long run incremental cost, whereby the relevant increment is the wholesale termination service and which includes only avoidable costs.”;

(b) by deleting subsection (2) and substituting therefor the following:

“(2) Where the Office has been unable to obtain cost information that it is reasonably satisfied is relevant and reliable it may take into account local and international benchmarks, reciprocity and any other approach that in the opinion of the Office is relevant.”;

“(3) In this section:

(a)”access deficit” means the amount by which a carrier’s revenue from connection and line rental charges falls short of the cost ofproviding access lines due to regulatory constraints on those charges;

(b) ”avoidable costs” means the difference between:

(i) the identified total long run costs of a carrier providing its full range of telecommunications services; and

(ii) the identified total long nut costs of the carrier providing its full range oftelecommunications services, except for the wholesale call termination service supplied to any third party (which costs exclude nontraffic-related costs).”

18.- Section 34 of the principal Act is amended:

(a) by deleting subsection (2) and substituting therefor the following:

“(2) The Office may, after consultation with the Minister, make rules applicable to the arbitration ofpre-contract disputes.”; and

(b) in subsection (4), by deleting the words”voice carrier” and substituting therefor the words ”telecommunications carrier”.

19.– Section 35 of the principal Act is amended by deleting:

(a) from subsection (1) (i) the words ”subject to subsection (3), make rules subject to affinnative resolution” and substituting therefor the words”, after consultation with the Minister, make rules”; and (ii) the words ”voice carriers” and substituting therefor the words”telecommunications carriers”; and

(b) subsection (3).

20.- Section 36 of the principal Act is amended:

(a) in subsection (1), by deleting:

(i) the words”subject to affinnative resolution”; and

(ii) the words ”voice carrier” and substituting therefor the words ”tdecommunications carrier”; and

(b) by deleting subsection (2) and substituting therefor the following:

(2) In this section:

“calling platform” means an automated gateway which authenticates the caller for access, such as by way ofan access code, credit card number, prearranged billing based on the calling number.”.

“indirect access”:

(a) means the method whereby customers of a particular carrier are able to access specified services provided by another carrier through the· telecommunications network and the telecommunications services of the first mentioned carrier With whom the customer is directly connected; but

(b) does not include two stage dialling, this being the method by which the customer of one licensee is able to dial a ITU-TEI64 number to reach a calling platfonn which facilitates the customer’s access to the specified services ofother licensees;

21.- Section 37 of the principal Act is amended by deleting by deleting subsection (1) and substituting therefor the following as subsection (1):

“(1) The Minister may after consulation with the office make rules imposing on any public telecommunications carrier the responsability to offer number portability.”

22.- The principal Act is amended by inserting next after section 37 the following as section 37A:

37A:

(1) Subject to subsection (2), the Office may set Interim interconnection charges and an interim Price cap for retail rates for telecommunications services.

(2) Interim interconnection charges and Interim Price caps for retail rates set pursuant to subsection (1) shall:

a) be applicable for a defined period, (being a period not exceeding twelve months);

b) be established, pending the completion of the process to determine interconnection charges or to make Price cap rules, as the case may be, in accordance with section 4(2), 33 and or 46.

(3) When setting an interim interconnection charge ora n interim Price cap for retail rates, the Office shall have regard to reciprocity, local or international benchmarks or such other relevant data or information as may be available to the Office, from time to time.

(4) In the event that the Office is unable to determine interconneclion charges or make price cap rules for retail rates before the expiration of the defined period; the Minister may extend the application of the interim interconnection charges or interim price caps for retail rates for a further period, being a period not exceeding six months.

(5) If, after the further period, the interconnection charges or price cap rules for retail rates are still not determined by the Office, the midpoint between the interconnection charges or price cap rules for retail rates that were applicable before and after the setting of the interim interconnection charges or interim price cap rules for retail rates shall apply until such determination is made by the Office, but shall not have retroactive effect.

(6) The power of the Office to set interim interconnection charges or price cap rules for retail rates under this section shall not be subject to the provisions of section 4(2),33,46,60 or 62.”.

23.- Section 38 of the principal Act is amended;

(a) by renumbering the section as subsection (1) of the section;

(b) in subsection (1), as renumbered, by:

(i) deleting from paragraph (a) the word ”voice”;

(ii) renumbering paragraph (d) as paragraph (e); and

(iii) inserting next after paragraph (c), the following as paragraph (d):

“(d) there shall be a universal service levy that shall be imposed, by the Minister, on licensees, in support of universal service;”; and

“(2) The Minister may, after consultation with the Office, make regulations, subject to affirmative resolution, in relation to the computation of the univerSal service levy.”.

24.-

(1) The provisions of subsection (2) shall come into Insertion of operation on such date as the Minister may by order published the Gazette specify.

(2) The principal Act is amended by inserting next after section 38 the following as sections 38A, 38B, 38C, 38D, 38E, 38F, and 38G“

38A:

(1) There is hereby established for the purposes of this Act, a body to be known as the Universal Service Fund which shall be a body corporate to which section 28 of the Interpretation Act shall apply

(2) The provisions of the Third Schedule Schedule shall have effect as to the constitution of the Fund and otherwise in relation thereto.

38B The objectives of the Fund shall be to support the implementation of the obligation to provide universal service, as approved by the Minister, in accordance with the principles set out in section 39(2) and the use specified in section 42A.

38C.-

(1) There shall be established for the purposes of this Act, a Board of Management of the Fund which shall, subject to the provisions of this Act, be responsible for:

(a) the general management of the resources of the Fund within the guidelines established by the Minister;

(b) the policy and general administration of the affairs of the Fund;

(c) recommending to the Minister such projects and programmes to be financed from the Fund, the purposes of which fall within section 39(2) and 42(A);

(d) investing the moneys of the Fund;

(e) monitoring the implementation of projects financed by the Fund;

(f) doing or causing to be done such other things as are necessary or expedient for or in connection with the proper performance of the functions of the Fund.

(2) The provisions of the Third Schedule shall have effect as to the constitution of the Board of Management and otherwise in relation thereto.

38D:

(1) The funds and resources of the Fund shall consist of:

(a) the universal service levy imposed on licensees pursuant to this Act;

(b) all amounts which accrue from interest, realized gains on investments, loan repayments and other accretions to the Fund; and

(2) All moneys of the Fund not immediately required tobe expended in meeting any of its obligations or discharging any of, its functions may with due regard to the level ofinflows, be invested in such lnterest bearing securities in Jamaican currency local and foreign currency as may be approved either generally or specifically by the Minister responsible for finance, who shall (as regards any proposed investment in foreign securities or foreign currency instrwnents) act after consultation with the Bank of Jamaica.

(3) The expenses of the Fund shall be managed so as to maximize operational efficiency, and shall be paid out of the Fund.

38E:

(1) The Fund shall keep proper accounts and other records in relation to its business and shall prepare annually a statement ofaccounts in a fonn satisfactory to the Minister and confonning to established accounting principles.

(2) The accounts of the Fund shall be audited annually by an auditor appointed by the Board of Management of the Fund.

(3) The Auditor-General shall be entitled at all times to examine the accounts of the Fund.

38F:

(1) The Fund shall, within four months after the end ofeach financial year, cause to be made and shall transmit to the Minister a report dealing generally with the activities of the Fund during the preceding financial year.

(2) The Minister shall cause a copy of the report, together with the annual statement ofaccounts and the auditor’s report thereon to be laid in the House of Representatives and the Senate.

38G. The Fund shall furnish the Minister with such returns, accounts and other information as he may require with respect to the Fund, and shall afford to the Minister the facilities for verifying such information in such manner and at such times as he may reasonably require.”.

25.– Section 39 of the principal Act is amended:

(a) in subsection (1), by deleting the word ”and” appearing at the end ofparagraph (a} and substituting therefor the word ”or”;

(b) in subsection (2), by deleting paragraph (d) and substituting therefor the following:

“(d) to the extent technically feasible, and insofar as the necessary resources are available, to:

(i) promote Internet access in educational institutions, public libraries and post offices throughout Jamaica;

(ii) pursue strategies to increase access to high capacity networks and the dissemination of information and communications technology services in un-served and under-served areas ofJamaica;

(iii) support information and communications technology programmes that specifically target vulnerable groups, including low-income households, the elderly, the youth and disabled persons;

(iv) provide access points and multifunction telecentres;

(v) fund connectivity services and support the provision of infrastructure to educational institutions, public libraries and post offices throughout Jamaica to facilitate the use of information and communications technology;

(vi) provide Internet access devices and applications for the training of students in the use of the Internet and other information and communications technology services to support Government’s plan of creating an information and knowledge-based society;”.

“(7) in this Part”eligible revenues” means revenues which form the basis of calculation of contributions by licensees, determined in the prescribed manner”.

26.- Section 42 of the principal Act is amended, by deleting:

(a) from subsection (2) (b), the words ”universal service obligation levy” and substituting therefor the words ”universal service levy”; and

(b) subsection (3).

27.- The principal Act is amended by inserting next after section 42 the following as section 42A:

42A.:

(1) The universal service levy shall utilized to fund the obligation to provide universal service as determined pursuant to section 39(2) and the following, namely:

(a) the provision of loans or grants for information and communications· technology projects operated by local non-profit organizations and loans, grants or equity investment for information and communications technology projects operated by local micro, small and medium-sized-businesses (excluding domestic network operators) for the purpose of stimulating the expansion of information and communications technology access;

(b) the facilitation of lifelong learning and a knowledge-based society by providing universal access to information;

(d) the promotion of information, and the enhanced development of local content; and

(e) the promotion of information and communications technology literacy through literacy programmes and the Government’s delivery of e-services.

(2) In this Part ”domestic network operator” means a domestic carrier that owns or operates a public netWork.

28.- Section 43 of the principal Act is amended by deleting the definition of”consumer” and substituting therefor the following:

“consumer” means a person to whom facilities or specified services are provided or are intended to be provided in the course of a business carried on by a carrier or service provider;”.

29.– Section 44 of the principal Act is amended;

(a) in subsection (1), by deleting:

(i) the words ”retail services” and SUbstituting therefor the words”facilities or specified services”;

(ii) the words ”those services” wherever they . appear and substituting therefor, in each case, the words ”those facilities or specified services”;

(b) in subsection (2), by deleting the word ”services” and substituting therefor the words”facilities or specified services”; and

“(3) The Office may:

(a) make rules prescribing quality standards for the provision offacilities or specified services in relation to all licensees, and relating to the administration and resolution ofcustomer complaints; and

(b) direct the licensees to conduct all required associated measurements and to report to the Office thereon in such manner and at such intervals. as the Office may determine.

(4) Rules made under subsection (3) regarding customer complaints shall be applicable to, and shall be observed by, all licensees.

(5) The Office may:

(a) examine customer contracts in respect offacilities or specified services; and

(b) direct the modification ofany term ofsuch a contract which appears to the Office to be unreasonable or unfair.”.

30.– Section 45 of the principal Act is repealed and the following substituted therefor:

“45. A licensee may:

(a) refuse to provide facilities or specified services to consumers; or

(b) discontinue or interrupt the provision of such facilities or specified services to a customer pursuant to agreement with that customer, only on grounds which are reasonable and non-discriminatory and where any such action is taken, the licensee shall state the reasons therefor.”

31.– Section 46 of the principal Act is amended in subsection (2) by inserting immediately after the word” rules ” the words” after consultation with the Minister”.

32.– Section 48 of the principal Act is amended, in the marginal note thereto and in subsection (1), by deleting the words ”voice services” wherever they appear and substituting therefor, in each case, the words ”telecommunications services”.

33.– Section 57 of the principal Act is amended by deleting the words ”subject to affirmative resolution”.

34.– Section 60 of the principal Act is amended :

(a) by deleting from the inarginalnote the words ”or Office” and substituting therefor the words, ”Office or Authority”;

(b) in subsections (4), (5), (6) and (8) by inserting next after the word ”Office” wherever it, appears, the words ”or Authority, as the case may be,” in each case.

35.- Section 62 of the principal Act is amended:

(a) in subsections (1) and (2) by inserting next after the word ”Office” wherever it appears, the words”or Authority, as the case may be.” in each case;

(b) by deleting subsection (3) and substituting therefor the following:

“(3) Except where the Office or the Authority. as the case may be, considers the circumstances of any appeal to be exceptional so as to justify its staying the decision to which the appeal relates. it is hereby declared that, until the determination of the appeal, the decision of the Office or the Authority, as the case may be, to which an appeal relates shall not be affected by the appeal proceedings.”; and

(c) in subsection (4), as renumbered, by inserting next after the word ”Office” the words”or Authority, as the case maybe”.

36.– Section 63 of the principal Act is amended:

(a) in the marginal note by inserting immediately after the word ”Power” the words” of the Office.”;

(b) by deleting subsections (1) and (2) and substituting therefor the following as subsections (1), (2), (3), (4) and (5)

“(1) A person commits an offence if he:

(a) provides false or misleading information to the Office;

(b) fails to furnish any equipment, record, document or other information requested by the Office; or

(c) destroys or alters or causes to be destroyed or altered, any equipment, record, document or other information required to be so furnished.

(2) A person commits an offence if he engages in any of the following conduct:

(a) operates or knowingly facilitates any bypass operation in contravention of this Act or regulations made under this Act;

(b) owns or operates an unlicensed facility;

(d) undertakes or embarks upon any course of action which could reasonably be expected to result in the disruption or interruption of the telecommunications industry; or

(e) breaches any order of the Office issued pursuant to subsection (3).

(3) The Office may, ort its own initiative or on the application ofany person, where it is satisfied that there are reasonable grounds for believing that any conduct specified in paragraphs:

(a) to (c) ofsubsection (2) or paragraph (a) of section 65 is being carried out by any person (a) issue to the person concerned:

(i) a cease and desist order in accordance with section 64;

(ii) an order requiring a licensee to pay compensation to any person affected by any action of the licensee in contravention of this Act or any regulations made under this Act or any licence, determination, memorandum, order or directive of the Office;

(iii) an order requiring the licensee to take such steps as are necessary to remedy the effects of any harm caused by the conductof the licensee incontravention of this Act, any regulations made under this Act or any licence, determination, memorandum, order ordirective of the Office;

(iv) an order to tenninate, modify or nullify agreements activities or decisions of the licensee which are found to be in contravention of this Act or, any regulation made under this Act or any licence, detennination, memorandum, order or directive of the Office;

(b) apply to the court for an injunction against a licensee, whose actions, in the opinion of the Office, could cause severe disruption to the operations of another licensee or could cause irreparable damage.

(4) In a case where a court issues an interim injunction in response to an application under subsection (3)(2)(b), the court shall not require a financial undertaking by the Office.

(5) A person who commits an offence under subsection (1) or (2) shall be liable:

(a) on summary conviction in a Resident Magistrate’s Court, to a fine not exceeding two million dollars or to imprisonment for a tenn not exceeding [six months], or to both such fine and imprisonment; or

(b) on conviction on indictment in a Circuit Court, to a fine not exceeding two years, or to both such fine and imprisonment.”;

(6), as renumbered, by deleting the words”subsection (1)” and substituting therefor the words”subsection (3)”;

( d) in subsection (7) as renumbered by deleting the numerals”(3)(a)” and substituting therefor the numerals”(6)(a)”;

(e) in subsection 8, as renumbered by deleting the numerals”(4)(b)” and substituting therefor the numerals”(7)(b)”.

37.– The principal Act is amended by inserting next after section new sections 63 the following as sections 63A and 63B:

63A.-

(l) A person commits an offence if he engages in any of the following conduct:

(a) provides false or misleading information to the Authority or to, the Minister whether in support of an application under or any other matter in relation to this ad;

(b) engagesinthe use of the spectnnn without first obtaining a spectrum licence;

(c) fails to furnish any equipment, record, document or other information requested by the Authority pursuant to this Act;

(d) destroys or alters or causes to be destroyed or altered, any equipment, record, document or other information required to be so furnished;

(e) being a spectrum licensee, utilizes frequencies other than those for which authorization was granted by the Authority or the Minister;

(f) fails to comply with a request or directive issued by the Authority or’ Minister in the manner and within the tiIneframe stipulated;

(g) being a spectrum licensee, fails to pay spectrwn licence fees and regulatory fees prior to the commencement of the relevant licensing period and in accordance with the terms and conditions of the spectrum licence;

(h) breaches orders, directives, determinations or memoranda issued by the Authority;

(i) behaves in a manner which contravenes the provisions of:

(i) this Act or any regulations made under the Act;

(ii) any spectrum licence; or

(iii) orders, directives, determinations or memoranda of the Authority;

(j) breaches any order of the Authority issued pursuant to subsection (2).

(k) obstructs, hinders or prevents any authorized officer from entering premises for the purposes of carrying out an investigation under this Act;

(l) wilfully uses any apparatus for the purpose ofcausing harmful interference.

(2) The Authority may, on its own initiative or on . the application ofany person, where it is satisfied that there are reasonable grounds for believing that any conduct specified in paragraphs [(a) to (I)] of subsection (l) is being carried out by any person:

(a) issue to the person concerned:

(i) a cease and desist order in accordance with section 64;

(ii) an order requiring the spectrum licensee to take such steps as are necessary to remedy the effects of any harm caused by the conduct of the spectrum licensee in contravention of this Act, or regulation made under thisAct, or any licence, determination, memorandum, order or directive of the Authority;

(iii) an order to terminate, modify or nullify agreements activities or decisions of the spectrum licensee which are found to be in contravention of this Act or regulation made under this Act or any spectrum licence, determination, memorandum, order or directive of the Authority;

(b) apply to the court for an interim injunction against· a spectrum licensee, whose actions, inthe opinion of the Authority, could cause severe disruption to the operations of another spectrum licensee or could cause irreparable damage.

(3) Ina case where a court issues an interim injunction in response to an application under subsection (2)(b), the court shall not require a financial undertaking by the Authority.

(4) An order under subsection (2) shall:

(a) state the facts constituting the alleged conduct and where appropriate, the name of the person against whom the allegation is made; and

(b) be accompanied by documents, ifany, insupport of the allegation.

(5) Before issuing a cease and desist order, the Authority shall cause to be served on the person concerned, a notice:

(a) containing a statement of the facts referred to in subsection (4)(a); and

(b) specifying the period within which and a place at which a hearing will be held to afford to the person concerned an opportunity to show cause why the order should not be made.

(6) Where at a hearing referred to in subsection (5) (b):

(a) the person concerned fails to show cause why the cease and desist order should not be made, the order shall be issued; or

(b) the Authority detennines that the alleged conduct has not occurred, a cease and desist order shall not be issued.

(7) A person who commits an offence under subsection (1) shall be liable on summary conviction in a Resident Magistrate’s Court, to a fine not exceeding three million dollars or to imprisonment for a tenn not exceeding one year, orto both such fme and imprisonment.

63B.:

(1) This section applies to an offence Offences against this Act and regulations made under this Act being a prescribed offence.

(2) Where the Office orAuthority, as the case may be, believes that a person has committed an offence in relation to its area ofregulation and to which this section applies, the Office or Authority may give that person the prescribed notice in writing offering the opportunity of the discharge ofliability to conviction for that offence by payment to the Office or Authority, as the case may be, in the manner specified in the notice, of the prescribed pecuniary penalty applicable.

(3) A person shall not be liable to be convicted ofany offence referred to in subsection (2) ifthe pecuniary penalty is paid in accordance with this section and any requirement in respect of which the offence was committed is complied with before the expiration of the period specjfied in the notice referred to in subsection (2) and shall be a date not less than twenty-one days following the issue of the notice.

(4) Where any person pays the pecuniary penalty in accordance with subsection (3) and complies with any other requirement specified in the notice, the Office or Authority, as the case may be, shall accept that amount as complete satisfaction ofany liability to conviction.

(5) Payment of a pecuniary penalty under this section shall be made to the Office or Authority, as the case may be, which shall cause it to be paid into the Consolidated Fund.

(6) In any proceedings for an offence to which this section applies, a certificate that payment of the pecuniary penalty was or was not made to the Office or Authority, as the case may be, by a date specified in the certificate shall, if the certificate purports to be signed by the Office or, as the case may be, the Authority, be sufficient evidence of the facts stated, unless the contrary is proved.

(7) Anotice under subsection (2) shall:

(a) specify the offence alleged;

(b) give such particulars of the offence as are necessary forgiving reasonable information of the allesation; and

(c) state the period during which, by virtue of subsection (3), proceedings will not be taken for the offence, the amount of the pecuniary penalty, and the address at which the pecuniary penalty may be paid.

(8) In any proceedings for an offence to which sub-section (2) applies, no reference shall be made after the con-viction of the accused to the giving of any notice under this section or to the payment or non-payment ofa penalty there-under unless, in the course of the proceedings or in some document which is before the court in connection with the proceedings, reference has been made by or on behalf of the accused to the giving ofsuch a notice or, as the case may be, to such a payment or non-payment.

(9) The Minister may make regulations providing for any matter incidental to the operation of this section, and in particular:

(a) prescribing the offences to which this section applies;

(b) prescribing the form fo notice under subsection (2), and the place at which a pecuniary penalty is payable; and

(c) prescribing the duties of the Office and Authority and the information, with regard to any payment made pursuant to a notice under this section, to be supplied to the Office or Authority, as the case may require”

38.- Section 65 of the principal Act is repealed and the following substituted therefor:

The Court may exercise any of the powers specified in section 66, ift he Court is satisfied:

(a) on an application by the Office, that a licensee has engaged in any of the following conduct:

(i) breaches any order, directive, determination or memorandum of the office;

(ii) behaves in a manner which is inconsistent with or contravenes provisions of:

this Act or any regulations made under this Act or the Office of Utilities Regulation Act or any regulations made thereunder;
any licence; or
any order, directive, determination or memorandum of the Office;

(iii) breaches any quality of service standards established or approved by the Office; or

(iv) undertakes or embarks upon any course of action which could reasonably be expected to result in the disruption or interruption of the telecommunication industry.

(b) on an application by the Authority that a spectrum licensee:

(i) has engaged in any of the conduct specified in section 63A(I);

(ii) has contravened any provision of this Act or any regulations made under this Act.”.

39.- Subsection (1) of section 66 of the principal Act is amended:

(a) by deleting paragraph (a) and inserting therefor the following as paragraph (a):

“(a) order the offending licensee to pay to the Crown pecuniary penalty not exceeding two hundred million dollars or the offending spectrum licensee to pay to the Crown pecuniruy penalty not exceeding three million dollars”; and

(b) in paragraph (b) by:

(i) inserting immediately after the word ”licensee” the words ”or spectrum licensee”; and

(ii) deleting the words ”subsection (1) (a) or (b) of”.

40.– Section 71 of the principal Act is amended:

(a) in subsection (1), by deleting the words ”The Office” and substituting therefor the words ”Unless otherwise specified in this Act, the Office”; and

(b) in subsection (2), by deleting the words ”five hundred thousand” and substituting therefor the words ”two million”.

41.- The principal Act is amended by inserting next after section 71 the following as section 71A

71A. Notwithstanding the powers of the Office under this Act, the Office may forbear from enforcing any provision of this Act or any regulations made under this Act if the Office determines that:

(a) enforcement of the provision or regulations is not necessary to ensure that the achievement of the objects of the Act;

(b) enforcement of the provision or regulations is not necessary for the protection of consumers;

(d) forbearance from enforcing the provision orregulations is consistent with the public interest.” .

42.-Subsection (2) of section 72 of the principal Act is amended by deleting the words ”five hundred thousand” and substituting therefor the words ”three million”

The principal Act is amended by inserting next after section 72 the following as section 72A:

72A.-The Minister may, by order subject to Minister to affirmative resolución, amend the monetary penalties imposed by this Act.

44.- The principal Act is amended by inserting next after the Second Schedule the following as the Third Schedule:

THIRD SCHEDULE (Section 38A and 38C)

The Universal Service Fund

(1) The seal of the Fund shall be kept in the custody of the chairman or of any officer of the Fund authorized by the Board in that behalf, and shall be affixed to instruments pursuant to a motion of the Board in the presence of the chairman or any other member duly authorized to act in that behalf and the secretary.

(2) The seal of the Fund shal1 be authenticated by the signature of the secretary or any other member of the Board duly authorized to act in that behalf.

(l) Subject to sub-paragraph (2), the Fund shall appoint and employ at such remuneration and on such terms and conditions as it thinks fit a chief executive officer and such other officers and employees as it thinks necessary for the proper carrying out of the provisions of this Act.

(2) The Fund shall act in accordance with such guidelines in relation to emoluments payable to the staff of public bodies, as are issued from time to time by the Minister responsible for the public service.

All documents, other than those required by law to be under seal, documents made by, and all decisions of the Fund may be signified under the hand of the chairman or any member of the Board authorized to act in that behalf or an officer of the Fund so authorized.

The Board of Management of the Fund

The Board shall consist ofsuch number of members being not less than nine nor more than thirteen as the Minister may from time to time appoint including

(a) the following persons who shall be ex-officio members:

(i) the Financial Secretary or his nominee;

(ii) the Director General of the Planning Institute ofJamaica or his nominee;

(iii) the Chief Executive Officer of the Fund.

(b) such other persons who appear to the Minister to have ability andexperience in matters relating to the activities of the Fund (hereinafterreferred to as ”selected members”).

5.-

(1) The Minister shall appoint:

(a) one of the members to be chairman of the Board; and

(b) a deputy chairman from among the other members.

(2) In the case of the absence or inability to act of the chainnan, the deputy chainnan shall exercise the functions of the chairman.

(3) In the case of the absence or inability to act at any meeting of both the chairman and the deputy chairman, the remaining members shall elect one of their number to act as chairman ofthat meeting.

Subject to the provisions of this Schedule, a selected member of the Board shall hold office for a period not exceeding three years and each such member shall be eligible for re-appointment.

The Minister may appoint any person to act in the place of any member of the Board in the case of the absence or inability to act of suchmember.

A selected member of the Board may at any time resign his office by instrument in writing addressed to the Minister and transmitted through the chainnan; and from the date ofreceipt by the Minister ofsuch instrument, such member shall cease to be a member of the Board.

The Minister may at any time revoke the appointment of a selected member if he considers it expedient so to do.

The names of all members of the Board as first constituted and every change in membership thereof shall be published in the Gazette.

11.-

(1) The Minister may, on the application of any selected member of the Board, grant leave of absence to such member.

(2) The appointment of a selected member shall be regarded as terminated if, without the grant of leave of absence, that member is absent from three consecutive meetings of the Board.

12.-

(1) The Board shall meet at such times as may be necessary orexpedient for the transaction of business (but at least six meetings shall beheld within each financial year) and such meetings shaH be held at suchplaces and times and on such days as the Board shall determine.

(2) The chairman may at any time call a special meeting of the Boardto be held within [seven] days of a written request for the purpose addressed tohim by any two members of the Board.

(3) The chairman or, in the case of the absence or inability to act of the chairman, the deputy chairman or the person elected to act as chairman inaccordance with paragraph 5(3) shall preside at the meetings of the Board, and when so presiding the chairman, deputy chairman or the person elected to act as chairman, as the case may be, shall have an original and a casting vote.

(4) The quorum of the Board shall be the number rounded up that approximates to one-half the number of the membership.

(5) The decisions of the Board shall be by a majority ofvotes and, in addition to an original vote, the chairman or other member presiding at the meeting shall have a casting vote in any case in which the voting is equal.

(6) Minutes in proper form of each meeting of the Board shall be kept.

(7) Subject to the provisions of this Schedule the Board may regulate its own proceedings.

A member of the Board who is directly or indirectly interested in any matter which is being dealt with by the Board shall of interest (a) disclose the natUre of his interest at a meeting of the Board; and (b) not take part in any deliberation or decision of the Board with respect to that matter.

14.-

(1) The Board may appoint such committees as it thinks fit, consisting wholly or partly of members of the Board and may delegate to such committees such of the Board’s functions as it thinks fit.

(2) A delegation under subparagraph (1) shall not prevent the exercise by the Board of any function so delegated.

There shall be paid to the chairman and each member of the Board such remuneration, if any (whether by way ofhonorarium, salary or fees) and such allowances as the Minister may determine.

No act done or proceeding taken under this Act by the Board shall be questioned on the ground of:

(a) the existence ofany vacancy in the chairmanship of, or any defectin the constitution of, the Board; or

(b) any omission, defect or irregularity not affecting the merits of the case.

17.-

(1) No member of the Board shall be personally liable for any act or default of the Board done or omitted to be done in good faith in the course of the operation of the Board.

(2) Where any member of the Board is exempt from liability by reason only of the provisions of this paragraph, the Fund shall be liable to the extent that it would be ifthat member were an employee or agent of the Fund.

The office ofa selected member of the Board shall not be a public office for the purposes of Chapter V of the Constitution of Jamaica.”.

45.-

(1) Any instrument which was issued, served or granted under any provision of the principal Act which is repealed, amended or which ceases to have effect by virtue of this Act shall, without prejudice to any power to amend such instrument, and subject to such modification as may be necessary to bring it in confonnity with the principal Act as amended by this Act, continue in force until superseded, evoked or otherwise terminated, and shall be deemed to have been issued, served or granted under the principal Act as amended by this Act.

(2) In this section”instrument” means any licence, notice, determination, order, declaration or other authority or any instrument or other requirement, as the circumstances may require that was issued, served or granted pursuant to the principal Act and was in operation prior to the coming into operation of this Act.

MEMORANDUM OF OBJECTS AND REASONS

An Information and Communications Teclmology (ICn Policy for Jamaica was tabled in Parliament in April, 2011. The Policy recognizes the inadequacy of current legislation to meetthe needs of a liberalized and converged ICT environment and, as such, inakes recommendations for the promulgation ofan leT Act to address these concerns.

In the interim, a decision has been taken to amend the Telecommunications Act to address inter alia some of the major concerns highlighted in the ICT Policy. Other provisions have been included for the purpoSes of facilitating the optirrialfunctioning of the Telecommunications Industry. Therefore, this Bill seeks to amend the Telecommunications Act to address:

(a) the sharing of telecommunications facilities and infrastructure, where feasible;

(b) allowing the Office of Utilities Regulation (O.U.R.) to take into account, when detennining rates, all relevant factors, including cost orientation and local and international bench marks;

(c) the granting to the O.U.R. of an express power to set interim rates for wholesale and retail services where there is a marked diversity in rates; and without the application ofsuch rates having retroactive effect;

(d) procedures regarding the use and operation of the spectrum, so as to ensure its efficient use and operation;

(e) provision for the O.U.R. and the Spectrum Management Authority (S.M.A) to be given direct enforcement powers, thereby enabling them to:

(i) impose remedies, including, inter alia, orders for compensation to persons adversely affected by any action by licensees, which contravene the Act, or any rules, regulations or directives of the O.U.R. and S.M.A, orders to terminate, modify or nullify agreements, activities or decisions of licensees, found to be in contravention of the Act, rules, regulations or directives of the O.U.R. and S.M.A;

(ii) petition the court for an interim injunction against any licensee whose actions, in the opinion of the O.U.R. or the S.M.A, may cause irreparable damage; and, in this regard, prevent the O.U.R and the S.M.A from having to first provide a financial undertaking;

(iii) impose fIXed pecuniary penalties giving offenders the opportunity to discharge liability and avoid court proceedings upon payment of the fixed penalties.

Additionally, the Bill seeks to expand the principles of universal service (beyond physical access) to encompass resource access and basic access. Further, the Bill also seeks to make the quantum of the universal service levy subject to affirmative resolution of the Houses of Parliament.

PHILLIP PAULWELL Minister of Science, Technology, Energy and Mining

07Sep/17

Reglamento núm. 8568 de 27 de febrero de 2015

7 septiembre, 2017Puerto Rico, ReglamentoConsumidores, Datos de ciudadanos, Implanta publicación política privacidad, Manejo datos privados y personales, Reglamento 8568 Puerto RicoJosé Cuervo

Reglamento núm. 8568 de 27 de febrero de 2015, Reglamento para Implantar la Publicación de la Política de Privacidad en el Manejo de Datos Privados y Personales de Ciudadanos, según Recopilados en Puerto Rico

Artículo 1.- Base Legal

El presente Reglamento se adopta de conformidad a los poderes y facultades conferidas al Departamento de Asuntos del Consumidor por la Ley núm. 170 de 12 de agosto de 1988, según enmendada y la Ley núm. 39, de 24 de enero de 2012.

Artículo 2.- Propósito

Este conjunto de reglas se adopta con el propósito de establecer las normas que habrán de regir la manera en que todo comercio publicará sus políticas de privacidad, referentes a la información sobre datos personales de sus consumidores o clientes que recopile como parte de sus transacciones comerciales cibernéticas. El Departamento de Asuntos del Consumidor velará por la implementación y fiscalización de estas normas.

Artículo 3.- Alcance y aplicación

Este Reglamento aplicará a todo comercio registrado en el Estado Libre Asociados de Puerto Rico, y/o que haga negocios en Puerto Rico a través de la internet.

Artículo 4.- Interpretación

a) Este Reglamento deberá interpretarse liberalmente a favor del consumidor y con el ánimo de cumplir con los mandatos de la Ley núm. 39, supra y de la Ley núm. 5, supra.

b) En el caso de que alguna ley, reglamento o disposición federal sobre manejo de información personal sea de aplicación a alguna industria o entidad en específico, este Reglamento se interpretará de manera consistentemente con dicha ley, reglamento o disposición federal.

c) En caso de discrepancia entre el texto original en español y su traducción al inglés, prevalecerá el texto en español.

d) Las palabras y frases utilizadas en este Reglamento se interpretaran según el contexto en que sean utilizadas y tendrán el significado sancionado por el uso común y corriente del idioma.

e) En los casos aplicables, las palabras utilizadas en el tiempo presente incluyen también el futuro; las utilizadas en el género masculino incluyen el femenino; el singular incluye el plural y el plural incluye el singular.

Artículo 5.- Definiciones

Para propósitos de este Reglamento y de los anejos u órdenes administrativas que se aprueben en virtud del mismo, las siguientes palabras o términos, tendrán los significados que a continuación se expresan, excepto donde el contexto claramente exprese otra cosa:

a) “Comercio”.- Establecimiento comercial donde se llevan a cabo transacciones comerciales sobre bienes y servicios con personas que los adquieren para su uso o disposición personal sin ánimo de reventa. El término Comercio incluye, cuando sea apropiado, al Operador de Página de Internet según definido en este Reglamento.

b) “Departamento”.- Departamento de Asuntos del Consumidor

c) “Información Personal”.- significa cualquier nombre o número que pueda utilizarse, por sí mismo o junto con cualquier otra información, para identificar a un individuo en específico, incluyendo, pero sin limitarse, a:

* Nombre y apellidos;

* Número de seguro social;

* Fecha y/o lugar de nacimiento;

* Estado civil;

* Género;

* Dirección física o postal;

* Código Postal;

* Dirección de correo electrónico;

* Número de teléfono;

* Número de licencia de conducir;

* Número de pasaporte;

* Huella(s) dactilar(es);

* Grabaciones de voz;

* Imágenes de retina; y

* Cualquier otra información que permita identificar, física o electrónicamente, a una persona natural.

d) “Internet”.- Es la Red Mundial de Comunicaciones que conecta computadoras alrededor del mundo. Esta red de comunicaciones permite al usuario conectarse a miles de computadoras y acceder su información.

e) “Ley”.- Ley núm. 39 del 24 de enero de 2012 y sus enmiendas prospectivas

f) “Operadores de páginas”.- significa cualquier persona natural o jurídica residente o que haga negocios en o desde Puerto Rico que sea dueña y/u operadora de una página localizada en Internet o de cualquier servicio en línea que se encuentre dirigido principalmente hacia la obtención de un beneficio mercantil o de remuneración monetaria y que por cualquier medio recopile y/o conserve información personal de usuarios residentes de Puerto Rico. Esta definición excluye a los proveedores de servicio de Internet que no sean dueños y/u operadores de las páginas en cuestión.

g) “Personal que recopila información personal”.- significa cualquier persona natural o jurídica que incurra en actividades comerciales dirigidas principalmente hacia la obtención de un beneficio mercantil o de remuneración monetaria y que en el curso de dichas actividades, por cualquier medio recopile y/o conserve información personal de residentes de Puerto Rico.

h) “Política de Privacidad”.- significa un documento que describa las prácticas de recopilación, manejo y disposición de Información Personal.

i) “Secretario”.- Secretario del Departamento de Asuntos del Consumidor.

j) “usuarios”.- cualquier persona natural que acceda a una página de Internet o servicio en línea operado por una persona o entidad residente en Puerto Rico que recopile y/o conserve información personal.

Artículo 6.- Normas generales sobre publicación de política de privacidad

a) Todo Comercio incluirá en su página de Internet un enlace en donde el Consumidor pueda accesar y conocer su Política de Privacidad, en cuanto a la información personal de éste, que el Comercio levante y/o

b) Toda política de privacidad deberá contener como mínimo lo siguiente:

1) Nombre del Comercio;

2) Que tipo de datos personales de los Consumidores estarán siendo recopilados por el Comercio;

3) Cuál es la política de divulgación de la Información Personal recopilada y bajo qué circunstancias será ésta compartida con terceros;

4) Método disponible a los Consumidores para que éstos puedan conocer enmiendas realizadas a la Política de Privacidad de un Comercio, con posterioridad a la divulgación original de su Política Pública.

5) Fecha en que dichas enmiendas a la política de privacidad entrarían en vigor.

6) Como la página de internet, responde a señales de “Do Not Track”.

7) Si terceros, pueden recopilar información personal sobre las actividades en línea del consumidor, en diferentes páginas de internet.

c) El Comercio tendrá la opción de diseñar su propia política de privacidad basada en los criterios dispuestos en el Artículo 6 b), o podrá escoger de entre tres (3) categorías de protección de la Información Personal; Nivel I, Nivel II y Nivel III, para denominar su Política de Privacidad.

d) Si el comercio u operador de página, opta por utilizar uno de los tres modelos contenidos en los apéndices de este Reglamento, deberá cumplir con todos los criterios correspondientes a dicho modelo y utilizará el correspondiente logo.

Artículo 7.- Requerimientos de información e investigación.

El Secretario está facultado para, en el ejercicio de sus deberes, requerir información a toda Persona que Recopile Información Personal. Esto incluye pero no se limita a cursar requerimientos de información, citar testigos, tomar juramentos y declaraciones. En cumplimiento de estas disposiciones, podrá extender citaciones bajo apercibimiento y obligar la comparecencia de testigos. Además, como parte de sus facultades podrá requerir que se le presenten libros, cartas, documentos, recibos, expedientes, fotos y cualquier otro artículo que considere esencial para establecer que el investigado en efecto ha cumplido con su obligación en ley, de publicar su Política de Privacidad.

En caso de rebeldía o negativa a obedecer una citación expedida por el Secretario o cualquier funcionario designado por éste, cualquier sala del Tribunal General de Justicia podrá, a solicitud del Secretario, expedir una orden contra dicha persona, requiriéndole comparecer ante el Secretario o ante el funcionario designado por éste, para presentar evidencia si así se ordenare o para declarar sobre el asunto bajo investigación. Dicha persona incurrirá en desacato si desobedeciere la orden del tribunal.

Artículo 8.- Penalidades

En caso de que un Operador de Páginas o una Persona que Recopila Información Personal incurra en la práctica de divulgar una Política de Privacidad que no corresponda a la realidad de sus prácticas de manejo de información personal; o incurra en la práctica de divulgar un símbolo, o logo, no autorizado; o que no corresponda a la realidad de sus prácticas de manejo de información personal, se incurrirá en una infracción administrativa que estará sujeta a una multa de hasta un máximo de cincuenta mil dólares ($50.000).

Cualquier otra violación a lo dispuesto por este Reglamento estará sujeta a multas administrativas de hasta diez mil dólares ($10.000) por cada ocurrencia. Se considerará que se configura una ocurrencia separada y distinta por cada día en que un Comercio no cumpla con su obligación de divulgar una Política de Privacidad, según requerido por este Reglamento.

Artículo 9.- Interpretación Oficial

Cualquier parte interesada que desee una interpretación oficial de algún artículo o parte de este Reglamento deberá solicitarla por escrito al Secretario, quien podrá emitir dichas decisiones. En la petición se deberá indicar el Artículo o parte cuya interpretación interesa y especificar las dudas que al respecto tenga.

Artículo 10.- Separabilidad

Si cualquier disposición de este Reglamento fuere declarada nula por un tribunal competente, dicha determinación no afectará las disposiciones no contenidas en la sentencia del tribunal, las cuales continuarán en pleno vigor y efecto.

Artículo 11.- Disposición Transitoria

Una vez aprobado y registrado este Reglamento, el Secretario emitirá cualesquiera órdenes transitorias, que incluirán, pero no limitarán, a disponer el orden de las áreas geográficas en que se establecerán los cambios, visitar las Personas que Recopilan Información Personal y tomar cualquier otra provisión que estime prudente.

Esto es a fin de permitir el cumplimiento de lo dispuesto en este Reglamento para las personas cuyas actividades comerciales se vean afectadas por el mismo, promover una transición ordenada para regular el proceso de su implantación y de utilizar efectivamente los recursos y funcionarios del Departamento.

Artículo 12.- Vigencia

Este Reglamento entrará en vigor a los ciento veinte (120) días de haber sido aprobado por el Secretario del Departamento de Asuntos del Consumidor, a tenor con lo dispuesto en la Ley núm. 39, de 24 de enero de 2012.

En San Juan, Puerto Rico, a 27 de febrero de 2015

APÉNDICE I.- SOBRE POLÍTICA DE PRIVACIDAD NIVEL I

Si un comercio opta por utilizar el modelo y logo de la Política de Privacidad Nivel I, deberá cumplir con todos y cada uno de los requisitos que se listan a continuación:

Una descripción detallada de qué información personal se recopila;
Una advertencia conspicua y en lenguaje sencillo, que establezca que el Comercio se reserva el derecho a divulgar o compartir la información personal recopilada
Una descripción de los tipos de entidades con quienes el comercio comparte la información personal recopilada y bajo qué circunstancias será ésta compartida;
El procedimiento disponible, si alguno, para que el consumidor pueda enmendar o solicitar la eliminación de información personal recopilada;
Un enlace o dirección cibernética en la que el Consumidor pueda accesar, leer y estudiar el texto completo de lo que constituye la Política de Privacidad del Comercio;
El procedimiento mediante el cual el comercio le informará a los consumidores sobre los cambios a su política de privacidad;
En caso de que el comercio efectúe cambios a su política de privacidad, la fecha en que la misma entrará en efecto;
Como la página de internet, responde a señales de “Do not Track”;
Si terceros pueden recopilar información personal sobre las actividades en línea del consumidor, en diferente páginas de internet;
Para ser acreedor del status de Política de Privacidad Nivel I, el Comercio tendrá la obligación de notificar al DACO sobre cualquier enmienda a su Política de Privacidad que tenga como consecuencia que el Comercio deje de cumplir con cualquiera de los incisos anteriores del presente Apéndice I;
Los cambios a la Política de Privacidad que tengan el efecto de que el Comercio deje de cumplir con cualquiera de los incisos del presente Apéndice I, tendrán que ser notificados al DACO dentro de los treinta (30) días de haber comenzada la vigencia de la enmienda que tenga tal efecto.
El incumplimiento con el inciso (i) que precede, dará lugar a que se entienda que la Política de Privacidad publicada, es una engañosa, con la consecuencia de la imposición de multas a tenor con el Artículo 8 del Reglamento al que la presente le sirve de Apéndice I.

APÉNDICE II.- SOBRE POLÍTICA DE PRIVACIDAD NIVEL II

Si un comercio opta por utilizar el modelo y logo de la Política de Privacidad Nivel II, deberá cumplir con todos y cada uno de los requisitos que se listan a continuación:

Una descripción detallada de qué información personal se recopila
Una advertencia conspicua y en lenguaje sencillo, que establezca si el comercio se reserva el derecho a divulgar o compartir la información personal recopilada.
Una descripción de los tipos de entidades con quienes el comercio comparte la información personal recopilada y bajo qué circunstancias será ésta compartida;
Una descripción detallada de los grupos, entidades o individuos a quienes el comercio NO le habrá de divulgar o compartir la información personal recopilada.
El procedimiento disponible, si alguno, para que el consumidor pueda enmendar o solicitar la eliminación de información personal recopilada.
Un enlace o dirección cibernética en la que el Consumidor pueda accesar, leer y estudiar el texto completo de lo que constituye la Política de Privacidad del Comercio;
El procedimiento mediante el cual el comercio le informará a los consumidores sobre los cambios a su política de privacidad;
En caso de que el comercio efectúe cambios a su política de privacidad, la fecha en que la misma entrará en efecto;
Como la página de internet, responde a señales de “Do Not Track”.
Si terceros, pueden recopilar información personal sobre las actividades en línea del consumidor, en diferentes páginas de internet.
Para ser acreedor del status de Política de Privacidad Nivel I, el comercio tendrá la obligación de notificar al DACO sobre cualquier enmienda a su Política de Privacidad Nivel I, el comercio tendrá la obligación de notificar al DACO sobre cualquier enmienda a su Política de Privacidad que tenga como consecuencia que el comercio deje de cumplir con cualquiera de los incisos anteriores del presente Apéndice II.
Los cambios a la Política de Privacidad que tengan el efecto de que el comercio deje de cumplir con cualquiera de los incisos del presente Apéndice II, tendrán que ser notificados al DACO dentro de los treinta (30) días de haber comenzado la vigencia de la enmienda que tenga tal efecto.
El incumplimiento con el inciso (l) que precede, dará lugar a que se entienda que la Política de Privacidad publicada, es una engañosa, con la consecuencia de la imposición de multas a tenor con el Artículo 8 del Reglamento al que la presente le sirve de Apéndice II.

APÉNDICE III.- SOBRE POLÍTICA DE PRIVACIDAD NIVEL III

Si un comercio opta por utilizar el modelo y logo de la Política de Privacidad Nivel III, deberá cumplir con todos y cada uno de los requisitos que se listan a continuación:

Una descripción detallada de qué información personal se recopila;
Una advertencia conspicua y en lenguaje sencillo, que establezca si el comercio se reserva el derecho a divulgar o compartir la información personal recopilada.
Una descripción de los tipos de entidades con quienes el comercio comparte la información personal recopilada y bajo qué circunstancias será ésta compartida;
Una descripción detallada de los grupos, entidades o individuos a quienes el comercio NO le habrá de divulgar o compartir la información personal recopilada.
El procedimiento disponible, si alguno, para que el consumidor pueda enmendar o solicitar la eliminación de información personal recopilada;
El procedimiento a seguir para que el consumidor que interese pedir que el comercio divulgue toda o parte de su información personal, pueda hacerlo.
Un enlace o dirección cibernética en la que el Consumidor pueda accesar, leer y estudiar el texto completo de lo que constituye la Política de Privacidad del Comercio;
El procedimiento mediante el cual el comercio le informará a los consumidores sobre los cambios a su política de privacidad;
En caso de que el comercio efectúe cambios a su política de privacidad, la fecha en que la misma entrará en efecto;
Como la página en internet, responde a señales de “Do Not Track”.
Si terceros, pueden recopilar información personal sobre las actividades en línea del consumidor, en diferentes páginas de internet.
Una Certificación expresa de cumplimiento por parte del comercio con las disposiciones del Children`s Online Privacy Protection Act del 1968 y su correspondiente Reglamento según implantado en 1999, por la Federal Trade Comission, para regular la recopilación de información de niños menores de trece (13) años de edad;
Para ser acreedor del status de Política de Privacidad Nivel III, el comercio tendrá la obligación de notificar al DACO sobre cualquier enmienda a su Política de Privacidad que tenga como consecuencia que el comercio deje de cumplir con cualquiera de los incisos anteriores del presente Apéndice III.
Los cambios a la Política de Privacidad que tengan el efecto de que el comercio deje de cumplir con cualquiera de los incisos del presente Apéndice III, tendrán que ser notificados al DACO dentro de los treinta (30) días de haber comenzada la vigencia de la enmienda que tenga tal efecto.
El incumplimiento con el inciso (n) que precede, dará lugar a que se entienda que la Política de Privacidad publicada, es una engañosa, con la consecuencia de la imposición de multas a tenor con el Artículo 8 del Reglamento al que la presente le sirve de Apéndice III.

06Sep/17

Ley sobre Firmas Electrónicas de 30 de julio de 2013

6 septiembre, 2017Honduras, LeyDecréto 149-2013, Legislación Hondureña, Legislación Informática, LEY FIRMAS ELECTRÓNICASJosé Cuervo

Decreto 149-2013.- Ley sobre Firmas Electrónicas de 30 de julio de 2013 (La Gaceta nº 33.301 de 11 de diciembre del 2013).

EL CONGRESO NACIONAL,

CONSIDERANDO:

Que la fuerte irrupción de las nuevas tecnologías de la información y la comunicación dentro del mundo industrial y empresarial y aún dentro del sector gubernamental han propiciado la aparición de nuevos modelos de contratos y por supuesto de nuevas formas de contratación y de tramitación.

CONSIDERANDO:

Que la contratación por medios electrónicos es una incuestionable realidad, que la sustitución del papel por su equivalente funcional el “mensaje de datos”, es cada día más frecuente, sin que podamos sustraernos a este fenómeno propiciado por la revolución tecnológica.

CONSIDERANDO:

Que es procedente la creación de un marco legal que legitime y facilite la utilización de firmas electrónicas para que surtan efectos jurídicos en el comercio electrónico, pues son en este contexto, un equivalente funcional de las firmas manuscritas.

CONSIDERANDO:

Que de conformidad al Artículo 205, atribución 1) es competencia del Congreso Nacional crear, decretar, interpretar, reformar y derogar las leyes.

POR TANTO,

DECRETA :

La siguiente:

LEY SOBRE FIRMAS ELECTRÓNICAS

CAPÍTULO I.- DISPOSICIONES GENERALES

ARTICULO 1.- OBJETO DE LALEY.

La presente Ley tiene por objeto reconocer y regular el uso de firmas electrónicas aplicable en todo tipo de información en forma de mensaje de datos, otorgándoles, la misma validez y eficacia jurídica que el uso de una firma manuscrita u otra análoga, que conlleve manifestación de voluntad de los firmantes. Siempre que se cumpla con los requisitos y procedimientos establecidos en esta Ley.

La presente Ley no altera las normas relativas a la celebración, formalización, validez y eficacia de los contratos y cualesquiera otros actos jurídicos, salvo e^lo referente a la utilización de medios electrónicos.

ARTÍCULO 2.- ÁMBITO DE APLICACIÓN.

La presente Ley se aplica a aquellas firmas electrónicas que, puestas sobre un mensaje de datos o añadidas o asociadas lógicamente a los mismos, puedan vincular e identificar al firmante, así como en su caso, a la prestación de servicios adicionales, tales como garantizar la autenticidad e integridad de los documentos electrónicos o garantizar el momento de la expedición.

ARTÍCULO 3.- DEFINICIONES.

Para los fines de la presente Ley se entenderá por:

1) “FIRMA ELECTRÓNICA”: Los datos en forma electrónica consignados en un mensaje de datos, o adjuntados o lógicamente asociados al mismo, que puedan ser utilizados para identificar al firmante en relación con el mensaje de datos y para indicar la voluntad que tiene tal parte respecto de la información consignada en el mensaje de datos;

2) “FIRMA ELECTRÓNICA AVANZADA”: Aquella certificada por un prestador acreditado, que ha sido creada usando medios que el titular mantiene bajo su exclusivo control, de manera que se vincule únicamente al mismo y a los datos a los que se refiere, permitiendo la detección posterior de cualquier modificación, verificando la identidad del titular e impidiendo que desconozca la integridad del documento y su autoría.

3) “CERTIFICADO”: Todo mensaje de datos u otro registro que confirme el vínculo entre un firmante y los datos de creación de la firma;

4) “CERTIFICADO ELECTRÓNICO”: Todo mensaje de datos proporcionado por un “Prestador de servicios de Certificación que le atribuye certeza y Validez a la firma electrónica;

5) “MENSAJE DE DATOS”: Es la información generada, enviada, recibida o archivada o comunicada por medios electrónicos, ópticos o similares, como pudieran ser, entre otros, el Intercambio Electrónico de Datos (EDI), el correo electrónico, el telegrama, el telex o telefax;

6) “FIRMANTE”: La persona que posee los datos de creación de la firma y que actúa por cuenta propia o por cuenta de la persona a la que representa;

7) “CERTIFICADOR O PRESTADOR DE SERVICIOS DE CERTIFICACIÓN”: La persona natural o jurídica acreditada que expide certificados y puede prestar otros servicios relacionados con las firmas electrónicas;

8) “ACREDITACIÓN”: Es el título que otorga la Dirección General de Propiedad Intelectual a las Autoridades Certificadoras para proporcionar certificados electrónicos y autenticar firmas, una vez cumplidos los requisitos establecidos en la presente Ley; y,

9) “PARTE QUE CONFÍA”: La persona que pueda actuar sobre la base de un certificado o de una firma electrónica.

ARTÍCULO 4.- TECNOLOGÍAS PARA LA FIRMA. IGUALDAD.

Las disposiciones de la presente Ley serán aplicadas de modo que no excluyan, restrinjan o priven de efecto jurídico cualquier método para crear una firma electrónica, siempre que cumpla los requisitos enunciados en el Artículo 8 o que cumpla de otro modo los requisitos del derecho aplicable.

ARTÍCULO 5.- UTILIZACIÓN DE LA FIRMA ELECTRÓNICAPOR EL ESTADO.

Se autoriza a los Poderes Legislativo, Ejecutivo y Judicial, al Tribunal Supremo Electoral, así como a todas las instituciones públicas descentralizadas y entes públicos no estatales y cualquier dependencia del sector público, para la utilización de las firmas electrónicas en los documentos electrónicos en sus relaciones internas, entre ellos y con los particulares.

ARTÍCULO 6.- VALIDEZ DE LOS ACTOS Y CONTRATOS CON FIRMA ELECTRONIC A.

Los actos y contratos otorgados o celebrados por personas naturales o jurídicas, suscritos por medio de firma electrónica, serán válidos de la misma manera y producirán los mismos efectos que los celebrados por escrito y en soporte de papel. Dichos actos y contratos se reputarán como escritos, en los casos en que la Ley exija que los mismos consten de ese modo, y en todos aquellos casos en que la Ley prevea consecuencias jurídicas cuando constan igualmente por escrito.

Lo dispuesto en el párrafo anterior no será aplicable a los actos o contratos otorgados o celebrados en los casos siguientes:

1) Aquellos en que la Ley exige una solemnidad que no sea susceptible de cumplirse mediante documento electrónico; y,

2) Aquellos relativos al derecho de familia

La firma electrónica, cualquiera sea su naturaleza, se tendrá como firma manuscrita para todos los efectos legales.

ARTÍCULO 7.- REQUERIMIENTO DE FIRMA ELECTRÓNICA AVANZADA.

Los documentos electrónicos que tengan la calidad de instrumento público, deben suscribirse mediante firma electrónica avanzada. En caso contrario, tendrán el valor probatorio que corresponda, de acuerdo a las reglas generales.

ARTÍCULO 8.- REQUISITOS O ATRIBUTOS JURÍDICOS DE FIRMA ELECTRÓNICA.

Cuando la Ley requiera que una comunicación o un contrato sea firmado por una parte, o prevea consecuencias en el caso de que no se firme, ese requisito se dará por cumplido respecto de una comunicación electrónica si:

1) Si se utiliza un método para determinar la identidad de esa parte y para indicar la voluntad que tiene tal parte respecto de la información consignada en la comunicación electrónica; y,

2) El método empleado:

a) O bien es tan fiable como sea apropiado para los fines para los que se generó o transmitió la comunicación electrónica, atendidas todas las circunstancias del caso, inclusive todo acuerdo aplicable; o
b) Se ha demostrado en la práctica que, por sí solo o con el respaldo de otras pruebas, dicho método ha cumplido las funciones enunciadas en el numeral 1) precedente.

La firma electrónica se considerará fiable mediante el cumplimiento de los requisitos a que se refiere el párrafo anterior, toda vez que incorpore lo siguiente:

1) Los datos de creación de la firma, en el contexto en que son utilizados, corresponden exclusivamente al firmante;

2) Es susceptible de ser verificada;

3) Los datos de creación de la firma estaban, en el momento de la firma, bajo el control exclusivo del firmante;

4) Es posible detectar cualquier alteración de la firma electrónica hecha después del momento de la firma;

5) Está ligada a la información o mensaje de datos, de tal manera que si éstos son cambiados, la firma electrónica es invalidada; y,

6) Esta conforme a las reglamentaciones aceptadas. Lo dispuesto en el presente Artículo se entenderá sin perjuicio de la posibilidad de que cualquier persona demuestre de cualquier otra manera, la fiabilidad de una firma electrónica; o presente pruebas de que una firma electrónica no es fiable.

ARTÍCULO 9.- PROCEDER DEL FIRMANTE O SUSCRIPTOR

El firmante o suscriptor debe:

1) Recibir la firma electrónica por parte de la Autoridad Certificadora o generarla, utilizando un método autorizado por ésta;

2) Suministrar la información que requiera la Autoridad Certificadora;

3) Cumplir las obligaciones derivadas del uso de la Firma Electrónica;

4) Actuar con diligencia razonable para evitar la utilización no autorizada de sus datos de creación de la firma;

5) Cuando se emplee un certificado para refrendar la firma electrónica, actuar con diligencia razonable para cerciorarse de que todas las declaraciones que haya hecho en relación con el ciclo vital del certificado o que hayan de consignarse en él son exactas;

6) Responder de las obligaciones derivadas del uso no autorizado de su firma, cuando no hubiere obrado con la debida diligencia para impedir su utilización, salvo que el destinatario conociere de la inseguridad de la Firma Electrónica o no hubiere actuado con la debida diligencia; y,

7) Solicitar oportunamente la revocación de los certificados;

Serán de cargo del firmante las consecuencias jurídicas que entrañe el hecho de no haber cumplido las obligaciones previstas en el presente Artículo.

ARTÍCULO 10.- MODIFICACIÓN MEDIANTE ACUERDO.

Las partes podrán establecer excepciones a la presente Ley o modificar sus efectos mediante acuerdo, salvo que ese acuerdo no sea válido o eficaz conforme al derecho aplicable.

CAPÍTULO II.- AUTORIDAD CERTIFICADORA

ARTÍCULO 11.- CARACTERÍSTICAS Y REQUERIMIENTOS.

Podrán actuar como Autoridad Certificadora o Prestadores de Servicios de Certificación, las personas naturales, y las personas jurídicas, tanto públicas como privadas que sean autorizadas por la Autoridad competente, para operar como tales y que cumplan con los requerimientos establecidos por la misma, con base en las condiciones siguientes:

1) Contar con la capacidad económica y financiera suficiente para prestar los servicios autorizados como autoridad certificadora, así como con el recurso humano y la deontología jurídica, que demanda su condición de tal;

2) Contar con la capacidad y elementos técnicos (equipos y programas informáticos) necesarios para la generación de firmas electrónicas, garantizando la autenticidad de las mismas, para la emisión o tramitación de certificados y la conservación de mensajes de datos y consulta de los registros, en los términos establecidos en esta Ley; y,

3) Disponibilidad de información para los firmantes nombrados en el certificado y para las partes que confíen en éste.

Los representantes legales y administrativos no podrán ser personas que hayan sido condenadas a pena privativa de la libertad, o que hayan sido suspendidas en el ejercicio de su profesión por falta grave contra le ética. Esta inhabilidad estará vigente por el mismo período que la Ley Penal o Administrativa señale para el efecto.

Los Notarios que reúnan las condiciones expresadas, serán automáticamente autorizados para actuar como autoridad certificadora. Lo dispuesto en el párrafo anterior, les será en su caso, aplicable.

ARTÍCULO 12.- ACTIVIDADES DE LA AUTORIDAD CERTIFICADORA.

La Autoridad Certificadora podrá realizar, entre otras, las actividades siguientes:

1) Emitir certificados en relación con las firmas electrónicas de personas naturales o jurídicas;

2) Emitir certificados sobre la verificación respecto de la alteración entre el envío y recepción del mensaje de datos;

3) Ofrecer o facilitar los servicios de creación de firmas electrónicas certificadas;

4) Ofrecer o facilitar los servicios de registro y estampado cronológico en la generación, transmisión y recepción de mensajes de datos; y,

5) Ofrecer los servicios de archivo y conservación de mensajes de datos.

ARTÍCULO 13.- DEBERES DE LA AUTORIDAD CERTIFICADORA.

La autoridad certificadora tendrá, entre otros, los deberes siguientes:

1) Emitir certificados conforme a lo solicitado o acordado con el suscriptor,

2) Adoptar las medidas razonables para determinar con exactitud la identidad del titular de la firma y de cualquier otro hecho o acto que certifique;

3) Implementar los sistemas de seguridad para garantizar la emisión y creación de firmas electrónicas o digitales, la conservación y archivo de certificados y documentos en soporte de mensaje de datos;

4) Garantizar la protección, confidencialidad y debido uso de la información suministrada por el suscriptor,

5) Garantizar que todas las declaraciones y manifestaciones materiales, sean exactas y completas;

6) Atender oportunamente las solicitudes y reclamaciones materiales, cuidando que sean exactas y completas;

7) Proporcionar a los titulares de firmas un medio para dar aviso que la firma electrónica refrendada está en entredicho;

8) Suministrar la información que le requieran las entidades administrativas competentes judiciales con relación a las firmas electrónicas y certificados emitidos, y en general, sobre cualquier mensaje de datos que se encuentre bajo su custodia y administración;

9) Permitir y facilitar la realización de las auditorías por parte de la Dirección General de Propiedad Intelectual;

10) Llevar un registro electrónico de los certificados emitidos; y,

11) Proporcionar a la parte que confía en el certificado medios razonablemente accesibles que permitan a ésta determinar mediante el certificado:

a) La identidad del prestador de servicios de certificación;
b) Que el firmante nombrado en el certificado tenía bajo su control los datos de creación de la firma en el momento en que se expidió el certificado;
c) Que los datos de creación de la firma eran válidos en la fecha en que se expidió el certificado o antes de ella;
d) El método utilizado para comprobar la identidad del firmante;
e) Cualquier limitación de los fines o del valor respecto de los cuales puedan utilizarse los datos de creación de la firma o el certificado;
f) Si los datos de creación de la firma son válidos y no están en entredicho;
g) Cualquier limitación del alcance o del grado de responsabilidad que haya establecido el prestador de servicios de certificación;
h) Si existe un medio para que el firmante dé aviso de que los datos de creación de la firma están en entredicho, conforme a lo dispuesto en el Artículo 8 de la presente Ley; y,
i) Si se ofrece un servicio para revocar oportunamente el certificado;

Serán de cargo del prestador de servicios de certificación las consecuencias jurídicas que entrañe el hecho de no haber cumplido los requisitos enunciados en el presente Artículo.

ARTÍCULO 14.- REMUNERACIÓN POR LA PRESTACIÓN DE SERVICIOS.

La remuneración por los servicios de la autoridad certificadora será establecida libremente por esta.

ARTÍCULO 15.- PROCEDER DE LA PARTE QUE CONFÍA EN EL CERTIFICADO.

Estarán a cargo de la parte que confía en el certificado las consecuencias jurídicas que entrañe el hecho de que no haya tomado medidas razonables para:

1) Verificar la fiabilidad de la firma electrónica; o

2) Cuando la firma electrónica esté refrendada por un certificado:

a) Verificar la validez, suspensión o revocación del certificado; y,
b) Tener en cuenta cualquier limitación en relación al certificado.

ARTÍCULO 16.- TERMINACIÓN UNILATERAL.

Salvo acuerdo entre las partes, la autoridad certificadora podrá dar por terminado el acuerdo de vinculación con el suscriptor dando un preaviso no menor de treinta (30) días. Vencido este término, la autoridad certificadora revocará los certificados que se encuentren pendientes de expiración.

Igualmente, el suscriptor podrá dar por terminado el acuerdo de vinculación con la entidad de certificación dando un preaviso no inferior a treinta (30) días calendario.

ARTÍCULO 17.- CESACIÓN DE ACTIVIDADES POR PARTE DE LA AUTORIDAD CERTIFICADORA.

La Autoridad Certificadora autorizada puede cesar en el ejercicio de actividades por voluntad propia, siempre y cuando haya recibido autorización por parte de la Autoridad Acreditadora.

CAPÍTULO V.-DE LOS CERTIFICADOS

ARTÍCULO 18.- CONTENIDO DE LOS CERTIFICADOS.

Un certificado emitido por una Autoridad Certificadora autorizada, además de estar firmado electrónicamente por ésta, debe contener por lo menos lo siguiente:

1) Nombre, dirección y domicilio del suscriptor,

2) Identificación del suscriptor nombrado en el certificado;

3) Identificación, domicilio, dirección y correo electrónico de la Autoridad Certificadora;

4) La clave pública del usuario;

5) La metodología empleada para crear y verificar la firma digital del suscriptor impuesta en el mensaje de datos;

6) El número de serie de certificado; y,

7) Fecha y hora de emisión, suspensión y renovación del certificado.

ARTÍCULO 19.- ACEPTACIÓN DE UN CERTIFICADO.

Salvo acuerdo entre las partes, se entiende que un suscriptor ha aceptado un certificado cuando la Autoridad Certificadora, a solicitud de éste o de una persona en nombre de éste, lo ha guardado técnica y adecuadamente.

ARTÍCULO 20.- REVOCACIÓN DE CERTIFICADOS

El suscriptor de una firma digital certificada, podrá solicitar a la Autoridad Certificadora que expidió un certificado, la revocación del mismo. En todo caso, estará obligado a solicitar la revocación en los eventos siguientes:

1) Por pérdida de la clave privada; y,

2) La clave privada ha sido expuesta o corre peligro de que se le dé un uso indebido.

Si el suscriptor no solicita la revocación del certificado en el evento de presentarse las anteriores situaciones, será responsable por las pérdidas o perjuicios en los cuales incurran terceros de buena fe que confiaron en el contenido certificado.

Una Autoridad Certificadora revocará un certificado emitido por las razones siguientes:

1) A petición del suscriptor o de un tercero en su nombre y representación;

2) Por muerte del suscriptor;

3) Por liquidación del suscriptor en el caso de las personas jurídicas;

4) Por la confirmación de que alguna información o hecho contenido en el certificado es falso;

5) La clave privada de la Autoridad Certificadora o su sistema de seguridad ha sido comprometido de manera material que afecte la confiabilidad del certificado;

6) Por el cese de actividades de la Autoridad Certificadora; y,

7) Por orden judicial o de entidad administrativa competente.

ARTÍCULO 21. TÉRMINO DE CONSERVACIÓN DE LOS REGISTROS.

Los registros de certificados expedidos por una Autoridad Certificadora deben ser conservados por el término exigido en la Ley que regule el acto o negocio jurídico en particular.

CAPÍTULO IV.- SUSCRIPTORES DE FIRMAS ELECTRÓNICAS

ARTÍCULO 22.- DEBERES DE LOS SUSCRIPTORES

Son deberes de los suscriptores:

1) Recibir la firma electrónica por parte de la Autoridad Certificadora o generarla, utilizando un método autorizado por ésta;

2) Suministrar la información que requiere la Autoridad Certificadora;

3) Mantener el control de la firma electrónica; y,

4) Solicitar oportunamente la revocación de los certificados.

ARTÍCULO 23.- RESPONSABILIDAD DE LOS SUSCRIPTORES

Los suscriptores serán responsables por la falsedad, error y omisión en la información suministrada a la Autoridad Certificadora y por el incumplimiento de sus deberes como suscriptor.

CAPÍTULO V.- DE LA AUTORIDAD ACREDITADORA

ARTÍCULO 24.- FUNCIONES DE LA AUTORIDAD ACREDITADORA

La Dirección General de Propiedad Intelectual dependiente del Instituto de la Propiedad (IP), será la dependencia legalmente facultada para actuar como Autoridad Acreditadora, y tendrá las atribuciones siguientes:

1) Conceder autorización a las Autoridades Certificadoras para operar en el territorio nacional;

2) Velar por el funcionamiento y la eficiente prestación del servicio por parte de las Autoridades Certificadoras;

3) Realizar visitas de auditoría técnica a las Autoridades Certificadoras;

4) Revocar o suspender la autorización para operar como Autoridad Certificadora;

5) Imponer sanciones a las Autoridades Certificadoras en caso de incumplimiento de las obligaciones derivadas de la prestación del servicio;

6) Ordenar la revocación de certificados cuando la Autoridad Certificadora los emita sin el cumplimiento de las formalidades legales;

7) Emitir certificados en relación con las firmas electrónicas de las Autoridades Certificadoras;

8) Velar por la observancia de las disposiciones constitucionales y legales sobre la promoción de la competencia y prácticas comerciales restrictivas, competencia desleal y protección del consumidor, en los mercados atendidos por las Autoridades Certificadoras; y

9) Impartir instrucciones sobre el adecuado cumplimiento de las o disposiciones las cuales deben sujetarse las Autoridades Certificadoras.

CAPÍTULO VI.- RÉGIMEN ESPECIAL

ARTÍCULO 25.- RESPONSABILIDAD.

Las Autoridades Certificadoras serán responsables de los daños y perjuicios que en el ejercicio de su actividad ocasionen por la certificación u homologación de certificados de firmas electrónicas. En todo caso corresponderá a las Autoridades Certificadoras demostrar que actuó con la debida diligencia

ARTÍCULO 26.- SANCIONES.

La Dirección General de Propiedad Intelectual en observancia del debido proceso y del derecho de defensa, podrá imponer a las Autoridades Certificadoras, según la naturaleza y la gravedad de la falta, las sanciones siguientes:

1) Amonestación privada escrita;

2) Multas institucionales hasta por el equivalente a dos mil (2,000) salarios mínimos legales mensuales vigentes, y personales a los administradores y representantes legales de las Autoridades Certificadoras, hasta por trescientos (300) salarios mínimos legales mensuales vigentes, cuando se les compruebe que han autorizado, ejecutado o tolerado una conducta violatoria de la Ley;

3) Suspender de inmediato todas o algunas de las actividades de la autoridad infractora;

4) Prohibir a la Autoridad Certificadora infractora prestar directa o indirectamente los servicios de Autoridad Certificadora hasta por el término de cinco (5) años; y,

5) Revocar definitivamente la autorización para operar como Autoridad Certificadora. Las sanciones señaladas se aplicarán, sin perjuicio de la responsabilidad civil o penal y de las penas que correspondan a los delitos en que, en su caso, incurran los infractores

CAPÍTULO VII.- DISPOSICIONES VARIAS

ARTÍCULO 27.- RECONOCIMIENTO DE FIRMAS ELECTRÓNICAS Y CERTIFICADOS EXTRANJEROS.

Toda firma electrónica creada o utilizada fuera de la República de Honduras producirá los mismos efectos jurídicos que una firma creada o utilizada en Honduras, si presenta un grado de fiabilidad equivalente.

Los certificados de firmas electrónicas emitidos por Autoridades o Entidades de Certificación extranjeras, producirán los mismos efectos jurídicos que un certificado expedido por Autoridades Certificadoras nacionales, siempre y cuando tales certificados presenten un grado de fiabilidad en cuanto a la regularidad de los detalles del mismo, así como su validez y vigencia.

Sin perjuicio de lo dispuesto en los párrafos anteriores, las partes pueden acordar la utilización de determinados tipos de firma electrónicas o certificados. Ese acuerdo será suficiente a los efectos del reconocimiento transfronterizo, siempre que el mismo sea válido y eficaz de conformidad con la Ley.

Tanto las firmas electrónicas como los certificados electrónicos extranjeros serán en todo caso válidos, siempre que exista convenio de reciprocidad entre Honduras y el país de origen del firmante o autoridad certificadora.

ARTÍCULO 28.- INCORPORACIÓN POR REMISIÓN.

Salvo pacto en contrario entre las partes, cuando en un mensaje de datos se haga remisión total o parcial a directrices, normas, estándares, acuerdos, cláusulas, condiciones o términos fácilmente accesibles con la intención de incorporarlos como parte del contenido o hacerlos vinculantes jurídicamente válidos como si hubieran sido incorporados en su totalidad en el mensaje de datos.

ARTÍCULO 29.- FUNCIÓN DE INSPECCIÓN Y REGLAMENTO.

La Dirección General de Propiedad Intelectual contará con un término de tres (3) meses, contados a partir de la publicación de la presente Ley, para organizar la función de inspección, control y vigilancia de las actividades realizadas por las Autoridades Certificadoras. En el mismo plazo debe emitirse el reglamento respectivo.

ARTÍCULO 30.- VIGENCIA

La presente Ley reclamará en vigencia después de su publicación en el Diario Oficial “La Gaceta”.

Dado en la Ciudad de Tegucigalpa, municipio del Distrito Central, en el Salón de Sesiones del Congreso Nacional, a los treinta días del mes de julio del dos mil trece.

MAURICIO OLIVA HERRERA.- PRESIDENTE, POR LA LEY

RIGOBERTO CHANG CASTILLO.- SECRETARIO

GLADIS AURORA LÓPEZ CALDERÓN.- SECRETARIA

Al Poder Ejecutivo.

Por tanto: Ejecútese

Tegucigalpa, M.D.C., 11 de diciembre de 2013

PORFIRIO LOBO SOSA.- PRESIDENTE DE LA REPÚBLICA

EL SECRETARIO DE ESTADO DEL DESPACHO PRESIDENCIAL.- MARÍA ANTONIETA GUILLÉN VÁSQUEZ

06Sep/17

Ley sobre Comercio Electrónico de 24 de enero de 2015

6 septiembre, 2017Honduras, LeyDecreto nº 149-2014, Legislación Derecho Informático, Legislación Honduras, Ley sobre Comercio Electrónico de 24 de enero de 2015José Cuervo

Decreto nº 149-2014. Ley sobre Comercio Electrónico de 24 de enero de 2015. (La Gaceta nº 33.715 de 27 de abril de 2015)

EL CONGRESO NACIONAL,

CONSIDERANDO:

Que la fuerte irrupción de las tecnologías de la información y de la comunicación dentro del mundo industrial y empresarial y aún dentro del sector gubernamental, ha propiciado la aparición de nuevos modelos de contratos y por supuesto, de nuevas formas de contratación y de tramitación.

CONSIDERANDO: Que la contratación por medios electrónicos, es una incuestionable realidad y que la sustitución del papel por su equivalente funcional, el “mensaje de datos”, es cada día más frecuente.

LEY SOBRE COMERCIO ELECTRÓNICO

TÍTULO I.- GENERALIDADES

CAPÍTULO I.- DISPOSICIONES GENERALES

ARTÍCULO 1.- ÁMBITO DE APLICACIÓN.

La presente Ley regula todo tipo de información en forma de mensaje de datos, utilizada en el contexto de actividades comerciales, con excepción de las obligaciones asumidas por el Estado en virtud de convenios o tratados internacionales y sin perjuicio de lo dispuesto en otras normas que tengan como finalidad la protección de la salud y seguridad pública, incluida la salvaguarda de la defensa nacional, los intereses del consumidor, el régimen tributario y complementa la normativa reguladora de defensa de la competencia.

ARTÍCULO 2.- INTERPRETACIÓN.

En la interpretación de la presente Ley debe tenerse en cuenta su origen internacional, la necesidad de promover la uniformidad de su aplicación y la observancia de la buena fe. Las cuestiones relativas a materias que se rijan por la presente Ley y que no estén expresamente resueltas, deben ser dirimidas de conformidad con los principios generales en que se inspira.

ARTÍCULO 3.- MODIFICACIÓN MEDIANTE ACUERDO.

Salvo que se disponga otra cosa, en las relaciones entre las partes que generen, envíen, reciban, archiven o procesen de alguna otra forma mensajes de datos, las disposiciones del Capítulo IV “DE LA COMUNICACIÓN DE LOS MENSAJES DE DATOS DE ESTE TÍTULO”, pueden ser modificadas mediante acuerdo de las partes.

CAPÍTULO II- DEL COMERCIO ELECTRÓNICO EN GENERAL

ARTÍCULO 4.- DEFINICIONES.

Para los fines de la presente Ley se entiende por:

1) Mensaje de Datos: La información generada, enviada, recibida, archivada o comunicada por medios electrónicos, ópticos o similares, como pueden ser, entre otros, el Intercambio Electrónico de Datos (EDI), el correo electrónico y cualquier otra que consista en transmisión de señales a través de redes de comunicaciones electrónicas.

2) Actividad Comercial: Abarca las cuestiones suscitadas por toda relación de índole comercial, sea o no contractual, estructurada a partir de la utilización de uno o más mensajes de datos o de cualquier otro medio similar. Las relaciones de índole comercial comprenden, sin limitarse a ellas: Toda operación comercial de suministro o intercambio de bienes o servicios; todo acuerdo de distribución; toda operación de representación o mandato comercial; de adquisición de créditos con anticipos o facturas de arrendamiento de bienes de equipo con opción de compra, de construcción de obra; de consultoría, de ingeniería, de concesión de licencias de inversión de financiación; de banca, de empresa conjunta y otras formas de cooperación industrial o comercial, de transporte de mercancías o de pasajeros por vía aérea, terrestre o marítima.

3) Intercambio Electrónico de Datos (EDI). La transmisión electrónica de información de una computadora a otra, estando estructurada la información conforme a alguna norma técnica convenida al efecto.

4) Iniciador de un Mensaje de Datos: Toda persona que, al tenor del mensaje, haya actuado por su cuenta o en cuyo nombre se haya actuado para enviar o generar ese mensaje antes de ser archivado, si éste es el caso, pero que no haya actuado a título de intermediario con respecto a él.

5) Destinatario de un Mensaje de Datos: La persona designada por el iniciador para recibir el mensaje, pero que no está actuando a título de intermediario con respecto a él.

6) Intermediario en Relación con un Determinado Mensaje de Datos: Toda persona que, actuando por cuenta de otra, envíe, reciba o archive dicho mensaje o preste algún otro servicio con respecto a él; y,

7) Sistema de Información: Todo sistema utilizado para generar, enviar, recibir, archivar o procesar de alguna otra forma Mensajes de Datos.

CAPÍTULO III.- APLICACIÓN DE LOS REQUISITOS JURÍDICOS A LOS MENSAJES DE DATOS

ARTÍCULO 5.- RECONOCIMIENTO JURÍDICO DE LOS MENSAJES DE DATOS.

Se reconocen efectos jurídicos, validez o fuerza probatoria a la información que se envíe en forma de Mensaje de Datos, así como a la información que figure en el mensaje de datos en forma de remisión.

Los Mensajes de Datos, están sometidos a las disposiciones constitucionales y legales que garanticen el derecho a la privacidad de las comunicaciones y de acceso a la información personal.

ARTÍCULO 6.- MENSAJE ESCRITO.

Cuando la Ley requiera que la información conste por escrito, ese requisito se puede satisfacer con un Mensaje de Datos, si la información que éste contiene es accesible para su ulterior consulta.

Lo dispuesto en el párrafo anterior, es aplicable tanto si el requisito previsto en la Ley constituye una obligación como si simplemente, prevé consecuencias, en el caso de que la información no conste por escrito.

ARTÍCULO 7.- FIRMA.

Cuando la Ley requiera la firma de una persona, ese requisito se puede satisfacer en relación con un mensaje de datos:

1) Si se utiliza un método para identificar a esa persona y para indicar que esa persona aprueba la información que figura en el mensaje de datos; y,

2) Si ese método es fiable, como sea apropiado para los fines para los que se generó o comunicó el Mensaje de Datos, a la luz de todas las circunstancias del caso, incluido cualquier acuerdo pertinente.

Lo dispuesto en este Artículo es aplicable tanto si el requisito en el previsto, está expresado en forma de obligación, como si la Ley simplemente prevé consecuencias en el caso de que no exista una firma.

ARTÍCULO 8.- ORIGINAL.

Cuando la Ley requiera que la información sea presentada y conservada en su forma original, ese requisito se puede satisfacer con un Mensaje de Datos, sí:

1) Existe alguna garantía fidedigna de que se ha conservado la integridad de la información a partir del momento en que se generó por primera vez en su forma definitiva, como Mensaje de Datos o en alguna otra forma; y,

2) De requerirse que la información sea presentada, si dicha información puede ser mostrada a la persona a la que se deba presentar.

Lo dispuesto en el presente Artículo es aplicable, tanto si el requisito previsto en la Ley está expresado en forma de obligación, como si simplemente prevé consecuencias en el caso de que la información no sea presentada o conservada en su forma original.

ARTÍCULO 9.- INTEGRIDAD.

La integridad de la información debe ser evaluada conforme al criterio de que la misma haya permanecido completa e inalterada, salvo la adición de algún endoso o de algún cambio que sea inherente al proceso de su comunicación, archivo o presentación.

El grado de confiabilidad requerido, es determinado a la luz de los fines se generó la información y de todas las circunstancias del caso.

ARTÍCULO 10.- ADMISIBILIDAD Y FUERZA PROBATORIA.

Los mensajes de datos son admisibles como medios de prueba y tienen la misma fuerza probatoria que el ordenamiento jurídico atribuye a cualquier medio probatorio escrito.

En toda actuación administrativa o judicial la información presentada en forma de Mensaje de Datos goza de eficacia, validez, fuerza probatoria y no es admisible el invocar su improcedencia, por el solo hecho de no haber sido presentado en su forma original.

Al valorar la fuerza probatoria de un Mensaje de Datos, se debe de tener presente la confiabilidad de la forma en la que se haya generado, archivado o comunicado el mensaje, la confiabilidad de la forma en que se haya conservado la integridad de la información, la forma en la que se identifique a su iniciador y cualquier otro factor pertinente.

ARTÍCULO 11.- CONSERVACIÓN DE LOS MENSAJES DE DATOS.

Cuando la Ley, requiera que ciertos documentos, registros o informaciones sean conservados, ese requisito queda satisfecho, siempre y cuando se cumplan las condiciones siguientes:

1) Que la información que contengan sea accesible para su ulterior consulta;

2) Que el Mensaje de Datos, sea conservado en el formato en que se haya generado, enviado o recibido o en algún formato que sea demostrable que reproduce con exactitud la información generada, enviada o recibida; y,

3) Que se conserve, de haber alguno, todo dato o información que permita determinar el origen y el destino del mensaje y la fecha y la hora en que fue enviado o recibido.

La obligación de conservar ciertos documentos, registros o informaciones a que se refiere el presente Artículo, no es aplicable a aquellos datos que tengan por única finalidad facilitar el envío o recepción del mensaje.

Los libros y papeles del comerciante pueden ser conservados en cualquier medio técnico, siempre que garanticen su integridad y reproducción exacta y por el término exigido por la Ley; para tal efecto, se puede recurrir a los servicios de un tercero.

CAPÍTULO IV.- COMUNICACIÓN DE LOS MENSAJES DE DATOS

ARTÍCULO 12.- FORMACIÓN Y VALIDEZ DE LOS CONTRATOS.

En la formación de un contrato, salvo pacto en contrario, la oferta y su aceptación deben ser expresadas por medio de un Mensaje de Datos. Se reconoce la validez y fuerza probatoria de un contrato en cuya formación se haya utilizado uno o más mensajes de datos.

ARTÍCULO 13.- RECONOCIMIENTO DE LOS MENSAJES DE DATOS.

En las relaciones entre el iniciador y el destinatario de un mensaje de datos, se reconoce efectos jurídicos, validez o fuerza obligatoria a toda manifestación de voluntad u otra declaración expresada en forma de Mensaje de Datos.

ARTÍCULO 14.- ATRIBUCIÓN DE LOS MENSAJES DE DATOS.

Se debe entender que un Mensaje de Datos proviene del iniciador si ha sido enviado por:

1) El propio iniciador;

2) Por alguna persona facultada para actuar en nombre del iniciador respecto de ese mensaje; o,

3) Por un sistema de información programado por el iniciador o en su nombre para que opere automáticamente.

ARTÍCULO 15.- PRESUNCIÓN DEL ORIGEN.

En las relaciones entre el iniciador y el destinatario, el destinatario tiene derecho a considerar que un Mensaje de Datos proviene del iniciador y a actuar en consecuencia, cuando:

1) Haya aplicado adecuadamente un procedimiento aceptado previamente por el iniciador con ese fin; o,

2) El Mensaje de Datos que reciba el destinatario resulte de los actos de una persona cuya relación con el iniciador o con algún mandatario suyo, le haya dado acceso a algún método utilizado por el iniciador para identificar un mensaje de datos como propio.

Esta disposición no tiene aplicación cuando:

1) El destinatario haya sido informado por el iniciador, que el mensaje de datos no provenía de él y haya dispuesto un plazo razonable para actuar en consecuencia; y,

2) Desde el momento en que el destinatario sepa o debería saber, de haber actuado con la debida diligencia o de haber aplicado algún método convenido, que el Mensaje de Datos no provenía del iniciador.

ARTÍCULO 16.- CONCORDANCIA ENTRE MENSAJES.

Siempre que un Mensaje de Datos provenga del iniciador o que se entienda que proviene de él o siempre que el destinatario tenga derecho a actuar con arreglo a este supuesto, en las relaciones entre el iniciador y el destinatario tiene derecho a considerar que el Mensaje de Datos corresponde al que quería enviar el iniciador y puede actuar en consecuencia.

El destinatario no goza de este derecho si sabía o hubiere sabido, de haber actuado con la debida diligencia o de haber aplicado algún método convenido, que la transmisión había dado lugar a error en el mensaje de datos recibido.

ARTÍCULO 17.- MENSAJE DE DATOS DUPLICADO.

El destinatario tiene derecho a considerar, que cada Mensaje de Datos recibido es un Mensaje de Datos diferente y a actuar en consecuencia, salvo en la medida en que duplique otro Mensaje de Datos y que el destinatario sepa, o debería saberlo, de haber actuado con la debida diligencia o de haber aplicado algún método convenido, que era un duplicado.

ARTÍCULO 18.- ACUSE DE RECIBO.

Cuando al enviar o antes de enviar un Mensaje de Datos, el iniciador solicite o acuerde con el destinatario que acuse recibo del Mensaje de Datos, se puede acusar recibo mediante:

1) Toda comunicación del destinatario, automatizada o no; o,

2) Todo acto del destinatario que baste para indicar al iniciador que se ha recibido el mensaje de datos.

Cuando el iniciador haya indicado que los efectos del mensaje de datos están expresamente condicionados a la recepción de un acuse de recibo, se considera que el Mensaje de Datos no ha sido enviado, en tanto que no se haya recibido el acuse de recibo.

Cuando el iniciador no haya indicado, que los efectos del mensaje de datos están condicionados a la recepción de un acuse de recibo, si no ha recibido acuse en el plazo fijado o convenido o no se ha fijado o convenido ningún plazo, en un plazo razonable el iniciador puede:

1) Dar aviso al destinatario de que no ha recibido acuse de recibido y fijar un plazo razonable para su recepción; y,

2) De no recibirse acuse dentro del plazo fijado, puede, dando aviso de ello al destinatario, considerar que el mensaje de datos no ha sido enviado o ejercer cualquier otro derecho que pueda tener.

Cuando el iniciador reciba acuse de recibo del destinatario, se debe presumir que éste ha recibido el Mensaje de Datos correspondiente. Esa presunción no implica que el Mensaje de Datos corresponda al mensaje recibido.

ARTÍCULO 19.- TIEMPO DE ENVÍO Y RECEPCIÓN.

Salvo pacto en contrario entre el iniciador y el destinatario, el Mensaje de Datos se tiene por expedido cuando entre en un sistema de información, que no esté bajo el control del iniciador o de la persona que envió el Mensaje de Datos en nombre del iniciador.

Salvo pacto en contrario entre el iniciador y el destinatario, el momento de recepción del Mensaje de Datos se determina cuando la recepción se efectúa en el sistema designado o cuando no se ha designado un sistema de información, la recepción tiene lugar cuando entra al sistema del destinatario.

ARTÍCULO 20.- LUGAR DEL ENVÍO Y RECEPCIÓN. Salvo pacto en contrario entre el iniciador y el destinatario, el Mensaje de Datos se tiene por expedido en el lugar donde el iniciador tenga su establecimiento y por recibido en el lugar donde el destinatario tenga el suyo. Si el iniciador o el destinatario tienen más de un establecimiento, éste es el que guarde una relación más estrecha con la operación subyacente o accesoria y de no existir ésta, con el establecimiento principal. No teniendo el iniciador o el destinatario un establecimiento se debe tener como tal su residencia.

TÍTULO II.- COMERCIO ELECTRÓNICO EN MATERIAS ESPECIALES

CAPÍTULO I.- TRANSPORTE DE MERCANCÍAS

ARTÍCULO 21.- ACTOS RELACIONADOS CON LOS CONTRATOS DE TRANSPORTE DE MERCANCÍAS.

Sin perjuicio de lo dispuesto en el Título Primero de la presente Ley, este Capítulo es aplicable a cualquiera de los siguientes actos que guarden relación con un contrato de transporte de mercancías o con su cumplimiento, sin que la lista sea exhaustiva, así:

1) Indicación de las marcas, el número, la cantidad o el peso de las mercancías; declaración de la índole el valor de las mercancías; emisión de un recibo por las mercancías; confirmación de haberse completado la carga de las mercancías;

2) Notificación a alguna persona de las cláusulas y condiciones del contrato que implica comunicación de instrucciones al portador;

3) Reclamación de la entrega de las mercancías que comprende la autorización para proceder a la entrega de y la notificación de la pérdida de las mercancías o de los daños que hayan sufrido;

4) Cualquier otra notificación o declaración relativa al cumplimiento del contrato;

5) Promesa de hacer entrega de las mercancías a la persona designada o a una persona autorizada para reclamar esa entrega;

6) Concesión, adquisición, renuncia, restitución, transferencia o negociación de algún derecho sobre mercancías;

7) Adquisición o transferencia de derechos y obligaciones con arreglo al contrato; y,

8) Cabe cualquier otro con normativa análoga.

ARTÍCULO 22.- DOCUMENTOS DE TRANSPORTE.

Cuando la reclamación de la entrega de mercancías se lleve a cabo por escrito mediante un documento que conste en papel, ese requisito se satisface igualmente cuando se lleve a cabo por uno o más Mensajes de Datos.

Esta disposición es aplicable tanto si el requisito en el previsto está expresado en forma de obligación como si la Ley simplemente prevé consecuencias en el caso de que no se lleve a cabo el acto por escrito o mediante un documento.

ARTÍCULO 23.- CONCESIÓN DE DERECHOS.

Cuando se conceda algún derecho a una persona determinada y a ninguna otra, o ésta adquiera alguna obligación y la Ley requiera que, para que ese acto surta efecto, el derecho o la obligación hayan de transferirse a esa persona mediante el envío o la utilización, de un documento, ese requisito queda satisfecho si el derecho o la obligación se transfiere mediante la utilización de uno o más Mensajes de Datos, siempre que se emplee un método confiable para garantizar la singularidad de ese Mensaje de Datos.

ARTÍCULO 24.- NIVEL DE FIABILIDAD.

En el caso de la concesión u obligación a que se refiere el Artículo anterior, el nivel de fiabilidad requerido es determinado a la luz de los fines para los que se transfirió el derecho o la obligación y de todas las circunstancias del caso, incluido cualquier acuerdo pertinente.

ARTÍCULO 25.- SUSTITUCIÓN DE MENSAJES.

Cuando se utilicen uno o más Mensajes de Datos para llevar a cabo alguno de los actos enunciados de concesión, adquisición, renuncia, restitución o negociación de algún derecho o mercancía a que se refiere el Artículo 21 de esta Ley, no es válido ningún documento utilizado para celebrar cualquiera de esos actos, a menos que se haya puesto fin al uso de Mensajes de Datos para sustituirlo por el de documentos.

Todo documento que se emita en esas circunstancias debe contener una declaración a tal efecto. La sustitución de Mensajes de Datos por documentos no afecta a los derechos ni a las obligaciones de las partes.

ARTÍCULO 26.- APLICACIÓN O B L I G ATO R I A AL CONTRATO EN DOCUMENTO.

Cuando se aplique obligatoriamente una norma jurídica a un contrato de transporte de mercancías que esté consignado o del que se haya dejado constancia en un documento en papel, esa norma no deja de aplicarse a un contrato cuando conste en un Mensaje de Datos, por razón de que el contrato figure en el Mensaje de Datos en lugar del documento en papel.

TÍTULO III.- DISPOSICIONES FINALES

ARTÍCULO 27.- PREMINENCIA DE LAS LEYES DE PROTECCIÓN AL CONSUMIDOR.

La presente Ley se aplica a las normas vigentes en materia de protección al consumidor.

ARTÍCULO 28.- VIGENCIA.

La presente Ley entra en vigencia veinte (20) días después de su publicación en el Diario Oficial “La Gaceta”.

Dado en la ciudad de Tegucigalpa, municipio del Distrito Central, en el Salón de Sesiones del Congreso Nacional, a los veinticuatro días del mes de enero del dos mil quince.

MAURICIO OLIVA HERRERA.- PRESIDENTE

MARIO ALONSO PÉREZ LÓPEZ.- SECRETARIO

ROMÁN VILLEDA AGUILAR.- SECRETARIO

POR TANTO:

EJECÚTESE.

TEGUCIGALPA, M.D.C., 02 de marzo de 2015.

JUAN ORLANDO HERNÁNDEZ ALVARADO.- PRESIDENTE DE LA REPÚBLICA

EL SECRETARIO DE ESTADO EN LOS DESPACHOS DE DERECHOS HUMANOS, JUSTICIA, GOBERNACIÓN Y DESCENTRALIZACIÓN.- RIGOBERTO CHANG CASTILLO

05Sep/17

Paseo Virtual de La Santa Iglesia Catedral del Santísimo Salvador de Bayamo

5 septiembre, 2017Trabajos, VariosDifusión patrimonio cultural, Tecnologias Información Comunicación (TIC).José Cuervo

Paseo Virtual de la Santa Iglesia Catedral San Salvador de Bayamo

05Sep/17

Una alternativa metodológica para el tratamiento del procedimiento tabla en informática

5 septiembre, 2017Trabajos, VariosAsignatura de Informática, Conderaciones metodológicas, DocentesJosé Cuervo

Articulo Arlin-Rodolfo-Iluminado

05Sep/17

Consideraciones sobre algunos sistemas informáticos que gestionan la actividad científica

5 septiembre, 2017Trabajos, Variosgestión de actividad científica, informatics systems, scientific activity managing, sistemas informáticosJosé Cuervo

Consideraciones sobre sistemas informáticos

05Sep/17

Un acercamiento a la gestión de la calidad en el proceso de Ciencia y Técnica dentro del contexto universitario

5 septiembre, 2017Trabajos, VariosContexto Universitario, Gestión de la calidad, information management, information management system, Management of quallity, Proceso de Ciencia y Técnica, process of science and technique, sistemas de gestión de informaciónJosé Cuervo

Un acercamiento a la gestión de la calidad

05Sep/17

Resolución de 14 de julio de 2017

5 septiembre, 2017España, ResoluciónAdministración General Estado, Firma Electrónica, no criptográfica, Organismos Públicos, relaciones interesados con órganos administración, Resolución 14 julio 2017, Secretaria General Administración DigitalJosé Cuervo

Resolución de 14 de julio de 2017, de la Secretaría General de Administración Digital, por la que se establecen las condiciones de uso de firma electrónica no criptográfica, en las relaciones de los interesados con los órganos administrativos de la Administración General del Estado y sus organismos públicos. (Boletín Oficial del Estado número 170, martes 18 de julio de 2017)

El artículo 10 de la Ley 39/2015, de 1 de octubre, del Procedimiento Administrativo Común de las Administraciones Públicas, enumera los sistemas válidos a efectos de firma, que los interesados podrán utilizar para relacionarse con las Administraciones Públicas.

El citado precepto se refiere expresamente a los sistemas de firma electrónica reconocida o cualificada y avanzada basados en certificados electrónicos reconocidos o cualificados de firma electrónica, a los sistemas de sello electrónico reconocido o cualificado y de sello electrónico avanzado basados en certificados electrónicos reconocidos o cualificados de sello electrónico y a cualquier otro sistema que las Administraciones Públicas consideren válido, en los términos y condiciones que se establezcan, recogiendo asimismo la posibilidad de admitir los sistemas de identificación contemplados en la Ley como sistemas de firma.

En cualquier caso, todos los sistemas de firma electrónica admitidos deberán garantizar el cumplimiento de los requisitos recogidos en el apartado primero del artículo 10 de la citada Ley. Esto es, que estos sistemas permitan acreditar la autenticidad de la expresión de la voluntad y consentimiento de los interesados, así como la integridad e inalterabilidad del documento.

A estos sistemas de firma electrónica han de reconocérsele efectos jurídicos y son conformes a lo establecido en el artículo 25.1 del Reglamento (UE) nº 910/2014 del Parlamento Europeo y del Consejo, de 23 de julio de 2014, relativo a la identificación electrónica y los servicios de confianza para las transacciones electrónicas en el mercado interior y por la que se deroga la Directiva 1999/93/CE del Parlamento Europeo y del Consejo, de 13 de diciembre de 1999, por la que se establece un marco comunitario para la firma electrónica, sin menoscabo de lo recogido en el artículo 27 de la propia norma «Firmas electrónicas en servicios públicos».

El artículo 11 de la Ley 39/2015, de 1 de octubre regula el uso de los medios de identificación y firma en el procedimiento administrativo estableciendo que, con carácter general, para realizar cualquier actuación prevista en el procedimiento administrativo sólo será necesario identificarse, y limitando la obligatoriedad de la firma para los supuestos previstos en el apartado segundo del artículo: Formular solicitudes, presentar declaraciones responsables o comunicaciones, interponer recursos, desistir de acciones y renunciar a derechos. Esta importante novedad en la regulación aconseja establecer las cautelas mínimas que permitan normalizar el uso de estos sistemas evitando la heterogeneidad de su implementación técnica entre las Administraciones.

Así, y en aplicación de lo dispuesto en el artículo 10.3 de la Ley 39/2015, de 1 de octubre, que faculta a las Administraciones Públicas a admitir los sistemas de identificación contemplados en esta Ley como sistema de firma cuando permitan acreditar la autenticidad de la expresión de la voluntad y consentimiento de los interesados, siempre que así lo disponga la normativa reguladora, se procede con esta resolución a indicar los requisitos que se tienen que cumplir, no sólo con este objetivo, sino para asegurar también la integridad e inalterabilidad de los datos firmados, así como los requisitos para comprobar que se realizó dicho acto. Por lo tanto, se sientan las bases de uso de sistemas de identificación basados en la plataforma Cl@ve, para la realización de la firma, así como se establece una recomendación para recoger las evidencias de actos de relevancia jurídica, como las notificaciones, que si bien no necesitan firma, sí pueden necesitar unos requisitos de seguridad reforzados, manteniendo siempre el espíritu de la ley por el que no se haga en ningún caso más complejo para el ciudadano la recepción de la notificación o la realización de un trámite.

Es importante subrayar además, la complementariedad de esta resolución con el proyecto Cl@ve firma, que provee sencillos mecanismos para facilitar la firma electrónica criptográfica, de manera que se evitan los principales problemas, como la necesidad de disponer de hardware y/o software específico para realizar la firma en el ordenador del interesado, ya que toda esa complejidad queda resuelta por el sistema Cl@ve firma. Si bien este sistema es óptimo desde el punto de vista de uso de firma criptográfica, requiere que el ciudadano tenga activa la identificación por Cl@ve Permanente que le permite acceder a su certificado electrónico centralizado, en el caso de no tener activa esta identificación y siempre que el servicio lo permita esta nueva forma de firma no basada en certificado electrónico es una facilidad más para el ciudadano.

Por ello se ha tenido a bien el complementar este sistema de firma criptográfica sencilla para el ciudadano, con un sistema de medidas de seguridad, trazabilidad e integridad suficientes para los procedimientos que hagan uso de él, pero sin necesidad de recordar o tener activa una contraseña ni un certificado electrónico centralizado.

También resulta apropiado el uso de este sistema cuando, aun habiéndose utilizado un certificado electrónico en el proceso de identificación, no se quiera realizar una firma electrónica local con dicho certificado, para evitar los problemas de restricciones de compatibilidad de navegadores, máquinas virtuales Java y versiones de sistemas operativos.

Por tanto, el objeto de esta Resolución es establecer los criterios de uso y las condiciones técnicas de implementación de los sistemas de firma electrónica no criptográfica, previstos en el artículo 10.2.c) de la Ley 39/2015, de 1 de octubre, que se considerarán válidos a efectos de firma en la Administración General del Estado y sus organismos públicos, así como en aquellas otras Administraciones Públicas que adopten estos criterios y condiciones técnicas.

En virtud de lo anterior, y de acuerdo con el Real Decreto 424/2016, de 11 de noviembre, por el que se establece la estructura orgánica básica de los Departamentos ministeriales,

Esta Secretaría General de Administración Digital, en el ejercicio de las competencias atribuidas para la definición de estándares, de directrices técnicas y de gobierno TIC, de normas de seguridad y calidad tecnológicas y de la información a los que deberán ajustarse todas las Unidades de la Administración General del Estado y sus organismos públicos, dispone:

Primero.

Aprobar los términos y condiciones de uso de firma electrónica no criptográfica en las relaciones de los interesados con los órganos administrativos de la Administración General del Estado y sus organismos públicos, de acuerdo con el artículo 10.2 de la Ley 39/2015, de 1 de octubre, que se incluyen como anexo.
Ordenar su publicación en el «Boletín Oficial del Estado».

Segundo.

La presente Resolución entra en vigor a partir del día siguiente a su publicación en el «Boletín Oficial del Estado».

Madrid, 14 de julio de 2017.

El Secretario General de Administración Digital, Domingo Javier Molina Moscoso.

ANEXO

Términos y condiciones de uso de la firma electrónica no criptográfica en las relaciones de los interesados con los órganos administrativos de la Administración General del Estado y sus organismos públicos

Objeto

Los presentes términos y condiciones tienen como objeto determinar las circunstancias en las que un sistema de firma electrónica no basado en certificados electrónicos será considerado como válido en las relaciones de los interesados con los órganos administrativos de la Administración General del Estado y sus organismos públicos, de acuerdo con el artículo 10.2.c) de la Ley 39/2015, de 1 de octubre. Sin perjuicio, de otros sistemas de firma implantados, de acuerdo con el artículo 10.2.c) y 10.3 y que ofrezcan las garantías de seguridad suficientes para gestionar la integridad y el no repudio, según el principio de proporcionalidad recogido en el artículo 13.3, Gestión de Riesgos del Seguridad del Esquema Nacional de Seguridad.

Ámbito de aplicación

Los presentes términos y condiciones serán de aplicación a los órganos administrativos de la Administración General del Estado y organismos públicos y entidades de Derecho Público vinculados o dependientes, que habiliten nuevos sistemas de firma electrónica no criptográfica destinados a ser usados por los interesados en sus relaciones con los mismos, y sin perjuicio de la posibilidad de utilización en tales trámites de los sistemas de firma contemplados en el artículo 10.2.a) de la Ley 39/2015, de 1 de octubre.

III. Criterios para la utilización de sistemas de firma electrónica no criptográfica

El esquema nacional de seguridad (en adelante ENS), regulado por el Real Decreto 3/2010, de 8 de enero, y modificado por Real Decreto 951/2015, de 23 de octubre, de modificación del Real Decreto 3/2010, de 8 de enero, por el que se regula el esquema nacional de seguridad en el ámbito de la Administración electrónica constituye el marco legal que permite definir y establecer las medidas para garantizar la seguridad de los sistemas, los datos, las comunicaciones y los servicios electrónicos, que permita a los interesados y a las Administraciones Públicas, el ejercicio de derechos y el cumplimiento de deberes a través de estos medios.

En la implantación de un sistema de firma electrónica no criptográfica se deberá cumplir con el ENS para garantizar la seguridad de los datos y los servicios, como un instrumento capaz de permitir la comprobación de la autenticidad de la procedencia y la integridad de la información ofreciendo las bases para evitar el repudio.

El ENS establece la necesidad de categorizar los sistemas de información, siendo la categoría de un sistema de información, en materia de seguridad, la que permite modular el equilibrio entre la importancia de la información que maneja, los servicios que presta y el esfuerzo de seguridad requerido, en función de los riesgos a los que está expuesto, bajo el principio de proporcionalidad.

En aplicación de esta norma, se podrán utilizar sistemas de firma electrónica no criptográfica cuando el sistema de información asociado al procedimiento haya sido categorizado, según el esquema nacional de seguridad, de categoría básica y aquellos de categoría media en los que no sea necesario utilizar la firma avanzada, cuando así lo disponga la normativa reguladora aplicable.

Garantía de funcionamiento

Cuando la actuación realizada por el interesado, en su relación con la Administración, implique la presentación en una sede electrónica de documentos electrónicos utilizando los sistemas de firma electrónica contemplados en la presente Resolución, se garantizará la integridad de la información presentada mediante el sellado realizado con el sello electrónico cualificado o reconocido del organismo competente para la gestión del procedimiento, a la que se añadirá un sello de tiempo realizado con un certificado cualificado y emitido por un prestador de sellado de tiempo supervisado, y su incorporación inmediata al sistema de información asociado a dicho procedimiento. El organismo deberá disponer de las medidas técnicas, organizativas y procedimentales necesarias para garantizar dicha integridad a lo largo del tiempo.

Asimismo, se garantizará también la integridad, mediante el sellado realizado con el sello electrónico cualificado o reconocido del organismo y la adición de un sello de tiempo realizado con un certificado cualificado y emitido por un prestador de sellado de tiempo supervisado, de las evidencias necesarias para la verificación de la identidad, recopiladas inmediatamente antes del acto de la firma, así como, posteriormente, del consentimiento explícito del interesado con el contenido firmado, almacenando dichas evidencias en el sistema de información junto con la información presentada. La integridad y conservación de los documentos electrónicos almacenados y de sus metadatos asociados obligatorios quedará garantizada a través del sellado con el sello electrónico cualificado o reconocido del organismo y del resto de medidas técnicas que aseguren su inalterabilidad.

El organismo responsable del procedimiento emitirá un justificante de firma sellado con su sello electrónico de órgano y generando el código seguro de verificación o CSV, que será el documento con valor probatorio de la actuación realizada. La integridad de los documentos electrónicos autenticados mediante CSV podrá comprobarse mediante el acceso directo y gratuito a la sede electrónica del organismo y en el punto de acceso general de la Administración General del Estado, en tanto no se acuerde la destrucción de dichos documentos con arreglo a la normativa que resulte de aplicación o por decisión judicial.

Acreditación de la autenticidad de la expresión de la voluntad y consentimiento del interesado

Para acreditar la autenticidad de la expresión de la voluntad y consentimiento del interesado se requerirá:

La autenticación del interesado, inmediatamente previa a la firma utilizando la plataforma Cl@ve, de identificación electrónica.
La verificación previa por parte del interesado de los datos a firmar. Estos datos se obtendrán a partir de aquella información presentada por el ciudadano y de cuya veracidad se hace responsable, así como de los documentos electrónicos que, eventualmente, presente en el procedimiento.
La acción explícita por parte del interesado de manifestación de consentimiento y expresión de su voluntad de firma.

V.1. Autenticación del interesado.

La identificación y autenticación del interesado deberá hacerse, en todo caso, a través de la plataforma Cl@ve, sistema de identificación, autenticación y firma electrónica basado en claves concertadas, común para todo el sector público administrativo estatal, aprobado por Acuerdo de Consejo de Ministros de 19 de septiembre de 2014.

Dicha autenticación del interesado con el sistema Cl@ve, inmediatamente previa al acto de firma, deberá de hacerse con un nivel de calidad en la autenticación sustancial o alto.

V.2. Verificación previa de los datos a firmar.

El interesado debe ser consciente de los datos que va a firmar y deberá ofrecérsele de un modo visible la posibilidad de consultarlo en un formato legible y, preferiblemente, con el mismo formato del documento que posteriormente se entregue al interesado como justificante de la firma.

V.3. Expresión del consentimiento y de la voluntad de firma de los interesados.

Las aplicaciones que hagan uso de un sistema de firma, ajustado a los criterios de uso y condiciones técnicas de esta Resolución, deberán requerir de forma expresa la expresión del consentimiento y la voluntad de firma del interesado en el procedimiento, mediante la inclusión de frases que pongan aquéllos de manifiesto de manera inequívoca, y la exigencia de acciones explícitas de aceptación por parte del interesado (por ejemplo, mediante una casilla junto al texto «Declaro que son ciertos los datos a firmar/muestro mi conformidad con el contenido del documento y confirmo mi voluntad de firmar» que el interesado debe marcar, y un botón «Firmar y enviar» que debe pulsar para realizar la firma).

Garantía de no repudio

VI.1. Garantías en el proceso de firma.

Para garantizar el no repudio de la firma por parte del ciudadano, el sistema de firma deberá acreditar la vinculación de la expresión de la voluntad y los datos firmados con la misma persona. Para ello se volverá a solicitar la autenticación del ciudadano en el momento de proceder a la firma.

Asimismo, la garantía de no repudio exige que el sistema de firma asegure una adecuada trazabilidad en el caso de que sea necesario auditar una operación de firma en particular, para lo cual obtendrá, por cada firma y por tanto por cada proceso de autenticación, la siguiente información:

– Fecha y hora de la autenticación.

– Nombre y apellidos del interesado.

– NIF/NIE del interesado.

– Proveedor de identidad empleado (certificado electrónico, Cl@vePIN o Cl@vePermanente) y nivel de seguridad de identificación (sustancial o alto).

– Resultado de la autenticación (con éxito o fallida).

– Respuesta devuelta y firmada por la plataforma Cl@ve. Esta respuesta deberá incluir el campo opcional que contiene la respuesta devuelta y firmada por el Proveedor de Identificación.

– Fecha y hora de la firma.

– Resumen criptográfico de los datos firmados, con un algoritmo de hash que cumpla las especificaciones del esquema nacional de seguridad.

– Referencia al justificante de firma, mediante el CSV asociado a dicho justificante.

– Dirección IP origen desde la que se realizó la firma.

Esta información será sellada con un certificado electrónico cualificado o reconocido de sello del organismo, a la que se añadirá un sello de tiempo realizado con un certificado cualificado y emitido por un prestador de sellado de tiempo supervisado, y será almacenada por el sistema de información asociado al procedimiento electrónico para el que se requiere la firma, como evidencia de la verificación de la identidad previa al acto de la firma, vinculada a los datos firmados.

En el caso de que los datos de identificación obtenidos en la autenticación inmediatamente anterior a la firma no coincidan con los datos de identificación obtenidos en autenticaciones previas, el sistema de firma no permitirá la realización de la misma, informando de esa eventualidad al sistema de información asociado al procedimiento electrónico que requiere dicha firma.

VI.2. Gestión de las evidencias de autenticación.

A pesar de que el sistema de firma proporcionará a los sistemas de información asociados al procedimiento electrónico que requiere la firma la información relativa a la autenticación vinculada a dicha firma, en ocasiones puede ser necesario, por motivos de auditoría, recuperar las evidencias completas del proceso de autenticación.

Al utilizar el sistema Cl@ve como mecanismo de identificación y autenticación, las evidencias últimas no residen en el propio sistema de firma, sino en los sistemas de los proveedores de servicios de identificación integrados en Cl@ve.

Con objeto de que los proveedores de esos servicios de identificación puedan recuperar las evidencias necesarias para acreditar la realización de la identificación y autenticación previas ligadas a la realización de una firma en el sistema, se deberá facilitar a dichos proveedores la información de autenticación almacenada como evidencia de la verificación previa de la identidad en los sistemas de información asociados al procedimiento administrativo que requiere la firma, descrita en el apartado VI.1.

A tal efecto, los proveedores de servicios de identificación deberán salvaguardar dichas evidencias durante el plazo mínimo de cinco años. La solicitud de certificación de dichas evidencias se realizará conforme al procedimiento y las condiciones que se publicarán en el portal de Administración electrónica.

VII. Garantía de la integridad de los datos y documentos firmados

VII.1. Sellado de la información presentada.

Una vez acreditada la expresión de la voluntad y el consentimiento y para firmar del interesado, se deberán establecer los mecanismos para garantizar la integridad e inalterabilidad de los datos y, en su caso, de los documentos electrónicos presentados por el interesado, para lo cual el sistema de firma sellará los datos a firmar, con un sello de órgano y la adición de un sello de tiempo realizado con un certificado cualificado y emitido por un prestador de sellado de tiempo supervisado, y la pondrá a disposición del sistema de información asociado al procedimiento electrónico que requiere la firma.

VII.2. Justificante de firma.

En el proceso de firma se entregará al interesado un justificante de firma, que será un documento legible, de acuerdo con la norma técnica de interoperabilidad de catálogo de estándares y preferiblemente en formato PDF y que deberá cumplir estos requisitos:

– Garantizar la autenticidad del organismo emisor mediante un sellado electrónico con el certificado de sello del mismo, en formato PAdES en el caso de que el justificante tenga el formato PDF.

– Contener los datos del firmante y, en el caso de que el documento firmado haya pasado por un Registro de entrada, los datos identificativos de su inscripción en el Registro.

– Contener los datos a firmar expresamente por el interesado. Si se ha anexado algún documento electrónico se incluirá una referencia al mismo.

– Garantizar el instante en que se realizó la firma, mediante sello de tiempo del justificante, realizado con un certificado cualificado y emitido por un prestador de sellado de tiempo supervisado.

Garantizar la autenticidad del justificante de firma, incluyendo en el justificante de firma un código seguro de verificación (CSV), y garantizando que este justificante se pueda consultar en línea mediante un sistema de cotejo de CSV cuya dirección se incluya en el propio justificante de firma.

– Alternativamente, la autenticidad del organismo emisor y del justificante de firma se podrá garantizar mediante dos documentos: uno de ellos con sellado electrónico del justificante en formato PAdES (en el caso de que el justificante tenga formato PDF) y otro con la utilización de un código seguro de verificación (CSV) del justificante.

13Jul/17

Law of the Republic of Azerbaijan September 30, 2009, on approval of Convention “On Cybercrime”

13 julio, 2017Azerbaijan, Ley2009, Convention On Cybercrime, Law of the Republic of Azerbaijan September 30, Legislación de Azerbaijan, Legislación Derecho Informático, on approval of Convention “On Cybercrime”José Cuervo

Law of the Republic of Azerbaijan on approval of Convention “On Cybercrime”

The National Assembly of the Republic of Azerbaijan decides:

To approve the Convention “On Cybercrime” signed in the city of Budapest on November 23, 2001 with corresponding statements and reservations.

Ilham Aliyev,

President of the Republic of Azerbaijan

Baku city, September 30, 2009

Convention “On Cybercrime”

Budapest, 23 November 2001

Preamble

The member States of the Council of Europe and the other States signatory hereto,

Considering that the aim of the Council of Europe is to achieve a greater unity between its members;

Recognising the value of fostering co-operation with the other States parties to this Convention;

Convinced of the need to pursue, as a matter of priority, a common criminal policy aimed at the protection of society against cybercrime, inter alia, by adopting appropriate legislation and fostering international co-operation;

Conscious of the profound changes brought about by the digitalisation, convergence and continuing globalisation of computer networks;

Concerned by the risk that computer networks and electronic information may also be used for committing criminal offences and that evidence relating to such offences may be stored and transferred by these networks;

Recognising the need for co-operation between States and private industry in combating cybercrime and the need to protect legitimate interests in the use and development of information technologies;

Believing that an effective fight against cybercrime requires increased, rapid and well-functioning international co-operation in criminal matters;

Convinced that the present Convention is necessary to deter action directed against the confidentiality, integrity and availability of computer systems, networks and computer data as well as the misuse of such systems, networks and data by providing for the criminalisation of such conduct, as described in this Convention, and the adoption of powers sufficient for effectively combating such criminal offences, by facilitating their detection, investigation and prosecution at both the domestic and international levels and by providing arrangements for fast and reliable international co-operation;

Mindful of the need to ensure a proper balance between the interests of law enforcement and respect for fundamental human rights as enshrined in the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights and other applicable international human rights treaties, which reaffirm the right of everyone to hold opinions without interference, as well as the right to freedom of expression, including the freedom to seek, receive, and impart information and ideas of all kinds, regardless of frontiers, and the rights concerning the respect for privacy;

Mindful also of the right to the protection of personal data, as conferred, for example, by the 1981 Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data;

Considering the 1989 United Nations Convention on the Rights of the Child and the 1999 International Labour Organization Worst Forms of Child Labour Convention;

Taking into account the existing Council of Europe conventions on co-operation in the penal field, as well as similar treaties which exist between Council of Europe member States and other States, and stressing that the present Convention is intended to supplement those conventions in order to make criminal investigations and proceedings concerning criminal offences related to computer systems and data more effective and to enable the collection of evidence in electronic form of a criminal offence;

Welcoming recent developments which further advance international understanding and co-operation in combating cybercrime, including action taken by the United Nations, the OECD, the European Union and the G8;

Recalling Committee of Ministers Recommendations nº R (85) 10 concerning the practical application of the European Convention on Mutual Assistance in Criminal Matters in respect of letters rogatory for the interception of telecommunications, nº R (88) 2 on piracy in the field of copyright and neighbouring rights, nº R (87) 15 regulating the use of personal data in the police sector, nº R (95) 4 on the protection of personal data in the area of telecommunication services, with particular reference to telephone services, as well as nº R (89) 9 on computer-related crime providing guidelines for national legislatures concerning the definition of certain computer crimes and nº R (95) 13 concerning problems of criminal procedural law connected with information technology;

Having regard to Resolution nº 1 adopted by the European Ministers of Justice at their 21st Conference (Prague, 10 and 11 June 1997), which recommended that the Committee of Ministers support the work on cybercrime carried out by the European Committee on Crime Problems (CDPC) in order to bring domestic criminal law provisions closer to each other and enable the use of effective means of investigation into such offences, as well as to Resolution nº 3 adopted at the 23rd Conference of the European Ministers of Justice (London, 8 and 9 June 2000), which encouraged the negotiating parties to pursue their efforts with a view to finding appropriate solutions to enable the largest possible number of States to become parties to the Convention and acknowledged the need for a swift and efficient system of international co-operation, which duly takes into account the specific requirements of the fight against cybercrime;

Having also regard to the Action Plan adopted by the Heads of State and Government of the Council of Europe on the occasion of their Second Summit (Strasbourg, 10 and 11 October 1997), to seek common responses to the development of the new information technologies based on the standards and values of the Council of Europe;

Have agreed as follows:

Chapter I .- Use of terms

Article 1 .- Definitions

For the purposes of this Convention:

a “computer system” means any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data;

b “computer data” means any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function;

c “service provider” means:

i any public or private entity that provides to users of its service the ability to communicate by means of a computer system, and

ii any other entity that processes or stores computer data on behalf of such communication service or users of such service.

d “traffic data” means any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.

Chapter II .- Measures to be taken at the national level

Section 1 .- Substantive criminal law

Title 1 .- Offences against the confidentiality, integrity and availability of computer data and systems

Article 2 .- Illegal access

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system.

Article 3 .- Illegal interception

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system.

Article 4 .- Data interference

1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the damaging, deletion, deterioration, alteration or suppression of computer data without right.

2 A Party may reserve the right to require that the conduct described in paragraph 1 result in serious harm.

Article 5 .- System interference

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data.

Article 6 .- Misuse of devices

1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:

a the production, sale, procurement for use, import, distribution or otherwise making available of:

i a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5;

ii a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and

b the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches.

2 This article shall not be interpreted as imposing criminal liability where the production, sale, procurement for use, import, distribution or otherwise making available or possession referred to in paragraph 1 of this article is not for the purpose of committing an offence established in accordance with Articles 2 through 5 of this Convention, such as for the authorised testing or protection of a computer system.

3 Each Party may reserve the right not to apply paragraph 1 of this article, provided that the reservation does not concern the sale, distribution or otherwise making available of the items referred to in paragraph 1 a.ii of this article.

Title 2 .- Computer-related offences

Article 7 .- Computer-related forgery

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible. A Party may require an intent to defraud, or similar dishonest intent, before criminal liability attaches.

Article 8 .- Computer-related fraud

a any input, alteration, deletion or suppression of computer data,

b any interference with the functioning of a computer system, with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person.

Title 3 .- Content-related offences

Article 9 .- Offences related to child pornography

1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the following conduct:

a producing child pornography for the purpose of its distribution through a computer system;

b offering or making available child pornography through a computer system;

c distributing or transmitting child pornography through a computer system;

d procuring child pornography through a computer system for oneself or for another person;

e possessing child pornography in a computer system or on a computer-data storage medium.

2 For the purpose of paragraph 1 above, the term “child pornography” shall include pornographic material that visually depicts:

a a minor engaged in sexually explicit conduct;

b a person appearing to be a minor engaged in sexually explicit conduct;

c realistic images representing a minor engaged in sexually explicit conduct.

3 For the purpose of paragraph 2 above, the term “minor” shall include all persons under 18 years of age. A Party may, however, require a lower age-limit, which shall be not less than 16 years.

4 Each Party may reserve the right not to apply, in whole or in part, paragraphs 1, sub-paragraphs d. and e, and 2, sub-paragraphs b. and c.

Title 4 .- Offences related to infringements of copyright and related rights

Article 10 .- Offences related to infringements of copyright and related rights

1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of copyright, as defined under the law of that Party, pursuant to the obligations it has undertaken under the Paris Act of 24 July 1971 revising the Bern Convention for the Protection of Literary and Artistic Works, the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Copyright Treaty, with the exception of any moral rights conferred by such conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system.

2 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of related rights, as defined under the law of that Party, pursuant to the obligations it has undertaken under the International Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organisations (Rome Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Performances and Phonograms Treaty, with the exception of any moral rights conferred by such conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system.

3 A Party may reserve the right not to impose criminal liability under paragraphs 1 and 2 of this article in limited circumstances, provided that other effective remedies are available and that such reservation does not derogate from the Party’s international obligations set forth in the international instruments referred to in paragraphs 1 and 2 of this article.

Title 5 .- Ancillary liability and sanctions

Article 11 .- Attempt and aiding or abetting

1 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, aiding or abetting the commission of any of the offences established in accordance with Articles 2 through 10 of the present Convention with intent that such offence be committed.

2 Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, an attempt to commit any of the offences established in accordance with Articles 3 through 5, 7, 8, and 9.1.a and c. of this Convention.

3 Each Party may reserve the right not to apply, in whole or in part, paragraph 2 of this article.

Article 12 .- Corporate liability

1 Each Party shall adopt such legislative and other measures as may be necessary to ensure that legal persons can be held liable for a criminal offence established in accordance with this Convention, committed for their benefit by any natural person, acting either individually or as part of an organ of the legal person, who has a leading position within it, based on:

a a power of representation of the legal person;

b an authority to take decisions on behalf of the legal person;

c an authority to exercise control within the legal person.

2 In addition to the cases already provided for in paragraph 1 of this article, each Party shall take the measures necessary to ensure that a legal person can be held liable where the lack of supervision or control by a natural person referred to in paragraph 1 has made possible the commission of a criminal offence established in accordance with this Convention for the benefit of that legal person by a natural person acting under its authority.

3 Subject to the legal principles of the Party, the liability of a legal person may be criminal, civil or administrative.

4 Such liability shall be without prejudice to the criminal liability of the natural persons who have committed the offence.

Article 13 .- Sanctions and measures

1 Each Party shall adopt such legislative and other measures as may be necessary to ensure that the criminal offences established in accordance with Articles 2 through 11 are punishable by effective, proportionate and dissuasive sanctions, which include deprivation of liberty.

2 Each Party shall ensure that legal persons held liable in accordance with Article 12 shall be subject to effective, proportionate and dissuasive criminal or non-criminal sanctions or measures, including monetary sanctions.

Section 2 .- Procedural law

Title 1 .- Common provisions

Article 14 .- Scope of procedural provisions

1 Each Party shall adopt such legislative and other measures as may be necessary to establish the powers and procedures provided for in this section for the purpose of specific criminal investigations or proceedings.

2 Except as specifically provided otherwise in Article 21, each Party shall apply the powers and procedures referred to in paragraph 1 of this article to:

a the criminal offences established in accordance with Articles 2 through 11 of this Convention;

b other criminal offences committed by means of a computer system; and

c the collection of evidence in electronic form of a criminal offence.

a. Each Party may reserve the right to apply the measures referred to in Article 20 only to offences or categories of offences specified in the reservation, provided that the range of such offences or categories of offences is not more restricted than the range of offences to which it applies the measures referred to in Article 21. Each Party shall consider restricting such a reservation to enable the broadest application of the measure referred to in Article 20.

b Where a Party, due to limitations in its legislation in force at the time of the adoption of the present Convention, is not able to apply the measures referred to in Articles 20 and 21 to communications being transmitted within a computer system of a service provider, which system:

i is being operated for the benefit of a closed group of users, and

ii does not employ public communications networks and is not connected with another computer system, whether public or private, that Party may reserve the right not to apply these measures to such communications. Each Party shall consider restricting such a reservation to enable the broadest application of the measures referred to in Articles 20 and 21.

Article 15 .- Conditions and safeguards

1 Each Party shall ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law, which shall provide for the adequate protection of human rights and liberties, including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights, and other applicable international human rights instruments, and which shall incorporate the principle of proportionality.

2 Such conditions and safeguards shall, as appropriate in view of the nature of the procedure or power concerned, inter alia, include judicial or other independent supervision, grounds justifying application, and limitation of the scope and the duration of such power or procedure.

3 To the extent that it is consistent with the public interest, in particular the sound administration of justice, each Party shall consider the impact of the powers and procedures in this section upon the rights, responsibilities and legitimate interests of third parties.

Title 2 .- Expedited preservation of stored computer data

Article 16 .- Expedited preservation of stored computer data

1 Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data, that has been stored by means of a computer system, in particular where there are grounds to believe that the computer data is particularly vulnerable to loss or modification.

2 Where a Party gives effect to paragraph 1 above by means of an order to a person to preserve specified stored computer data in the person’s possession or control, the Party shall adopt such legislative and other measures as may be necessary to oblige that person to preserve and maintain the integrity of that computer data for a period of time as long as necessary, up to a maximum of ninety days, to enable the competent authorities to seek its disclosure. A Party may provide for such an order to be subsequently renewed.

3 Each Party shall adopt such legislative and other measures as may be necessary to oblige the custodian or other person who is to preserve the computer data to keep confidential the undertaking of such procedures for the period of time provided for by its domestic law.

4 The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

Article 17 .- Expedited preservation and partial disclosure of traffic data

1 Each Party shall adopt, in respect of traffic data that is to be preserved under Article 16, such legislative and other measures as may be necessary to:

a ensure that such expeditious preservation of traffic data is available regardless of whether one or more service providers were involved in the transmission of that communication; and

b ensure the expeditious disclosure to the Party’s competent authority, or a person designated by that authority, of a sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted.

2 The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

Title 3 .- Production order

Article 18 .- Production order

1 Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order:

a a person in its territory to submit specified computer data in that person’s possession or control, which is stored in a computer system or a computer-data storage medium; and

b a service provider offering its services in the territory of the Party to submit subscriber information relating to such services in that service provider’s possession or control.

2 The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

3 For the purpose of this article, the term “subscriber information” means any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which can be established:

a the type of communication service used, the technical provisions taken thereto and the period of service;

b the subscriber’s identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement;

c any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement.

Title 4 .- Search and seizure of stored computer data

Article 19 .- Search and seizure of stored computer data

1 Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to search or similarly access:

a a computer system or part of it and computer data stored therein; and

b a computer-data storage medium in which computer data may be stored in its territory.

2 Each Party shall adopt such legislative and other measures as may be necessary to ensure that where its authorities search or similarly access a specific computer system or part of it, pursuant to paragraph 1.a, and have grounds to believe that the data sought is stored in another computer system or part of it in its territory, and such data is lawfully accessible from or available to the initial system, the authorities shall be able to expeditiously extend the search or similar accessing to the other system.

3 Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to seize or similarly secure computer data accessed according to paragraphs 1 or 2. These measures shall include the power to:

a seize or similarly secure a computer system or part of it or a computer-data storage medium;

b make and retain a copy of those computer data;

c maintain the integrity of the relevant stored computer data;

d render inaccessible or remove those computer data in the accessed computer system.

4 Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data therein to provide, as is reasonable, the necessary information, to enable the undertaking of the measures referred to in paragraphs 1 and 2.

5 The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

Title 5 .- Real-time collection of computer data

Article 20 .- Real-time collection of traffic data

1 Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to:

a collect or record through the application of technical means on the territory of that Party, and

b compel a service provider, within its existing technical capability:

i to collect or record through the application of technical means on the territory of that Party; or

ii to co-operate and assist the competent authorities in the collection or recording of, traffic data, in real-time, associated with specified communications in its territory transmitted by means of a computer system.

2 Where a Party, due to the established principles of its domestic legal system, cannot adopt the measures referred to in paragraph 1.a, it may instead adopt legislative and other measures as may be necessary to ensure the real-time collection or recording of traffic data associated with specified communications transmitted in its territory, through the application of technical means on that territory.

3 Each Party shall adopt such legislative and other measures as may be necessary to oblige a service provider to keep confidential the fact of the execution of any power provided for in this article and any information relating to it.

4 The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

Article 21 .- Interception of content data

1 Each Party shall adopt such legislative and other measures as may be necessary, in relation to a range of serious offences to be determined by domestic law, to empower its competent authorities to:

a collect or record through the application of technical means on the territory of that Party, and

b compel a service provider, within its existing technical capability:

i to collect or record through the application of technical means on the territory of that Party, or

ii to co-operate and assist the competent authorities in the collection or recording of, content data, in real-time, of specified communications in its territory transmitted by means of a computer system.

2 Where a Party, due to the established principles of its domestic legal system, cannot adopt the measures referred to in paragraph 1.a, it may instead adopt legislative and other measures as may be necessary to ensure the real-time collection or recording of content data on specified communications in its territory through the application of technical means on that territory.

4 The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

Section 3 .- Jurisdiction

Article 22 .- Jurisdiction

1 Each Party shall adopt such legislative and other measures as may be necessary to establish jurisdiction over any offence established in accordance with Articles 2 through 11 of this Convention, when the offence is committed:

a in its territory; or

b on board a ship flying the flag of that Party; or

c on board an aircraft registered under the laws of that Party; or

d by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State.

2 Each Party may reserve the right not to apply or to apply only in specific cases or conditions the jurisdiction rules laid down in paragraphs 1.b through 1.d of this article or any part thereof.

3 Each Party shall adopt such measures as may be necessary to establish jurisdiction over the offences referred to in Article 24, paragraph 1, of this Convention, in cases where an alleged offender is present in its territory and it does not extradite him or her to another Party, solely on the basis of his or her nationality, after a request for extradition.

4 This Convention does not exclude any criminal jurisdiction exercised by a Party in accordance with its domestic law.

5 When more than one Party claims jurisdiction over an alleged offence established in accordance with this Convention, the Parties involved shall, where appropriate, consult with a view to determining the most appropriate jurisdiction for prosecution.

Chapter III .- International co-operation

Section 1 .- General principles

Title 1 .- General principles relating to international co-operation

Article 23 .- General principles relating to international co-operation

The Parties shall co-operate with each other, in accordance with the provisions of this chapter, and through the application of relevant international instruments on international co-operation in criminal matters, arrangements agreed on the basis of uniform or reciprocal legislation, and domestic laws, to the widest extent possible for the purposes of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.

Title 2 .- Principles relating to extradition

Article 24 .- Extradition

a. This article applies to extradition between Parties for the criminal offences established in accordance with Articles 2 through 11 of this Convention, provided that they are punishable under the laws of both Parties concerned by deprivation of liberty for a maximum period of at least one year, or by a more severe penalty.

b. Where a different minimum penalty is to be applied under an arrangement agreed on the basis of uniform or reciprocal legislation or an extradition treaty, including the European Convention on Extradition (ETS No. 24), applicable between two or more parties, the minimum penalty provided for under such arrangement or treaty shall apply.

2 The criminal offences described in paragraph 1 of this article shall be deemed to be included as extraditable offences in any extradition treaty existing between or among the Parties. The Parties undertake to include such offences as extraditable offences in any extradition treaty to be concluded between or among them.

3 If a Party that makes extradition conditional on the existence of a treaty receives a request for extradition from another Party with which it does not have an extradition treaty, it may consider this Convention as the legal basis for extradition with respect to any criminal offence referred to in paragraph 1 of this article.

4 Parties that do not make extradition conditional on the existence of a treaty shall recognise the criminal offences referred to in paragraph 1 of this article as extraditable offences between themselves.

5 Extradition shall be subject to the conditions provided for by the law of the requested Party or by applicable extradition treaties, including the grounds on which the requested Party may refuse extradition.

6 If extradition for a criminal offence referred to in paragraph 1 of this article is refused solely on the basis of the nationality of the person sought, or because the requested Party deems that it has jurisdiction over the offence, the requested Party shall submit the case at the request of the requesting Party to its competent authorities for the purpose of prosecution and shall report the final outcome to the requesting Party in due course. Those authorities shall take their decision and conduct their investigations and proceedings in the same manner as for any other offence of a comparable nature under the law of that Party.

a. Each Party shall, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, communicate to the Secretary General of the Council of Europe the name and address of each authority responsible for making or receiving requests for extradition or provisional arrest in the absence of a treaty.

b. The Secretary General of the Council of Europe shall set up and keep updated a register of authorities so designated by the Parties. Each Party shall ensure that the details held on the register are correct at all times.

Title 3 .- General principles relating to mutual assistance

Article 25 .- General principles relating to mutual assistance

1 The Parties shall afford one another mutual assistance to the widest extent possible for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.

2 Each Party shall also adopt such legislative and other measures as may be necessary to carry out the obligations set forth in Articles 27 through 35.

3 Each Party may, in urgent circumstances, make requests for mutual assistance or communications related thereto by expedited means of communication, including fax or e-mail, to the extent that such means provide appropriate levels of security and authentication (including the use of encryption, where necessary), with formal confirmation to follow, where required by the requested Party. The requested Party shall accept and respond to the request by any such expedited means of communication.

4 Except as otherwise specifically provided in articles in this chapter, mutual assistance shall be subject to the conditions provided for by the law of the requested Party or by applicable mutual assistance treaties, including the grounds on which the requested Party may refuse co-operation. The requested Party shall not exercise the right to refuse mutual assistance in relation to the offences referred to in Articles 2 through 11 solely on the ground that the request concerns an offence which it considers a fiscal offence.

5 Where, in accordance with the provisions of this chapter, the requested Party is permitted to make mutual assistance conditional upon the existence of dual criminality, that condition shall be deemed fulfilled, irrespective of whether its laws place the offence within the same category of offence or denominate the offence by the same terminology as the requesting Party, if the conduct underlying the offence for which assistance is sought is a criminal offence under its laws.

Article 26 .- Spontaneous information

1 A Party may, within the limits of its domestic law and without prior request, forward to another Party information obtained within the framework of its own investigations when it considers that the disclosure of such information might assist the receiving Party in initiating or carrying out investigations or proceedings concerning criminal offences established in accordance with this Convention or might lead to a request for co-operation by that Party under this chapter.

2 Prior to providing such information, the providing Party may request that it be kept confidential or only used subject to conditions. If the receiving Party cannot comply with such request, it shall notify the providing Party, which shall then determine whether the information should nevertheless be provided. If the receiving Party accepts the information subject to the conditions, it shall be bound by them.

Title 4 .- Procedures pertaining to mutual assistance requests in the absence of applicable international agreements

Article 27 .- Procedures pertaining to mutual assistance requests in the absence of applicable international agreements

1 Where there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and requested Parties, the provisions of paragraphs 2 through 9 of this article shall apply. The provisions of this article shall not apply where such treaty, arrangement or legislation exists, unless the Parties concerned agree to apply any or all of the remainder of this article in lieu thereof.

a. Each Party shall designate a central authority or authorities responsible for sending and answering requests for mutual assistance, the execution of such requests or their transmission to the authorities competent for their execution.

b. The central authorities shall communicate directly with each other;

c. Each Party shall, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, communicate to the Secretary General of the Council of Europe the names and addresses of the authorities designated in pursuance of this paragraph;

d. The Secretary General of the Council of Europe shall set up and keep updated a register of central authorities designated by the Parties. Each Party shall ensure that the details held on the register are correct at all times.

3 Mutual assistance requests under this article shall be executed in accordance with the procedures specified by the requesting Party, except where incompatible with the law of the requested Party.

4 The requested Party may, in addition to the grounds for refusal established in Article 25, paragraph 4, refuse assistance if:

a the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence, or

b it considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

5 The requested Party may postpone action on a request if such action would prejudice criminal investigations or proceedings conducted by its authorities.

6 Before refusing or postponing assistance, the requested Party shall, where appropriate after having consulted with the requesting Party, consider whether the request may be granted partially or subject to such conditions as it deems necessary.

7 The requested Party shall promptly inform the requesting Party of the outcome of the execution of a request for assistance. Reasons shall be given for any refusal or postponement of the request. The requested Party shall also inform the requesting Party of any reasons that render impossible the execution of the request or are likely to delay it significantly.

8 The requesting Party may request that the requested Party keep confidential the fact of any request made under this chapter as well as its subject, except to the extent necessary for its execution. If the requested Party cannot comply with the request for confidentiality, it shall promptly inform the requesting Party, which shall then determine whether the request should nevertheless be executed.

a. In the event of urgency, requests for mutual assistance or communications related thereto may be sent directly by judicial authorities of the requesting Party to such authorities of the requested Party. In any such cases, a copy shall be sent at the same time to the central authority of the requested Party through the central authority of the requesting Party.

b. Any request or communication under this paragraph may be made through the International Criminal Police Organisation (Interpol).

c. Where a request is made pursuant to sub-paragraph a. of this article and the authority is not competent to deal with the request, it shall refer the request to the competent national authority and inform directly the requesting Party that it has done so.

d. Requests or communications made under this paragraph that do not involve coercive action may be directly transmitted by the competent authorities of the requesting Party to the competent authorities of the requested Party.

e. Each Party may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, inform the Secretary General of the Council of Europe that, for reasons of efficiency, requests made under this paragraph are to be addressed to its central authority.

Article 28 .- Confidentiality and limitation on use

1 When there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and the requested Parties, the provisions of this article shall apply. The provisions of this article shall not apply where such treaty, arrangement or legislation exists, unless the Parties concerned agree to apply any or all of the remainder of this article in lieu thereof.

2 The requested Party may make the supply of information or material in response to a request dependent on the condition that it is:

a kept confidential where the request for mutual legal assistance could not be complied with in the absence of such condition, or

b not used for investigations or proceedings other than those stated in the request.

3 If the requesting Party cannot comply with a condition referred to in paragraph 2, it shall promptly inform the other Party, which shall then determine whether the information should nevertheless be provided. When the requesting Party accepts the condition, it shall be bound by it.

4 Any Party that supplies information or material subject to a condition referred to in paragraph 2 may require the other Party to explain, in relation to that condition, the use made of such information or material.

Section 2 .- Specific provisions

Title 1 .- Mutual assistance regarding provisional measures

Article 29 .- Expedited preservation of stored computer data

1 A Party may request another Party to order or otherwise obtain the expeditious preservation of data stored by means of a computer system, located within the territory of that other Party and in respect of which the requesting Party intends to submit a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of the data.

2 A request for preservation made under paragraph 1 shall specify:

a the authority seeking the preservation;

b the offence that is the subject of a criminal investigation or proceedings and a brief summary of the related facts;

c the stored computer data to be preserved and its relationship to the offence;

d any available information identifying the custodian of the stored computer data or the location of the computer system;

e the necessity of the preservation; and

f that the Party intends to submit a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of the stored computer data.

3 Upon receiving the request from another Party, the requested Party shall take all appropriate measures to preserve expeditiously the specified data in accordance with its domestic law. For the purposes of responding to a request, dual criminality shall not be required as a condition to providing such preservation.

4 A Party that requires dual criminality as a condition for responding to a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of stored data may, in respect of offences other than those established in accordance with Articles 2 through 11 of this Convention, reserve the right to refuse the request for preservation under this article in cases where it has reasons to believe that at the time of disclosure the condition of dual criminality cannot be fulfilled.

5 In addition, a request for preservation may only be refused if:

a the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence, or

b the requested Party considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

6 Where the requested Party believes that preservation will not ensure the future availability of the data or will threaten the confidentiality of or otherwise prejudice the requesting Party’s investigation, it shall promptly so inform the requesting Party, which shall then determine whether the request should nevertheless be executed.

7 Any preservation effected in response to the request referred to in paragraph 1 shall be for a period not less than sixty days, in order to enable the requesting Party to submit a request for the search or similar access, seizure or similar securing, or disclosure of the data. Following the receipt of such a request, the data shall continue to be preserved pending a decision on that request.

Article 30 .- Expedited disclosure of preserved traffic data

1 Where, in the course of the execution of a request made pursuant to Article 29 to preserve traffic data concerning a specific communication, the requested Party discovers that a service provider in another State was involved in the transmission of the communication, the requested Party shall expeditiously disclose to the requesting Party a sufficient amount of traffic data to identify that service provider and the path through which the communication was transmitted.

2 Disclosure of traffic data under paragraph 1 may only be withheld if:

a the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence; or

b the requested Party considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

Title 2 .- Mutual assistance regarding investigative powers

Article 31 .- Mutual assistance regarding accessing of stored computer data

1 A Party may request another Party to search or similarly access, seize or similarly secure, and disclose data stored by means of a computer system located within the territory of the requested Party, including data that has been preserved pursuant to Article 29.

2 The requested Party shall respond to the request through the application of international instruments, arrangements and laws referred to in Article 23, and in accordance with other relevant provisions of this chapter.

3 The request shall be responded to on an expedited basis where:

a there are grounds to believe that relevant data is particularly vulnerable to loss or modification; or

b the instruments, arrangements and laws referred to in paragraph 2 otherwise provide for expedited co-operation.

Article 32 .- Trans-border access to stored computer data with consent or where publicly available

A Party may, without the authorisation of another Party:

a access publicly available (open source) stored computer data, regardless of where the data is located geographically; or

b access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.

Article 33 .- Mutual assistance regarding the real-time collection of traffic data

1 The Parties shall provide mutual assistance to each other in the real-time collection of traffic data associated with specified communications in their territory transmitted by means of a computer system. Subject to the provisions of paragraph 2, this assistance shall be governed by the conditions and procedures provided for under domestic law.

2 Each Party shall provide such assistance at least with respect to criminal offences for which real-time collection of traffic data would be available in a similar domestic case.

Article 34 .- Mutual assistance regarding the interception of content data

The Parties shall provide mutual assistance to each other in the real-time collection or recording of content data of specified communications transmitted by means of a computer system to the extent permitted under their applicable treaties and domestic laws.

Title 3 .- 24/7 Network

Article 35 .- 24/7 Network

1 Each Party shall designate a point of contact available on a twenty-four hour, seven-day-a-week basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence. Such assistance shall include facilitating, or, if permitted by its domestic law and practice, directly carrying out the following measures:

a the provision of technical advice;

b the preservation of data pursuant to Articles 29 and 30;

c the collection of evidence, the provision of legal information, and locating of suspects.

a. A Party’s point of contact shall have the capacity to carry out communications with the point of contact of another Party on an expedited basis.

b. If the point of contact designated by a Party is not part of that Party’s authority or authorities responsible for international mutual assistance or extradition, the point of contact shall ensure that it is able to co-ordinate with such authority or authorities on an expedited basis.

3 Each Party shall ensure that trained and equipped personnel are available, in order to facilitate the operation of the network.

Chapter IV .- Final provisions

Article 36 .- Signature and entry into force

1 This Convention shall be open for signature by the member States of the Council of Europe and by non-member States which have participated in its elaboration.

2 This Convention is subject to ratification, acceptance or approval. Instruments of ratification, acceptance or approval shall be deposited with the Secretary General of the Council of Europe.

3 This Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date on which five States, including at least three member States of the Council of Europe, have expressed their consent to be bound by the Convention in accordance with the provisions of paragraphs 1 and 2.

4 In respect of any signatory State which subsequently expresses its consent to be bound by it, the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of the expression of its consent to be bound by the Convention in accordance with the provisions of paragraphs 1 and 2.

Article 37 .- Accession to the Convention

1 After the entry into force of this Convention, the Committee of Ministers of the Council of Europe, after consulting with and obtaining the unanimous consent of the Contracting States to the Convention, may invite any State which is not a member of the Council and which has not participated in its elaboration to accede to this Convention. The decision shall be taken by the majority provided for in Article 20.d. of the Statute of the Council of Europe and by the unanimous vote of the representatives of the Contracting States entitled to sit on the Committee of Ministers.

2 In respect of any State acceding to the Convention under paragraph 1 above, the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of deposit of the instrument of accession with the Secretary General of the Council of Europe.

Article 38 .- Territorial application

1 Any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, specify the territory or territories to which this Convention shall apply.

2 Any State may, at any later date, by a declaration addressed to the Secretary General of the Council of Europe, extend the application of this Convention to any other territory specified in the declaration. In respect of such territory the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of receipt of the declaration by the Secretary General.

3 Any declaration made under the two preceding paragraphs may, in respect of any territory specified in such declaration, be withdrawn by a notification addressed to the Secretary General of the Council of Europe. The withdrawal shall become effective on the first day of the month following the expiration of a period of three months after the date of receipt of such notification by the Secretary General.

Article 39 .- Effects of the Convention

1 The purpose of the present Convention is to supplement applicable multilateral or bilateral treaties or arrangements as between the Parties, including the provisions of:

– the European Convention on Extradition, opened for signature in Paris, on 13 December 1957 (ETS No. 24);

– the European Convention on Mutual Assistance in Criminal Matters, opened for signature in Strasbourg, on 20 April 1959 (ETS No. 30);

– the Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters, opened for signature in Strasbourg, on 17 March 1978 (ETS No. 99).

2 If two or more Parties have already concluded an agreement or treaty on the matters dealt with in this Convention or have otherwise established their relations on such matters, or should they in future do so, they shall also be entitled to apply that agreement or treaty or to regulate those relations accordingly. However, where Parties establish their relations in respect of the matters dealt with in the present Convention other than as regulated therein, they shall do so in a manner that is not inconsistent with the Convention’s objectives and principles.

3 Nothing in this Convention shall affect other rights, restrictions, obligations and responsibilities of a Party.

Article 40 .- Declarations

By a written notification addressed to the Secretary General of the Council of Europe, any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, declare that it avails itself of the possibility of requiring additional elements as provided for under Articles 2, 3, 6 paragraph 1.b, 7, 9 paragraph 3, and 27, paragraph 9.e.

Article 41 .- Federal clause

1 A federal State may reserve the right to assume obligations under Chapter II of this Convention consistent with its fundamental principles governing the relationship between its central government and constituent States or other similar territorial entities provided that it is still able to co-operate under Chapter III.

2 When making a reservation under paragraph 1, a federal State may not apply the terms of such reservation to exclude or substantially diminish its obligations to provide for measures set forth in Chapter II. Overall, it shall provide for a broad and effective law enforcement capability with respect to those measures.

3 With regard to the provisions of this Convention, the application of which comes under the jurisdiction of constituent States or other similar territorial entities, that are not obliged by the constitutional system of the federation to take legislative measures, the federal government shall inform the competent authorities of such States of the said provisions with its favourable opinion, encouraging them to take appropriate action to give them effect.

Article 42 .- Reservations

By a written notification addressed to the Secretary General of the Council of Europe, any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, declare that it avails itself of the reservation(s) provided for in Article 4, paragraph 2, Article 6, paragraph 3, Article 9, paragraph 4, Article 10, paragraph 3, Article 11, paragraph 3, Article 14, paragraph 3, Article 22, paragraph 2, Article 29, paragraph 4, and Article 41, paragraph 1. No other reservation may be made.

Article 43 .- Status and withdrawal of reservations

1 A Party that has made a reservation in accordance with Article 42 may wholly or partially withdraw it by means of a notification addressed to the Secretary General of the Council of Europe. Such withdrawal shall take effect on the date of receipt of such notification by the Secretary General. If the notification states that the withdrawal of a reservation is to take effect on a date specified therein, and such date is later than the date on which the notification is received by the Secretary General, the withdrawal shall take effect on such a later date.

2 A Party that has made a reservation as referred to in Article 42 shall withdraw such reservation, in whole or in part, as soon as circumstances so permit.

3 The Secretary General of the Council of Europe may periodically enquire with Parties that have made one or more reservations as referred to in Article 42 as to the prospects for withdrawing such reservation(s).

Article 44.-– Amendments

1 Amendments to this Convention may be proposed by any Party, and shall be communicated by the Secretary General of the Council of Europe to the member States of the Council of Europe, to the non-member States which have participated in the elaboration of this Convention as well as to any State which has acceded to, or has been invited to accede to, this Convention in accordance with the provisions of Article 37.

2 Any amendment proposed by a Party shall be communicated to the European Committee on Crime Problems (CDPC), which shall submit to the Committee of Ministers its opinion on that proposed amendment.

3 The Committee of Ministers shall consider the proposed amendment and the opinion submitted by the CDPC and, following consultation with the non-member States Parties to this Convention, may adopt the amendment.

4 The text of any amendment adopted by the Committee of Ministers in accordance with paragraph 3 of this article shall be forwarded to the Parties for acceptance.

5 Any amendment adopted in accordance with paragraph 3 of this article shall come into force on the thirtieth day after all Parties have informed the Secretary General of their acceptance thereof.

Article 45 .- Settlement of disputes

1 The European Committee on Crime Problems (CDPC) shall be kept informed regarding the interpretation and application of this Convention.

2 In case of a dispute between Parties as to the interpretation or application of this Convention, they shall seek a settlement of the dispute through negotiation or any other peaceful means of their choice, including submission of the dispute to the CDPC, to an arbitral tribunal whose decisions shall be binding upon the Parties, or to the International Court of Justice, as agreed upon by the Parties concerned.

Article 46 .- Consultations of the Parties

1 The Parties shall, as appropriate, consult periodically with a view to facilitating:

a the effective use and implementation of this Convention, including the identification of any problems thereof, as well as the effects of any declaration or reservation made under this Convention;

b the exchange of information on significant legal, policy or technological developments pertaining to cybercrime and the collection of evidence in electronic form;

c consideration of possible supplementation or amendment of the Convention.

2 The European Committee on Crime Problems (CDPC) shall be kept periodically informed regarding the result of consultations referred to in paragraph 1.

3 The CDPC shall, as appropriate, facilitate the consultations referred to in paragraph 1 and take the measures necessary to assist the Parties in their efforts to supplement or amend the Convention. At the latest three years after the present Convention enters into force, the European Committee on Crime Problems (CDPC) shall, in co-operation with the Parties, conduct a review of all of the Convention’s provisions and, if necessary, recommend any appropriate amendments.

4 Except where assumed by the Council of Europe, expenses incurred in carrying out the provisions of paragraph 1 shall be borne by the Parties in the manner to be determined by them.

5 The Parties shall be assisted by the Secretariat of the Council of Europe in carrying out their functions pursuant to this article.

Article 47 .- Denunciation

1 Any Party may, at any time, denounce this Convention by means of a notification addressed to the Secretary General of the Council of Europe.

2 Such denunciation shall become effective on the first day of the month following the expiration of a period of three months after the date of receipt of the notification by the Secretary General.

Article 48 .- Notification

The Secretary General of the Council of Europe shall notify the member States of the Council of Europe, the non-member States which have participated in the elaboration of this Convention as well as any State which has acceded to, or has been invited to accede to, this Convention of:

a any signature;

b the deposit of any instrument of ratification, acceptance, approval or accession;

c any date of entry into force of this Convention in accordance with Articles 36 and 37;

d any declaration made under Article 40 or reservation made in accordance with Article 42;

e any other act, notification or communication relating to this Convention.

In witness whereof the undersigned, being duly authorised thereto, have signed this Convention.

Done at Budapest, this 23rd day of November 2001, in English and in French, both texts being equally authentic, in a single copy which shall be deposited in the archives of the Council of Europe. The Secretary General of the Council of Europe shall transmit certified copies to each member State of the Council of Europe, to the non-member States which have participated in the elaboration of this Convention, and to any State invited to accede to it.

Statement of the Republic of Azerbaijan on semi paragraph “a” of paragraph 7 of Article 24 of the Convention “On Cybercrime”

According to subparagraph “a” of paragraph 7 of Article 24 of the Convention, in case of the absence of an extradition treaty, the Republic of Azerbaijan designates the Ministry of Justice as a responsible authority for receiving inquiries regarding extradition and temporary arrest.

Statement of the Republic of Azerbaijan on semi paragraph “c” of paragraph 2 of Article 27 of the Convention “On Cybercrime”

According to subparagraph “c” of paragraph 2 of Article 27 of the Convention, the Republic of Azerbaijan designates the Ministry of National Security as a responsible authority for sending and answering requests for mutual assistance and the execution of such requests.

Statement of the Republic of Azerbaijan on semi paragraph “e” of paragraph 9 of Article 27 of the Convention “On Cybercrime”

According to subparagraph “e” of paragraph 9 of Article 27 of the Convention, the Republic of Azerbaijan informs the Secretary General that, for reasons of efficiency, requests made under this paragraph are to be addressed to its central authority.

Statement of the Republic of Azerbaijan on paragraph 1 of Article 35 of the Convention “On Cybercrime”

According to paragraph 1 of Article 35 of the Convention, the Republic of Azerbaijan designates the Ministry of National Security as a point of contact available on a twenty-four hour, seven-day-a-week basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or collection of evidence in electronic form of a criminal offence.

Statement of the Republic of Azerbaijan on Article 38 of the Convention “On Cybercrime”

According to Article 38 of the Convention, the Republic of Azerbaijan declares that it is unable to guarantee implementation of the Convention in the territories of the Republic of Azerbaijan, which have been occupied by the Republic of Armenia, until the liberation of those territories from occupation.

Reservation of the Republic of Azerbaijan on semi paragraph “b” of paragraph 1 of Article 6 of the Convention “On Cybercrime”

In accordance with subparagraph “b” of paragraph 1 of Article 6 of the Convention, the Republic of Azerbaijan declares that when acts are not considered dangerous crimes for the general public, they will be evaluated not as criminal offences, but as punishable acts regarded as a breach of law. In case the deliberate perpetration of acts subject to the penalty risk which are not treated as dangerous crimes for the general public (action or inaction) generates a serious harm, then they are treated as crime.

Reservation of the Republic of Azerbaijan on paragraph 3 of Article 6 of the Convention “On Cybercrime”

In relation to paragraph 3 of Article 6 of the Convention, the Republic of Azerbaijan appraises the acts indicated in paragraph 1 of Article 6 of the Convention not as criminal offences, but as punishable acts regarded as a breach of law in case these acts are not considered dangerous crimes for general public and stipulates that the given acts be subjected to criminal charge only at the event of incurrence of serious harm.

Reservations of the Republic of Azerbaijan on Article 42 and paragraph 2 of Article 4 of the Convention “on Cybercrime”

In accordance with Article 42 and Article 4, paragraph 2, of the Convention, the Republic of Azerbaijan declares that criminal liability occurs if the acts described in Article 4 of the Convention result in serious harm.

Reservations of the Republic of Azerbaijan on Article 42 and paragraph 4 of Article 29 of the Convention “on Cybercrime”

In accordance with Article 42 and Article 29, paragraph 4, of the Convention, the Republic of Azerbaijan reserves the right to refuse the request for preservation under this article in cases where it has reasons to believe that at the time of disclosure the condition of dual criminality cannot be fulfilled.

13Jul/17

The Law of the Azerbaijan Republic, 9 march 2004, on Digital Electronic Signature

13 julio, 2017Azerbaijan, Ley9 march 2004, Digital Electronic Signatura, Firma digital, Legislacion Azerbaijan Republic, Legislación Derecho Informático, on Digital Electronic Signature, The Law of the Azerbaijan RepublicJosé Cuervo

The Law of the Azerbaijan Republic, 9 march 2004, on Digital Electronic Signature.

This law sets organizational, legal grounds for use of Electronic signature and Electronic document, their application in Electronic document circulation and rights of related subjects, regulates disputes among them.

Chapter I.- General provisions

Article 1.- Main ideas

1.1.- The following main ideas have been used in this law:

1.1.1.- Data .- information available for development by information technology means;

1.1.2.- Database .- material object set for storage and use of data;

1.1.3.- Information notice .- form of information written in database;

1.1.4.- Electronic signature .- data added to another data or logically linked to them, admitting identification of signature holder;

1.1.5.- Strengthened Electronic signature (hereinafter – strengthened signature) .- Electronic signature created by Electronic signature means controlled by signature holder and belonging only to signature holder, identifying it, admitting to identify the information notice to which it is linked is integral, stable, not distorted and faked;

1.1.6.- Electronic signature holder (hereinafter signature holder).- physical person speaking on behalf of itself or person empowering it in legal manner;

1.1.7.- Electronic signature means (hereinafter – signature means) .- programs and technical means used for creation and verification of Electronic signature, creating signature and verification information;

1.1.8.- Electronic signature creation information .- unrepeatable data consisted of code or cryptographic key known by signature holder only and used to create Electronic signature;

1.1.9.- Electronic signature verification information .- unrepeatable data consisted of code or cryptographic key, fitting Electronic signature creation information and used to verify Electronic signature authenticity;

1.1.10.- Electronic signature authenticity .- confirming that Electronic signature verified by Electronic signature verification information belongs to Electronic signature holder, information notice linked to signature is integral, not
changed and distorted;

1.1.11.- Certificate .- paper or Electronic document for identification of signature holder, granted by certificate services center on relationship of Electronic signature verification information to signature holder;

1.1.12.- Perfect certificate .- certificate granted by certificate services center accredited on strengthened signature verification information;

1.1.13.- Certificate services center (hereinafter – center) .- legal person granting certificate for Electronic signature and doing other services set by this law on use of signatures, or physical person dealing with entrepreneurship not founding legal person;

1.1.14.- Accredited certificate services center (hereinafter – accredited center) .- certificate services center right of which to grant perfect certificate has been approved by corresponding executive power body;

1.1.15.- Electronic document .- document submitted in Electronic version for use in information system and confirmed by Electronic signature;

1.1.16.- Electronic document circulation .- information processes linked to signed traffic of Electronic document in information system;

1.1.17.- Electronic document circulation means .- programs, technical means and techs used in Electronic document circulation;

1.1.18.- Certified Electronic signature means .- Electronic signature means compliance of which with requirements set is confirmed upon certification rules;

1.1.19.- Certified Electronic document circulation means .- Electronic document circulation means compliance of which with requirements set is confirmed upon certification rules;

1.1.20.- Electronic document sender (hereinafter – sender) .- except Electronic document circulation mediator, physical or legal person by which or on behalf of which Electronic document is sent;

1.1.21.- Electronic document receiver (hereinafter – receiver) .- except Electronic document circulation mediator, physical or legal person to which Electronic document is addressed;

1.1.22.- Electronic document circulation mediator (hereinafter – mediator) .- physical or legal person doing Electronic document circulation services between sender and receiver;

1.1.23.- Electronic document authenticity .- confirmation of integrity (possession of necessary details) and entirety (lack of technical faults and distortions during transmission) of Electronic document via Electronic signature authenticity verification;

1.1.24.- Corporate information system .- information system set by owner or agreed among participants upon contract with limited users;

1.1.25.- Information on signature holder .- information stated by signature holder while getting certificate and collected on it during operation of system;

1.1.26.- Time indicator .- Electronic note of accredited center on receiving the information notice in certain time.

1.2.- Notion ‘centers’ that will further be used in this law will reflect the certificate services center and accredited center, and ‘signatures’ Electronic signature and strengthened signature.

Article 2.- Areas of use of Electronic signature and Electronic document
Except cases set by legislation of the Republic of Azerbaijan, Electronic signature and Electronic document can be used in all fields of activity where corresponding means are applied. Via Electronic document official and unofficial correspondences, exchange of documents and information causing legal responsibility and liabilities can be implemented.

Article 3.- Validity of Electronic signature and Electronic document

3.1.- Electronic signature cannot be considered invalid because it is in Electronic version or has no certificate, created by signature means nor certified.

3.2.- Except cases set by legislation of the Republic of Azerbaijan, signature created by certified signature means with strengthened perfect valid certificate is equal to the manual signature.

3.3.- If information on authorities of signature holder is shown in perfect certificate, strengthened signature according to Article 3.2 of this law is equal to manual signature on paper, confirmed with seal.

3.4.- If written form of document is required by legislation of the Republic of Azerbaijan, Electronic document signed according to Articles 3.2, 3.3 of this law is considered the one meeting these terms.

3.5.- Except cases when notarized confirmation and (or) state registration of the document is required by legislation of the Republic of Azerbaijan, Electronic document is equal to one on paper.

3.6.- If notarized confirmation or state registration of the document is required by legislation of the Republic of Azerbaijan, Electronic document or its copy meeting requirements of Article 25.1 of this law is registered or confirmed by legislation of the Republic of Azerbaijan.

3.7.- Use of information notice and Electronic document is regulated by this law and other legal acts.

Article 4.- Legislation of the Republic of Azerbaijan on Electronic signature and Electronic document

Legislation of the Republic of Azerbaijan on Electronic signature and Electronic document consists of Constitution of the Republic of Azerbaijan, international treaties supported by of the Republic of Azerbaijan, Civil Code of the Republic of Azerbaijan, this law, laws of the Republic of Azerbaijan ‘On state secret’, ‘On information and protection of information’ and other legal acts.

Chapter II.- Electronic signature

Article 5.- Use of Electronic signature

5.1.- Electronic signature created by signature means using Electronic signature creation information belongs to its holder only.

5.2.- Signature holder can have a few signature creation information and they are used in relations stated in certificates.

5.3.- Signature is verified to confirm authenticity of Electronic signature and Electronic document and identify signature holder. Verification is implemented in base of Electronic signature verification information using signature means.

5.4.- Rule of verification of Electronic signature is set by corresponding executive power body.

5.5.- Using Electronic signature not certified the signature holder must warn the opposite side.

Article 6.- Use of Electronic signature in state management

6.1.- Only strengthened signature and certified signature means are used for Electronic document exchange in information systems of state power and local self governing bodies.

6.2.- State power and local self governing bodies must use services of center accredited for the field.

6.3.- Information notice sent by physical or legal person to the state power or local self governing bodies must be confirmed with its strengthened signature.

6.4.- Rule of use of Electronic signature by state power and local self governing bodies is set by corresponding executive power body.

Article 7.- Use of Electronic signature in corporate information system

7.1.- Use of Electronic signature in corporate information system is regulated upon internal normative acts of system or contract among participants.

7.2.- Internal normative acts of corporate information system or contract among its participants must include rights and duties of persons while using signature, as well provisions on regulation of damage caused to participants
because of disobedience to rules of use of signature.

7.3.- Centers serving the corporate information system are formed upon decision of the system owner or agreement of participants.

7.4.- Activity of centers serving the corporate information system, contents of certificates, doing certificate services, implementation of certificate register, rules of storage of certificate is regulated by internal normative acts of
system.

7.5.- If certificate system center of corporate information system serves users of information system beyond the system the center must comply with and function according to the provisions of this law.

Chapter III.- Certificate services, certification

Article 8.- Electronic signature services subjects

Legal relations between signature holder, certificate services center or accredited center and corresponding executive power body during use of Electronic signature are regulated upon legislation of the Republic of Azerbaijan, this law and contract signed between parts.

Article 9.- Registration and accreditation of certificate services center

9.1.- 30 days before starting to function the center must inform corresponding executive power body and be registered.

9.2.- Information must contain address, legal status, financial, technical, personnel possibilities and features of activity of the person claiming to function as center.

Legal person must add to this information the state registration certificate and copy of charter, and physical person documents on its entrepreneurship activity by not creating legal person. List of documents submitted is set by
registration rules.

9.3.- Corresponding executive power body within 30 days verifies documents submitted by the center and makes decision on its registration.

9.4.- To do perfect certificate services the center is accredited at corresponding executive power body and perfect certificate is granted that.

9.5.- Number of accredited centers is not limited.

9.6.- Center can start to function only after inclusion of registration information in register of certificate services center by corresponding executive power body.

9.7.- Corresponding executive power body can deny registering the center in following cases:

9.7.1.- if applicant does not meet requirements of this law;

9.7.2.- if information and documents do not meet requirements of this law;

9.7.3.- if false information is submitted by applicant;

9.7.4.- if upon results of audit of information system security functioning of applicant as center is impossible;

9.7.5.- if activity considered by applicant on certification or registration of time indicators does not meet requirements of this law and other legal acts;

9.7.6.- if applicant has tax debt to state;

9.7.7.- other cases set by legislation of the Republic of Azerbaijan.

9.8.- Rules of registration and accreditation of the center are set by corresponding executive power body.

Article 10.- Certificate services

10.1.- Concerning use of signature centers can do following services:

10.1.1.- granting certificate;

10.1.2.- stopping, restoring validity of certificate and annulling certificate;

10.1.3.- upon queries, providing information set on certificate by this law and legislation of the Republic of Azerbaijan;

10.1.4.- noting time indicators;

10.1.5.- creating Electronic signature;

10.1.6.- providing advices on use of signature;

10.2.- Rules of doing certificate services are set by corresponding executive power body.

Article 11.- Granting the certificate

11.1.- Certificate is granted in base of written contract concluded between applicant and center.

11.2.- Physical person wanting to get certificate must submit its ID card and other documents set by rules.

11.3.- The accredited center is applied to get perfect certificate.

11.4.- After granting the certificate the center can according to this law stop, restore and annul its validity.

11.5.- Until certificate comes into force the center includes information on that in register and records in register next changes in state of certificate.

11.6.- Rules to grant certificate and conduct registration, contents of information inserted in that is set by corresponding executive power body.

Article 12.- Contents of certificate

12.1.- Following information is mainly included in certificate:

12.1.1.- title and address of center granting certificate (country);

12.1.2.- serial number of certificate;

12.1.3.- name, patronymic, surname of signature holder or its pseudonym shown for use;

12.1.4.- validity of certificate (time, date of beginning and ending of term);

12.1.5.- signature verification information of signature holder;

12.1.6.- title of signature means in which signature verification information will be used.

12.2.- If certificate is granted on paper it is made in official form of center, confirmed by manual signature of authorized person and seal. If certificate is granted on Electronic version it is confirmed by strengthened signature
of the body granting that.

12.3.- If the information submitted admits exact identification of signature holder, pseudonym can be used as person indicator. In this case use of pseudonym by the signature holder is clearly noted in the certificate.

12.4.- Perfect certificate granted to physical persons contain the following additionally:

12.4.1.- title and address of accredited center granting certificate (country);

12.4.2.- note on existence of perfect certificate;

12.4.3.- certificate use fields and limits;

12.5.- Perfect certificate granted to physical persons is confirmed by strengthened signature of accredited center granting that.

12.6.- Perfect certificate granted to accredited center must contain the following:

12.6.1.- title and address of body granting certificate (country);

12.6.2.- note on existence of perfect certificate;

12.6.3 certificate use fields and limits;

12.7.- Perfect certificate granted to accredited center is confirmed by strengthened signature of body granting that.

12.8.- Other information included in certificate is stated in contract signed between center and signature holder.

12.9.- In following cases certificate is invalid:

12.9.1.- if it is not granted in legal manner;

12.9.2.- if validity term is over;

12.9.3.- if strengthened signature of center granting certificate is not authentic;

12.9.4.- if validity of certificate is ceased or annulled;

12.9.5.- if it is not used in relations stated in that.

Article 13.- Stopping and restoring validity of certificate

13.1.- Validity of certificate is stopped by center in following cases:

13.1.1.- if signature holder applies;

13.1.2.- if authorized person (body) applies according to legislation or contract;

13.1.3.- if center has valid doubts in correctness of information that is base for granting certificate or in security of signature creation information of signature holder.

13.2.- Center immediately informs signature holder, authorized person (body) applying on stopping validity of certificate and conducts registration in register of certificates.

13.3.- In the event stated in Article 13.1.3 of this law validity of certificate cannot be stopped for more than 48 hours.

13.4.- Validity of certificate is restored in following cases:

13.4.1.- if signature holder demanding to stop validity of certificate applies or authorized person (body) applying gives permission;

13.4.2.- if valid doubts are removed as a result of actions taken by center;

13.4.3.- if term for stopping validity of certificate is over.

13.5.- Appeals for stopping or restoring validity of certificate must be in written form and well-established with corresponding documents.

13.6.- Disputes connected with stopping or restoring validity of certificate are regulated by legislation of the Republic of Azerbaijan.

Article 14.- Annulment of certificate

14.1.- Certificate can be annulled by center in following cases:

14.1.1.- upon appeal of signature holder;

14.1.2.- if validity term of certificate is over;

14.1.3.- upon decision or appeal of authorized person (body);

14.1.4.- if signature holder dies or considered disabled in legal manner;

14.1.5.- if documents and information submitted to center for granting certificate are fake, incorrect or invalid;

14.1.6.- if center finds out that signature holder has lost control on signature creation information;

14.1.7.- if not used in relations stated in that;

14.1.8.- if signature holder breaks requirements of legal acts regulating use of signature or contract signed with center;

14.1.9.- if certificate of signature means used has lost validity;

14.1.10.- in other cases set by legislation.

14.2.- Center informs signature holder, authorized person (body) applying on annulment of validity of certificate and conducts registration in register of certificates on amendments.

14.3.- Disputes because of annulment of certificate are settled by court.

Article 15.- Storage of documents on certificate services

15.1.- Certificates that are valid within time set by legislation of the Republic of Azerbaijan on fields of use given, validity of which is stopped or annulled, as well other documents and information related to that are stored at center.

15.2.- While certificate is stored the center assures free and permanent appeal of information system users to certificate, replies to inquiries related to that.

15.3.- Center assures storage of following documents:

15.3.1.- documents on assurance of security of certificate services;

15.3.2.- contracts signed with signature holders;

15.3.3.- copies of documents given upon certificates of center;

15.3.4.- documents of signature holder confirming its instruction;

15.3.5.- documents on stopping, restoring and annulling validity of certificate.

15.4.- After term for storage at center is over certificate is removed from register and given to archive. Term for storage in archive, rule of giving copies of certificates and other information on them within this time is regulated by
legislation of the Republic of Azerbaijan.

Article 16.- Recognition of certificates given in foreign countries

16.0.- Certificates given in foreign countries are valid in the Republic of Azerbaijan in following cases:

16.0.1.- if center granting certificate has undertaken accreditation in the Republic of Azerbaijan;

16.0.2.- if certificate meets security requirements set by this law and other legal acts of the Republic of Azerbaijan;

16.0.3.- if certificate is guaranteed by center accredited in the Republic of Azerbaijan or corresponding executive power body;

16.0.4.- if certificate has been granted by foreign centers stated in interstate contracts supported by the Republic of Azerbaijan.

Article 17.- Rights, duties and responsibilities of centers

17.1.- Centers are entitled to the following:

17.1.1.- to assure and regulate its activity according to legislation of the Republic of Azerbaijan;

17.1.2.- to do certificate services stated in this law;

17.1.3.- to undertake accreditation in corresponding executive power body for doing services related to perfect certificates;

17.1.4.- to apply to corresponding state bodies related to is activity;

17.1.5.- to put an end to its activity according to legislation of the Republic of Azerbaijan;

17.1.6.- to complain according to legislation of the Republic of Azerbaijan to the court from decisions on annulment of registration or accreditation of center, stopping or annulling validity of certificate;

17.1.7.- to do paid certificate services;

17.1.8.- to set fields and limits for use of certificates according to legislation of the Republic of Azerbaijan;

17.2.- Before signing contract with signature holder to give certificate center must inform it of rules of use of certificate and signature means, center’s legal status and state of accreditation.

17.3.- Centers fulfill following duties:

17.3.1.- assures security of activity and protection of information on signature holder;

17.3.2.- studies documents submitted by signature holder and in necessary cases applies to corresponding state body for verification of them;

17.3.3.- conducts registration of certificates, assures its importance and necessary conditions to provide free and permanent appeal to that;

17.3.4.- gives information on certificates;

17.3.5.- stores documents and information on certificate services;

17.3.6.- in cases stated in Articles 13 and 14 of this law stops, restores or annuls validity of certificates, informs signature holder and authorized person (body) on this.

17.3.7.- submits information on its activity to corresponding executive power body and replies to its queries;

17.3.8.- considering the term of start of activity, assures yearly audit of information system security and submits the result to corresponding executive power body within 30 days;

17.3.9.- promotes control on its activity by corresponding executive power body;

17.3.10.- implements other duties stated in legislation of the Republic of Azerbaijan and contract between parts.

17.4.- Centers bear responsibility for the following:

17.4.1.- security of its activity, protection of signature creation information and information on signature holder;

17.4.2.- entirety and correctness of information in certificate;

17.4.3.- quality and exactness of certificate services;

17.4.4.- illegal stopping or annulling validity of certificate;

17.4.5.- causing financial damage to signature holder by activity of center;

17.4.6.- delay in delivery of information to affect use of certificate to the signature holder.

17.5.- Accredited center implements granting the perfect certificates according to legislation of the Republic of Azerbaijan, this law and rules set by corresponding executive power body, and shows in certificate fields and limits
for its use.

17.6.- Accredited center guaranteeing certificate of perfect certificate and foreign certificate centers bears responsibility by legislation of the Republic of Azerbaijan for damage caused to signature user.

17.7.- Centers bear no responsibility for damage caused to signature user by violation of contract terms by signature holder, disobedience to purpose of certificate.

Article 18.- Requirements for certificate services

18.1.- While functioning centers must possess technical, personnel and financial opportunities, as well financial opportunities to reimburse damage that can be caused to users, do reliable and uninterrupted service.

18.2.- Centers must use certified signature means to give certificates, Electronic signature creation and verification information.

18.3.- Before starting to operate and yearly after registration centers must audit information system, apply technique and techs ensuring reliable use of system.

18.4.- Centers must possess educated, experienced and competent personnel to assure activity.

Article 19.- Putting an end to activity of certificate services center

19.1.- Putting an end to activity of center is implemented by civil legislation of the Republic of Azerbaijan.

19.2.- At least 30 days before putting an end to activity the center posts notices on mass media and other means, warns signature holders possessing valid certificates, certificate services centers certificates of which are guaranteed by that and with which guarantee contracts are signed, and corresponding executive power body.

19.3.- 30 days after the notice is given the centers implements annulment of valid certificates.

19.4.- 30 days after the notice is given on putting an end to activity of accredited center it must hand upon consent of signature holder the perfect certificates, information on them and inquires of signature users to another accredited center or corresponding executive power body. Certificates not handed are annulled and according to Article 15 of this law given to corresponding executive power body to be stored.

19.5.- In following cases corresponding executive power body can by legislation of the Republic of Azerbaijan annul registration, accreditation of centers and make a suit on putting an end to their activity:

19.5.1.- if documents and information submitted for registration are incorrect or invalid;

19.5.2.- if offences are regularly admitted in activity.

19.6.- Activity of center serving corporate information system can be ended upon decision of system owner or agreement of participants.

Article 20.- Rights, duties and responsibilities of signature holder

20.1.- Signature holder has following rights:

20.1.1.- to get detailed information on centers, their services, signatures, use of signature means and security rules;

20.1.2.- to be familiarized with information on that collected at centers;

20.1.3.- to complain by legislation of the Republic of Azerbaijan on decisions on stopping, restoring or annulling validity of certificate, other issues concerning activity of centers.

20.2.- Signature holder must be capable to create signature and use corresponding means.

20.3.- Signature holder bears responsibility for protection of signature creation information and signature means and must not admit use of them by another person. If control on these is lost or there is danger to this, signature holder
must immediately inform the respective center and demand to stop validity of certificate.

20.4.- While using strengthened signature the signature holder must obey the relations of use stated in perfect certificate.

20.5.- Applying to centers to sign contract the signature holder bears responsibility for integrity and correctness of information it submits.

20.6.- Signature holder bears responsibility by legislation of the Republic of Azerbaijan for damage caused by disobedience to terms stated in Article 20 of this law.

Chapter IV.- Electronic document

Article 21.- Requirements for Electronic document

21.1.- Electronic document must meet the following requirements:

21.1.1.- must be created, stored, developed, transmitted and received due to support of technical and program means;

21.1.2.- must have structure stated in Article 22 of this law;

21.1.3.- must have details promoting identification;

21.1.4.- must be submitted due to support of technical and program means in visual form.

21.2.- List of necessary details for identification of Electronic document and its authenticity is set by legislation of the Republic of Azerbaijan.

Article 22.- Structure of Electronic document

22.1.- Electronic document has structure consisted of general and special segments.

22.2.- Information on contents of Electronic document and the person it is addressed is stated in general segment of that.

22.3.- Electronic signature (signatures) and time indicator (indicators) enclosed to Electronic document are noted in special segment of Electronic document.

Article 23.- Forms of submission of Electronic document

23.1.- Electronic document has internal and external forms of submission.

23.2.- Image of Electronic document recorded in database is its internal form of submission.

23.3.- Reflection of Electronic document in visual form in another material object (display, paper etc) differed from database is its external form of submission.

Article 24.- Original of Electronic document

24.1.- Original of Electronic document is possible in internal form of submission only.

24.2.- All the same copies of Electronic document in its internal form of submission are considered original and equal.

24.3.- Electronic document can have no copy in Electronic version.

24.4.- Each of documents of the same contents made by the same person in paper and Electronic version is independent and has equal right. In this case document on paper is not copy of the one in Electronic version.

Article 25.- Copy of Electronic document and rule to confirm that

25.1.- Copy of Electronic document is made by confirmation of its external form of submission reflected on paper in a manner set by legislation of the Republic of Azerbaijan.

25.2.- There must be note in copy of Electronic document on paper that it is copy of corresponding Electronic document.

25.3.- Copy of Electronic document in another material object differed from paper or on paper but not confirmed properly is not considered its copy.

25.4.- Origin of Electronic document and its copy on paper meeting requirements of Article 25.1 of this law have equal validity.

Chapter V.- Electronic document circulation

Article 26.- Bases of formation of Electronic document circulation

26.1.- Use and circulation of Electronic document is implemented upon legislation of the Republic of Azerbaijan or contracts signed between Electronic document circulation subjects.

26.2.- Legislation of the Republic of Azerbaijan or contract signed set rule of exchange of Electronic documents and technical and organizational requirements (form of exchange of documents, procedure of verification of them, time, form etc considered acceptable for confirming the acceptance of document) related to that.

26.3.- Documentation of Electronic document circulation is implemented upon clerical standards and rules set by legislation of the Republic of Azerbaijan.

26.4.- Use and circulation of Electronic document in corporate information system is regulated by internal normative acts of the system.

Article 27.- Sending and receiving Electronic document

27.1.- Electronic document sent personally, as well by person empowered to act on behalf of another person or automatically transmitted by information system operating on self-programmed manner is considered sent by
sender.

27.2.- If contract between parts does not set other cases, as a result of confirmation of authenticity of Electronic document received the receiver makes sure that it is sent by sender and informs the sender in a way unambiguously confirming the acceptance by any means, including automatically.

27.3.- In following cases receiver must consider Electronic document not sent by sender:

27.3.1.- if it receives notice that Electronic document has not been sent;

27.3.2.- if Electronic document authenticity is not confirmed;

27.3.3.- as a result of verification of Electronic document authenticity the receiver knew or had to know that Electronic document received is automatic repeat of another document.

27.4.- If contract between parts does not set other cases, Electronic document is considered not received until sender receives confirmation by receiver. Confirmation must include note on compliance of Electronic document with
technical requirements agreed between parts.

27.5.- If confirmation is not received within time shown by sender or set by contract signed between parts, sender informs receivers of this and sets time for sending confirmation.

27.6.- Article 27 of this law does not regulate relations linked to contents of Electronic document and confirmation of acceptance, except relations concerning sending or receiving Electronic document.

Article 28.- Time of sending and receiving the Electronic document

28.1.- If contract between parts does not set other cases, the moment when Electronic document enters the information system out of control of sender or person acting on behalf of that is the time (date and time) of sending the Electronic document.

28.2.- If contract between parts does not set other cases, the moment when Electronic document enters the information system shown by receiver is the time (date and time) of sending the Electronic document.

28.3.- Time indicator registration services may be used if time of sending and receiving causes dispute.

Article 29.- Storage of Electronic document

29.1.- Rule of storage of Electronic document is set by legislation of the Republic of Azerbaijan considering following terms:

29.1.1.- Electronic document must keep structure that it was created, transmitted or received;

29.1.2.- Electronic document must be available for identification of its sender, receiver, time of sending and receiving;

29.1.3.- information in Electronic document must be available for use in next reference;

29.1.4.- term for storage of Electronic document must not be less than term for storage of paper document;

29.1.5.- must comply with other terms set by legislation and upon agreement of parts.

29.2.- Article 29.1 of this law does not concern the Electronic documents storage of which is not necessary.

29.3.- Services of other legal and physical persons can be used by legislation of the Republic of Azerbaijan for storage of Electronic documents.

Article 30.- Protection of Electronic document

30.1.- Programs and technical means must be used by legislation of the Republic of Azerbaijan to protect Electronic document during circulation of Electronic document.

30.2.- Required level of protection actions in information systems and nets used in Electronic document circulation is assured by owner of these systems and nets.

30.3.- Required level of protection actions in corporate information systems is assured by owner of this system by legislation of the Republic of Azerbaijan or upon agreement of participants.

Article 31.- Rights, duties and responsibilities of mediator

31.1.- Services of mediator can be used while storing, transmitting and receiving Electronic documents.

31.2.- To ensure its activity mediator must have the following:

31.2.1.- technique and techs assuring reliable use of system;

31.2.2.- educated, experienced and competent personnel;

31.2.3.- facilities admitting identification of time and source of Electronic documents served;

31.2.4.- reliable system to store information stated in Article 31.2.3 of this law.

31.3.- Mediator must assure storage of information stated in Article 31.2.3 of this law for 6 months.

31.4.- Mediator must be registered in corresponding executive power body to function.

31.5.- Mediator serves users upon contract.

31.6.- Mediator that violates requirements of Article 31.2 of this law bears responsibility by legislation of the Republic of Azerbaijan.

31.7.- Mediator assures security of its activity and bears no responsibility for contents of documents stored, transmitted and received.

Article 32.- Electronic documents containing confidential information

32.1.- Rule of use and actions of protection of Electronic documents containing state, commercial, bank secrets and other confidential information is set by legislation of the Republic of Azerbaijan.

32.2.- For exchange of Electronic documents containing state secret only certified Electronic signature and Electronic document circulation means must be used.

32.3.- Expertise of information systems used for making, development and exchange of Electronic documents containing state secret is carried out in the way set by corresponding executive power body.

32.4.- Persons with access to work with Electronic documents stated in Article 32.1 of this law must assure implementation of actions required for protection of these documents by legislation of the Republic of Azerbaijan.

32.5.- Subjects implementing Electronic document circulation upon contract signed between parts set by themselves ways of appeal to Electronic documents containing confidential information and their protection by legislation of the Republic of Azerbaijan.

Chapter VI.- Special provisions

Article 33.- Implementation of state regulation

33.1.- Regulation of Electronic signature application and use processes, activity of certificate services centers and control on that is realized by corresponding executive power body.

33.2.- Corresponding executive power bodies fulfill following duties in field of regulation of Electronic signature use:

33.2.1.- sets rules of creation and verification of signature;

33.2.2.- makes rules of use of Electronic signature and Electronic document;

33.2.3.- makes rules of granting the certificate and conducting registration, sets contents of information included in that and list of other information;

33.2.4.- makes requirements and standards for Electronic signature, signature means and Electronic document circulation;

33.2.5.- sets requirements and rules for registration of centers, mediators and formation of their activity;

33.2.6.- registers centers, mediators and annuls registration;

33.2.7.- sets rule of accreditation of center;

33.2.8.- carries out accreditation of centers, as well of foreign certificate services centers in the Republic of Azerbaijan and annulment of accreditation;

33.2.9.- records registered centers and perfect certificates granted to them;

33.2.10.- assures informing the public of list of centers, as well of foreign centers registered in the Republic of Azerbaijan;

33.2.11.- makes general rules and requirements, recommendations and gives advices on doing the certificate services;

33.2.12.- implements by legislation of the Republic of Azerbaijan contacts with foreign organizations concerning use of signatures;

33.2.13.- replies to inquires on certificates given to registered centers;

33.2.14.- sets rule of expertise of information systems.

33.3.- Corresponding executive power bodies has following rights in field of supervision on activity of certificate services centers:

33.3.1.- to get information from centers on their activity;

33.3.2.- to get exact information on centers, get direct familiarization with their activity in necessary cases;

33.3.3.- to monitor observation of technical security and certification rules by centers;

33.3.4.- if illegalities are found out in centers’ activities, to take administrative actions stated in this law on them, make a suit on putting an end to their activity.

Article 34.- Requirements for Electronic signature and Electronic document circulation means

34.1.- In order to carry out safe Electronic document circulation via information systems owned or used by state bodies, expertise of these systems must be implemented according to the rule set by the corresponding executive
power body.

34.2.- Certified protection means containing state secret and other confidential information are used in Electronic document circulation according to the rule set by the corresponding executive power body.

34.3.- Electronic signature and Electronic document circulation means in use are certified according to legislation of the Republic of Azerbaijan on certification.

Article 35.- Protection of information on signature holder

35.1.- While operating the centers, mediators cannot use information they possess, also information on signature holder for goals not linked to fulfillment of their duties.

35.2.- Centers can give the users only the information included in certificate and concerning that.

35.3.- Employees of the centers, mediators or other related persons must protect information on signature holder and signature creation information they know during their activity.

Chapter VII.- Final provisions

Article 36.- Responsibility for violation of legislation on Electronic signature and document

36.1.- Persons accused of violation of this law bear responsibility in the manner set by legislation of the Republic of Azerbaijan.

36.2.- Users bear individual responsibility for using Electronic signature and Electronic document circulation means not certified.

36.3.- Owner of information system bears responsibility for assurance of security of this system, conducting expertise in the manner set.

Article 37.- Validation of law

This law comes into force from the day of publication.

Ilham Aliyev, President of the Republic of Azerbaijan.
Baku city, 9 March 2004.

12Jul/17

Act nº 8, 2015. Intellectual Property Laws Amendment Act 2015

12 julio, 2017Australia, Ley2015. Intellectual Property Laws Amendment Act 2015, Act nº 8, Australia, Intellectual Property, Legislación de Australia, Legislación Derecho Informático, Propiedad IntelectualJosé Cuervo

Act nº 8, 2015. Intellectual Property Laws Amendment Act 2015

An Act to amend legislation relating to intellectual property, and for related purposes (Assented to 25 February 2015)

The Parliament of Australia enacts:

1.- Short title

This Act may be cited as the Intellectual Property Laws Amendment Act 2015.

2.- Commencement

(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in acordance with column 2 of the table. Any other statment in column 2 has effect according to its terms.

Commencement Information

Column 1—————-Column 2—————————–Column 3

Provision(s)————-Commencement——————–Date/Details

1.- Section 1 to———The day this Act receives——–25 February 2015

3 and anything in——the Royal Assent

this Act not

elsewhere covered

by this table

2.- Schedule 1———–The start of the day—————-25 August 2015

——————————-after the end of the period

——————————-of 6 month beginning on

——————————-the day this Act receives the

——————————-Royal Assent

3.- Schedule 2———–The later of:————————–23 January 2017

——————————a) inmediately after the———–(F201 7N000010)

——————————end of the period of 6————-(paragraph (b)

——————————months begining on the———-applies)

——————————day this Act receives the

——————————Royal Assent; and

——————————b) inmediately after Article

——————————31 bis of the Agreement

——————————on Trade-Related Aspects

——————————of Intellectual Property

——————————Rights set our in Annex

——————————IC to the Marrakesh

——————————Agreement Establising the

——————————World Trade Organization,

——————————done at Marrakesh on 15

——————————April 1994, comes into force

——————————for Australia.

—————————–However, the provision(s) do

—————————–not commence at all if the

—————————–event mentioned in paragraph

—————————–(b) does not occur.

—————————–The Minister administering the

—————————–Patents Act 1990 must announce

—————————–by notice in the Gazete the day the

—————————–event mentioned in paragraph (b)

—————————–occurs.

4.- Schedule 3 ——-The day after the end of the period——25 August 2015

—————————of 6 months beginning on the day

—————————this Act receives the Royal Assent.

5.- Schedule 4——A single day to be fixed by——————–24 February 2017

————————-Proclamation. However, if the provisin(s)—(F2016N00044)

————————-do not commence within the period of

————————-24 months beginning on the day this

————————-Act receives the Royal Assent, the

————————-provision(s) are repealed on the day

————————-after the end of the period.

6.- Schedule 5—–The day after this Act receives—————26 February 2015

Part 1—————-the Royal Assent.

7.- Schedule 5,—-Inmediately after the commencement——-15 April 2013

item 8—————-of item 32 of Schedule 6 to the

————————Intellectual Property Laws Amendment

————————(Raising the Bar) Act 2012.

8.- Schedule 5,—-A single day to be fixed by Proclamation.- 25 August 2015

items 9 to 17——However, if the provision(s) do not

———————–commence within the period of 6 month

———————–begining on the day this Act receives

———————–the Royal Assent, they commence

———————–on the day after the end of that period.

9.- Schedule 5,–Inmediately after the commencemet———–15 April 2013

items 18———–of item 32 of Schedule 6 to the Intellectual

———————-Property Laws Amendment (Raising the Bar)

———————-Act 2012

10.- Schedule 5,-A single day to be fixed by Proclamation.

items 19 to 21—-However, if the provison(s) do not commence

———————–within the period of 6 months begining on

———————–the day this Act receives the Royal Assent,

———————–they commence on the day after the end of

———————–that period.

11.-Schedule 5,–The day this Act receives the Royal ———25 February 2015

———————-Assent

Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.

(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.

3.- Schedule(s)
Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.

Schedule 1.- TRIPS Protocol interim waiver

Part 1.- Amendments

Patents Act 1990

1 Section 3 (list of definitions)

Omit “compulsory licence”.

2 Section 3 (list of definitions)

Insert “eligible importing country”.

3 Section 3 (list of definitions)

Insert “patented pharmaceutical invention”.

4 Section 3 (list of definitions)

Insert “pharmaceutical product”.

5 Section 3 (list of definitions)

Insert “PPI”.

6 Section 3 (list of definitions)

Insert “PPI compulsory licence”.

7 Section 3 (list of definitions)

Insert “PPI order”.

8 Section 3 (list of definitions)

Insert “PPI order applicant”.

9 Section 3 (list of definitions)

Insert “TRIPS Agreement”.

10 Section 3 (list of definitions)

Insert “WTO General Council decision of 30 August 2003”.

11 Before subsection 70(5)

Insert:

Meaning of first regulatory approval date

12 After subsection 70(5)

Insert:

(5A) For the purposes of paragraph (5)(a), disregard an inclusion in the
Australian Register of Therapeutic Goods of goods that contain, or consist of, a pharmaceutical substance if the inclusion was sought for the sole purpose of exporting the goods from Australia to address a public health problem in an eligible importing country:

(a) in circumstances of national emergency or other circumstances of extreme urgency; or

(b) by the public non-commercial use of the goods.

Note: This subsection also applies in relation to an application for an extension of the term of a standard patent (see paragraph 71(2)(b)).

Meaning of pre-TGA marketing approval

13 At the end of paragraph 71(2)(b)

Add “, as worked out under subsection 70(5A) (if applicable)”.

14 Before section 133

Insert:

Part 1.- Introduction

132A Simplified outline of this Chapter

This Chapter provides for court orders requiring the grant of compulsory licences in respect of patented inventions.

Special provision is made for compulsory licences to exploit patented pharmaceutical inventions. This is to enable the manufacture of a pharmaceutical product in Australia for export to an eligible importing country, to address public health problems in that country.

This Chapter also provides generally for the surrender of patents, and for court orders revoking patents.

Part 2.- Compulsory licences (general)

132B Simplified outline of this Part

The Federal Court may make an order under this Part requiring the grant of a compulsory licence to work a patented invention.

The court may order a compulsory licence to be granted if the reasonable requirements of the public are not being met with respect to a patented invention.

The reasonable requirements of the public relate, broadly speaking, to whether Australian trade or industry is unreasonably affected by the actions of the patentee in relation to the manufacture or licensing of the invention (or the carrying on of a patented process).

The court may also order a compulsory licence to be granted if the patentee has engaged in restrictive trade practices in connection with the patent under the Competition and Consumer Act 2010 or under an application law (within the meaning of that Act).

The court may order a patent to be revoked after an order for a compulsory licence has been made (on the same grounds that apply to an order for a compulsory licence).

The patentee must be paid an agreed amount of remuneration, or an amount of remuneration determined by the court.

15 Section 133 (heading)

Repeal the heading, substitute:

133 Compulsory licences.- general

16 At the end of subsection 133(1)

Add:

Note: For compulsory licences for the manufacture and export of patented pharmaceutical inventions to eligible importing countries, see Part 3. However, Part 3 does not prevent a compulsory licence from being ordered under this Part in relation to such an invention (see section 136C).

17 Section 134 (heading)

Repeal the heading, substitute:

134 Revocation of patent after grant of compulsory licence under section 133

18 Subsection 134(1)

After “compulsory licence”, insert “ordered under section 133”.

19 After section 136A

Insert:

Part 3.- Patented pharmaceutical invention compulsory licences (for manufacture and export to eligible importing countries)

Division 1.- Introduction

136B Simplified outline of this Part

The Federal Court may make an order under this Part requiring the grant of a compulsory licence to exploit a patented pharmaceutical invention for manufacture and export to an eligible importing country.

The court may order a compulsory licence to be granted if the proposed use of the pharmaceutical product is to address a public health issue in the eligible importing country:

(a) in a national emergency (or other extremely urgent circumstances); or

(b) by the public non‑commercial use of the product.

The order may be amended or revoked by another order of the court.

The patentee must be paid an agreed amount of remuneration, or an amount of remuneration determined by the court.

136C Relationship between Parts 2 and 3

This Part does not prevent a compulsory licence from being ordered under Part 2 in relation to a patented pharmaceutical invention.

Division 2.- Patented pharmaceutical invention compulsory licences

136D PPI compulsory licences—applications for orders

Application for order

(1) A person (the PPI order applicant) may apply to the Federal Court for an order (the PPI order) under section 136E requiring the patentee of a patented pharmaceutical invention to grant the PPI order applicant a licence (a PPI compulsory licence) to exploit the invention to the extent necessary for the purposes of manufacturing a pharmaceutical product in Australia for export to an eligible importing country.

Note 1: A patented pharmaceutical invention may be a patented product or a patented process: see the definition of patented pharmaceutical invention in Schedule 1.

Note 2: For remuneration in respect of a licence, see section 136J.

(2) However, a person cannot apply for an order in respect of an innovation patent unless the patent has been certified.

Statement—eligible importing country

(3) An application must include a copy of a statement made by or on behalf of, and with the authorisation of, the eligible importing country to the effect that it will take reasonable measures within its means, proportionate to its administrative capacities and to the risk of trade diversion, to prevent re‑exportation from its territory of a pharmaceutical product imported into its territory in accordance with a PPI compulsory licence.

Statement—importer

(4) If the pharmaceutical product is to be imported on behalf of, and with the authorisation of, the eligible importing country, an application must also include a copy of a statement made by the importer to the effect that it will take reasonable measures within its means to prevent the pharmaceutical product from being used other than in accordance with a PPI compulsory licence.

Parties

(5) The following are parties to proceedings on an application under this section:

(a) the PPI order applicant;

(b) the patentee;

(d) at the option of the eligible importing country—that country.

136E PPI compulsory licences—orders

(1) After hearing an application for a PPI order under section 136D, the Federal Court may, subject to this Part, make the order sought if the court is satisfied of all of the following matters:

(a) the application is made in good faith;

(b) the pharmaceutical product is to be imported:

(i) by the eligible importing country; or

(ii) by a person (the third party importer) on behalf of, and with the authorisation of, the eligible importing country;

(c) the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country:

(i) in circumstances of national emergency or other circumstances of extreme urgency; or

(ii) in other circumstances—by the public non‑commercial use of the pharmaceutical product;

(d) exploiting the patented pharmaceutical invention is necessary to enable the import and proposed use of the pharmaceutical product as mentioned in paragraphs (b) and (c);

(e) if subparagraph (c)(ii) applies:

(i) the PPI order applicant has given the patentee a notice in the approved form seeking from the patentee an authorisation to exploit the patented pharmaceutical invention for public non‑commercial use; and

(ii) during the 30 days beginning when the notice was given, the PPI order applicant has tried, without success, to obtain such an authorisation from the patentee on reasonable terms and conditions;

(f) the notification requirements prescribed by regulation in relation to the importation of the pharmaceutical product into the eligible importing country have been complied with;

(g) the PPI order applicant, the eligible importing country and, if there is a third party importer, that importer, will take reasonable measures to prevent a pharmaceutical product that is exported from Australia in accordance with a PPI compulsory licence from being used for a purpose other than the purpose of addressing the public health problem mentioned in paragraph (c).

(2) Without limiting the matters that the court may take into account in deciding whether it is satisfied of a matter mentioned in subsection (1), the court must take into account any matters prescribed by regulation.

(3) A regulation made for the purposes of paragraph (1)(f) may:

(a) without limiting subsection 33(3A) of the Acts Interpretation Act 1901, prescribe different notification requirements for the importation of pharmaceutical products into eligible importing countries of different kinds; and

(b) despite subsection 14(2) of the Legislative Instruments Act 2003, refer to eligible importing countries (or different kinds of eligible importing countries) by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time.

136F PPI compulsory licences – terms

(1) A PPI order must direct that the PPI compulsory licence is granted on the following terms:

(a) no more than the quantity of the pharmaceutical product that is determined by the Federal Court to be necessary to meet the needs of the eligible importing country is manufactured;

(b) the entirety of the pharmaceutical product manufactured for that purpose is exported to that country;

(d) before shipment of the pharmaceutical product begins, the shipment information prescribed by regulation is made available on a website by, or on behalf of, the licensee for a minimum period prescribed by regulation;

(e) the duration of the licence is only for the period of time determined by the Federal Court to be necessary to address the public health problem concerned;

(f) the licence does not give the licensee, or a person authorised by the licensee, the exclusive right to exploit the patented pharmaceutical invention;

(g) the licence is to be assignable only in connection with an enterprise or goodwill in connection with which the licence is used;

(h) the licensee must give the Commissioner the information prescribed by regulation in relation to the licence in accordance with the regulations.

(2) A PPI order may also direct that the licence is to be granted on any other terms specified in the order, including terms covering:

(a) other requirements relating to the labelling and marking of the pharmaceutical product; and

(b) other information to be made available by the licensee and the way in which it is to be made available.

(3) However, a term specified in a PPI order must not be inconsistent with any regulations prescribed for the purposes of paragraph (1)(c), (d) or (h).

136G PPI compulsory licences- amendment

Application for order

(1) A person may apply to the Federal Court for an order amending any of the following terms of a PPI compulsory licence:

(a) the quantity of the pharmaceutical product concerned;

(b) how the pharmaceutical product is labelled and marked;

(d) the information that is to be made available by the licensee and the way it is to be made available.

Note: For remuneration in respect of the licence as amended, see section 136J.

Order

(2) The court may make the order sought in relation to a term if it is satisfied that:

(a) it is just to do so in all the circumstances; and

(b) the legitimate interests of the following are not likely to be adversely affected by the amendment of the term:

(i) the patentee;

(ii) any person claiming an interest in the patent as exclusive licensee or otherwise;

(iii) the licensee;

(iv) the eligible importing country.

(3) However, an amended term must not be inconsistent with any regulations prescribed for the purposes of paragraph 136F(1)(c), (d) or (h).

Parties

(4) The following are parties to any proceedings under this section:

(a) the applicant under subsection (1);

(b) the patentee;

(d) the licensee;

(e) at the option of the eligible importing country—that country.

136H PPI compulsory licences -revocation

Application

(1) A person may apply to the Federal Court for an order revoking a PPI compulsory licence.

Note: For remuneration in respect of the use of a PPI compulsory licence while it is in force, see section 136J.

Federal Court may revoke licence

(2) The Federal Court may make the order sought if the court is satisfied that:

(a) one or more of the following applies:

(i) the substantive circumstances that justified the grant of the licence have ceased to exist and are unlikely to recur;

(ii) the licensee has not complied with the terms of the licence;

(iii) if an amount of remuneration has been agreed or determined under section 136J—the amount has not been paid within the time agreed or determined; and

(b) the legitimate interests of the licensee or the eligible importing country are not likely to be adversely affected by the revocation.

Parties

(3) The following are parties to any proceedings under this section:

(a) the applicant for revocation;

(b) the licensee;

Division 3.- Remuneration

136J PPI compulsory licences -remuneration

Working out amount of remuneration

(1) The patentee is to be paid an amount agreed or determined under subsection (3) in respect of the use of a patented pharmaceutical invention authorised by a PPI compulsory licence.

(2) For the purposes of subsection (1), the use of a patented pharmaceutical invention authorised by the PPI compulsory licence is:

(a) while it is in force.- the use authorised by the licence as granted and as amended (from time to time) under section 136G; or

(b) if it has ceased to be in force (whether because it was revoked or otherwise).- the actual use of the patented pharmaceutical invention under the licence while it was in force.

(3) For the purposes of subsection (1), the amount is:

(a) an amount agreed between the patentee and the PPI order applicant, licensee or former licensee (as the case requires); or

(b) if paragraph (a) does not apply.- an amount determined by the Federal Court to be adequate remuneration taking into account the economic value to the eligible importing country of the use of the patented pharmaceutical invention authorised by the PPI compulsory licence.

Application to make or amend a determination

(4) A person may apply to the Federal Court:

(a) to make a determination under paragraph (3)(b); or

(b) to amend a determination made under that paragraph.

Note: Grounds for an application under paragraph (b) may include the fact that the terms of the PPI compulsory licence have been amended, or the licence has been revoked.

Parties

(5) The following are parties to any proceedings under this section:

(a) the applicant for the determination or the amendment of the determination;

(b) the PPI order applicant;

(d) the patentee of the patented pharmaceutical invention;

(e) any person claiming an interest in the patent as exclusive licensee or otherwise.

Can PPI be exploited if remuneration is not agreed or determined?

(6) To avoid doubt, if the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country in circumstances of national emergency or other circumstances of extreme urgency, the licensee may exploit a patented pharmaceutical invention under a PPI compulsory licence, as granted or amended (as the case may be), whether or not an amount has been agreed or determined under this section.

(7) However, if the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country in other circumstances, by the public non‑commercial use of the pharmaceutical product, the licensee must not exploit a patented pharmaceutical invention under a PPI compulsory licence unless an amount has been agreed or determined under this section.

Can PPI compulsory licence be revoked if remuneration is not agreed or determined?

(8) To avoid doubt, a PPI compulsory licence may be revoked whether or not an amount has been agreed or determined under this section.

Division 4.- General

136K PPI compulsory licences.- nature of orders

Without prejudice to any other method of enforcement, a PPI order operates as if it were embodied in a deed granting or amending a licence and executed by the patentee and all other necessary parties.

136L PPI compulsory licences.- consistency of orders with international agreements

A PPI order must not be made that is inconsistent with a treaty between the Commonwealth and a foreign country.

136M PPI compulsory licences.- applications heard together

Nothing in this Part prevents the Federal Court from dealing with the following applications together:

(a) applications for different PPI orders, or for the amendment or revocation of such orders;

(b) applications for determinations under paragraph 136J(3)(b) for remuneration in relation to different PPI compulsory licences, or for the amendment of such determinations.

Part 4.- Surrender and revocation of patents

136N Simplified outline of this Part

A patentee may offer to surrender a patent by giving the Commissioner written notice.

The Commissioner may accept the offer of surrender, and revoke the patent, after hearing all interested parties. If court proceedings are pending in relation to the patent, leave of the court, or the consent of the parties, is required. The Commissioner must not accept the offer if a compulsory licence ordered under Part 2 is in force in relation to the patent.

In addition, a court may revoke a patent on the following grounds:

(a) the patentee is not entitled to the patent;

(b) the invention is not a patentable invention;

(d) the patent was (broadly speaking) obtained on the basis of a non‑compliant specification.

20 Subsection 137(5)

Omit “compulsory licence”, substitute “licence ordered under Part 2”.

21 After section 138

Insert:

Part 5.- Other matters

138A Simplified outline of this Part

This Part deals with the parties to proceedings under this Chapter (other than proceedings under Part 3).

This Part also enables the Commissioner to appear and be heard in all proceedings under this Chapter.

22 At the end of subsection 139(1)

Add:

Note: See Part 3 for details of parties to proceedings under that Part.

23 Subsection 139(2)

Omit “section 133, 134 or 138”, substitute “this Chapter”.

24 At the end of subsection 228(1)

Add:

; and (f) for the purpose of carrying out or giving effect to the WTO General Council decision of 30 August 2003.

25 After subsection 228(4)

Insert:

(5) Despite subsection 14(2) of the Legislative Instruments Act 2003, regulations made for the purposes of the definition of eligible importing country in Schedule 1 may make provision in relation to a matter by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time.

26 Schedule 1 (definition of compulsory licence)

Repeal the definition.

27 Schedule 1

Insert:

eligible importing country means a foreign country of a kind prescribed by regulation.

Note: A regulation made for the purposes of this definition may make provision in relation to a matter by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time (see subsection 228(5)).

28 Schedule 1

Insert:

patented pharmaceutical invention, in relation to a pharmaceutical product, means:

(a) if the product is a patented product—the patented product; or

(b) if the product results from the use of a patented process—the patented process.

29 Schedule 1

Insert:

pharmaceutical product means any patented product, or product manufactured through a patented process, of the pharmaceutical sector.

Example: Examples of a pharmaceutical product include:

(a) active ingredients necessary for manufacturing such a product; and

(b) diagnostic kits needed for using such a product.

30 Schedule 1

Insert:

PPI is short for patented pharmaceutical invention.

31 Schedule 1

Insert:

PPI compulsory licence has the meaning given by section 136D.

32 Schedule 1

Insert:

PPI order has the meaning given by section 136D.

33 Schedule 1

Insert:

PPI order applicant has the meaning given by section 136D.

34 Schedule 1

Insert:

TRIPS Agreement means the Agreement on Trade‑Related Aspects of Intellectual Property Rights set out in Annex 1C to the Marrakesh Agreement establishing the World Trade Organization, done at Marrakesh on 15 April 1994, as Annex 1C is in force for Australia from time to time.

Note: The WTO Agreement is in Australian Treaty Series 1995 No. 8 ([1995] ATS 8) and could in 2015 be viewed in the Australian Treaties Library on the AustLII website (http://www.austlii.edu.au).

35 Schedule 1

Insert:

WTO General Council decision of 30 August 2003 means the decision of the World Trade Organization General Council of 30 August 2003 (including the Annex to the decision) on the implementation of paragraph 6 of the Doha Declaration on the TRIPS Agreement and public health.

Note: The decision could in 2015 be viewed on the World Trade Organization website (http://www.wto.org).

Part 2.- Application

36 Application of amendments

(1) The amendments of the Patents Act 1990 made by this Schedule apply in relation to patents granted before, on and after the commencement of this Schedule.

(2) The amendments of sections 70 and 71 of the Patents Act 1990 made by this Schedule apply in relation to an application that is made on or after the commencement of this Schedule to include a pharmaceutical substance in the Australian Register of Therapeutic Goods.

Schedule 2.-TRIPS Protocol: later commencing amendments

Patents Act 1990

1 Section 3 (list of definitions)

Omit “WTO General Council decision of 30 August 2003”.

2 Paragraph 228(1)(f)

Omit “WTO General Council decision of 30 August 2003”, substitute “TRIPS Agreement”.

3 Schedule 1 (definition of WTO General Council decision of 30 August 2003)

Repeal the definition.

Schedule 3.- Plant Breeder’s Rights Act 1994: Federal Circuit Court

Plant Breeder’s Rights Act 1994

1 Subsection 3(1) (definition of Court)

Repeal the definition.

2 Subsection 3(1)

Insert:

Federal Circuit Court means the Federal Circuit Court of Australia.

3 Subsection 3(1)

Insert:

Federal Court means the Federal Court of Australia.

4 Subsection 39(5)

Repeal the subsection, substitute:

(5) Nothing in this section affects the power of:

(a) the Federal Court, or a Judge of that Court, under subsection 44A(2) of the AAT Act; or

(b) the Federal Circuit Court, or a Judge of that Court, under subsection 44A(2A) of that Act;

where an appeal is begun in that court from a decision of the AAT.

5 Subsection 50(7)

Repeal the subsection, substitute:

(7) Nothing in this section affects the power of:

(a) the Federal Court, or a Judge of that Court, under subsection 44A(2) of the AAT Act; or

(b) the Federal Circuit Court, or a Judge of that Court, under subsection 44A(2A) of that Act.

6 Subsection 54(1)

Omit “Court”, substitute “Federal Court or the Federal Circuit Court”.

7 Subsections 54(3) and (4)

Omit “Court” (wherever occurring), substitute “court”.

8 Subsection 55(1)

Omit “Court”, substitute “Federal Court or the Federal Circuit Court”.

9 Subsections 55(3) and (4)

Omit “Court”, substitute “court”.

10 Section 56 (heading)

Repeal the heading, substitute:

56 Jurisdiction of the Federal Court

11 Subsection 56(1)

Omit “Court” (wherever occurring), substitute “Federal Court”.

12 At the end of subsection 56(1)

Add:

Note: A matter may also be transferred to the Federal Court from the Federal Circuit Court: see section 39 of the Federal Circuit Court of Australia Act 1999.

13 Subsection 56(2)

Repeal the subsection, substitute:

(2) That jurisdiction is exclusive of the jurisdiction of all other courts other than the jurisdiction of:

(a) the Federal Circuit Court under subsection 56A(2); and

(b) the High Court under section 75 of the Constitution.

14 Subsection 56(3)

Omit “Court” (wherever occurring), substitute “Federal Court”.

15 Subsection 56(4)

Omit “Court”, substitute “Federal Court”.

16 Subsection 56(5)

Omit “the Court”, substitute “the Federal Court”.

17 Subsection 56(5)

Omit “rules”, substitute “Rules”.

Note: This item fixes a typographical error.

18 After section 56

Insert:

56A Jurisdiction of Federal Circuit Court

(1) The Federal Circuit Court has jurisdiction with respect to matters in which actions may, under this Part, be begun in the Federal Circuit Court.

Note: A matter may also be transferred to the Federal Circuit Court from the Federal Court: see section 32AB of the Federal Court of Australia Act 1976.

(2) That jurisdiction is exclusive of the jurisdiction of all other courts, other than the jurisdiction of:

(a) the Federal Court under subsection 56(2) of this Act; and

(b) the High Court under section 75 of the Constitution.

(3) The relief that the Federal Circuit Court may grant in an action or proceeding for infringement of PBR includes an injunction (subject to such terms, if any, as the Federal Circuit Court thinks fit) and, at the option of the plaintiff, either damages or an account of profits.

(4) The regulations may make provision in relation to the practice and procedure of the Federal Circuit Court in actions under this Act, including provision prescribing the time within which any action may be begun, or any other act or thing may be done, and providing for the extension of any such time.

(5) Subsection (4) does not limit the power of the Judges of the Federal Circuit Court, or a majority of them, to make Rules of Court under section 81 of the Federal Circuit Court of Australia Act 1999 that are consistent with the regulations referred to in that subsection.

19 Subsection 57(1)

Omit “The Court”, substitute “A court”.

20 Subsection 57(1)

Omit “the Court”, substitute “the court”.

21 Section 72

Omit “the High Court Rules and the Federal Court Rules”, substitute “Rules of Court of the High Court, the Federal Court or the Federal Circuit Court”.

Schedule 4.- Australia New Zealand Single Economic Market

Part 1.- Amendments

Designs Act 2003

1 Section 145

Before “Where”, insert “(1)”.

2 Section 145

After “Australia”, insert “or New Zealand”.

3 Section 145

Omit “post”, substitute “a prescribed means”.

4 At the end of section 145

Add:

(2) After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(3) The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4) For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(5) For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

Patents Act 1990

5 Section 3 (list of definitions)

Insert “Board”.

6 Section 3 (list of definitions)

Insert “Director‑General of IP Australia”.

7 Section 3 (list of definitions)

Insert “New Zealand Assistant Commissioner of Patents”.

8 Section 3 (list of definitions)

Insert “New Zealand Commissioner of Patents”.

9 Section 3 (list of definitions)

Insert “New Zealand delegate”.

10 Section 3 (list of definitions)

Insert “New Zealand Patents Minister”.

11 Section 3 (list of definitions)

Insert “New Zealand patents official”.

12 Section 3 (list of definitions)

Omit “Professional Standards Board”.

13 Section 3 (list of definitions)

Insert “Registrar of Companies of New Zealand”.

14 Subsection 20(2)

Omit “or an employee,”, substitute “an employee, or a New Zealand delegate,”.

15 At the end of section 20

Add:

(3) For the purposes of this section, it is immaterial whether an act was done in New Zealand.

16 At the end of section 183

Add:

(3) The Designated Manager may disclose to the Registrar of Companies of New Zealand information (including personal information within the meaning of the Privacy Act 1988) that is:

(a) relevant to the functions conferred on the Registrar of Companies of New Zealand by or under the Companies Act 1993 of New Zealand; and

(b) obtained by the Designated Manager as a result of the performance of functions and duties, or the exercise of powers, in relation to incorporated patent attorneys.

(4) For the purposes of subsection (3), it is immaterial whether the disclosure takes place in New Zealand.

(5) The Commissioner may disclose to a New Zealand delegate information (including personal information within the meaning of the Privacy Act 1988) that is relevant to the exercise of the powers, or the performance of the functions, delegated to the New Zealand delegate under subsection 209(1A).

(6) For the purposes of subsection (5), it is immaterial whether the disclosure takes place in New Zealand.

17 Paragraph 198(4)(a)

Repeal the paragraph.

18 Subsection 198(5)

Omit “Professional Standards Board”, substitute “Board”.

19 Subsections 198(7) and (8)

Repeal the subsections, substitute:

(7) A reference in this section to conviction of an offence includes a reference to:

(a) the making of an order under section 19B of the Crimes Act 1914 in relation to the offence; or

(b) the making of an order under a corresponding provision of a law of:

(i) a State; or

(ii) a Territory; or

(iii) New Zealand;

in relation to the offence.

20 At the end of section 198

Add:

New Zealand

(12) It is immaterial whether a matter mentioned in:

(a) paragraph (4)(b), (c), (d), (e), (f) or (g); or

(b) subsection (5); or

(d) paragraph (11)(b);

concerns something that happened in New Zealand.

21 Section 199

Before “The name”, insert “(1)”.

22 At the end of section 199

Add:

(2) It is immaterial whether the prescribed grounds concern something that happened in New Zealand.

23 Before subsection 209(1)

Insert:

Delegation to employees

24 After subsection 209(1)

Insert:

Delegation to New Zealand patents officials

(1A) The Commissioner may, by instrument, signed by him or her, delegate all or any of the Commissioner’s powers or functions under this Act to a New Zealand patents official.

(1B) A function or power delegated under subsection (1A) may be performed or exercised by the delegate in New Zealand.

25 Before subsection 209(2)

Insert:

Direction or supervision

26 Section 214

Before “A document”, insert “(1)”.

27 At the end of section 214

Add:

(2) For the purposes of this Act, a prescribed document is taken to have been filed with the Patent Office if the document is delivered or given to:

(a) the New Zealand Commissioner of Patents; or

(b) a New Zealand Assistant Commissioner of Patents; or

in a prescribed manner.

(3) The regulations may provide that a document filed with the Patent Office because of subsection (2) is taken to have been so filed at the time ascertained in accordance with the regulations.

28 Section 221

Before “Where”, insert “(1)”.

29 Section 221

After “Australia”, insert “or New Zealand”.

30 Section 221

Omit “post”, substitute “a prescribed means”.

31 At the end of section 221

Add:

(2) After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(3) The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4) For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(5) For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

32 After paragraph 223(1)(b)

Insert:

(ba) a New Zealand delegate; or

33 After subsection 223(1)

Insert:

(1A) For the purposes of subsection (1), it is immaterial whether a relevant act took place, or is to take place, in New Zealand.

(1B) For the purposes of subsection (1), it is immaterial whether an error or omission took place in New Zealand.

34 After subsection 224(3)

Insert:

(3A) For the purposes of this section, it is immaterial whether a decision was made in New Zealand.

35 Section 227 (heading)

Repeal the heading, substitute:

227 Fees payable under this Act

36 At the end of section 227

Add:

(6) For the purposes of this Act, if:

(a) a fee is declared by the regulations to be a fee to which this subsection applies; and

(b) the fee is paid to:

(i) the New Zealand Commissioner of Patents; or

(ii) a New Zealand Assistant Commissioner of Patents; or

(iii) a person who, under a law of New Zealand, is a delegate of the New Zealand Commissioner of Patents; and

(c) the New Zealand Commissioner of Patents, the New Zealand Assistant Commissioner of Patents, or the delegate, as the case may be, is authorised to receive the fee on behalf of the Commonwealth; and

(d) the fee is paid in New Zealand currency;

then:

(e) the liability to pay the fee is discharged; and

(f) this Act has effect as if the fee had been paid in accordance with the regulations.

(7) For the purposes of subsection (6), the amount of the fee in New Zealand currency is to be ascertained in accordance with the regulations.

37 After section 227

Insert:

227AA Receipt of fees payable under New Zealand law

The regulations may make provision for and in relation to authorising:

(a) the Commissioner; or

(b) a Deputy Commissioner; or

to receive, on behalf of New Zealand, a specified fee payable under a specified law of New Zealand that relates to patents for inventions, so long as:

(d) the fee is paid in Australian currency; and

(e) the amount of the fee in Australian currency is ascertained in accordance with the regulations.

227AB Application of administrative law regime to decisions made in New Zealand

Judicial review

(1) For the purposes of the application of the Administrative Decisions (Judicial Review) Act 1977 to a decision under this Act, it is immaterial whether the decision was made in New Zealand.

Note: See also the Trans‑Tasman Proceedings Act 2010.

(2) For the purposes of subsection (1), decision has the same meaning as in the Administrative Decisions (Judicial Review) Act 1977.

Merits review

(3) For the purposes of the application of the Administrative Appeals Tribunal Act 1975 to a decision under this Act, it is immaterial whether the decision was made in New Zealand.

Note: See also the Trans‑Tasman Proceedings Act 2010.

(4) For the purposes of subsection (3), decision has the same meaning as in the Administrative Appeals Tribunal Act 1975.

38 Section 227A (heading)

Repeal the heading, substitute:

227A Trans‑Tasman IP Attorneys Board

39 Subsection 227A(1)

Repeal the subsection, substitute:

(1) The body known immediately before the commencement of this subsection as the Professional Standards Board for Patent and Trade Marks Attorneys is continued in existence as the Trans‑Tasman IP Attorneys Board.

Note 1: In this Act, Board means the Trans‑Tasman IP Attorneys Board—see Schedule 1.

Note 2: See also section 25B of the Acts Interpretation Act 1901.

40 Subsection 227A(2)

Omit “Professional Standards Board” (wherever occurring), substitute “Board”.

41 After subsection 227A(2)

Insert:

Membership of the Board

(2A) The Board consists of the following members:

(a) a Chair;

(b) the Director‑General of IP Australia;

(d) at least 2 members nominated by the New Zealand Patents Minister to represent the New Zealand patent attorney profession;

(e) at least 2 other members.

(2B) The total number of members of the Board must not exceed 10.

Appointment of members of the Board

(2C) Each member of the Board mentioned in paragraph (2A)(a), (d) or (e) is to be appointed by the Minister by written instrument.

Note: For reappointment, see the Acts Interpretation Act 1901.

(2D) A person is not eligible for appointment as a member of the Board mentioned in paragraph (2A)(a), (d) or (e) unless the Minister is satisfied that the person has:

(a) substantial experience or knowledge; and

(b) significant standing;

in at least one of the following fields:

(d) New Zealand patent attorney practice;

(e) Australian trade mark attorney practice;

(f) the regulation of persons engaged in a prescribed occupation;

(g) public administration;

(h) academia.

(2E) A member of the Board holds office on a part‑time basis.

Period of appointment for members of the Board

(2F) A member of the Board mentioned in paragraph (2A)(a), (d) or (e) holds office for the period specified in the instrument of appointment. The period must not exceed:

(a) in the case of the member mentioned in paragraph (2A)(a)—3 years; or

(b) otherwise—5 years.

Note: For reappointment, see the Acts Interpretation Act 1901.

Appointment of deputy of Director‑General of IP Australia

(2G) The Director‑General of IP Australia may appoint an APS employee to be his or her deputy for the purpose of attendance at one or more specified meetings of the Board.

(2H) If:

(a) a person is the deputy of the Director‑General of IP Australia for the purpose of attendance at a particular meeting of the Board; and

(b) the Director‑General of IP Australia is absent from the meeting;

the person is entitled to attend the meeting and, when so attending, is taken to be a member of the Board.

(2J) A deputy of the Director‑General of IP Australia is not entitled to any remuneration or allowances for attending a meeting of the Board (other than remuneration or allowances payable to the deputy in his or her capacity as an APS employee).

Appointment of deputy of New Zealand Commissioner of Patents

(2K) The New Zealand Commissioner of Patents may appoint a New Zealand patents official to be his or her deputy for the purpose of attendance at one or more specified meetings of the Board.

(2L) If:

(a) a person is the deputy of the New Zealand Commissioner of Patents for the purpose of attendance at a particular meeting of the Board; and

(b) the New Zealand Commissioner of Patents is absent from the meeting;

the person is entitled to attend the meeting and, when so attending, is taken to be a member of the Board.

(2M) A deputy of the New Zealand Commissioner of Patents is not entitled to any remuneration or allowances for attending a meeting of the Board (other than remuneration or allowances payable to the deputy in his or her capacity as a New Zealand patents official).

42 Paragraph 227A(3)(a)

Repeal the paragraph, substitute:

(a) the terms and conditions on which members of the Board mentioned in paragraph (2A)(a), (d) or (e) hold office; and

(aa) the manner in which members of the Board mentioned in paragraph (2A)(a), (d) or (e) may resign their appointments; and

(ab) the termination of the appointment of members of the Board mentioned in paragraph (2A)(a), (d) or (e); and

43 Paragraphs 227A(3)(b) and (c)

Omit “Professional Standards Board”, substitute “Board”.

44 Subsections 227A(4) and (5)

Omit “Professional Standards Board”, substitute “Board”.

45 At the end of section 227A

Add:

(7) The Board may perform its functions in Australia or New Zealand.

46 Subparagraph 228(2)(r)(ia)

Omit “Professional Standards Board”, substitute “Board”.

47 After subsection 228(4)

Insert:

(4A) If the regulations confer a function on a person or body, the regulations may provide that the function may be performed in Australia or New Zealand.

(4B) If the regulations confer a power on a person or body, the regulations may provide that the power may be exercised in Australia or New Zealand.

(4C) If the regulations provide that application may be made to the Administrative Appeals Tribunal for review of a decision, the regulations may provide that it is immaterial whether the decision was made in New Zealand.

(4D) The regulations may provide that it is immaterial whether an act or omission mentioned in the regulations took place in New Zealand.

(4E) The regulations may provide that it is immaterial whether a matter mentioned in the regulations concerns something that took place in New Zealand.

48 Schedule 1

Insert:

Board means the Trans‑Tasman IP Attorneys Board continued in existence by section 227A.

49 Schedule 1 (definition of company)

Repeal the definition, substitute:

company means:

(a) a company registered under the Corporations Act 2001; or

(b) a company registered under the Companies Act 1993 of New Zealand.

50 Schedule 1

Insert:

Director‑General of IP Australia means the SES employee who holds or performs the duties of the position of Director‑General of IP Australia.

51 Schedule 1 (at the end of the definition of file)

Add:

Note: See also section 214.

52 Schedule 1

Insert:

New Zealand Assistant Commissioner of Patents means a person who holds or performs the duties of an office or position of Assistant Commissioner of Patents under or in accordance with a law of New Zealand.

53 Schedule 1

Insert:

New Zealand Commissioner of Patents means the person who holds or performs the duties of the office or position of Commissioner of Patents under or in accordance with a law of New Zealand.

54 Schedule 1

Insert:

New Zealand delegate means a New Zealand patents official who is a delegate under subsection 209(1A).

55 Schedule 1

Insert:

New Zealand Patents Minister means the Minister of New Zealand who:

(a) under the authority of a warrant; or

(b) with the authority of the Prime Minister of New Zealand;

is responsible for the administration of a law of New Zealand relating to the regulation of patent attorneys.

56 Schedule 1

Insert:

New Zealand patents official means a person:

(a) who is an employee in any part of the State services of New Zealand; and

(b) whose functions or duties relate to the administration of a law of New Zealand relating to patents for inventions.

57 Schedule 1 (definition of Professional Standards Board)

Repeal the definition.

58 Schedule 1

Insert:

Registrar of Companies of New Zealand means the person who holds or performs the duties of the office or position of Registrar of Companies under or in accordance with the Companies Act 1993 of New Zealand.

Plant Breeder’s Rights Act 1994

59 Subsection 3(1)

Insert:

address has a meaning affected by subsection (2).

60 Subsection 3(2)

Repeal the subsection, substitute:

Electronic address

(2) After the time specified in the regulations, a reference in this Act to an address includes a reference to an electronic address.

(3) The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4) Subsection (2) of this section does not apply to the following references to an address:

(a) a reference in subsection 26(2);

(b) the first reference in subsection 26(3).

(5) For the purposes of this Act, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(6) For the purposes of this Act, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

61 After subsection 19(5)

Insert:

(5A) An address given under paragraph (5)(c) must be an address in Australia or New Zealand.

62 Subsection 21(5)

After “Australia”, insert “or New Zealand”.

63 Subsection 26(3)

After “overseas”, insert “in a country other than New Zealand”.

64 Subsection 26(3)

After “Australia” (first occurring), insert “or New Zealand”.

65 Subsection 26(3)

Omit “a postal address in Australia”, substitute “an address in Australia or New Zealand”.

66 Subsection 31(3)

After “Australia”, insert “or New Zealand”.

67 Section 73

Repeal the section, substitute:

73 Service of documents

If:

(a) this Act provides for a document to be served on, or given or sent to, a person; and

(b) the person has given the Secretary or the Registrar an address in Australia or New Zealand for service;

the document may be served on, or given or sent to, the person by a prescribed means to that address.

Trade Marks Act 1995

68 Readers guide (list of terms defined in section 6)

Insert the following term in its appropriate alphabetical position:

“Board”.

69 Readers guide (list of terms defined in section 6)

Omit “Professional Standards Board”.

70 Subsection 6(1)

Insert:

Board has the same meaning as in the Patents Act 1990.

71 Subsection 6(1) (definition of Professional Standards Board)

Repeal the definition.

72 At the end of subsection 215(5)

Add “or New Zealand”.

73 Paragraph 215(6)(a)

Repeal the paragraph, substitute:

(a) if the person has an address for service .-the document may be served on, or given or sent to, the person by a prescribed means to that address; or

74 Paragraph 215(6)(b)

After “Australia” (first occurring), insert “or New Zealand”.

75 Paragraph 215(6)(b)

Omit “post”, substitute “a prescribed means”.

76 Paragraph 215(6)(b)

After “Australia” (second occurring), insert “or New Zealand”.

77 At the end of section 215

Add:

(8) After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(9) The time specified under subsection (8) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(10) For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(11) For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

78 Subsection 228A(5)

Omit “the Professional Standards Board”, substitute “the Board”.

79 Subsection 228A(5) (note)

Omit “Professional Standards Board”, substitute “Board”.

80 Subparagraph 231(2)(ha)(ia)

Omit “Professional Standards Board”, substitute “Board”.

Part 2.- Transitional provisions

81 Transitional.- registration as a patent attorney

(1) The Designated Manager must:

(a) register as a patent attorney an individual who, immediately before the commencement of this item:

(i) was registered as a patent attorney under a law of New Zealand; and

(ii) was not a registered patent attorney (within the meaning of the Patents Act 1990); and

(b) do so as soon as practicable after the commencement of this item.

(2) The registration is to consist of entering the individual’s name in the Register of Patent Attorneys.

(3) For the purposes of the Patents Act 1990, the registration is taken to be under that Act.

82 Transitional.- qualification for registration as a patent attorney

(1) A qualification specified in, or ascertained in accordance with, regulations made for the purposes of paragraph 198(4)(b) of the Patents Act 1990 may consist of passing examinations conducted in New Zealand, so long as:

(a) the examinations are specified in those regulations; and

(b) at least one of those examinations was passed before the commencement of this item; and

(c) the remaining examinations are passed before the end of the 4‑year period beginning at the commencement of this item.

(2) Regulations authorised by subitem (1) do not apply to examinations passed by an individual unless the individual applies for registration as a patent attorney under section 198 of the Patents Act 1990 within 6 months after the completion of the last of those examinations.

(3) Subitem (1) does not limit paragraph 198(4)(b) of the Patents Act 1990.

83 Transitional.- conduct of patent attorneys

(1) Grounds prescribed for the purposes of section 199 of the Patents Act 1990 may relate to conduct that took place in New Zealand before the commencement of this item.

(2) Subitem (1) does not limit section 199 of the Patents Act 1990.

84 Transitional.- registration as a trade marks attorney

(1) If:

(a) immediately before the commencement of this item, an individual:

(i) was registered as a patent attorney under a law of New Zealand; and

(ii) was not a registered trade marks attorney (within the meaning of the Trade Marks Act 1995); and

(b) within 12 months after the commencement of this item, the individual applies to the Designated Manager to be registered as a trade marks attorney; and

(d) the individual satisfies the Designated Manager, in accordance with the regulations, that the individual’s level of competency in trade marks law and practice is sufficient to warrant the individual becoming a registered trade marks attorney; and

(e) the individual has not been convicted of a prescribed offence during the 5‑year period ending when the application was made; and

(f) the individual is not under sentence of imprisonment for a prescribed offence;

the Designated Manager must register the individual as a trade marks attorney.

(2) The registration is to consist of entering the individual’s name in the Register of Trade Marks Attorneys.

(3) For the purposes of the Trade Marks Act 1995, the registration is taken to be under that Act.

(4) The Governor‑General may make regulations for the purposes of this item.

(5) It is immaterial whether a matter mentioned in paragraph (1)(d), (e) or (f) concerns something that happened in New Zealand.

(6) A reference in this item to conviction of an offence includes a reference to:

(a) the making of an order under section 19B of the Crimes Act 1914 in relation to the offence; or

(b) the making of an order under a corresponding provision of a law of:

(i) a State; or

(ii) a Territory; or

(iii) New Zealand;

in relation to the offence.

Schedule 5.- Other amendments

Part 1.- Document retention

Division 1.- Amendments

Designs Act 2003

1 Paragraph 69(3)(b)

Omit “design; and”, substitute “design.”

2 Paragraph 69(3)(c)

Repeal the paragraph.

3 Paragraph 149(2)(o)

Omit “fit; and”, substitute “fit.”.

4 Paragraph 149(2)(p)

Repeal the paragraph.

Patents Act 1990

5 Paragraph 228(2)(u)

Repeal the paragraph.

Trade Marks Act 1995

6 Paragraph 231(2)(h)

Repeal the paragraph.

Division 2.- Application of amendments

7 Application of amendments

The amendments made by this Part apply in relation to material and documents provided or filed before, on or after the commencement of this Part.

Part 2.- Technical amendments

Division 1.- Amendments

Patents Act 1990

8 Section 24 (heading)

Repeal the heading, substitute:

24.- Validity not affected by making information available in certain circumstances

9 Section 29A (note)

Repeal the note.

10 At the end of section 29A

Add:

(6) An applicant is not entitled to ask that any action be taken, or that he or she be allowed to take any action, under this Act in relation to a PCT application unless the following requirements of subsection (5) have been met (if applicable):

(a) a translation of the application into English has been filed;

(b) the prescribed documents have been filed;

Note: A failure to comply with subsection (5) may also result in the PCT application lapsing: see paragraph 142(2)(f).

11 Subsection 29B(2)

Omit “within the prescribed period”.

12 Subsection 29B(6)

Omit “subsection (1)”, substitute “the definition of Convention country in subsection (5)”.

13 Before subsection 40(2)

Insert:

Requirements relating to complete specifications

14 Before subsection 41(1)

Insert:

Provisional specifications

(1A) A specification is taken to comply with subsection 40(1), so far as it requires a description of a micro‑organism, if:

(a) the micro‑organism is deposited with a prescribed depository institution in accordance with such provisions of the Budapest Treaty as are applicable; and

(b) the prescribed circumstances apply.

Complete specifications

15 Paragraph 43(2A)(b)

After “discloses”, insert “, or a prescribed set of prescribed documents considered together disclose”.

16 After subsection 43(2A)

Insert:

(2B) A prescribed document, or a prescribed set of prescribed documents considered together, is taken to disclose the invention in a claim as mentioned in paragraph (2A)(b) so far as such disclosure requires a description of a micro‑organism, if:

(a) the micro‑organism is deposited with a prescribed depository institution in accordance with such provisions of the Budapest Treaty as are applicable; and

(b) the prescribed circumstances apply.

17 At the end of subparagraph 101E(1)(a)(ix)

Add “and”.

18 Paragraph 119(3)(b)

Omit “through any publication or use of the invention”.

19 Subsection 178(4)

Omit “subsection (1) or (2)”, substitute “this section”.

20 Subsection 191A(4)

Omit “a declaration, or rectify the Register, under this section”, substitute “a declaration under subsection (2), or rectify the Register under subsection (3)”.

21 Paragraph 224(1)(a)

Omit “or 142(2)(b)”.

Division 2.- Application of amendments

22 Application of amendments

(1) The amendments made by items 8 and 18 apply in relation to information that is made publicly available at or after the time those items commence.

(2) The amendments made by items 9, 10 and 11 apply in relation to applications made at or after the time those items commence.

(3) The amendment made by item 14 applies in relation to provisional applications made at or after the time that item commences.

(4) The amendments made by items 15 and 16 apply in relation to:

(a) patents for which the complete application is made at or after the time those items commence; and

(b) standard patents for which the application had been made before the time those items commence, if the applicant had not asked for an examination of the patent request and specification for the application under section 44 of the Patents Act 1990 before that time; and

(c) innovation patents granted at or after the time those items commence, if the complete application to which the patent relates had been made before that time; and

(d) complete patent applications made at or after the time those items commence; and

(e) complete applications for standard patents made before the time those items commence, if the applicant had not asked for an examination of the patent request and specification for the application under section 44 of the Patents Act 1990before that time; and

(f) complete applications for innovation patents made before the time those items commence, if a patent had not been granted in relation to the application on or before that time; and

(g) innovation patents granted before the time those items commence, if:

(i) the Commissioner had not decided to examine the complete specification relating to the patent under section 101A of the Patents Act 1990 before that time; and

(ii) the patentee or any other person had not asked the Commissioner to examine the complete specification relating to the patent under section 101A of the Patents Act 1990 before that time.

(5) The amendment made by item 20 applies on and after the day that item commences in relation to patents granted before, on or after that commencement.

(Minister’s second reading speech made in House of Representatives on 19 March 2014, Senate on 25 November 2014)

12Jul/17

Law of the Republic of Armenia on freedom of information of September 23, 2003

12 julio, 2017Armenia, Ley2003, Law of the Republic of Armenia on freedom of information of September 23José Cuervo

Article 1. The Subject Regulated by the Following Law and the Sphere of its Operation

1. The law regulates the relations connected with freedom of information, defines the powers of persons holding (possessing) information, as well as the procedures, ways and conditions to get information.

2. This law applies to the activity of the state and local self-government bodies, state offices, organizations financed from the state budget, as well as private organizations of public importance and their state officials.

Article 2. Legislation on Freedom of Information

1. Legislation of Freedom of information is comprised of the Republic of Armenia Constitution, the following law, and other laws and legal acts.

2. If the norms defined by the Republic of Armenia’s international treaties differ from those in the following law, than the international treaty norms supersede.

Article 3. Main Concepts Used in the Following Law

Main concepts used in the following law include:

Freedom of Information – exercise of the right to seek and get information from its holder, as defined by legislation.

Information – records/data of facts, people, subjects, events, phenomena, processes that are received and formed as defined by legislation, despite of the way those are possessed or their material carrier (electronic or hard copy
documents, records, videos, films, photos, drawings, schemes, notes, maps, etc.)

Information holder – state bodies, local self-government bodies, state offices, state budget sponsored organizations as well as organizations of public importance and their officials.

Organization of public importance – private organizations that have monopoly or a leading role in the goods market, as well as those providing services to public in the sphere of health, sport, education, culture, social security,
transport, communication and communal services.

Inquiry – a written or oral application to the information holder with a view of seeking or getting information as defined by the following law.

Publication – making the information available for population via printed media and other means of mass media, via World Wide Web, as well as by other ways as defined by legislation.

Article 4. Main Principles of Securing Information Freedom

Main principles of securing information freedom are:

a) definition of unified procedures to record, classify and maintain information

b) insurance of freedom to seek and get information

c) insurance of information access

d) publicity.

Article 5. Recording, Classifying and Maintaining Information

The recording, classification and maintenance of elaborated or delivered data on the part of the information holder is implemented as defined by the Government of the Republic of Armenia.

Article 6. Exercising the Right to Freedom of Information

1. Each person has the right to address an inquiry to information holder to get acquainted with and/or get the information sought by him as defined by the law.

2. Foreign citizens can enjoy the rights and freedoms foreseen by the following law as defined by the Republic of Armenia Law and/or in cases defined by international treaties.

3. Freedom of information can be limited in cases foreseen by the Republic of Armenia Constitution and the Law.

Article 7. Ensuring Information Access and Publicity

1. Information holder works out and publicizes the procedures according to which information is provided on its part, as defined by legislation, which he places in his office space, conspicuous for everyone.

2. Information holder urgently publicizes or via other accessible means informs the public about the information that he has, the publication of which can prevent dangers facing state and public security, public order, public health and morals, others’ rights and freedoms, environment, person’s property.

3. If it is not otherwise foreseen by the Constitution and/or the Law, information holder at least once a year publicize the following information related to his activity and or changes to it,

a) activities and services provided (to be provided) to public;

b) budget;

c) forms for written enquiries and the instructions for filling those in;

d) lists of personnel, as well as name, last name, education, profession, position, salary rate, business phone numbers and e-mails of officers;

e) recruitment procedures and vacancies;

f) influence on environment;

g) public events’ program;

h) procedures, day, time and place for accepting citizens;

i) policy of cost creation and costs in the sphere of work and services;

j) list of held (maintained) information and the procedures of providing it;

j 1. statistical and complete data on inquiries received, including grounds for refusal to provide information;

j 2. sources of elaboration or obtainment of information mentioned in this clause;

j 3. information on person entitled to clarify the information defined in this clause.

4. Changes made to information mentioned in the 2nd clause of the proceeding Article are publicized within 10 days.

5. Information mentioned in the 2nd and 3rd clauses of the proceeding Article is publicized via means accessible for public, and in cases when the information holder has an internet page, also via that page.

6. Organization of public importance can decline to publicize the information mentioned in 3b, 3c and 3e sub clauses of the proceeding Article or changes to that information.

Article 8. Limitations on Freedom of Information

1. Information holder, with the exception of cases defined in the 3rd clause of the proceeding Article, refuses to provide information if:

a. contains state, official, bank or trade secret;

b. infringes the privacy of a person and his family, including the privacy of correspondence, telephone conversations, post, telegraph and other transmissions;

c. contains pre-investigation data not subject to publicity;

d. discloses data that require accessibility limitation, conditioned by professional activity (medical, notary, attorney secrets).

e. infringes copy right and associated rights.

2. If a part of the information required contains data, the disclosure of which is subject to denial, than information is provided concerning the other part.

3. Information request can not be declined, if:

a. it concerns urgent cases threatening public security and health, as well as natural disasters (including officially forecasted ones) and their aftermaths;

b. it presents the overall economic situation of the Republic of Armenia, as well as the real situation in the spheres of nature and environment protection, health, education, agriculture, trade and culture;

c. if the decline of the information request will have a negative influence on the implementation of state programs of the Republic of Armenia directed to socio-economic, scientific, spiritual and cultural development.

Article 9. Procedures of Information Inquiry Application and Discussion

1. A written inquiry must be signed to include applicant’s name, last name, citizenship, place of residence, work or study (in case of legal persons: name, physical address).

2. A written inquiry is registered and processed as defined by the relevant legislation of processing civilian’s applications and appeals, separately from other types of administration.

3. A written inquiry remains unanswered if;

a) it does not contain all the information mentioned in the 1st clause of the following Article;

b) it is discovered that the information about the identity of the author are false;

c) it is the second request on the part of the same person within the last 6 months for the same information, with the exception of the case foreseen by the 4th clause of the Article 10 of the following law.

4. The applicant does not have to justify the inquiry.

5. In case of oral inquiry, the applicant must in advance tell his name and last name. Oral inquiry is given an answer when:

a) The disposal of the inquired information can prevent to state and public security, public order, public health and morals, other’s rights and freedoms, environment and person’s property.

b) It is important to make sure that the given information holder has the relevant information.

c) It is important to clarify the procedure according which the information holder processes the written inquiries.

6. The answer to the oral inquiry is given immediately after listening to the inquiry or within the shortest possible time frame. If the person making the oral inquiry is not telling his name, last name and/or the oral inquiry does not
correspond to the conditions defined in the sub clauses a, b and c of the 5th clause of the following Article, then the information holder can decline the oral inquiry.

7. The answer to written inquiry is given in the following deadlines:

a) If the information required by the written inquiry is not publicized, than the copy of that information is given tot the applicant within 5 days after the application is filed.

b) If the information required by the written inquiry is publicized, than information on the means, place and time framework of that publication is given within 5 days after the application is filed.

c) If additional work is needed to provide the information required, than the information is given to the applicant within 30 days after the application is filed, about which a written notice is being provided within 5 days after the application submission, highlighting the reasons for delay and the final deadline when the information will be provided.

8. The answer to written inquiry is given on the material carrier mentioned in that application. If the material carrier is not mentioned and it is impossible to clarify that within the time limits foreseen by the following law, than the answer
to the written inquiry is given by the material carrier that is the most suitable for the information holder.

9. In the cases foreseen by the 7 a sub clause of the following Article, the person submitting inquiry can by his wish, as defined by legislation, get acquainted with the information within the premises of the information holder, getting back his written inquiry.

10. If the information holder does not possess the information sought or if the disclosure of that information is beyond its powers, than within 5 days after the written inquiry is filed, it must inform the applicant about that in a written form,
and if it possible, also point out the information on the place and body, including archive, that holds that information.

11. If the information holder does not possess all the data on the inquired information, than it gives the applicant the part of the data, that it possesses and in case of possibility also points out in the written answer the information on the place and body, including archive that holds that information.

Article 10. Conditions of Providing Information

1. Providing information or its copy from state and local self-government bodies is realized according to the Government Regulation of the Republic of Armenia.

2. The payment defined in the 1st clause of the current Article is not paid in the following cases:

a) response to oral inquiries;

b) for up to 10 pages of printed or copied information;

c) for information via e-mail (internet);

d) responding the written information inquiries mentioned in the 2nd clause of the Article 7;

e) providing information about the changes of the deadline in the cases foreseen by the 7c sub clause and 10th clause of the Article 9;

f) declining the information request.

3. The organizations of public importance decide themselves the cost to be paid for information, which can not exceed the costs of providing that information.

4. Body or organization that has provided untruthful or incomplete information shall provide corrected information free of charge, as defined by this law, upon the written inquiry of the receiving party.

Article 11. Grounds and Procedure to Decline Information Request

1. Information request is declined according to the grounds mentioned in the Article 8 of the following law or in case the relevant payment is not made.

2. The information holder can decline the oral inquiry, if at the given moment this interferes with the main responsibilities of the information holder, with the exception of cases foreseen by the 2nd clause of the Article 7.

3. In case of declining a written information request, information holder inform the applicant about it within 5 days in a written form, by mentioning the ground for the refusal (relevant norm of the law), time frame within which the decision
of refusal was made, as well as the relevant appealing procedure.

4. The decision not to provide information can be appealed either in the state government body defined by Legislation or in the court.

Article 12. Responsibilities of Information Holders in the Sphere of Insuring Free Access to Information

As defined by the law, information holders are responsible to:

a) ensure information access and publicity;

b) record, categorize and maintain information possessed;

c) provide truthful and complete information (possessed by them) to the person seeking information;

d) define their procedures of providing oral and/or written information;

e) appoint an official responsible for information freedom.

Article 13. Person Responsible for Information Freedom

1. Official person responsible for information freedom can be the head of the information holder or an official appointed by it.

2. Person responsible for the Freedom of information according to the law:

a) ensures that the responsibilities of the information holder in the field of FOI are exercised;

b) explains thoroughly the procedures, conditions and forms of providing information to the person seeking information;

c) elaborates the statistical and complete data of inquiries received.

Article 14. Responsibility for the Infringement of Information Freedom

1. For illegal refusal to provide information, or for the incomplete information disposal, as well as for other infringements of the information freedom defined by this Law, the official persons responsible for information freedom are held responsible according to the Law.

2. In the cases foreseen by the 3rd clause of the Article 8 of the following law, the disclosure of information can not cause administrative or criminal responsibility.

Article 15. Entrance of the Following Law into Force

1. This Law enters into force on the 10th day after its official publication.

2. The 3rd and 4th clauses of the Article 7 of the Law enter into force from the 1st of January 2004.

12Jul/17

Act. nº 101 of April 4, 2000, on the Protection of Personal Data and on Amendent to Some Acts

12 julio, 2017Ley2000, Act. nº 101 of April 4, Legislación Czech Republic, Legislación Derecho Informático, on the Protection of Personal Data and on Amendent to Some ActsJosé Cuervo

Act. nº 101 of April 4, 2000, on the Protection of Personal Data and on Amendent to Some Acts. As amended by the Act nº 227/2000 Coll., Act nº 177/2001 Coll., Act nº 450/2001 Coll., Act nº 107/2002 Coll., Act nº 310/2002 Coll., Act nº 517/2002 Coll., Act nº 439/2004 Coll., Act nº 480/2004 Coll., Act nº 626/2004 Coll., Act nº 413/2005 Coll., Act nº 444/2005 Coll., Act nº 109/2006 Coll., Act nº 112/2006 Coll., Act. nº 267/2006 Coll., Act nº 342/2006 Coll., Act nº 170/2007 Coll., Act nº 41/2009 Coll., Act nº 52/2009 Coll., Act nº 227/2009 Coll., Act. nº 281/2009 Coll., Act nº 375/2011 Coll., Act nº 468/2011 Coll., Act nº 64/2014 Coll., Act nº 250/2014 Coll. and nº 301/2016 Coll.

The Parliament has enacted the following Act of the Czech Republic:

Part One.- Personal Data Protection

Chapter I.- Introductory Provisions

Article 1.- Subject of the Act

This Act, in accordance with the law of the European Union, international agreements binding the Czech Republic, and to exercise everyone’s right to the protection from unauthorised interference with privacy, regulates the rights and obligations in processing of personal data and specifies the conditions under which personal data may be transferred to other countries.

Article 2

(1) The Office for Personal Data Protection is hereby established with seat in Prague (hereinafter referred to as the “Office”).

(2) The Office is a central administrative authority in the area of personal data protection in the scope provided by this Act, special legal regulation, international treaties which form part of the legal order, and directly applicable law of the European Union.

(3) The Office exercises the competence of a supervisory authority for the area of personal data protection following from international treaties which form part of the legal order.

Article 3.- Scope of the Act

(1) This Act shall apply to personal data that are processed by state authorities, territorial self-administration bodies, other public authority bodies, as well as natural and legal persons.

(2) This Act shall apply to all personal data processing, both by automatic or other means.

(3) This Act shall not apply to personal data processing carried out by a natural person for personal needs exclusively.

(4) This Act shall not apply to accidental personal data collection, unless these data are subject to further processing.

(5) Furthermore, this Act shall apply to personal data processing:

(a) if the law of the Czech Republic is applicable preferentially on the basis of the international public law, even if the controller is not established on the territory of the Czech Republic,

(b) if the controller who is established outside the territory of the European Union carries out processing on the territory of the Czech Republic, unless it is only a personal data transfer over the territory of the European Union. In this case the controller shall be obliged to authorize the processor on the territory of the Czech Republic by way of the procedure laid down in Article 6.

If the controller carries out processing through its organization units established on the territory of the European Union, he must ensure that those organization units will process personal data in accordance with national law of the respective member state of the European Union.

(6) The provisions of Article 5(1) and Articles 11 and 12 of this Act shall not apply to processing of personal data necessary to fulfil obligations of the controller provided by special Acts to ensure:

(a) security of the Czech Republic,

(b) defence of the Czech Republic,

(d) prevention, investigation, detection and prosecution of criminal offences,

(e) important economic interest of the Czech Republic or of the European Union,

(f) important financial interest of the Czech Republic or of the European Union, in particular the stability of financial market and currency, functioning of currency circulation and system of payments as well as budgetary and taxation measures,

(g) exercise of control, supervision, surveillance and regulation related to exercise of public authority in the cases under (c), (d), (e) and (f),

(h) activities related to disclosure of files of the former State Security, or

(i) activities related to keeping a central registry of accounts.

Article 4.- Definitions

For the purposes of this Act:

(a) “personal data” shall mean any information relating to an identified or identifiable data subject. A data subject shall be considered identified or identifiable if it is possible to identify the data subject directly or indirectly in particular on the basis of a number, code or one or more factors specific to his/her physical, physiological, psychical, economic, cultural or social identity;

(b) “sensitive data” shall mean personal data revealing nationality, racial or ethnic origin, political attitudes, trade-union membership, religious and philosophical beliefs, conviction of a criminal act, state of health and sexual life of the data subject and genetic data of the data subject; sensitive data shall also mean a biometric data permitting direct identification or authentication of the data subject;

(c) “anonymous data” shall mean such data that cannot be linked to an identified or identifiable data subject in their original form or following processing thereof;

(d) “data subject” shall mean a natural person to whom the personal data pertain;

(e) “personal data processing” shall mean any operation or set of operations that is systematically performed by a controller or a processor upon personal data by automatic or other means. Personal data processing shall mean, in particular, the collection of data, their storage on data carriers, disclosure, modification or alteration, retrieval, use, transfer, dissemination, publishing, preservation, exchange, sorting or combination, blocking and liquidation;

(f) “personal data collection” shall mean a systematic procedure or set of procedures, which aim is to obtain personal data for the purpose of their further storage on a data carrier for their immediate or subsequent processing;

(g) “personal data storage” shall mean keeping data in a manner that permits their further processing;

(h) “blocking” shall mean any operation or set of operations restricting the manner or means of personal data processing for a specified period of time, except for the necessary interventions;

(i) “personal data liquidation” shall mean physical destruction of the data carrier, physical deletion of data or their permanent exclusion from further processing;

(j) “controller” shall mean any entity that determines the purpose and means of personal data processing, carries out such processing and is responsible for such processing. The controller may empower or charge a processor to process personal data, unless a special Act provides otherwise;

(k) “processor” shall mean any entity processing personal data on the basis of a special Act or on behalf of the controller;

(l) “published personal data” shall mean personal data that are disclosed, in particular, by mass media, via other form of public communication, or as a part of a public list;

(m) “register or personal data file” (hereinafter referred to as “data file”) shall mean any set of personal data that is structured or can be made available according to common or specific criteria;

(n) “consent of data subject” shall mean a free and informed manifestation by which will of the data subject signifies his assent to personal data processing;

(o) “recipient” shall mean each subject to whom the personal data are disclosed. The entity processing personal data pursuant to Article 3(6)(g) is not considered a recipient.

Chapter II.- Rights and obligations in processing of personal data

Article 5

(1) The controller shall be obliged to:

(a) specify the purpose for which personal data are to be processed;

(b) specify the means and manner of personal data processing;

(c) process only accurate personal data, which he obtained in accordance with this Act. If necessary, the controller is obliged to update the data. If the controller finds that the processed data are not accurate as to the specified purpose, shall he take adequate measures without undue delay, in particular shall he block the processing and rectify or supplement the personal data, or liquidate them otherwise. Inaccurate personal data may be processed only within the limits of the provisions of Article 3(6) of this Act. Inaccurate personal data must be branded. The controller is obliged to provide all the recipients with the information about blocking, correction, supplementing or liquidation of personal data without undue delay;

(d) collect personal data corresponding exclusively to the specified purpose and in extent necessary to accomplish the specified purpose;

(e) store personal data only for a period necessary for the purpose of their processing. After expiry of this period, personal data may be retained only for purposes of the state statistical service, and for scientific and archival needs. When using personal data for these purposes, it is necessary to respect the right to protection of private and personal lives of the data subject from unauthorised interference and to make personal data anonymous as soon as possible;

(f) process personal data only in accordance with the purpose for which the data were collected. Personal data may be processed for some other purpose only within the limits of the provisions of Article 3(6) or if the data subject granted his consent herewith in advance;

(g) collect personal data only in an open manner. Collecting data under the pretext of some other purpose or activity shall be prohibited;

(h) ensure that personal data that were obtained for different purposes are not grouped.

(2) The controller may process personal data only with the consent of data subject. Without such consent, the controller may process the data:

(a) if he is carrying out processing which is essential to comply with legal obligation of the controller;

(b) if the processing is essential for fulfilment of a contract to which the data subject is a contracting party or for negotiations on conclusion or alteration of a contract negotiated on the data subject´s proposal;

(c) if it is essential for the protection of vitally important interests of the data subject. In this case, the consent of data subject must be obtained without undue delay. If the consent is not granted, the controller must terminate the processing and liquidate the data;

(d) if they were lawfully published in accordance with special legislation. However, this shall not prejudice the right to the protection of private and personal lives of the data subject, or

(e) if it is essential for the protection of rights and legitimate interests of the controller, recipient or other person concerned. However, such personal data processing may not be in contradiction with the data subject´s right to protection of his private and personal lives.

(f) if he provides personal data on a public figure, official or employee of public administration that reveals information on their public or administrative activity, their functional or working position, or

(g) if the processing relates exclusively to archival purposes pursuant to a special Act.

(3) If the controller processes personal data on the basis of a special Act, he shall be obliged to respect the right to protection of private and personal lives of the data subject.

(4) When giving his consent the data subject must be provided with the information about what purpose of processing, what personal data, which controller and what period of time the consent is being given for. The controller must be able to prove the consent of data subject to personal data processing during the whole period of processing.

(5) If the controller or processor carries out personal data processing for the purpose of offering business or services to the data subject, the data subject’s name, surname and address may be used for this purpose provided that the data were acquired from a public list or in relation to his activity of controller or processor. The controller or processor, however, may not further process the data specified above if the data subject has expressed his disagreement therewith. The disagreement with processing must be expressed in writing. No additional personal data may be added to the data specified above without the consent of data subject.

(6) The controller who processes personal data pursuant to paragraph 5 may transfer these data to other controller only under the following conditions:

(a) the data on the data subject were obtained in relation to activities of the controller or the personal data in question were made public;

(b) the data shall be used exclusively for the purpose of offering business and services;

(c) the data subject has been notified in advance of this procedure of the controller and the data subject has not expressed disagreement with this procedure.

(7) Other controller to whom data pursuant to paragraph 6 have been transferred may not transfer these data to any other person.

(8) Disagreement with processing pursuant to paragraph 6(c) must be expressed by the data subject in writing. The controller shall be obliged to notify each controller to whom he has transferred the name, surname and address of the data subject of the fact that the data subject has expressed disagreement with the processing.

(9) To eliminate the possibility that the name, surname and address of the data subject are repeatedly used for offering business and services, the controller shall be entitled to further process the subject’s name, surname and address in spite of the fact that the data subject expressed his/her disagreement therewith in accordance with paragraph 5.

Article 6

Where authorization does not follow from a legal regulation, the controller must conclude with the processor an agreement on personal data processing. The agreement must be made in writing. In particular, the agreement shall explicitly stipulate the scope, purpose and period of time for which it is concluded and must contain guarantees by the processor related to technical and organisational securing of the protection of personal data.

Article 7

The obligations specified in Article 5 shall similarly apply to the processor.

Article 8

If the processor finds out that the controller breaches the obligations provided by this Act, the processor shall be obliged to notify the controller of this fact without delay and to terminate personal data processing. If he fails to do so, the processor and the data controller shall be liable jointly and severally for any damage caused to the data subject. This shall in no way prejudice his responsibility pursuant to this Act.

Article 9.- Sensitive Data

Sensitive data may be processed only:

(a) if the data subject has given his express consent to the processing. When giving his consent, the data subject must be provided with the information about what purpose of processing, what personal data, which controller and what period of time the consent is being given for. The controller must be able to prove the existence of the consent of data subject to personal data processing during the whole period of processing. The controller is obliged to instruct in advance the data subject of his rights pursuant to Articles 12 and 21,

(b) if it is necessary in order to preserve life or health of the data subject or some other person or to eliminate imminent serious danger to their property, if his consent cannot be obtained, in particular, due to physical, mental or legal incapacity, or if the data subject is missing or for similar reasons. The controller shall be obliged to terminate data processing as soon as the above mentioned reasons cease to exist and must liquidate the data, unless the data subject gives his consent to further processing.

(c) if the processing in question is in relation with ensuring health services, public health protection, health insurance, and the exercise of public administration in the field of health sector pursuant to a special Act, or it is related to assessment of health in other cases provided by a special Act,

(d) if the processing is necessary to keep the obligations and rights of the controller responsible for processing in the field of labour law and employment provided by a special Act,

(e) if the processing pursue political, philosophical, religious or trade-union aims and is carried out within the scope of legitimate activity of a civil association, foundation or other legal person of non-profit nature (hereinafter referred to as the “association”), and which relates only to members of the association or persons with whom the association is in recurrent contact related to legitimate activity of the association, and the personal data are not disclosed without the consent of data subject,

(f) if the data processed pursuant to a special Act are necessary to employ sickness insurance, pension insurance (security), state social support and other state social security benefits, social services, social care, assistance in material need and social and legal protection of children, and if, at the same time, the protection of these data is ensured in accordance with the law,

(g) if the processing concerns personal data published by the data subject,

(h) if the processing is necessary to secure and exercise legal claims,

(ch) if they are processed exclusively for archival purposes pursuant to a special Act, or

(i) if it is the processing under special acts regulating prevention, investigation, detection of criminal activities, prosecution of criminal offences and search for persons.

Article 10

In personal data processing, the controller and processor shall ensure that the rights of the data subject are not infringed, in particular, the right to preservation of human dignity, and shall also ensure that the private and personal lives of the data subject are protected against unauthorized interference.

Article 11

(1) In collecting personal data the controller shall be obliged to inform the data subject of the scope in which and the purpose for which the personal data shall be processed, who and in what manner will process the personal data and to whom the personal data may be disclosed, unless the data subject is already aware of this information. The controller must inform the data subject about his right of access to personal data, the right to have his personal data rectified as well as other rights provided for in Article 21.

(2) In case when the controller processes personal data obtained from the data subject, he is obliged to instruct the data subject on whether the provision of the personal data is obligatory or voluntary. If the data subject is obliged pursuant to a special Act to provide personal data for the processing, the controller shall instruct him on this fact as well as on the consequences of refusal to provide the personal data.

(3) The controller shall not be obliged to provide the information and instruction pursuant to paragraph 1 in cases where the personal data were not obtained from the data subject, if

(a) he is processing personal data exclusively for the purposes of state statistical service, scientific or archival purposes and the provision of such information would involve a disproportionate effort or inadequately high costs; or if storage on data carriers or disclosure is expressly provided by a special Act. In these cases the controller shall be obliged to take all necessary measures against unauthorised interference with the data subject’s private and personal lives.

(b) the personal data processing is imposed on him by a special Act or such data are necessary to exercise the rights and obligations ensuing from special Acts.

(d) he is processing personal data obtained with the consent of data subject.

(4) The above provisions shall be without prejudice to the rights of the data subject to request information pursuant to special Acts.

(5) In processing the personal data pursuant to Article 5(2)(e) and Article 9(h), the controller shall be obliged to inform without undue delay the data subject about processing of his personal data.

(6) No decision of the controller or processor in consequence of which is an interference with the legal and legally protected interests of the data subject, may not be issued or made without verification solely on the basis of automated personal data processing. This shall not apply where such decision was made in favour of the data subject and upon his request.

(7) The information obligation regulated by Article 11 may be performed by the processor on behalf of the controller.

Article 12.- Data subject’s access to information

(1) If the data subject requests information on the processing of his personal data, the controller shall be obliged to provide him with this information without undue delay.

(2) The contents of the information shall always report on:

(a) the purpose of personal data processing;

(b) the personal data or categories of personal data that are subject of processing including all available information on their source;

(c) the character of the automated processing in relation to its use for decision-making, if acts or decisions are taken on the basis of this processing the content of which is an interference with the data subject’s rights and legitimate interests;

(d) the recipients or categories of recipients.

(3) For provision of this information the controller shall be entitled to require a reasonable reimbursement not exceeding the costs necessary for provision of information.

(4) The controller’s obligation to provide the data subject with information pursuant to Article 12 may be met by a processor on behalf of the controller.

Article 13.- Obligations of Persons concerning Personal Data Security

(1) The controller and the processor shall be obliged to adopt measures preventing unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transmission, other unauthorised processing, as well as other misuse of personal data. This obligation shall remain valid even after terminating personal data processing.

(2) The controller or the processor shall be obliged to develop and to document the technical and organisational measures adopted and implemented to ensure the personal data protection in accordance with the law and other legal regulations.

(3) In the framework of measures pursuant to paragraph 1, the controller or the processor shall perform a risk assessment concerning

(a) fulfilment of instructions for personal data processing by persons who have immediate access to the personal data,

(b) prevention of unauthorized persons’ access to personal data and to the means of their processing,

(c) prevention of unauthorized reading, creating, copying, transferring, modifying or deleting of records containing personal data, and

(d) measures enabling to determine and verify to whom the personal data were transferred.

(4) In the area of automatic processing of personal data, the controller or processor shall, in the framework of measures under paragraph 1, be obliged to

(a) ensure that the systems for automatic processing of personal data are used only by authorized persons,

(b) ensure that the natural persons authorized to use systems for automatic processing of personal data have access only to the personal data corresponding to their authorization, and this on the basis of specific user authorizations established exclusively for these persons,

(c) make electronic records enabling to identify and verify when, by whom and for what reason the personal data were recorded or otherwise processed, and

(d) prevent any unauthorized access to data carriers.

Article 14

Employees of the controller or processor and other persons who process personal data on the basis of an agreement with the controller or processor, may process personal data only under the conditions and in the scope specified by the controller or the processor.

Article 15

(1) Employees of the controller or processor, other natural persons who process personal data on the basis of an agreement concluded with the controller or processor and other persons who, in the scope of fulfilling rights and obligations provided by law, come into contact with personal data at the premises of the controller or processor, shall be obliged to maintain confidentiality of personal data and security measures whose publishing would endanger the security of personal data. The obligation to maintain confidentiality shall survive termination of employment or the relevant work.

(2) The provisions of the previous paragraph shall in no way prejudice the obligation to maintain confidentiality pursuant to special Acts.

(3) The obligation to maintain confidentiality shall not apply to information obligation pursuant to special Acts.

Article 16.- Notification Obligation

(1) Whoever intends to process personal data as a controller or alter the registered processing pursuant to this Act, with the exception of the processing mentioned pursuant to Article 18, shall be obliged to notify in writing the Office of this fact before carring out the personal data processing.

(2) The notification must include the following information:

(a) the identification data of the controller, i.e. in case of natural person who is not an entrepreneur his first name or names, surname, date of birth and address of permanent residence; in case of other subjects their trade, corporate or other name, seat and identification number if assigned, and name, eventually first names and surnames of persons that are their statutory representatives;

(b) the purpose or purposes of processing;

(d) the sources of personal data;

(e) a description of the manner of personal data processing;

(f) the location or locations of personal data processing;

(g) the recipient or category of recipients;

(h) the anticipated personal data transfers to other countries;

(i) the description of measures adopted to ensure the protection of personal data pursuant to Article 13;

(3) If the notification includes all essentials pursuant to paragraph 2 and no proceeding pursuant to Article 17(1) has been initiated, the personal data processing may start after the expiration of 30 days from the delivery of the notification. In such case the Office records the information stated in the notification into the register.

(4) If the notification does not include all essentials pursuant to paragraph 2, the Office shall send without delay a reminder to the notifying subject in which he shall make reference to the missing or insufficient information and set a deadline for supplementing the notification. In case the notification is being supplemented, running out the time limit pursuant to paragraph 3 shall begin as of the day of delivery of the notification supplement. If the Office does not receive the notification supplement within the set deadline, the notification shall be regarded as if it has not been submitted.

(5) Upon the request from the controller the Office shall issue a certificate which includes date of issuance, reference number, first name, surname and signature of the person by whom the certificate has been issued, official stamp, identification data of the controller and purpose of processing.

(6) If, pursuant paragraph 1, the notification concerns a processing subjected to investigation, the Office refuses to enter it into the register. The Office shall do the entry as soon as the investigation is closed.

Article 17

(1) If a justified concern arises from the notification that this Act might be breached in processing of personal data, the Office shall initiate proceedings at its own instigation.

(2) If the Office finds that the controller does not breach by his notified processing the conditions specified by this Act, he shall suspend the proceedings and make a record pursuant to Article 16(3). The processing of personal data may start not earlier than the day following the day when the record was made. In case the notified processing does not meet conditions specified by this Act, the Office shall not permit the processing of personal data.

Article 17a

(1) If the Office finds that the controller whose notification has been registered breaches the conditions provided by this Act, it shall decide on revocation of the registration.

(2) If the purpose for which the processing was registered ceases to exist, the Office shall decide on revocation of the registration either on its own instigation or on the controller´s request.

Article 18

(1) The notification obligation pursuant to Article 16 shall not apply to processing of personal data:

(a) that are part of data files publicly accessible on the basis of a special Act,

(b) imposed on the controller by a special Act or when such personal data are needed for exercising rights and obligations following from a special Act, or

(c) in case of processing that pursues political, philosophical, religious or trade- union aims carried out within the scope of legitimate activity of an association and which relates only to members of the association or persons with whom the association is in recurrent contact related to legitimate activity of the association, and the personal data are not disclosed without the consent of data subject.

(2) The controller, who carries out processing pursuant to Article 18(1)(b), shall be obliged to ensure that the information concerning in particular the purpose of the processing, categories of personal data, categories of data subjects, categories of recipients and the period of preservation, which would otherwise be accessible by means of the register maintained by the Office pursuant to Article 35, is disclosed also through remote access or in other appropriate form.

Article 19

If the controller intends to terminate his activities, he shall be obliged to announce to the Office without delay how he handled personal data, if their processing was subject to the notification obligation.

Article 20.- Liquidation of Personal Data

(1) The controller or, on the basis of his instructions, the processor shall be obliged to carry out liquidation of personal data as soon as the purpose for which personal data were processed ceases to exist or on the basis of a request by the data subject pursuant to Article 21.

(2) A special Act shall provide exceptions relating to the preservation of personal data for archival purposes and to the exercising of rights in civil judicial proceedings, criminal proceedings and administrative proceedings.

Article 21.- Protection of Data Subjects’ Rights

(1) Each data subject who finds or presumes that the controller or the processor is carrying out processing of his personal data which is in contradiction with the protection of private and personal life of the data subject or in contradiction with the law, in particular if the personal data are inaccurate regarding the purpose of their processing, he may:

(a) ask the controller or processor for explanation;

(b) require from the controller or processor to remedy the arisen state of affairs. It can mean in particular blocking, correction, supplementing or liquidation of personal data.

(2) If the requirement of the data subject pursuant to paragraph 1 is found justified, the controller or processor is obliged to remove without delay the improper state of affairs.

(3) If the data subject incurred other than property damage as a result of personal data processing, the procedure pursuant to a special Act shall be followed when lodging a claim.

(4) If a breach of obligations provided by law occurs in the course of processing of personal data by the controller or by the processor, they shall be liable jointly and severally.

(5) The controller shall be obliged to inform without undue delay the recipient on the requirement of the data subject pursuant to paragraph 1 and on the blocking, correction, supplementing or liquidation of personal data. This shall not apply where informing the recipient is impossible or would involve disproportionate effort.

Article 22.- Repealed.

Article 23.- Repealed.

Article 24.- Repealed.

Article 25.- Indemnification

General regulation of liability for damage shall apply to matters not specified by this Act.

Article 26

The obligations pursuant to Articles 21 to 25 shall similarly apply to persons who have collected personal data without authorisation.

Chapter III.- TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES

Article 27

(1) Free flow of personal data shall not be restricted if data are transferred to a member state of the European Union.

(2) Personal data may be transferred to third countries if the prohibition to restrict the free movement of personal data is ensuing from an international treaty to the ratification of which the Parliament has given his assent and which is binding the Czech Republic, or if the personal data are transferred on the basis of decision of an institution of the European Union. The Office in the Official Journal publishes information about such decisions in the Official Journal.

(3) Where the condition pursuant to paragraphs 1 and 2 is not met, the transfer of personal data may be carried out if the controller proves that:

(a) the data transfer takes place with the consent of, or on the basis of an instruction by the data subject;

(b) in a third country, where personal data are to be processed, has been created sufficient specific guarantees for personal data protection, e.g. by other legal or professional regulations and security measures. Such guarantees may be specified in particular by a contract concluded between the controller and the recipient, if this contract ensures application of these requirements, or if the contract contains contractual clauses for personal data transfer to third countries published in the Official Journal of the Office;

(c) the personal data concerned are part of publicly accessible data files on the basis of a special Act or are, on the basis of a special Act accessible to someone who proves legal interest; in such case the personal data may be disclosed only in the scope and under conditions provided by a special Act;

(d) the transfer is necessary to exercise an important public interest following from a special Act or from an international treaty binding the Czech Republic;

(e) the transfer is necessary for negotiating the conclusion or change of a contract, carried out on the data subject´s incentive, or for the performance of a contract to which the data subject is a contracting party;

(f) the transfer is necessary to perform a contract between the controller and a third party, concluded in the interest of the data subject, or to exercise other legal claims, or

(g) the transfer is necessary for the protection of rights or important vital interests of the data subject, in particular for rescuing life or providing health services.

(4) Prior to the transfer of personal data to third countries pursuant to paragraph 3, the controller shall be obliged to apply to the Office for authorization to the transfer, unless provided otherwise by a special Act. When considering the application, the Office shall examine all circumstances related to the transfer of personal data, in particular the source, final destination and categories of personal data which are to be transferred, the purpose and period of the processing, with regard to available information about legal or other regulations governing the personal data processing in a third country. In the authorization to the transfer, the Office shall specify the period of time over which the controller may perform the data transfers. If a change of the conditions under which the authorization was issued occurs, in particular on the basis of a decision of an institution of the European Union, the Office shall alter or revoke this authorization.

Chapter IV.- POSITION AND COMPETENCE OF THE OFFICE

Article 28

(1) The Office is an independent body. In its activities, it shall act independently and shall observe only the laws and other legal regulations.

(2) The activities of the Office may be intervened on the basis of law only.

(3) The activities of the Office shall be covered from a special chapter of the state budget of the Czech Republic.

Article 29

(1) The Office shall:

(a) perform supervision over the observance of the obligations provided by law in personal data processing;

(b) keep the register of personal data processing operations;

(c) accept incentives and complaints concerning breach of obligations provided by law in personal data processing and inform of their settlement;

(d) compile and publish an annual report on its activities;

(e) exercise other competence specified by law;

(f) discuss misdemeanours and other administrative offences and impose fines pursuant to this Act;

(g) ensure fulfilment of requirements following from international treaties binding the Czech Republic, and from directly applicable law of the European Union,

(h) provide consultations in the area of personal data protection,

(i) co-operate with similar authorities in other countries, with institutions of the European Union and with bodies of international organizations operating in the area of personal data protection. In accordance with the law of the European Union the Office meets the obligation of notification towards the institutions of the European Union.

(2) Supervision in the form of inspection shall be performed pursuant to a special Act.

(3) Supervision over personal data processing performed by intelligence services shall be regulated by a special Act.

Article 29a

(1) The Ministry of Interior or the Police of the Czech Republic shall provide the Office for executing its competence pursuant to this Act and other legal regulations

a) reference data from the basic register of population,
b) data from the service-related population information system
c) data from the service-related foreigners information system

(2) Data provided pursuant to paragraph (1)(a) are:

a) surname,
b) name or names,
c) address of residence,
d) date of birth.

(3)Data provided pursuant to paragraph (1)(b) are

a) name or names, surname and name at birth if applicable,
b) date of birth,
c) address of permanent residence including previous addresses of permanent residence,d) commencement of permanent residence or date of annulment of permanent residence, or date of termination of permanent residence on the territory of the Czech Republic.

(4) Data provided pursuant to paragraph (1)(c) are

a) name or names, surname and name at birth if applicable,
b) date of birth,
c) type of residence and address of residence,
d) number and validity of the residence permit,
e) commencement of residence or date of its termination if applicable.

(5) Data kept as reference data in the basic register of population may be collected from the service-related population information system or service-related foreigners information system only if they are in a format preceding the current state.

(6) Of the data provided only those data deemed necessary for satisfaction of a given task may be used in a particular case.

Chapter V.- ORGANISATION OF THE OFFICE

Article 30

(1) Employees of the Office shall consist of the President, inspectors and other employees.

(2) Supervisory activities of the Office shall be carried out by inspectors and authorised employees (hereinafter referred to as “the supervisory staff”).

(3) The President of the Office shall have the right to a salary, reimbursement of expenses and consideration in kind and golden handshake likewise the President of the Supreme Audit Office pursuant to a special Act.

(4) The inspectors of the Office shall have the right to a salary, reimbursement of expenses and consideration in kind as the members of the Supreme Audit Office pursuant to a special Act.

Article 31

Supervisory activities of the Office shall be performed on the basis of a supervision plan or on the basis of the incentives and complaints.

Article 32.- President of the Office

(1) The Office is managed by the President who shall be appointed and recalled by the President of the Czech Republic on the basis of a proposal of the Senate of the Parliament of the Czech Republic.

(2) The President of the Office shall be appointed for a period of 5 years. The President may be appointed for the maximum of two successive terms. The President shall be regarded as official body and entitled to issue orders to a civil servant as to the discharge of state service pursuant to the State Service Act.

(3) The President of the Office may be only a citizen of the Czech Republic who:

(a) enjoys legal capacity,

(b) is impeccable, meets the conditions prescribed by a special regulation and for whom it can be assumed in relation to his knowledge, experience and moral qualities that he will serve his position properly,

(4) For the purpose of this Act, a natural person shall be considered impeccable if he has not been lawfully sentenced for a wilful criminal offence or for an offence committed by negligence in relation to personal data processing.

(5) The position of the President of the Office cannot be exercised together with either of the positions of a Member of the Parliament or Senator, judge, state attorney, any position in the state administration, a position of a member of a territorial self-administration body and with the membership in political parties and movements.

(6) The President of the Office may not hold any other paid position, be in some other labour relationship, or perform any gainful activity, with the exception of administration of his own property and scientific, pedagogical, literal, journalistic and artistic activities, if such activities do not impair the dignity of the Office or threaten confidence in the independence and impartiality of the Office.

(7) The President of the Office shall be recalled from his position if he ceases to meet any of the conditions for his appointment.

(8) The President of the Office may also be recalled from his position if he fails to perform his position for a period of 6 months.

Article 33.- Inspectors of the Office

(1) An inspector shall be appointed and recalled by the President of the Czech Republic on the basis of a proposal of the Senate of the Parliament of the Czech Republic.

(2) An inspector shall be appointed for a period of 10 years. He may be appointed repeatedly.

(3) An inspector shall carry out inspections, direct inspections and perform other activities within the Office´s competence.

(4) The activities pursuant to paragraph 3 shall be carried out by 7 inspectors of the Office.

Article 34

(1) An inspector may be only a citizen of the Czech Republic who enjoys legal capacity, has no criminal record, meets the conditions prescribed by a special legal regulation and has completed professional university education.

(2) The position of an inspector cannot be exercised together with either the positions of a Member of Parliament or Senator, judge, state attorney, any position in the state administration, a position of a member of a territorial self-administration body and membership in political parties and movements. An inspector may not hold any other paid position, be in some other labour relationship, or perform any gainful activity, with the exception of administration of his own property and scientific, pedagogical, literal, journalistic and artistic activities, if such activity does not impair the dignity of the Office or threaten confidence in the independence and impartiality of the Office.

(3) An inspector shall be recalled from his position if he ceases to meet any of the conditions for his appointment.

Chapter VI.- ACTIVITIES OF THE OFFICE

Article 35.- Register

(1) Information following from notifications pursuant to Article 16(2) and the date of execution or cancellation of the registration shall be recorded beside the entities of controllers in the Register of permitted personal data processing.

(2) Information written into the register, except the information referred to in Article 16(2)(e) and (i), are publicly accessible especially in the manner enabling remote access.

(3) Cancellation of registration pursuant to Article 17(a) shall be notified by the Office in the Official Journal of the Office.

Article 36.- Annual Report

(1) The annual report of the Office shall contain, in particular, information on performed supervisory activities and evaluation thereof, information on and evaluation of the state of affairs in the area of processing and protection of personal data in the Czech Republic and assessment of other activities of the Office.

(2) The President of the Office shall lay the annual report for information purposes before the Chamber of the Deputies and the Senate of the Parliament of the Czech Republic and before the Government of the Czech Republic within 2 months of the end of the budgetary year, and it shall be published.

Article 37.- Rights of the Supervisory Staff to Access Information

When performing inspection, the supervisory staff shall be entitled to get acquainted with every piece of information, including sensitive data, necessary to achieve the investigation purpose.

Article 38.- Licence of the Supervisory Staff

The supervisory staff is obliged to prove his identity before the investigated subject with an identity card, the sample of which is specified in a Government regulation and which represents authorization to perform supervision.

Article 39.- Repealed

Article 40.- Measures for Remedy

(1) If during the personal data processing an obligation provided by this Act or imposed on the basis thereof have been breached, the inspector shall specify measures that shall be adopted in order to eliminate the established shortcomings and set a deadline for their elimination.

Article 40a

Once the unlawful state remedied in accordance with the measures imposed or immediately after the breach of duty was detected, the Office may refrain from a fine.

Article 41.- Repealed

Article 42.- Repealed

Article 43.- Rights and Obligations in Supervision.- Repealed

Chapter VII.- ADMINISTRATIVE DELICTS

Article 44

(1) Natural person who

(a) is in a labour or similar relationship to the controller or processor;

(b) carries out activities for the controller or processor on the basis of an agreement, or who

(c) in the framework of fulfilling powers and obligations imposed by a special Act comes into contact with personal data at the controller or processor,

commits an offence by breaching the obligation to maintain confidentiality (Article 15).

(2) Natural person in the position of the controller or processor commits an offence in the course of personal data processing if he:

(a) fails to specify the purpose, means or manner of processing (Article 5(1)(a) and (b)) or breaches an obligation by the specified purpose of processing or exceeds his authority ensuing from a special Act,

(b) processes inaccurate personal data (Article 5(1)(c))

(c) collects or processes personal data in an extent or manner which does not correspond to the specified purpose (Article 5(1)(d),(f) thru (h))

(d) retains personal data for a period longer than necessary for the purpose of processing (Article 5(1)(e))

(e) processes personal data without the consent of data subject except for the cases provided by law (Article 5(2) and Article 9)

(f) fails to provide the data subject with information in the scope or in the manner provided by law (Article 11)

(g) refuses to provide the data subject with the requested information (Articles 12 and 21)

(h) fails to adopt or implement measures for ensuring security of personal data processing (Article 13)

(i) fails to fulfil the notification obligation pursuant to this Act (Articles 16 and 27)

(j) fails to implement imposed remedial measures in the fixed period.

(3) Natural person in the position of the controller or processor commits an offence if he in the course of personal data processing:

(a) jeopardises a substantial number of persons by unauthorized interference in the private and personal lives, or

(b) fails to fulfil obligations related to the processing of sensitive data (Article 9)

by some of the courses of action pursuant to paragraph 2.

(4) A fine up to CZK 100,000 may be imposed for an offence pursuant to paragraph 1.

(5) A fine up to CZK 1,000,000 may be imposed for an offence pursuant to paragraph 2.

(6) A fine up to CZK 5,000,000 may be imposed for an offence pursuant to paragraph 3.

Article 44a

(1) Natural person commits an offence by breaching prohibition to publish personal data provided by other legal regulation.

(2) A fine up to CZK 1,000,000 may be imposed for an offence pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 may be imposed for an offence pursuant to paragraph 1 committed by press, film, radio, television, publicly accessible computer network or by other equally effective way.

Article 45

(1) Legal or natural person doing business according to special regulations when processing personal data in the position of the controller or processor commits an administrative delict if he:

(b) processes inaccurate personal data (Article 5(1)(c));

(c) collects or processes personal data in a scope or manner which does not correspond to the specified purpose (Article 5(1)(d), (f) thru (h));

(d) retains personal data for a period longer than necessary for the purpose of processing (Article 5(1)(e));

(e) processes personal data without the consent of data subject except for the cases provided by law (Article 5(2) and Article 9);

(f) fails to provide the data subject with information in the scope or in the manner provided by law (Article 11);

(g) refuses to provide the data subject with the requested information (Article 12 and Article 21);

(h) fails to adopt or implement measures for ensuring security of personal data processing (Article 13);

(i) fails to fulfil the notification obligation pursuant to this Act (Articles 16 and 27);

(j) don’t maintain an inventory of personal data breaches pursuant to Article 88 (7) of the Electronic Communications Act.

(k) fails to implement imposed remedial measures in the fiwed period.

(2) Legal person in the position of the controller or processor commits an administrative delict if he in the course of personal data processing:

(a) jeopardises a substantial number of persons by unauthorized interference in the private and personal lives, or

(b) fails to fulfil obligations related to the processing of sensitive data (Article 9)

by some of the courses of action pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 shall be imposed for an administrative offence pursuant to paragraph 1.

(4) A fine up to CZK 10,000,000 shall be imposed for an administrative offence pursuant to paragraph 2.

Article 45a

(1) Legal person or natural person doing business commits an administrative delict by breaching prohibition to publish of personal data provided by other legal regulation.

(2) A fine up to CZK 1,000,000 shall be imposed for an administrative delict pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 shall be imposed for an offence pursuant to paragraph 1 committed by press, film, radio, television, publicly accessible computer network or by other equally effective way.

Article 46

(1) Legal person shall not be liable for an administrative delict if he proves that he has made all reasonable effort to prevent the breach of a legal obligation.

(2) When deciding on the amount of the fine, especially the seriousness, manner, duration and consequences of the unlawful behaviour and the circumstances under which the unlawful behaviour was committed shall be taken into account.

(3) Liability of the legal person for an administrative delict becomes extinct, if the administrative body has not initiated proceedings within 1 year as of the day when it learned of it, but not later than within 3 years as of the day when the delict was committed.

(4) Administrative delicts pursuant to this act shall be dealt with in the first instance by the Office.

(5) The provisions on the liability of legal person and related sanctions applies on the liability for the behaviour of natural person that occurred when the natural person carried on business activities or in a direct relation to such business activities.

(6) The fine is payable within 30 days as of the day when the decision on imposing the fine came into force.

(7) The fine shall be collected by the Office. The revenue from fines shall be an income of the state budget.

Chapter VIII.- COMMON, TRANSITIONAL AND FINAL PROVISIONS

Article 47.- Measures for the Transitional Period

(1) Everyone who processes personal data by the date of entry into effect of this Act and who is subject to the notification obligation pursuant to Article 16 shall be obliged to fulfil this obligation at the latest within 6 months as of the date of entry into effect of this Act.

(2) Personal data processing carried out prior to the date of entry into effect of this Act shall be brought into accordance with this Act by December 31, 2001.

(3) In case the supervisory staff establishes a breach of obligations pursuant to paragraph 2, the provisions of Article 46(1) and (2) shall not be applied in such case prior to December 31, 2002

Article 48.- Repealing Provision

Act nº 256/1992 Coll., on the Protection of the Personal Data in Information Systems is hereby repealed.

Part TWO.- Repealed

Article 49.- Repealed

Part THREE

Article 50.- Amendment to the Act on Free Access to Information

Act nº 106/1999 Coll., on Free Access to Information, shall be amended as follows:

Article 2 paragraph (3), including footnote nº 1 shall read:

“(3) The Act shall not apply to the provision of personal data and information pursuant to a special regulation.

In Article 8, paragraphs (1) and (2), including the heading and footnote nº 5, shall be repealed.

Part FOUR.- Legal Force

Article 51

This Act comes into effect on June 1, 2000, with the exception of the provisions of Articles 16, 17 and 35, which come into effect on December 1, 2000.

Selected provisions of amandments

Article II of the Act nº 439/2004 Coll.

Notifications and decisions on the registration of personal data processing pursuant to Articles 16, 17 and 17a of the Act nº 101/2000 Coll., on the Protection of Personal Data and on Amendment to Some Acts in wording of the Act nº 450/2001 Coll., submitted and issued prior to the day of entry into effect of this Act continue to be valid.
Permissions for transfer or transfers of personal data to other state issued prior the day of entry into effect of this Act shall cease to have force on the day of entry into effect of this Act, if the state for which this permission was meant is a member state of the European Union or a state for which the prohibition to restrict the free movement of personal data ensues from a published international agreement, to the ratification of which the Parliament has given his assent and which is binding the Czech Republic. Permissions to transfer or transfers of personal data to a state not mentioned in the proceeding sentence issued before the Act has come into effect continue to be valid.
Proceedings initiated and not terminated before the effective date of Act shall be completed pursuant to applicable legal regulations except of proceedings on the permission for transfer or transfers of personal data to a member state of the European Union or a state for which the prohibition to restrict the free movement of personal data ensues from a published international agreement, to the ratification of which the Parliament has given his assent and which is binding the Czech Republic, that will be discontinued.
A controller performing the personal data processing for which no registration was needed pursuant to previous legal regulations and which underlies registration as of the day of entry into effect of this Act must notify such personal data processing to the Office for Personal Data Protection within 6 months as of the day of entry into effect of this Act.

12Jul/17

Act nº 13 of 17th June 2004. The Data Protection Act 2004

12 julio, 2017Ley, MaurcioAct nº 13 of 17th June 2004. The Data Protection Act 2004., Data Proteción, Legislación Derecho Informático, Legislación MauricioJosé Cuervo

THE DATA PROTECTION ACT 2004

Act nº 13 of 2004

I assent

ANEROOD JUGNAUTH President of the Republic

17th June 2004

AN ACT

To provide for the protection of the privacy rights of individuals in view of the developments in the techniques used to capture, transmit, manipulate, record or store data relating to individuals

PART I .- PRELIMINARY

ENACTED by the Parliament of Mauritius, as follows :

1.- Short title

The Act may be cited as the Data Protection Act 2004.

2.- Interpretation

In this Act:

“adverse action”, in relation to a data subject, means any action that may adversely affect the person’s rights, benefits, privileges, obligations or interests;

“authorised officer” means an officer to whom the Commissioner has delegated his powers under section 9;

“blocking”, in relation to personal data, means suspending the modification of data, or suspending or restricting the provision of information to a third party where such provision is suspended or restricted in accordance with this Act;

“collect” does not include receipt of unsolicited information;

“Commissioner” means the Data Protection Commissioner referred to in section 4;

“consent” means any freely given specific and informed indication of the wishes of the data subject by which he signifies his agreement to personal data relating to him being processed;

“data” means information in a form which:

(a)

(i) is capable of being processed by means of equipment operating automatically in response to instructions given for that purpose; and

(ii) is recorded with the intent of it being processed by such equipment; or

(b) is recorded as part of a relevant filing system or intended to be part of a relevant filing system;

“data controller” means a person who, either alone or jointly with any other person, makes a decision with regard to the purposes for which and in the manner in which any personal data are, or are to be, processed;

“data matching procedure” means any procedure, whether manually or by means of any electronic or other device, whereby personal data collected for one or more purposes in respect of 10 or more data subjects are compared with personal data collected for any other purpose in respect of those data subjects where the comparison:

(a) is for the purpose of producing or verifying data that; or

(b) produces or verifies data in respect of which it is reasonable to believe that it is practicable that the data,

may be used, whether immediately or at any subsequent time, for the purpose of taking any adverse action against any of those data subjects;

“data processor” means a person, other than an employee of the data controller, who processes the data on behalf of the data controller;

“data protection principles” means the data protection principles specified in the First Schedule;

“data subject” means a living individual who is the subject of personal data;

“direct marketing” means the communication of any advertising or marketing material which is directed to any particular individual;

“document” includes:

(a) a disc, tape or any other device in which the data other than visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced from the disc, tape or other device; and

(b) a film, tape or other device in which visual images are embodied as to be capable, with or without the aid of some other equipment, of being reproduced from the film, tape or other device;

“inaccurate”, in relation to personal data, means data which are incorrect, misleading, incomplete or obsolete;

“individual” means a living individual;

“information and communication network“ means a network for the transmission of messages and includes a telecommunication network;

“network” means a communication transmission system that provides interconnection among a number of local and remote devices;

“office” means the Data Protection Office established under section 4;

“personal data” means :

(a) data which relate to an individual who can be identified from those data; or

(b) data or other information, including an opinion forming part of a database, whether or not recorded in a material form, about an individual whose identity is apparent or can reasonably be ascertained from the data, information or opinion;

“proceedings” :

(a) means any proceedings conducted by or under the supervision of a Judge, Magistrate or judicial officer; and

(b) includes:

(i) any inquiry or investigation into a criminal offence; and

(ii) any disciplinary proceedings;

“processing” means any operation or set of operations which is performed on the data wholly or partly by automatic means, or otherwise than by automatic means, and includes :

(a) collecting, organising or altering the data;

(b) retrieving, consulting, using, storing or adapting the data;

(d) aligning, combining, blocking, erasing or destroying the data;

“register” means the register referred to in section 33;

“relevant filing system” means a structured set of information relating to individuals that, although it is not in a form capable of being processed automatically, is structured, either by reference to any individual or by reference to criteria relating to the individual, in such a way that the structure allows ready accessibility to information relating to that individual;

“relevant function” means :

(a) any function conferred on any person by or under any enactment;

(b) any function of any Minister; or

“relevant person”, in relation to a data subject, means :

(a) where the data subject is a minor, a person who has parental authority over the minor or has been appointed as his guardian by the Court;

(b) where the data subject is physically and mentally unfit, a person who has been appointed his guardian by the Court;

(c) in any other case, a person duly authorised in writing by the data subject to make a request under sections 41 and 44;

“sensitive personal data” means personal information concerning a data subject and consisting of information as to :

(a) the racial or ethnic origin;

(b) political opinion or adherence;

(d) membership to a trade union;

(e) physical or mental health;

(f) sexual preferences or practices;

(g) the commission or alleged commission of an offence; or

(h) any proceedings for an offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings;

“telecommunication network” means a system, or a series of systems, operating within such boundaries as may be prescribed, for the transmission or reception of messages by means of guided or unguided electro-magnetic energy or both;

“third party” in relation to personal data, means any person other than :

(a) the data subject;

(b) a relevant person in the case of a data subject;

(d) a person authorised in writing by the data controller to collect, hold, process or use the data :

(i) under the direct control of the data controller; or

(ii) on behalf of the data controller;

“traffic data” means any data relating to a communication by means of a computer system and generated by the system that form part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service;

“Tribunal” means the ICT Appeal Tribunal set up under section 36 of the Information and Communication Technologies Act 2001;

“underlying service” means the type of service that is used within the computer system;

“use” in relation to personal data, includes disclose or transfer the data.

3.- Application of Act

(1) This Act shall bind the State.

(2) For the purposes of this Act, each Ministry or Government department shall be treated as separate from any other Ministry or Government department.

(3) Subject to Part VII, this Act shall apply to a data controller :

(a) who is established in Mauritius and processes data in the context of that establishment; and

(b) who is not established in Mauritius but uses equipment in Mauritius for processing data, other than for the purpose of transit through Mauritius.

(4) A data controller, falling within subsection (3)(b) shall nominate for the purposes of this Act, a representative established in Mauritius.

(5) For the purposes of subsection (3)(a) any person who :

(a) is ordinarily resident in Mauritius;

(b) carries out data processing activities through an office, branch or agency in Mauritius,

shall be treated as being established in Mauritius.

(6) Subject to the provisions of this Act, every data controller shall comply with the data protection principles.

PART II .- DATA PROTECTION OFFICE

4.- Data Protection Office

(1) There is established for the purposes of this Act a Data Protection Office which shall be a public office.

(2) The head of the office shall be known as the Data Protection Commissioner.

(3) The Commissioner shall be a barrister with at least 5 years standing at the Bar.

(4) The Commissioner shall be assisted by such public officers as may be necessary.

(5) Every public officer referred to in subsection (4) shall be under the administrative control of the Commissioner.

5.- Functions of Commissioner

The Commissioner shall :

(a) ensure compliance with this Act, and any regulations made under the Act;

(b) issue or approve codes of practice or guidelines for the purposes of this Act;

(d) exercise control on all data processing activities, either of its own motion or at the request of a data subject, and verify whether the processing of data is in accordance of this Act or regulations made under the Act;

(e) promote self-regulation among data controllers;

(f) investigate any complaint or information which give rise to a suspicion that an offence, under this Act may have been, is being or is about to be committed;

(g) take such measures as may be necessary so as to bring to the knowledge of the general public the provisions of this Act;

(h) undertake research into, and monitor developments in, data processing and computer technology, including data-matching and data linkage, ensure that any adverse effects of such developments on the privacy of individuals are minimised, and report to the Prime Minister the results of such research and monitoring;

(i) examine any proposal for data matching or data linkage that may involve an interference with, or may otherwise have adverse effects on the privacy of individuals and, ensure that any adverse effects of such proposal on the privacy of individuals are minimised;

(j) do anything incidental or conducive to the attainment of the objects of, and to the better performance of his duties and functions under this Act.

6.- Confidentiality and oath

(1) The Commissioner, and every officer of the office shall take the oath specified in the Second Schedule.

(2) The Commissioner and every authorised officer shall not, except :

(a) in accordance with this Act or any other enactment;

(b) upon a Court order; or

divulge any information obtained in the exercise of a power or in the performance of a duty under this Act.

(3) The Commissioner or any authorised officer, who otherwise than in the course of his duties, uses or records personal data or sensitive personal data, that comes to his knowledge or to which he has access by reason of his position as Commissioner or authorised officer, shall commit an offence.

(4) Any person, who without lawful excuse, contravenes subsection (2), shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

PART III .- POWERS OF COMMISSIONER

7.- Powers of Commissioner

The Commissioner shall have power, for the purpose of carrying out his functions to do all such acts as appear to him to be requisite, advantageous or convenient for, or in connection with the carrying out of these functions.

8.- Powers to obtain information

(1) The Commissioner may, by notice in writing served on any person, request from that person, information as is necessary or expedient for the performance of his functions and exercise of his powers and duties under this Act.

(2) Where the information requested by the Commissioner is stored in a computer, disc, cassette, or on microfilm, or preserved by any mechanical or electronic device, the person named in the notice shall produce or give access to the information in a form in which it can be taken away and in which it is visible and legible.

9.- Delegation of powers by Commissioner

The Commissioner may delegate any of his investigating and enforcement powers conferred upon him by this Act to any officer of his office and to any police officer designated for that purpose by the Commissioner of Police.

10.- Contents of notice

(1) Subject to subsection (2) :

(a) the notice specified in section 8 shall state that the person to whom the notice is addressed has a right of appeal conferred under section 58; and

(b) the delay granted for compliance shall not be less than 21 days.

(2) Where a notice of appeal against a decision made under section 8, is lodged with the Commissioner, the information required need not be furnished, pending the determination or withdrawal of the appeal.

(3) Where the Commissioner considers that the information is required urgently for the proper performance of his functions and exercise of his powers under this Act, the Commissioner may apply to the Judge in Chambers for communication of the information.

(4) Any person, who without reasonable excuse, fails or refuses to comply with a requirement specified in a notice, or who furnishes to the Commissioner an information which he knows to be false or misleading in a material particular, shall commit an offence, and shall on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

11.- Complaints

Where a complaint is made to the Commissioner that this Act or any regulations made under it, has been, is being or is about to be contravened, the Commissioner shall :

(a) investigate the complaint or cause it to be investigated by an authorised officer, unless he is of the opinion that such complaint is frivolous or vexatious; and

(b) as soon as reasonably practicable, notify the complainant in writing of his decision in relation to the complaint and that the complainant may, if he is aggrieved by the Commissioner’s decision, appeal to the Tribunal.

12.- Enforcement of notice

(1) Where the Commissioner is of opinion that a data controller or a data processor has contravened, is contravening or is about to contravene this Act, the Commissioner may serve an enforcement notice on the data controller or the data processor, as the case may be, requiring him to take such steps within such time as may be specified in the notice.

(2) Notwithstanding subsection (1), where the Commissioner is of the opinion that a person has committed an offence under this Act, he may investigate the matter or cause it to be investigated by an authorised officer.

(3) An enforcement notice shall :

(a) specify any provision of this Act which has been, is being or is likely to be contravened;

(b) specify the measures that shall be taken to remedy or eliminate the matter, as the case may be, which makes it likely that a contravention will arise;

(d) state the right of appeal conferred under section 58.

(4) In complying with an enforcement notice served under subsection (1), a data controller or a data processor, as the case may be, shall as soon as practicable and in any event not later than 21 days after such compliance, notify :

(a) the data subject concerned; and

(b) where such compliance materially modifies the data concerned, any person to whom the data was disclosed during the period beginning 12 months before the date of the service of the enforcement notice and ending immediately before such compliance, of any amendment.

(5) Where the Commissioner considers that any provision of the enforcement notice need not be complied with to ensure compliance with the data protection principles to which the notice relates, he may vary the notice and, where he does so, he shall notify in writing the person on whom the notice was served.

(6) Any person who, without reasonable excuse, fails or refuses to comply with an enforcement notice shall commit an offence, and shall, on conviction, be liable to fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

13.- Preservation Order

(1) The Commissioner may apply to a Judge in Chambers for an order for the expeditious preservation of data, including traffic data, where he has reasonable grounds to believe that such data is vulnerable to loss or modification.

(2) Where the Judge in Chambers is satisfied that an order may be made under subsection (1), he shall issue a preservation order specifying a period which shall not be more than 90 days during which the order shall remain in force.

(3) The Judge in Chambers may, on application made by the Commissioner, extend the period specified in subsection (2) for such time as the Judge thinks fit.

14.- Power to carry out prior security checks

(1) Where the Commissioner is of the opinion that the processing or transfer of data by a data controller entails specific risks to the privacy rights of data subjects, he may inspect and assess the security measures taken under section 27 prior to the beginning of the processing or transfer.

(2) The Commissioner may, at any reasonable time during working hours, carry out further inspection and assessment of the security measures imposed on a data controller under section 27.

15.- Compliance audit

The Commissioner may carry out periodical audits of the systems of data controllers to ensure compliance with data protection principles specified in the First Schedule.

16.- Powers to request assistance

(1) For the purposes of gathering information or for the proper conduct of any investigation concerning compliance with this Act, the Commissioner may seek the assistance of such persons or authorities, as he thinks fit and that person or authority may do such things as are reasonably necessary to assist the Commissioner in the performance of the Commissioner’s functions.

(2) Any person assisting the Commissioner pursuant to subsection (1), shall for the purposes of section 6 be deemed to an officer of the office.

17.- Powers of entry and search

(1) An authorised officer may, at any time, enter any premises other than a dwelling house, for the purpose of discharging any functions or duties under this Act or any regulations made under this Act.

(2) An authorised officer shall not enter a dwelling house unless he shows to the owner or occupier of the house, a warrant issued by a Magistrate authorising the officer to exercise his power under this Act in respect of the house.

(3) An authorised officer may, on entering any premises :

(a) request the owner or occupier to produce any document, record or data;

(b) examine any such document, record or data and take copies or extracts from them;

(c) request the owner of the premises entered into, or any person employed by him, or any other person on the premises, to give to the authorised officer all reasonable assistance and to answer all reasonable questions either orally or in writing.

(4) Where the information requested by the authorised officer pursuant to subsection (3) is stored in a computer, disc, cassette, or on microfilm, or preserved by any mechanical or electronic device, the person to whom the request is made shall be deemed to require the person to produce or give access to it in a form in which it can be taken away and in which it is visible and legible.

(5) For the purpose of carrying out his duties under this section, the authorised officer may be accompanied by such person as the Commissioner thinks fit.

18.- Warrant to enter and search dwelling house

(1) A Magistrate may, on being satisfied on an information upon oath, that the authorised officer has to exercise the powers and duties conferred upon him under section 17 in respect of a dwelling house, issue a warrant authorising the authorised officer to exercise those powers and duties.

(2) A warrant issued under subsection (1) shall be valid for the period stated in the warrant.

(3) The Magistrate may attach and specify any condition to a warrant.

19.- Obstruction of authorised officer

Any person who, in relation to the exercise of powers conferred by section 17 and 18 :

(a) obstructs or impedes an authorised officer in the exercise of any of his powers;

(b) fails to provide assistance or information requested by the authorised officer;

(c) refuses to allow an authorised officer to enter any premises or to take any person with him in the exercise of his functions;

(d) gives to an authorised officer any information which is false and misleading in a material particular,

shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to a term of imprisonment not exceeding 2 years.

20.- Referral to police

On completion of an investigation under this Act, the Commissioner shall, where the investigation reveals that an offence has been committed under this Act or any regulations made under the Act, refer the matter to the Police.

21.- Directions by Prime Minister

(1) Subject to subsection (2), the Prime Minister may give in writing such directions of a general character to the Commissioner, not inconsistent with this Act, which he considers to be necessary in the public interest, and the Commissioner shall comply with those directions.

(2) The Prime Minister shall not :

(a) give any direction in relation to any specific matter which is the subject of an investigation by the office; and

(b) question the Commissioner or an authorised officer, or otherwise enquire into, a matter which is under investigation by the office.

PART IV .- OBLIGATION ON DATA CONTROLLERS

22.- Collection of personal data

(1) Subject to Part VII, a data controller shall not collect personal data unless :

(a) it is collected for a lawful purpose connected with a function or activity of the data controller; and

(b) the collection of the data is necessary for that purpose.

(2) Where a data controller collects personal data directly from a data subject, the data controller shall at the time of collecting personal data ensure that the data subject concerned is informed of :

(a) the fact that the data is being collected;

(b) the purpose or purposes for which the data is being collected;

(d) the name and address of the data controller;

(e) whether or not the supply of the data by that data subject is voluntary or mandatory;

(f) the consequences for that data subject if all or any part of the requested data is not provided;

(g) whether or not the data collected shall be processed and whether or not the consent of the data subject shall be required for such processing; and

(h) his right of access to, the possibility of correction of and destruction of, the personal data to be provided.

(3) A data controller shall not be required to comply with subsection (2) :

(a) in respect of a data subject where:

(i) compliance with subsection (2) in respect of a second or subsequent collection will be to repeat, without any material difference, what was done to comply with that subsection in respect of the first collection; and

(ii) not more than 12 months have elapsed between the first collection and this second or subsequent collection.

(b) where :

(i) compliance is not reasonably practicable at the time of collection, provided that the data controller makes available to the data subject all the relevant information specified in subsection (2) as soon as practicable; or

(ii) the data is used in a form in which the data subject concerned cannot or could not reasonably expect to be identified.

(4) Where data is not collected directly from the data subject concerned, the data controller or any person acting on his behalf shall ensure that the data subject is informed of the matters specified in subsection (2).

(5) Subsection (3) shall not operate to prevent a second or subsequent collection from becoming a first collection where the data controller has complied with subsection (2) in respect of the second or subsequent collection.

23.- Accuracy of personal data

A data controller shall take all reasonable steps to ensure that personal data within his possession is :

(a) accurate; and

(b) kept up to date where such data requires regular updating.

24.- Processing of personal data

(1) No personal data shall be processed, unless the data controller has obtained the express consent of the data subject.

(2) Notwithstanding subsection (1), personal data may be processed without obtaining the express consent of the data subject where the processing is necessary :

(a) for the performance of a contract to which the data subject is a party;

(b) in order to take steps required by the data subject prior to entering into a contract;

(d) for compliance with any legal obligation to which the data controller is subject;

(e) for the administration of justice; or

(f) in the public interest.

25.- Processing of sensitive personal data

(1) No sensitive personal data shall be processed unless the data subject has:

(a) given his express consent to the processing of the personal data; or

(b) made the data public.

(2) Subsection (1) shall not apply where the processing :

(a) is necessary :

(i) for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with his employment;

(ii) in order to protect the vital interests of the data subject or another person in a case where consent cannot be given by or on behalf of the data subject, or the data controller cannot reasonably be expected to obtain the consent of the data subject;

(iii) in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld;

(iv) for the performance of a contract to which the data subject is a party;

(v) in order to take steps required by the data subject prior to entering into a contract;

(vi) for compliance with a legal obligation to which the data controller is subject;

(b) is carried out by any entity or any association which exists for political, philosophical, religious or trade union purposes in the course of its legitimate activities and the processing :

(i) is carried out with the appropriate safeguards specified under sections 22, 23, 26 and 27;

(ii) is related only to individuals who are members of the charitable entity or association, and

(iii) does not involve disclosure of the personal data to a third party without the consent of the date subject;

(c) is in respect of the information contained in the personal data made public as a result of steps deliberately taken by the data subject;

(d) is required by law.

26.- Use of personal data

The data controller shall ensure that personal data is :

(a) kept only for one or more specified and lawful purposes for which such data has been collected and processed;

(b) not used or disclosed in any manner incompatible with the purposes for which such data has been collected and processed;

(c) adequate, relevant and not excessive in relation to the purposes for which such data has been collected and processed; and

(d) not kept for longer than is necessary for the purposes for which such data has been collected and processed.

27.- Security of personal data

(1) A data controller shall :

(a) take appropriate security and organisational measures for the prevention of unauthorised access to, alteration of, disclosure of, accidental loss, and destruction of the data in his control; and

(b) ensure that the measures provide a level of security appropriate to :

(i) the harm that might result from the unauthorised access to, alteration of, disclosure of, destruction of the data and its accidental loss; and

(ii) the nature of the data concerned.

(2) A data controller or a data processor shall take all reasonable steps to ensure that any person employed by him is aware of and complies with the relevant security measures.

(3) Where a data controller is using the services of a data processor, he shall choose a data processor providing sufficient guarantees in respect of security and organisational measures for the purposes of complying with subsection (1).

(4) Where the data controller is using the services of a data processor under subsection (3) the data controller and the data processor shall enter into a written contract which shall provide that :

(a) the data processor shall act only on instructions received from the data controller; and

(b) the data processor shall be bound by obligations devolving on the data controller under subsection (1).

(5) Without prejudice to subsection (1), in determining the appropriate security measures, in particular, where the processing involves the transmission of data over an information and communication network, a data controller shall have regard to :

(a) the state of technological development available;

(b) the cost of implementing any of the security measures;

(d) the nature of the data being processed.

28.- Duty to destroy personal data

(1) Where the purpose for keeping personal data has lapsed, the data controller shall :

(a) destroy such data as soon as reasonably practicable; and

(b) notify any data processor holding such data.

(2) Any data processor who receives a notification under subsection (1) (b) shall, as soon as reasonably practicable, destroy the data specified by the data controller.

29.- Unlawful disclosure of personal data

(1) Any data controller who, without lawful excuse, discloses personal data in any manner that is incompatible with the purposes for which such data has been collected shall commit an offence.

(2) Any data processor who, without lawful excuse, discloses personal data processed by him without the prior authority of the data controller on whose behalf such data is or has been processed shall commit an offence.

(3) Subject to subsection (4), any person who :

(a) obtains access to personal data, or obtains any information constituting such data, without prior authority of the data controller or data processor by whom such data is kept; and

(b) discloses the data or information to another person, shall commit an offence.

(4) Subsection (3) shall not apply to a person who is an employee or agent of a data controller or processor and is acting within his mandate.

(5) Any person who offers to sell personal data where such personal data has been obtained in breach of subsection (1) shall commit an offence.

(6) For the purposes of subsection (5), an advertisement indicating that personal data is or may be for sale, constitutes an offer to sell the personal data.

30.- Processing of personal data for direct marketing

(1) A person may, at any time, by notice in writing, request a data controller :

(a) to stop; or

(b) not to begin,

the processing of personal data in respect of which he is a data subject, for the purposes of direct marketing.

(2) Where the data controller receives a request under subsection (1)(a), he shall, as soon as reasonably practicable and in any event not more than 28 days after the request has been received :

(a) where the data are kept only for purposes of direct marketing, erase the data; and

(b) where the data are kept for direct marketing and other purposes, stop processing the data for direct marketing.

(3) Where the data controller receives a request under subsection (1)(b), he

(a) shall, where the data are kept only for the purpose of direct marketing, as soon as reasonably practicable and in any event not more than 28 days after the request has been received, erase the data; or

(b) shall not, where the data are kept for direct marketing and other purposes, process the data for direct marketing after the expiry of 28 days.

(4) The data controller shall notify the data subject in writing of any action taken under subsections (2) and (3) and, where appropriate, inform him of the other purposes for which the personal data is being processed.

(5) Where a data controller fails to comply with a notice under subsection (1), the data subject may appeal to the Tribunal.

(6) Where a data controller fails to comply with an order of the Tribunal, he shall commit an offence.

31.- Transfer of personal data

(1) Subject to subsection (2), no data controller shall, except with the written authorisation of the Commissioner, transfer personal data to a third country.

(2) The Eighth data protection principle specified in the First Schedule shall not apply where :

(a) the data subject has given his consent to the transfer;

(b) the transfer is necessary :

(i) for the performance of a contract between the data subject and the data controller, or for the taking of steps at the request of the data subject with a view to his entering into a contract with the data controller;

(ii) for the conclusion of a contract between the data controller and a person, other than the data subject, which is entered at the request of the data subject, or is in the interest of the data subject, or for the performance of such a contract;

(iii) in the public interest, to safeguard public security or national security.

(c) the transfer is made on such terms as may be approved by the Commissioner as ensuring the adequate safeguards for the protection of the rights of the data subject.

(3) For the purpose of subsection (2)(c), the adequacy of the level of protection of a country shall be assessed in the light of all the circumstances surrounding the data transfer, having regard in particular to :

(a) the nature of the data;

(b) the purpose and duration of the proposed processing;

(d) the rules of law, both general and sectoral, in force in the country in question; and

(e) any relevant codes of conduct or other rules and security measures which are complied with in that country.

32.- Data matching

(1) No data controller shall carry out a data matching procedure unless :

(a)

(i) the data subject whose personal data is the subject to that procedure has given his consent to the procedure being carried out;

(ii) the Commissioner has consented to the procedure being carried out; and

(iii) is the procedure carried out in accordance with such conditions as the Commissioner may impose; or

(b) it is required or permitted under any other enactment.

(2) Subject to subsection (3), a data controller shall not take any adverse action against any data subject as a consequence of the carrying out of a data matching procedure :

(a) unless the data controller has served a notice in writing on the data subject:

(i) specifying the adverse action it proposes to take and the reasons therefor;

(ii) stating that the data subject has 7 days after the receipt of the notice to show cause why the adverse action should not be taken; and

(b) until the expiry of the 7 days specified in paragraph (a).

(3) Subsection (2) shall not preclude a data controller from taking any adverse action against any data subject if compliance with the requirements of that subsection shall prejudice any investigation into the commission of any offence which has been, is being or is likely, to be committed.

PART V .- THE DATA PROTECTION REGISTER

33.- Register of data controllers

(1) There shall be a register of data controllers to be known as the Data Protection Register, which shall be kept and maintained by the office.

(2) Subject to Part VII, a data controller shall register himself with the office.

34.- Application for registration

(1) An application for registration as a data controller shall be made in writing to the Commissioner and the person shall furnish such particulars as requested under section 35.

(2) Where a data controller intends to keep personal data for 2 or more purposes, he shall make an application for separate registration in respect of any of those purposes and, entries shall be made in accordance with any such applications.

(3) Subject to subsection (4), the Commissioner shall grant an application for registration, unless he reasonably believes that :

(a) the particulars proposed for inclusion in an entry in the register are insufficient or any other information required by the Commissioner either has not been furnished, or is insufficient;

(b) appropriate safeguards for the protection of the privacy of the data subjects concerned are not being, or will not continue to be, provided by the data controller; or

(4) Upon registration of an application, the applicant shall pay such fee as may be prescribed.

(5) Where the Commissioner refuses an application for registration, he shall, as soon as reasonably practicable, notify in writing the applicant of the refusal:

(a) specifying the reasons for the refusal; and

(b) informing the applicant that he may appeal against the refusal under to section 58.

(6) The Commissioner may, at any time, at the request of the person to whom an entry in the register relates, remove his name from the register.

35.- Particulars to be furnished

(1) A data controller who wishes to be registered with the office shall provide the following particulars :

(a) his name and address;

(b) if he has nominated a representative for the purposes of this Act, the name and address of the representative;

(c) a description of the personal data being, or to be processed by or on behalf of the data controller, and of the category of data subjects, to which the personal data relate;

(d) a statement as to whether or not he holds, is likely to hold, sensitive personal data;

(e) a description of the purpose for which the personal data are being or are to be processed;

(f) a description of any recipient to whom the data controller intends or may wish to disclose the personal data;

(g) the names, or a description of, any country to which the data controller directly or indirectly transfers, or intends or may wish, directly or indirectly to transfer the data; and

(h) the class of data subjects, or where practicable the names of data subjects, in respect of which the data controller holds personal data.

(2) Any data controller who, knowingly supplies false information under subsection (1), shall commit an offence and shall, on conviction, be liable to a fine not exceeding 100,000 rupees and to imprisonment for a term not exceeding 2 years.

(3) Where the data controller in respect of whom there is an entry in the register changes his address, he shall, within 15 days of the change in address, notify the Commissioner in writing.

36.- Contents of register

Each entry in the register shall contain the particulars provided under section 35.

37.- Inspection of register

(1) The register shall be kept in the office of the Commissioner and shall at all reasonable times be available for inspection by any person free of charge.

(2) Any person may, on payment of such fee as may be prescribed, obtain from the Commissioner a certified copy of, or of an extract from, any entry in the register.

38.- Duration of registration

(1) A registration shall be for a period not exceeding one year and on the expiry of such period, the relevant entry shall be cancelled unless the registration is renewed.

(2) The period specified under subsection (1) shall be calculated :

(a) in the case of a first registration, from the date on which the relevant entry was made in the register; and

(b) in the case of a registration which has been renewed, from the date on which it was renewed.

(3) The Commissioner may, subject to this Act, renew a registration upon application by the data controller, and on payment of such fee as may be prescribed.

39.- Failure to register or to renew registration

Any data controller, who without reasonable excuse, processes any personal data without being registered, shall commit an offence.

40.- Certificate issued by Commissioner

In any proceedings in which the registration of a person as a data controller or a data processor is in question, a certificate under the hand of the Commissioner that there is no entry in the register in respect of the person as a data controller or data processor, shall be conclusive evidence of that fact.

PART VI .- RIGHTS OF DATA SUBJECTS

41.- Access to personal data

(1) Subject to section 42, a data controller shall on the written request of a data subject or a relevant person :

(a) inform the data subject or the relevant person :

(i) whether the data kept by him include personal data relating to the data subject;

(ii) the purposes for which the data are being or are to be processed;

(iii) the recipients or classes of recipients to whom they are or may be disclosed; and

(b) supply the data subject or the relevant person with a copy of any data referred to in paragraph (a) on payment of the prescribed fee.

(2) A request under subsection (1)(a) and (b) shall be treated as a single request.

(3) Where any data referred to under subsection (1) is expressed in terms that are not intelligible without explanation, the data controller shall supply the information with an explanation of those terms.

(4) A fee paid by any person to a data controller under this section shall be returned to him where a request under subsection (1) is not complied with.

(5) The information to be supplied pursuant to a request under this section shall be supplied by reference to any personal data at the time when the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request.

42.- Compliance with request for access to personal data

(1) Subject to subsection (2) and section 43 and to the payment of the prescribed fee, a data controller shall comply with a request under section 41 not later than 28 days after the receipt of the request.

(2) Where a data controller is unable to comply with the request within the period specified in subsection (1), he shall :

(a) before the expiry of the specified period :

(i) inform the data subject or the relevant person who has made the request on behalf of the data subject, that he is unable to comply with the request and shall, if required, state the reasons therefor;

(ii) endeavour to comply with the request in such time reasonably practicable, and

(b) as soon as practicable after the expiry of the specified period, comply with the request.

43.- Denial of access to personal data

(1) A data controller may refuse a request under section 41 where :

(a) he is not supplied with such information as he may reasonably require in order to satisfy himself as to the identity of the person making the request, and to locate the information which the person seeks;

(b) compliance with such request will be in contravention with his confidentiality obligation imposed under any other enactment.

(2) Where a data controller cannot comply with a request under section 41 without disclosing personal data relating to another person, he may refuse the request unless :

(a) the other individual has consented to the disclosure of the his personal data to the person making the request; or

(b) he obtains the written approval of the Commissioner.

(3) In determining for the purposes of subsection (2)(b) whether it is reasonable for the Commissioner to approve a request without the consent of the other individual concerned, regard shall be had, in particular, to :

(a) any duty of confidentiality owed to the other individual;

(b) any steps taken by the data controller with a view to seeking the consent of the other individual;

(d) any express refusal of consent by the other individual.

(4)

(a) Where a data controller has previously complied with a request made under section 41 by a data subject, the data controller is not obliged to comply with a subsequent identical or similar request under that section by that data subject unless a reasonable interval has elapsed between compliance with the previous request and the making of the current request.

(b) In determining, for the purposes of paragraph (a), whether requests under section 41 are made at reasonable intervals, regard shall be had to :

(i) the nature of the data;

(ii) the purpose for which the data are processed; and

(iii) the frequency with which the data are altered.

(5) A data controller shall not comply with a request under section 41 where :

(a) he is being requested to disclose information given or to be given in confidence for the purposes of :

(i) the education, training or employment, or prospective education, training or employment, of the data subject;

(ii) the appointment, or prospective appointment, of the data subject to any office; or

(iii) the provision, or prospective provision, by the data subject of any service;

(b) the personal data requested consist of information recorded by candidates during an academic, professional or other examination;

(c) such compliance would, by revealing evidence of the commission of any offence other than an offence under this Act, expose him to proceedings for that offence.

44.- Inaccurate personal data

(1) A data controller shall, upon being informed as to the inaccurateness of personal data, by a data subject to whom such data pertains, cause such data to be rectified, blocked, erased or destroyed, as appropriate.

(2) Where a data controller is aware that a third party holds inaccurate personal data, he shall, as soon as reasonably practicable, require the third party to rectify, block, erase or destroy the data, as appropriate.

(3) Where the third party specified in subsection (2) fails to comply with the requirement under that subsection, he shall commit an offence.

(4) Where a data controller fails to rectify, block, erase or destroy inaccurate personal data, a data subject may apply to the Commissioner to have such data rectified, blocked, erased or destroyed, as appropriate.

(5) Upon being satisfied by an application under subsection (4) that the personal data is incorrect, the Commissioner shall, where he is satisfied, direct the data controller to rectify, block, erase or destroy those data and any other personal data in respect of which he is the data controller.

(6) Where the Commissioner :

(a) issues a direction under subsection (5); or

(b) is satisfied on the application by an individual that personal data of which the individual is the data subject were inaccurate and have been rectified, blocked, erased or destroyed,

he may direct the data controller to notify third parties to whom the data have been disclosed, of the rectification, blocking, erasure or destruction.

PART VII .- EXEMPTIONS

45.- National security

(1) Personal data are exempt from any provision of this Act where the nonapplication of such provision would, in the opinion of the Prime Minister be required for the purpose of safeguarding national security.

(2) In any proceedings in which the non-application of the provisions of this Act on grounds of national security is in question, a certificate under the hand of the Prime Minister referred in subsection (1) certifying that such is the case, shall be conclusive evidence of that fact.

46.- Crime and taxation

The processing of personal data for the purposes of :

(a) the prevention or detection of crime;

(b) the apprehension or prosecution of offenders; or

(i) the Second, Third, Fourth and Eighth data protection principles;

(ii) sections 23 to 26; and

(iii) Part VI of this Act in respect of blocking personal data,

to the extent to which the application of such provisions would be likely to prejudice any of the matters specified in paragraphs (a) to (c).

47.- Health and social work

(1) A data controller shall be exempt from the application of section 41 where the personal data to which access is being sought relates to the physical or mental health of the data subject and the application of that section is likely to cause serious harm to the physical or mental health of the data subject or of, any other person.

(2) The Prime Minister may, by notice in the Gazette or by regulations, waive the obligations imposed under section 41, on a public authority, voluntary organisations and any other similar body as may be prescribed, where such public authority, voluntary organisation or other body carries out social work in relation to a data subject or any other individual, and the application of that section is likely to prejudice the carrying out of the social work.

48.- Regulatory activities

The processing of personal data for the purpose of discharging any of the relevant functions :

(a) designed for protecting members of the public against :

(i) financial loss due to dishonesty, malpractice or other serious improper conduct, or by the unfitness or incompetence of, persons concerned in the provision of banking, insurance, investment or other financial services or in the management of bodies corporate;

(ii) financial loss due to the conduct of discharged or undischarged bankrupts; or

(iii) dishonesty, malpractice or other seriously improper conduct by, or the unfitness or incompetence of, persons authorised to carry on any profession or other activity;

(b) conferred on the Bank of Mauritius, the Financial Services Commission and the Financial Intelligence Unit, by or under any enactment;

(c) for protecting charitable trusts and other bodies involved in charitable work against misconduct or mismanagement in their administration;

(d) for protecting the property of charitable trusts and other bodies specified in paragraph (c) from loss or misapplication;

(e) for the recovery of the property of charitable trusts and other bodies specified in paragraph (c);

(f) for securing the health, safety and welfare of persons at work;

(g) for protecting persons other than persons at work against risk to health or safety arising out of or in connection with the actions of persons at work; or

(h) designed for:

(i) protecting members of the public against conduct which adversely affect their interests by persons carrying on a business;

(ii) regulating agreements or conduct which have as their object or effect the prevention, restriction or distortion of competition in connection with any commercial activity; or

(iii) regulating conduct on the part of one or more undertakings which amounts to the abuse of a dominant position in a market,

shall be exempt from the application of sections 23 to 26 to the extent that such an application would be likely to prejudice the proper discharge of such functions.

49.- Journalism, literature and art

(1) The processing of personal data for journalistic, literary and artistic purposes shall be exempt from the provisions specified in subsection (2) where :

(a) such processing is undertaken with a view to the publication of any journalistic, literary or artistic material;

(b) the data controller involved in such processing reasonably believes that the publication would be in the public interest; and

(c) the data controller reasonably believes that compliance with any such provisions would be incompatible with such purposes.

(2) For the purposes of subsection (1), the processing of personal data shall be exempt from:-

(a) the Second, Third, Fifth and Eighth data protection principles;

(b) sections 23 to 27 and 32; and

50.- Research, history and statistics

(1) Subject to subsections (2), (4), and (5), personal data which are processed only for research, historical or statistical purposes shall be exempt from the Fifth data protection principle.

(2) The exemption provided for under subsection (1) shall not be applicable where :

(a) such personal data are not processed to support measures or decisions with respect to particular individuals; and

(b) such personal data are not processed in such a way that such processing would substantially damage or substantially distress any data subject or will likely cause such damage or distress.

(3) For the purposes of :

(a) the Second data protection principle; and

(b) sections 23 and 27,

further processing of personal data only for research, historical or statistical purposes shall not be regarded as incompatible with the purposes for which such data was obtained provided that the conditions under subsection (2) are satisfied.

(4) The personal data processed for the purposes specified in subsection (1) shall also be exempt from the provisions of Part VI where :

(a) the conditions under subsection (2)(a) and (b) are satisfied; and

(b) the results of the research or any resulting statistics are not made available in a form which identifies any of the data subjects concerned.

51.- Information available to the public under an enactment

Where personal data consists of information which the data controller is obliged under an enactment to make available to the public, such data shall be exempt from :

(a) the Second, Third, Fourth, Fifth and Eighth data protection principles;

(b) sections 23 to 29; and

52.- Disclosure required by law or in connection with legal proceedings

Personal data are exempt from :

(a) the Second, Third, Fourth and Fifth data protection principles;

(b) sections 23 to 29; and

(i) the disclosure of such data is required under any enactment or by a Court order;

(ii) the disclosure of such data is necessary for the purpose of, or in connection with, any on-going or prospective legal proceedings;

(iii) the disclosure of such data is necessary for the purpose of obtaining legal advice; or

(iv) the disclosure is otherwise necessary for the purpose of establishing, exercising or defending legal rights.

53.- Legal professional privilege

Personal data are exempt from :

(a) the Second, Third, Fourth and Fifth data protection principles; and

(b) section 23,

where the data consist of information in respect of which a claim to legal professional privilege or confidentiality as between client and legal practitioner could be maintained in legal proceedings, including prospective legal proceedings.

54.- Domestic purposes

Personal data processed by an individual are exempt from :

(a) the data protection principles; and

(b) Part V and Part VI,

where such processing is only for the purposes of that individual’s personal, family or household affairs or for recreational purposes.

PART VIIl .- MISCELLANEOUS

55.- Annual report

(1) The Commissioner shall, not later than 3 months after the end of every calendar year, lay an annual report of the activities of the office before the National Assembly.

(2) Without limiting the generality of subsection (1), the report shall include :

(a) a statement about the operation of approved and issued codes of practice;

(b) any recommendations that the Commissioner thinks fit relating to the compliance with this Act, and in particular the data protection principles.

(3) The period starting from the commencement of this Act to the end of the year of such commencement shall be deemed to be the first calendar year.

56.- Codes and guidelines

(1) The Commissioner may, for the purposes of this Act or any regulations made under this Act, issue or approve codes of practice, or issue guidelines.

(2) Before issuing or approving any code of practice, or issuing any guidelines, the Commissioner may consult such person or authority as he thinks fit.

(3) Any code of practice :

(a) may be varied or revoked;

(b) shall, where the code is approved under subsection (1), come into operation on a day specified by the Commissioner.

(4) The Commissioner shall keep a register of approved codes and guidelines which shall be available for public inspection.

(5) The Commissioner may, on payment of such fee as may be prescribed, provide copies of, or extracts from, the register specified in subsection (4).

57.- Service of notice

(1) Any notice served by the Commissioner on an individual under this Act may be served by :

(a) delivering it to him;

(b) sending it to him by registered post addressed to him at his usual or last known place of residence or business.

(2) Any notice served by the Commissioner on a body corporate under this Act may be served by :

(a) sending it by post to the registered office of the body; or

(b) addressing it to and leaving it at the registered office of the body.

(3) Any notice served by the Commissioner on an unincorporated body of persons under this Act may be served by :

(a) sending it by post to the place where it ordinarily carries out its activities; or

(b) by addressing it to and leaving it at the place where it ordinarily carries out its activities.

58.- Right of appeal

Any person aggrieved by a decision of the Commissioner in respect of the performance of his duties and powers under this Act shall have a right of appeal within 21 days from the date when the decision is made known to that person to the Tribunal.

59.- Special jurisdiction of Tribunal

(1) Subject to subsections (2) and (3), the Tribunal shall hear and dispose of any appeal under this Act.

(2) Sections 40 to 44 of the Information and Communication Technologies Act 2001 shall, as far as appropriate, apply to an appeal made under this Act and to such decision as may be reached by the Tribunal on appeal under this Act.

(3) Sections 39 and 42(5) of the Information and Communication Technologies Act 2001 shall not apply to an appeal under this Act.

(4) Subject to subsection (5), every appeal under section 59 shall be in such form and be accompanied by such fees as may be prescribed.

(5) The Tribunal may entertain an appeal after the expiry of the period of 21 days where it is satisfied that there was sufficient cause for not lodging the appeal within that period.

(6) The Tribunal may, after giving the parties to the appeal an opportunity of being heard, pass such orders as it thinks fit, confirming, varying or setting aside the decision appealed against.

(7) The Tribunal shall send a copy of every order made by it to the parties to the appeal.

(8) Any appeal lodged with the Tribunal under this Act, shall be dealt with by it as expeditiously as possible and the Tribunal shall endeavour to dispose of the appeal within 6 weeks from the date the appeal was lodged.

(9) Any person who does not comply with an order issued by the Tribunal under subsection (6), shall commit an offence.

60.- Immunity

(1) Notwithstanding the Public Officers’ Protection Act, where any action has been entered before a Court pursuant to any act done by any authorised officer in the execution of his duties under this Act or any regulations made under it, and it appears to the Court that there was reasonable cause to do such act, the Court shall so declare and thereafter the authorised officer shall be immune from all proceedings, whether civil or criminal, on account of such act.

(2) No liability, civil or criminal shall attach to the Commissioner in respect of any act which he may have done or omitted to do in good faith in the execution or purported execution of his duties or powers under this Act or regulations made under it.

61.- Offences and penalties

(1) Any person who contravenes this Act shall commit an offence.

(2) Where no specific penalty is provided for an offence, the person shall, on conviction, be liable to a fine not exceeding 200,000 rupees and to imprisonment for a term not exceeding 5 years.

62.- Forfeiture

In addition to any penalty the Court may :

(a) order the forfeiture of any equipment or any article used or connected in any way with the commission an offence;

(b) order or prohibit the doing of any act to stop a continuing contravention.

63.- Prosecution and jurisdiction

(1) An authorised officer may swear an information in respect of any offence under this Act or any regulations made under this Act before a Magistrate.

(2) Notwithstanding any other enactment, the Intermediate Court shall have jurisdiction to try an offence under this Act or any regulations made under this Act.

(3) No prosecution shall be instituted under this Act except by, or with the consent, of the Director of Public Prosecutions.

64.- Consequential amendments

(1) The Criminal Code is amended by repealing section 300A.

(2) The Information and Communication Technologies Act 2001 is amended :

(a) in section 2, by deleting the definitions of “code of practice” and “personal data”;

(b) by repealing section 33;

(3) The National Computer Board Act is amended :

(a) In section 2, by deleting the definitions of “computer service person”, “data”, “data user”, and “personal data”;

(b) in section 4, by deleting paragraph (d); and

65.- Regulations

(1) The Prime Minister may, after consultation with the Commissioner, make such regulations as he thinks fit for this Act.

(2) Any regulations made under subsection (1) may provide :

(a) for the requirements which are imposed on the data controller when processing data;

(b) for the contents a notification or application to a data controller should contain;

(d) for the levying of fees and taking of charges;

(e) for the issuing, approval of codes and guidelines;

(f) that any person who contravenes them shall commit an offence and shall, on conviction, be liable to a fine not exceeding 100,000 rupees and to imprisonment for a term not exceeding 2 years.

(3) The Prime Minister may, by regulations, amend the Schedules.

66.- Commencement

(1) Subject to subsection (2), this Act shall come into operation on a date to be fixed by Proclamation.

(2) Different dates may be fixed for the coming into operation of different sections of this Act.

Passed by the National Assembly on the first day of June two thousand and four.

André Pompon

Clerk of the National Assembly

FIRST SCHEDULE (section 2, 15 and 31)

DATA PROTECTION PRINCIPLES

First principle

Personal data shall be processed fairly and lawfully.

Second principle

Personal data shall be obtained only for any specified and lawful purpose, and shall not be further processed in any manner incompatible with that purpose.

Third principle

Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed.

Fourth principle

Personal data shall be accurate and, where necessary, kept up to date.

Fifth principle

Personal data processed for any purpose shall not be kept longer than is necessary for that purpose or those purposes.

Sixth principle

Personal data shall be processed in accordance with the rights of the data subjects under this Act.

Seventh principle

Appropriate security and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Eighth principle

Personal data shall not be transferred to a third country, unless that country ensures an adequate level of protection for the rights of data subjects in relation to the processing of personal data.

SECOND SCHEDULE (section 6)

I, …………………………………………………………make oath/solemnly affirm/ declare that I will faithfully and honestly fulfill my duties as authorised officer/Commissioner in conformity with the Data Protection Act 2004 and that I shall not without the due authority in that behalf disclose or make known any matter or thing which comes to my knowledge by reason of my duties as such.

District Magistrate

Port Louis

11Jul/17

Act nº 44 of December 2001. The information and Communications Technologies Act 2001

11 julio, 2017Ley, MaurcioAct nº 44 of December 2001. The information and Communications Technologies Act 2001, Legislación Derecho Informático, Legislación MauricioJosé Cuervo

Act nº 44 of December 2001. The information and Communications Technologies Act 2001. (Proclaimed by: Proclamation nº 6 of 2002 w.e.r. 11th February 2002 Section 1 and Part VII; Proclamation nº 27 w.e.f. 1st June 2002 Sections 2 and 3, Parts II to VI and Part IX; Proclamation nº 35 of 2003 w.e.f. 1st December 2003 Part VIII) (Amended, Deleted, Added, Repealed and Proclamation by: Act. nº 6 of 2002, Act. nº 27 of 2002, Act. nº 33 of 2002, Act. nº 35 of 2003, Act. nº Act nº 13 of 2004, Act. nº 1 of 2009, Act. nº 7 of 2009, Act nº 38 of 2011, Act. nº 7 of 2013, Act. nº 9 of 2015, Act. nº 21 of 2016

INFORMATION AND COMMUNICATION TECHNOLOGIES ACT 2001 Act 44/2001

Proclaimed by: (Proclamation nº 6 of 2002) w.e.f. 11th February 2002 Section 1 and Part VII (Proclamation nº 27 of 2002) w.e.f. 1st June 2002. Sections 2 and 3, Parts II to VI and Part IX (Proclamation nº 35 of 2003) w.e.f. 1st December 2003 Part VIII

An Act To establish the Information and Communication Technologies Authority, the Information and Communication Technologies Advisory Council, the Information and Communication Technologies Appeal Tribunal and to provide for the regulation and democratisation of information and communication technologies and related matters

ENACTED by the Parliament of Mauritius, as follows:

PART I.- PRELIMINARY

1.- Short title

This Act may be cited as the Information and Communication Technologies Act 2001.

2.- Interpretation In this Act :

“access” means access by a person to the facilities and services of a licensee excluding interconnection for the purpose of providing information and communication services.

“access agreements means an agreement which sets out the terms and conditions pursuant to which a licensee grants access to a person where the services operated by the letter do not require the interconnection of physical networks.

“allocation” means the entry of a given frequency band in the Mauritius Frequency Allocation Table to be used by one or more terrestrial or space radio communication service, or the radio astronomy services;

“authorised officer” means the officer designated as such under section 25;

“Authority” means the ICT Authority established under section 4;

“Board” means the ICT Board established under section 5;

“broadcasting” means the emission or transmission of sounds or images for reception by the public;

“certificate” means a document issued by a certification authority for the purpose of supporting digital signatures which purports to confirm the identity or other significant characteristics of the person who holds a particular key pair;

“certification authority” means a person duly authorised under the Electronic Transaction Act 2000 to issue a certificate;

“charging principles” means the principles that may be prescribed for use in determining the prices to be charged front or by a licensee under an access and an interconnection agreement;

“code of practice” (Deleted by Act nº 13 of 2004)

“Competition Commission” means the Competition Commission established under section 4 of the Competition Act; (Added by Act nº 38 of 2011)

computer” means any device for storing and processing information whether or not the information is derived from other information by calculation, comparison or otherwise;

“computer service person”. (Deleted by Act nº 1 of 2009)

“computer system” means a device or combination of devices, including input and output support devices, but excluding calculators which are not programmable, and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

“Controller” means the Controller of Certification Authorities referred to in the Electronic Transactions Act; (Amended by Act nº 7 of 2009)

“Council” means the ICT Advisory Council set up under section 34;

“data” means information recorded in a form in which it can be processed by equipment operating automatically in response to instructions given for that purpose;

“data user” (Deleted by Act nº 1 of 2009)

“domain name” means a unique alpha-numeric designation used to access a computer on the internet and all domain names located in the .mu name hierarchy;

“dominant operator” means a licensee who, by the terms of his licence or by reason of his share in the market or the availability to him of technological ability, infrastructure or capital, has a substantial degree of power in the market for the supply of an information and telecommunication services including a telecommunication service;

“electronic transaction” means any transaction conducted over a network, using computers, information and communication technologies, including telecommunications;

“Executive Director” means the Executive Director of the Authority appointed under section 14;

“facility” means :

(a) any part of the infrastructure of an information and communication network including a telecommunication network; or

(b) any line, cable, radio, equipment, antenna, tower, mast, tunnel, pit, pole or other structure or thing used, or included for use, in connection with an information and communication network including a telecommunication network;

“financial year” means the period extending from 1 July in any year to 30 June in the next ensuing year;

“frequency band” means a continuous frequency range of spectrum;

“information” means data, text, images, sounds, codes, computer, programmes, software, databases or the like;

“information and communication industry” means any entity :

(a) carrying on a business; or

(b) engaged in any commercial activity connected with information and communication technologies;

“information and communication network” means a network for the transmission of messages and includes a telecommunication network;

“information and communication service” means any service involving the use of information and communication technologies including telecommunication services;

“information and communication technologies” means technologies employed in collecting, storing, using or sending out information and include those involving the use of computers or any telecommunication system;

“intercept’ means intercept by listening or recording, by any means, a message passing over an information or communication network, including telecommunication network, without the knowledge of the person originating, sending or transmitting the message,

“interconnection” means the linking up of 2 information and communication networks, including telecommunication networks so that users of either network may communicate with users of, or utilise services provided by means of, the other network or any other information and communications network including telecommunication network;

“interconnection agreement” means an agreement made between 2 or more licensees which sets out the terms and conditions –

(a) for interconnection between the facilities in the information and communication networks, including telecommunication networks of 2 or more licensees; or

(b) upon which a licensee obtains interconnection to information and communication services, including telecommunication services supplied by another licensee;

“International Mobile Station Equipment Identity” or “IMEI” means a unique number which is allocated to every individual mobile station equipment in the Public Land Mobile Network and which shall unconditionally be implemented by the Mobile Station (MS) manufacturer;

“lnternet” means a publicly accessible system of global interconnected computer networks which uses the Internet Protocol as its communication protocol to provide a variety of information and communication facilities;

“Internet Protocol” or “IP” means a standard consisting of a set of rules governing digital data communication on the Internet;

“licence” means a licence issued under section 24,

“licensed certification authority” means a Certification Authority licensed by the Controller;

“licensee” means the holder of a licence;

“Mauritius Frequency Allocation Table” means the table where the spectrum plan for Mauritius is detailed:

“member” includes a chairperson;

“Minister” means:

(a) the Minister to whom responsibility for the subject of Information and Communication Technologies Authority is assigned; but

(b) in relation to sections 12, 34, 35 and 36, the Minister to whom responsibility for the subject of information technology and telecommunications is assigned;

“message” includes any communication whether in the form of speech, or other sound, data, text, visual image, signal or code, or in any other form or combination of forms;

“Multiplex Operator” has the same meaning as in the Independent Broadcasting Authority Act;

“network” means a communication transmission system that provides interconnection among a number of local or remote devices;

“personal data” (Deleted by Act nº 13 of 2004)

“public operator” means a licensee who :

(a)

(i) owns or operates a public information and communication network, including a telecommunication network; or

(ii) offers an information and communication service, including a telecommunication service to the public; or

(b) owns or operates a network referred to in paragraph (a)(i), and offers a service referred to in paragraph (a)(ii); (Amended by Act nº 38 of 2011)

“radio communication” means any transmission, emission, or reception of signs, signals, writings, sounds or intelligence of any nature, of a frequency less than 3000 gigahertz, propagated in space without artificial guide;

“radio spectrum” means the portion of the electromagnetic spectrum which is below 3,000 gigahertz;

“service provider” means any person who provides an information and communication service, including telecommunication;

“significant market power”, in relation to a public operator, means the position of the operator who, either individually or jointly with any of its subsidiaries or others, enjoys a position equivalent to dominance in any specific market segment such that its position of economic strength affords it the power to behave to an appreciable extent independently of competitors, customers and ultimately consumers; (Added by Act nº 38 of 2011)

“tariff” means the rate of any fee or charge which a public operator offers to claim for a service which it supplies;

“telecommunication” means a transmission, emission or reception of signs, signals, writing, images sounds or intelligence of any nature by wire, radio, optical or other electromagnetic systems whether or not such signs, signals, writing, images, sounds or intelligence have been subjected to rearrangement, computation or other processes by any means in the course of their transmission, emission or reception;

“telecommunication equipment” means an electronic device intended for the purpose of

telecommunication; “telecommunication network” means a system, or a series of systems, operation within such boundaries as may be prescribed, for the transmission or reception of messages by means of guided or unguided electro-magnetic energy or both;

“telecommunication service”:

(a) means a service for carrying a message by means of guided or unguided electromagnetic energy or both;

(b) subject to paragraph (c), includes radio-communication;

“Tribunal” means the Information and Communication Technologies Appeal Tribunal established under section 36;

“universal service’ means an information and communication service including a telecommunication service determined by the Authority as being a service to be provided by a licensee to an area or sector not served or adequately served by the service.

Amended by: (Act nº 7 of 2009); (Act nº 1 of 2009); (Act nº 38 of 2011); (Act nº 9 of 2015); (Act nº 21 of 2016)

3.- Application of the Act

(1) Subject to subsection (2), this Act shall bind the State.

(2) The Minister may on such terms and conditions as he may determine, exempt any Government department, statutory corporation, non-governmental organisation, or foreign governmental or foreign non-governmental agency acting pursuant to such international Convention or treaty as may be prescribed and to which both Mauritius and the government of that agency are signatories, from compliance with this Act in the interests of the sovereignty of the State, national security or public order.

(Amended by Act nº 21 of 2016)

Part II – ICT AUTHORITY

4.- Establishment of the ICT Authority

(1) There is established for the purpose of this Act, an Information and Communication Technologies Authority known as the ICT Authority.

(2) The Authority shall be a body corporate.

5.- ICT Board

(1) There shall be an Information and Communication Technologies Board to be known as the ICT Board.

(2) The ICT Board shall be responsible for the administration and management of the Authority.

(3) The ICT Board shall consist of:

(a) a Chairperson. to be appointed by the Prime Minister, after consultation with the Leader of the Opposition;

(b) the Secretary for Home Affairs or his representative;

(d) a representative of the Ministry responsible for the subject of information technology and telecommunications;

(e) a representative of the Attorney-General’s Office:

(f) 4 other members, to be appointed by the Minister.

(4) The members referred to in subsection (3)(a) and (f) shall:

(a) be persons having sufficient knowledge and experience in the field of information and communication technologies, computer science. broadcasting and teIecommunication law, business and finance, internet or electronic commerce.

(b) hold office on such terms and conditions as the Prime Minister may determine.

(5) Any appointment made under the repealed section 5 shall, at the commencement of this section, lapse.

(Amended by Act nº 21 of 2016)

6.- Meetings of the Board

(1) The Board shall meet:

(a) at least once every month;

(b) whenever so decided by the Chairperson; or

(2) Five members shall constitute a quorum.

(3) The Board may co-opt such person as may be of assistance in relation to any matter before the Board.

(4) In the absence of the Chairperson at a meeting of the Board, the members present shall elect a member to act as Chairperson for that meeting.

(5) Any person co-opted under subsection (3) shall have no right to vote on any matter before the Board.

(6) Every member shall be paid such remuneration and allowances from the General Fund as may be determined by the Minister. (Amended by Act nº 21 of 2016)

7.- Disqualification from membership

(1) No person shall be eligible to be appointed or to remain a member of the Authority if he –

(a) is a shareholder or director or employee of a public operator;

(b) is an undischarged bankrupt or has made any arrangement with his creditors;

(d) acts contrary to this Act.

(Amended by Act nº 21 of 2016)

(2) (Repealed by Act nº 21 of 2016)

8.- Disclosure of interest A member who has a direct or indirect pecuniary or other interest in a matter being considered or about to be considered by the Board shall forthwith, or as soon as is practicable after the relevant facts have come to his knowledge, disclose on record or in writing the nature of his interests to the Board and shall not –

(a) be present during any deliberation of the Board with respect to that matter; and

(b) take part in any decision of the Board with respect to that matter.

9.- Declaration of assets

(1) Every member, the Executive Director, and such other employees as the Board may decide, shall not later than 30 days after their appointment or after their vacation of office deposit with the Authority a declaration of assets and liabilities in relation to himself, his spouse and children.

(2) A declaration under this section shall be made by way of an affidavit, sworn before the Supreme Court in the form specified in the Second Schedule.

10.- Delegation of powers Subject to such instructions and rules of a general nature as it may give or make, the Board may delegate to:

(a) a committee comprising the Chairperson and 2 other members; or

(b) the Executive Director,

such of its powers under this Act as may be necessary for the effective management of the Authority, other than the power to borrow money or to grant a licence.

11.- Appointment of committees The Board may appoint such committees as it thinks fit to advise the Authority on such matters within the purview of this Act.

12.- Internet Management Committee

(1) The Minister shall, after consultation with the Board, appoint an Internet Management Committee.

(2) The Committee under subsection (1) shall consist of a Chairperson and 10 members.

(3) The members shall hold office for a period of 3 years and shall be eligible for reappointment.

(4) Members under subsection (2) shall be selected from among representatives from the public sector, private sector, non- government organisation and academia, by virtue of their qualifications, expertise and experience in information and communication technologies, computer science, broadcasting and telecommunication law, business and finance, internet, electronic commerce and related educational and training services;

(5) Every member shall be paid such fee as may be determined by the Board.

13.- Functions of the Internet Management Committee

(1) The functions of the Internet Management Committee shall be:

(a) to advise the Authority on Internet and related policies;

(b) to provide a forum for stake-holders to discuss issues relating to the administration of Internet;

(d) to make recommendations to the Board on any matter relating to Internet including the administration and management of domain names.

(2) The Committee may appoint such working groups as may be necessary in the discharge of its functions under the Act.

(3) The Committee shall regulate its meeting and proceedings in such manner as it thinks fit.

14.- The Executive Director

(1) There shall be a chief executive officer of the Authority who shall:

(a) be known as the Executive Director; and

(b) be appointed by the Board with the approval of the Minister on such terms and conditions as the Board thinks fit.

(2) The Executive Director shall be responsible for the execution of the policy and the control and management of the day-to-day business of the Authority.

(3) The Executive Director:

(a) shall attend every meeting of the Board;

(b) may take part in the deliberations of the Board;

(4) The Executive Director may, with the approval of the Board, delegate any of the functions or powers delegated to him under section 10 to an officer.

(5) In the exercise of his functions, the Executive Director shall act in accordance with such directions as he may receive from the Board.

15.- Employment of staff

(1) The Authority may employ, on such terms and conditions as it thinks fit, such officers and other members of staff as may be necessary for the proper discharge of the functions of the Authority.

(2) Every employee shall be under the administrative control of the Executive Director.

(3) Every employee who has an interest in any contract with the authority or acquires an interest of any kind from a licensee shall make a declaration on the prescribed or approved form.

PART III – OBJECTS, POWERS AND FUNCTIONS OF THE AUTHORITY

16.- Objects of the Authority

The objects of the Authority shall be:

(a) to democratise access to information taking into account the quality, diversity and plurality in the choice of services available through the use of information and communication technologies

(b) to create a level playing field for all operators in the interest of consumers in general;

(d) to ensure that information and communication services including telecommunication services are reasonably accessible at affordable cost nationwide and are supplied as efficiently and economically as practicable and at performance standards that reasonably meet the social, educational, industrial, commercial and, other needs of Mauritius;

(e) to encourage the optimum use of information and communication technologies in business, industry and the country at large, the introduction of new technology and the investment in infrastructure and services;

(f) to promote the efficiency and international competitiveness of Mauritius in the information and communication sector;

(g) to further the advancement of technology, research and development relating to information and communication technologies through modern and effective infrastructure taking into account the convergence of information technology, media, telecommunications and consumer electronics;

(h) to advise the Minister on all matters relating to information and communication technologies and on matters relating to the Authority generally.

17.- Powers of the Authority

(1) The Authority, in addition to the powers it has under section 37 of the Interpretation and General Clauses Act, may:

(a) commission expert evaluations, conduct studies, collect data related to the information and communication industry;

(b) authorise any person to conduct such technical tests or evaluations relating to information and communication services including telecommunication as it thinks fit.

(2) For the purposes of subsection (1), the Authority may require a public operator who holds a licence granted under this Act to provide information on the use, area of coverage and means of access to his service.

(3) The Authority shall have the power to make such determinations, issue such directives and guidelines, and do such acts and things, as are incidental or conducive to the attainment of its objects and the discharge of its functions.

(Amended by Act nº 38 of 2011)

18.- Functions of the Authority

(1) The Authority shall:

(a) implement the policy of government relating to the information and communication industry;

(b) provide economic and technical monitoring of the information and communication industry in accordance with recognized international standard practices, protocols and having regard to the convergence of technology;

(c) promote and maintain effective competition, fair and efficient market conduct between entities engaged in the information and communication industry in Mauritius and to ensure that this Act is implemented with due regard to the public interest and so as to prevent any unfair or anti-competitive practices by licensees;

(d) advise and assist in the formulation of national policies with respect to the regulation of the information and communication industry;

(e) act internationally as the national regulatory body of Mauritius in respect of information and communication technologies matters;

(f) exercise licensing and regulatory functions in respect of information and communication services in Mauritius including the determination of types and classes of licensees and the approval of prices, tariffs and alterations thereto;

(g) establish, for public operators, performance standards and linkage standards in relation to the provision of international and local telephone services, and monitor compliance with both of those standards;

(h) report, in such manner as may be required, to the Minister or to any other person on any matter that lies within its purview, such as the performance of public operators, the quality of consumer service and consumer satisfaction, measured against the best available international standards of practice;

(i) ensure the fulfilment by public operators of their obligations under any enactment;

(j) (Repealed by Act nº 1 of 2009)

(k) develop and, where appropriate, revise, accounting requirements and draw up a cost allocation manual for use by public operators;

(l) regulate the security of data;

(Amended by Act nº 1 of 2009)

(m) take steps to regulate or curtail the harmful and illegal content on the Internet and other information and communication services;

(n) ensure the safety and quality of every information and communication services including telecommunication service and, for that purpose, determine technical standards for telecommunication network, the connection of customer equipment to telecommunication networks;

(o) entertain complaints from consumers in relation to any information and communication service in Mauritius and, where necessary, refer them to the appropriate authorities;

(p) allocate frequencies and manage, review, and, where appropriate, reorganise the frequency spectrum;

(q) determine the numbering system to be used for every information and communication services including telecommunication service, and manage, review, and, where appropriate, reorganise the numbering system;

(r) set up a radio frequency management unit for the allocation, monitoring, control and regulation of radio frequencies and, with the approval of the Minister, participate in any regional monitoring system;

(s) monitor every access or interconnection agreement and assist in the resolution of any dispute relating thereto;

(t) monitor the use of information and communication services on any ship or aircraft;

(u) control the importation of any equipment capable of being used to intercept a message;

(v) regulate the conduct of examinations for, and the issue of, certificates of competency to persons wishing to operate any apparatus used for purposes of information and communication services including telecommunication;

(w) manage the Universal Service Fund set up under section 21;

(x) determine, whether as conditions of licences or otherwise, the universal service obligations and requirements;

(y) authorise or regulate the registration, administration and management of domain names for Mauritius; and

(z) be the Controller of Certification Authorities.

(Amended by Act nº 7 of 2009)

(2)

(a) Notwithstanding subsection (1), the Authority shall allocate and regulate the use of any frequency to any licensed broadcaster in the case of analogue broadcasting and to the Multiplex Operator in the case of digital broadcasting.

(b) Subject to paragraph (c), the broadcaster or the Multiplex Operator shall pay to the Authority such fee as may be prescribed.

(c) The Multiplex Operator shall be exempt from payment of any fee referred to in paragraph (b) for the broadcast, through transmission stations operated by it, of the proceedings of the National Assembly under any access agreement between the Multiplex Operator and the National Assembly.

(3) The Authority shall furnish to the Minister:

(a) an annual report of its activities; and

(b) an annual report on the development of the information and communication industry in the country, as may be prescribed;

(4) The Minister shall at the earliest opportunity lay a copy of a report submitted under subsection 3(a) before the National Assembly.

Amended by: (Act nº 7 of 2009); (Act nº 1 of 2009); (Act nº 9 of 2015); (Act nº 21 of 2016)

19.- Powers of the Minister The Minister may give such directions of a general character to the Board, not inconsistent with the objects of the Authority, which fie considers to be necessary in the public interest, and the Board shall comply with those directives.

PART IV.- FINANCIAL PROVISIONS

20.- Establishment of the General Fund

(1) The Authority shall establish a General Fund:

(a) into which all money, dues, fees and charges received by the Authority shall be paid; and

(b) out of which:

(i) all payments required to be made by the Authority shall be effected;

(ii) shall be paid into the Capital Fund established under the Finance and Audit Act, such surplus money not required for the purposes of subparagraph (i), as the Board may determine.

(2) The Authority may, in furtherance of its objects and in accordance with the terms and conditions upon which its funds may have been obtained or derived, charge to the General Fund all remuneration, allowances, salaries, grants, fees, pensions and superannuation fund contributions, gratuities, working expenses and all other charges properly arising, including any necessary capital expenditure.

(3) The Authority shall derive its income from:

(a) any charge or fee that may be prescribed;

(b) any sum appropriated from the Consolidated Fund; and

(4) The Authority shall, not later than 3 months before the commencement of every financial year, submit to the Minister for his approval a detailed estimate of its income and expenditure for that year.

(5) In signifying his approval, the Minister may make comments of a general policy nature regarding the estimate.

21.- Establishment of a Universal Service Fund

(1) The Authority shall establish a Universal Service Fund:

(a) into which shall be paid any contribution received from licensees in pursuance of subsection (2);

(b) out of which payments may be made to any licensee required by the terms of his licence, or otherwise directed by the Authority, to provide a universal service.

(2) Every public operator shall, in addition to the licence fee payable, pay into the Universal Service Fund, such annual contributions is may be prescribed.

(3) The Minister may, on the recommendation of the Board, prescribe –

(a) the basis and manner of determination of such contributions;

(b) the dates when such contributions shall become payable and the manner and, if he deems it appropriate, the period over which the contributions shall be paid.

22.- Donations and exemptions

(1) Article 910 of the Code Napoleon shall not apply to the Authority.

(2) Notwithstanding any other enactment, the Authority shall be exempt from payment of all charges, duties, fees, rates or taxes.

PART V.- (Repealed by Act nº 21 of 2016)

PART VI.- LICENSING AND OTHER PROVISIONS

24.- Licensing

(1) No person shall operate an information and communication network or service including telecommunication network or service unless he holds a licence from the Authority.

(2) Any person who wishes to obtain, transfer, renew, or vary the terms of, a licence for the operation of an information and communication network or service including a telecommunication network or service specified in the First Schedule shall make a written application to the Authority in the prescribed form.

(3) Upon receipt of an application referred to in subsection (2), the Authority:

(a) shall, in the case of such licences as may be prescribed, forthwith give public notice of the application in 2 daily newspapers and invite any interested person who wishes to object to the application to do so in writing within 14 days;

(b) may:

(i) require the applicant to furnish any additional information that it considers relevant;

(ii) inspect any installation, apparatus or premises relating to the application.

(4) The Authority shall, after hearing any objection that may be made pursuant to subsection (3) (a), determine whether to issue, transfer, renew, or vary the terms of, a licence.

(5) The Authority shall, in the exercise of its powers under subsection (4), have regard in particular to:

(a) the public interest and any likelihood of unfair practice;

(b) any element of national security;

(d) any agreement between Mauritius or the Authority with any other State, or any national or international organization relating to information and communication technologies including telecommunication.

(6) Subject to subsection (5)(d), the Authority shall, within a period of 30 days from the date of receipt of the application, convey its decision to the applicant.

(7) Where the Authority agrees to issue, transfer, renew, or vary the terms of a licence –

(a) it may do so by imposing any term or condition that it thinks fit;

(b) it shall give written notice of its decision, and the reasons therefor, to any person objections who has raised an objection pursuant to subsection (3)(a).

(8) Where the Authority refuses to issue, transfer, renew or vary the terms of a licence, it shall gives written notice of its decision, and the reasons therefore, to the applicant and to any person who has raised an objection pursuant to subsection (3)(a).

(9) No licence shall be issued or renewed under this section unless the prospective licensee pays such fee as may be prescribed.

(10) Every licence shall specify:

(a) the name and business address of the licensee;

(b) the installation, apparatus and premises to which it relates;

(d) any term or condition imposed pursuant to subsection (7)(a).

(11) Subject to subsection (12), the authority may, of its own motion, vary the terms of, or revoke, a licence on the ground that the licensee has –

(a) contravened this Act; or

(b) acted in breach of any term or condition imposed pursuant to subsection (7)(a).

(12) Where the Authority proposes to vary the terms of, or revoke, a licence pursuant to subsection (11), it shall have written notice of its intention to the licensee, stating –

(a) the reasons for which it proposes to do so; and

(b) the time, being not less than 14 days, within which the licensee may make written representation to object to the proposal.

(13) The Authority shall, after considering any representations made pursuant to subsection (12), communicate its decision in writing, and the reasons therefore to the licensee.

(14) Where the urgency of the matter so requires, the Authority may forthwith suspend a licence on any ground specified in subsection (11).

(15) A suspension effected pursuant to subsection (14) shall, unless sooner revoked, lapse after 30 days.

(Amended by Act nº 13 of 2004)

25.- Special powers

(1) The Board may designate in writing any officer to act as an authorised officer who shall perform (lie duties specified in this section.

(2) An authorised officer may:

(a) require a licensee to produce his licence;

(b) at all reasonable times inspect any installation, apparatus or premises relating to a licence.

(3) Where a Magistrate is satisfied, by information upon oath, that there is reasonable ground to suspect that a person is contravening this Act or any regulations made there under, he may grant a warrant to an authorised officer enabling him to-

(a) enter any premises named in the warrant and search those premises or any person found therein;

(b) inspect, remove and take copies of any document found which he considers relevant;

(c) inspect and remove any installation or apparatus found therein which he has reason to suspect is operating in contravention of this Act.

(4) When a public operator contravenes this Act, the Authority may require the operator to remedy the default within a delay specified by it.

(5) Where a public operator fails to comply with a decision taken by the Authority under subsection (4), the Authority may:

(a) revoke or vary the terms of the licence;

(b) suspend the licence for a period not exceeding 30 days; or

(6) Where it has come to the knowledge of the Authority that there has occurred a substantial change in the composition of the share capital of the public operator, the Authority may cancel the licence forthwith subject to the public operator being afforded all opportunity to be heard on why the licence should not be cancelled.

(7) Any matter dating back to more than 3 years shall not be the subject matter of consideration by the Authority unless an inquiry, verification or action has been initiated within that period.

(8) The Authority shall give reasons for its decision under this section and notify the interested party.

(9) Notwithstanding subsection (5), where a public operator fails to comply with a decision of the Authority under subsection (4), he commits an offence and shall be liable, on conviction, to a fine, the maximum of which shall be 3% of the net turnover of his preceding financial year or 5,000,000 rupees, whichever is the lesser.

26.- Obligations of licensees

Every licensee shall:

(a) comply with every term and condition attached to his licence;

(b) maintain an installation, apparatus or premises relating to his licence in such condition as to enable him to provide a safe, adequate and efficient service;

(d) furnish to the Authority such reports, accounts and other information relating to his operations as the Authority relay require;

(e) comply with any written direction given to him by the Authority in relation to the exercise of his rights and obligations under a licence.

27.- Public operators entering premises

(1) A public operator shall, subject to subsection (2), have authority to:

(a) enter any property for the purpose of exercising any of his powers under his licence;

(b) establish any installation or apparatus on, over, under or across any land or road.

(2)

(a) Before entering on any private property pursuant to subsection (1), a public operator shall give not less than 4 days written notice of his intention to the owner or occupier, stating the reasons for which lie proposes to do so.

(b) Any person who receives a notice issued pursuant to paragraph (a) may apply to the Authority forthwith for a review of the decision specifying the grounds of his objection.

(c) The Authority shall, after hearing the parties, determine every application under paragraph (b) within a reasonable delay.

(3) Where any person suffers any prejudice caused to his property or interest in the property through the acts or omissions of a public operator, he may apply for compensation to the Authority.

(4) The Authority shall, within 30 days, make an award on the claim for compensation and shall, within 7 days of the date of the award, communicate a copy to each of the parties.

(5) Nothing in this section shall prevent a public operator from entering on any property to do whatever may be required to remove any tree, branch, hedge or any other object that is likely to cause danger to any installation or apparatus relating to services provided by him.

(6) For the purpose of this section, establishing an information and communication installation or apparatus including telecommunication installation or apparatus shall include the setting up of poles, wires, stays or struts or other similar structure or any work performed either above or under the ground, in connection with the establishment, alteration, disconnection, modification or repair of the installation or apparatus.

(7) The Authority may, at the request of the owner or occupier of a property over which a public operator has established an information and communication installation including telecommunication installation, require the public operator to alter, modify or divert the installation and the expenses thereby incurred shall be borne by the person making the request.

28.- Interconnection agreements

(1) Every network licensee or public operator shall grant access to his network in accordance with this section.

(2) A licensee may make a written application to a network licensee for access to its network with a copy of the application to the Authority.

(3)

(a) Where a network licensee receives an application he shall, unless the Authority otherwise determines, negotiate the terms of an interconnection agreement with the applicant in good faith.

(b) Either party to the proposed agreement may request the Authority to depute a representative to attend, and assist in the negotiations.

(4)

(a) Subject to paragraph (b), the rates for interconnection shall be determined in accordance with any charging principles in force.

(b) Where an interconnection agreement is negotiated before any charging principles have been prescribed, the agreement shall, where appropriate, be amended by the parties to comply with any charging principles that may subsequently be prescribed.

(5) Where the parties to a proposed interconnection agreement are unable to agree on the terms thereof within 60 clays front the date of an application under subsection (2), either party may request the Authority to act as an arbitrator in the matter.

(6) An arbitration made by the Authority pursuant to subsection (5) shall be deemed to be made under, and be regulated by the Code de Procedure Civile wherever applicable, subject to this Act.

(7) The award by the Authority on the dispute shall:

(a) be made within 60 days from the date of a request under subsection (5); and

(b) specify:

(i) the facilities and the network covered by the award;

(ii) the extent of any network over which one party is required to carry information and communication messages including telecommunications messages to enable another party to supply services;

(iii) the points of, and the technical standards for, interconnection

(iv) the rates of interconnection

(v) the effective date of the award.

(8) Each party to an interconnection agreement shall supply to the Authority:

(a) a copy of the agreement, and of any amendment to it, within 14 days of the execution of the agreement, or amendment, as the case may be;

(b) such information relating to the interconnection agreement as the Authority may require.

29.- Access Agreement

(1) Any person may make an application to a public operator or network licensee for access to its facilities or services other than its network.

(2) Where the public operator or network licensee receives an application, he may, after consideration, grant the application, and negotiate the terms and conditions of the access with the applicant in good faith, or refuse the application.

(3) Where the application is not granted and the applicant has reasonable around to believe that the operator or network licensee has not acted in good faith, he may refer the matter to the Authority for its decision.

(4) Where the parties to a proposed access agreement are unable to agree on the terms thereof within 60 days front the date of the application under subsection (2) either party relay request the Authority to act as an Arbitrator in the matter.

(5) An arbitration made by the Authority pursuant to subsection (4) shall be deemed to be made under, and be regulated by the Code de Procedure Civile wherever applicable, subject to this Act.

(6) The award of the Authority on the dispute shall be made within 60 days from the date of the application.

30.- Market definition and determination of significant market power

(1) The Authority shall, at such times as it may determine, hold a public consultation and carry out a market analysis, to enable it to:

(a) identify information and communication service markets or market segments;

(b) designate every information and communication service market and market segment for which tariffs must be approved by the Authority before the service is offered to the public; (c) determine whether any public operator has significant market power in those information and communication service markets or market segments.

(2) The Authority shall, following the public consultation referred to in subsection (1), designate and give public notification of:

(a) every information and communication service market and market segment; and

(b) every public operator which has a significant market power in an information and communication service market or market segment.

(3) Following the grant of the appropriate licences, every public operator shall, before the commercial launch of the relevant information and communication service, disclose to the Authority the relevant market or market segment in which it intends to operate.

(4) The Authority may, after consultation with the Competition Commission, issue such guidelines as are necessary for the purposes of determining which public operator has significant market power in an information and communication service market or market segment.

(5) Where a public operator has significant market power in a market or market segment, it may also be considered to have a significant market power in a closely related market or market segment, where the links between the two markets or market segments are such as to allow the market power held in one market or market segment to be leveraged into the other market or market segment, thereby strengthening the market power of the public operator.

(6) Where a public operator has significant market power in a market or market segment, and wishes to supply promotional offers, including discount practices, he shall submit the relevant cost breakdown for the said service and offers for determination by the Authority.

(7) Every public operator shall:

(a) before entering into a new market or market segment, notify the Authority of its intention to do so; and

(b) furnish to the Authority such information relating to its operations as the Authority may require under this section.

(Amended by Act nº 38 of 2011)

30A.- Significant market power conditions

(1) Where the Authority determines that a public operator has significant market power in a relevant market or market segment, it may impose such conditions as it considers appropriate on the public operator.

(2) Every public operator with significant market power shall comply with every condition imposed by the Authority under subsection (1).

(Added by Act nº 38 of 2011)

31.- Tariffs

(1) Every public operator shall submit to the Authority, in such form and manner as the Authority may determine, a tariff for every information and communication service which it wishes to supply and every intended alteration to a tariff, at least 15 days before the implementation of the tariff or the alteration, as the case may be.

(2) Every tariff or alteration submitted to theAuthority under subsection (1) shall –

(a) be calculated in accordance with such guidelines as the Authority may issue;

(b) include information relating to:

(i) the term during which the tariff or alteration is to apply;

(ii) the description of the information and communication service;

(iii) the amount of all charges payable for each information and communication service, including the amount of any surcharge that may be imposed as a result of nonpayment of fees or charges and the cost-related computation thereof;

(iv) the breakdown of cost and cost elements involved in supplying every information and communication service;

(v) the quantity in which the information and communication service is supplied;

(vi) the network configuration, including the capacity needed, to supply the information and communication service;

(vii) the performance characteristics for the information and communication service supplied; and

(viii) the terms and conditions on which the information and communication service is or is to be supplied, including the mode of payment.

(3) No public operator shall demand or receive from any person payment of any tariff which:

(a) has not been submitted to the Authority in accordance with subsections (1) and (2);

(b) is different from the tariff submitted to the Authority under this section; or

(4) Every public operator shall display the tariff or alteration applicable for every information and communication service it offers in a conspicuous place at every point of sale of such service.

(5) Where the Authority is provided with a tariff or alteration under subsection (1), it may, where the tariff or alteration has been provided by a public operator having a significant market power, require the public operator to provide such additional information as it considers necessary.

(6) On receipt of a request from the Authority under subsection (5), the public operator shall provide the additional information within 15 days of the date of the request.

(7)

(a) The Authority shall:

(i) in the case of a public operator having significant market power, within 30 days of the date on which it is provided with a tariff or alteration under subsection (1), or it receives additional information under subsection (5), whichever is the later; or

(ii) in the case of a public operator not having significant market power, within 15 days of the date on which it is provided with a tariff or alteration under subsection (1),

determine whether to allow, disallow, or amend the tariff or alteration and shall, by notice in writing, inform the public operator of its decision.

(b) Where the Authority allows or amends a tariff or alteration, it may impose such terms and conditions as it may determine.

(c) Where the Authority disallows or amends a tariff or alteration, it shall communicate, in writing, the reasons for its decision to the public operator.

(d) Where a tariff or an alteration has been allowed or amended by the Authority, the public operator shall forthwith give public notification of the tariff, alteration or amended tariff in 2 newspapers for 3 consecutive days.

(8)

(a) Subject to subsection (9), where a public operator does not receive any communication from the Authority within 15 days of the date the public operator has submitted its tariff to the Authority, the tariff shall be deemed to have been allowed by the Authority.

(b)Paragraph (a) shall not apply to a public operator having significant market power.

(9) The Authority may:

(a) in the case of an operator not having a significant market power, at any time after the specified period of 15 days referred to in subsection (8)(a); or

(b) in the case of an operator having a significant market power, at any time after its tariff or alteration has been allowed by the Authority,

disallow or amend the tariff or alteration where:

(i) the information submitted under subsection (2)(b) or (5), as the case may be, is found to be incorrect or misleading in a material particular;

(ii) the tariff or alteration:

(A) is not calculated in accordance with such guidelines as the Authority may issue;

(B) is not accompanied by information required to be submitted under subsection (2)(b); or

(Amended by Act nº 38 of 2011)

32.- Confidentiality

(1) Every member or officer of the Authority shall

(a) before he begins to perform his duties under this Act, take the oath set out in the Third Schedule;

(b) maintain, and aid in maintaining, the secrecy of any matter which comes to his knowledge in the performance, or as a result, of his duties under this Act.

(2) Any person who, without legal cause or reasonable excuse, contravenes subsection (1)(b) shall commit an offence.

(3) Every licensee or his employees or agent shall treat as confidential any message or any information relating to a message which comes to his knowledge in the course of his duties.

(4) Any person who, otherwise than in the course of his duties, makes use of, or records, a message or any information relating to a message that comes to his knowledge, or to which he has access, by reason of his position is a licensee, or as an employee or agent of a licensee, shall comment an offence.

(5)

(a) Nothing in this Act shall prevent a public operator or any of his employees or agents from intercepting, withholding or otherwise dealing with a message which he has reason to believe is:

(i) indecent or abusive;

(ii) in contravention of this Act;

(iii) of a nature likely to endanger or compromise State’s defence, or public safety or public order.

(b) Where a message is withheld pursuant to paragraph (a), the operator shall forthwith refer it to the Authority for such written directions as the latter may think fit.

(6)

(a) Nothing in this Act shall prevent a Judge in Chambers, upon an application, whether ex parte or otherwise, being made to him, by the Police, from making an order authorising a public operator, or any of its employees or agents, to intercept or withhold a message, or disclose to the police a message or any information relating to a message.

(b) An order under paragraph (a) shall:

(i) not be made unless the Judge is satisfied that the message or information relating to the message is material to any criminal proceedings, whether pending or contemplated, in Mauritius;

(ii) remain valid for such period, not exceeding 60 days, as the Judge may determine;

(iii) specify the place where the interception or withholding shall take place.

(7) In this section “information and communicationmessage” means a message passing over an information and communication network, including telecommunication network;

“message” includes an information and communication message.

(Amended by Act nº 21 of 2016)

33.- (Deleted by Act nº 13 of 2004)

PART VII .- ICT ADVISORY COUNCIL

34.- Establishment of the Council

(1) There is established for the purposes of this Act an information and Communication Technologies Advisory Council known as the ICT Advisory Council.

(2) The Council consists of

(a) a Chairperson;

(b) a representative of the Prime Minister’s Office;

(d) a representative of the Ministry of Finance;

(e) a representative of the Ministry of Economic Development;

(f) a representative of the Joint Economic Council;

(g) a representative of the Mauritius Chamber of Commerce and Industry;

(h) 3 other persons representing the interests of consumers, purchasers and other users of information and communication services, including telecommunication services.

(3) The members of the Council, except the ex-officio members, shall be appointed by the Minister

(4) The Council may co-opt persons with specialized qualifications and experience to assist the Council at any of its meetings.

(5) Every member of the Council shall hold office on such terms and conditions as the Minister thinks fit.

(6) The Council shall meet at least once every month or at such other time as the Chairman may decide.

(7) Five members of the Council shall constitute a quorum.

35.- Functions of the Council

The Council shall advise the Minister on any matter relating to:

(a) the promotion of the interests of consumers, purchasers and other users in respect of

(i) the quality and variety of information and communication services including telecommunication services provided;

(ii) the information and communication equipment including telecommunication equipment and facilities supplied;

(iii) the effect of the tariff Policy adopted by the Authority;

(b) the promotion of research into, and the development and use of, new information and communication techniques including telecommunication techniques;

(d) information and communication technologies including telecommunications which, in its opinion, should be referred to the Minister;

(e) information and communication technologies including telecommunications which may be referred to it by the Minister or by the Authority.

PART VIII.- ICT APPEAL TRIBUNAL

36.- Establishment of the ICT Appeal Tribunal

(1) There is established for the purposes of this Act an Information Technologies Appeal Tribunal known as the ICT Appeal Tribunal which shall consist of :

(a) a Chairperson and a Deputy Chairperson, who shall be barristers of not less than 10 years standing, appointed by the Public Service Commission; and

(b) such other members, not exceeding 4 in number, as may be appointed by the Minister after consultation with the Prime Minister.

(2) Every member other than the Chairperson and Deputy Chairperson shall hold office on such terms and conditions as the Minister may determine.

(3) The members other than the Chairperson and Deputy Chairperson of the Tribunal shall hold office for a term of 3 years and may be eligible for reappointment.

(4) Where the Minister is of opinion that the state of business at the Tribunal requires that the number of members should be temporarily increased, he may, after consultation with the Prime Minister, appoint such members on an ad hoc basis and for such period as he considers necessary to serve on the Tribunal.

(5) The members other than the Chairperson and Deputy Chairperson shall be paid such fees as the Minister may approve.

37.- Staff of the Tribunal

The Tribunal will be provided with such public officers as are necessary for the proper functioning of the Tribunal.

38.- Disqualification from membership

No person shall be eligible to remain a member of the Tribunal if:

(a) he is found guilty of any misconduct or default in the discharge of his duties as a member which renders him unfit to be a member;

(b) he is convicted of an offence of such nature as renders it desirable that he should be removed from office; or

39.- Jurisdiction of the Tribunal

(1) The Tribunal shall hear and dispose of any appeal against a decision of the Authority regarding information and communication technologies.

(2) No appeal shall lie against any decision made by the Tribunal following a settlement reached with the consent of the parties or their representatives.

(3) Subject to subsection (4), every appeal under subsection (1) shall be lodged within a period of 21 days from the date of notification of the decision to the aggrieved person and it shall be in such form and be accompanied by such fee as may be prescribed.

(4) The Tribunal may entertain an appeal after the expiry of the said period of 21 days if it is satisfied that there was sufficient cause for not lodging it within that period.

(5) The Tribunal may, after giving the parties to the appeal an opportunity of being heard, pass such orders as it thinks fit, confirming, varying or setting aside the decision appealed against.

(6) The Tribunal shall send a copy of every order made by it to the parties to the appeal and to the Authority.

(7) Any appeal filed before the Tribunal under subsection (1) shall be dealt with by it as expeditiously as possible and the Tribunal shall endeavour to dispose of the appeal within 6 months from the date the appeal was lodged.

40.- Procedure and powers of the Tribunal

(1) The Tribunal shall sit at such place and time as the Chairperson of the Tribunal may determine.

(2) Where the Tribunal adjourns any proceedings, it may resume them at such place and time as the Chairperson of the Tribunal may determine.

(3) Subject to any regulations made under section 48, all appeals before the Tribunal shall be instituted and conducted:

(a) as far as possible in the same manner as proceedings in a civil matter before a District Magistrate;

(b) in accordance with the law of evidence in force in Mauritius;

(c) in public, except where the Tribunal otherwise orders on the ground of public safety or public order or the privacy of persons concerned.

(4) The Tribunal may:

(a) make such orders for requiring the attendance of persons and the production of articles, documents or other electronic records, as it thinks necessary or expedient;

(b) take evidence on oath and may for that purpose administer oaths;

(d) adopt such procedures as may be necessary for the proper functioning of the Tribunal.

(5) Any person who:

(a) fails to attend Tribunal after having been required to do so under subsection (4);

(b) refuses to take an oath before the Tribunal or to answer fully and satisfactorily to the best of his knowledge and belief any question lawfully put to him in any proceedings before the Tribunal or to produce any article or document when required to do so by this Tribunal;

(d) at any sitting of the Tribunal:

(i) wilfully insults any member thereof;

(ii) wilfully interrupts the proceedings, or commits any contempt of the Tribunal, shall commit an offence.

41.- Right to legal representation

The appellant may prosecute his appeal either in person or by a legal practitioner.

42.- Determination of the Tribunal

(1) For the purpose of hearing and determining any cause or matter under this Act, the Tribunal shall be constituted of the Chairperson or Deputy Chairperson and at least any 2 of its members;

(2) Where the Tribunal is unable to reach a decision by unanimity, the Tribunal shall proceed to give its determination by a majority.

(3) A member of the Tribunal who has a direct interest in any cause or matter which is the subject of proceedings before the Tribunal shall not take part in those proceedings.

(4) Subject to section 43, a decision or finding of the Tribunal on any cause or matter before it shall be final and binding on the parties.

(5) On hearing an appeal, the Tribunal may confirm, amend, vary or cancel any decision referred to in section 24.

(6) Where a decision is confirmed or amended, the tribunal shall specify the delay within which it shall be complied with.

(7) Any person who fails to comply with a decision confirmed or amended by the Tribunal, shall commit an offence.

(8)

(a) The Tribunal may make such order as to costs as may be prescribed.

(b) An order made under paragraph (a) shall be enforced in the same manner as an order for costs in proceedings before a Magistrate.

(9) Proceedings before the Tribunal shall be exempt from registration dues.

43.- Appeal to the Supreme Court

(1) Any party who is dissatisfied with the decision or findings of the Tribunal relating to an appeal as being erroneous in point of law may appeal to the Supreme Court.

(2) Any party wishing to appeal to the Supreme Court under subsection (1) shall within 21 days of the date of the decision of the Tribunal

(a) lodge with, or send by registered post to, the Chairperson of the Tribunal a written application requiring the Tribunal to state and sign a case for the opinion of the Supreme Court on the grounds stated therein;

(b) at the same time, forward a copy of his application by registered post to the other party.

(3) An appeal under this section shall be prosecuted in the manner provided by rules made by the Supreme Court.

44.- Decision not suspended on appeal

No appeal to the Tribunal or the Supreme Court shall have for effect the suspension of any decision of the Authority.

PART IX .- MISCELLANEOUS

45.- Protection of members and officers

No liability, civil or criminal, shall attach to any member or officer of the Authority, or to the Authority, in respect of any loss arising from the exercise in good faith by a member or an officer or the Authority of his or its functions under this Act.

45A.- Execution of documents

No deed or document relating to financial matters shall he executed or signed by or on behalf of the Authority unless it is signed by:

(a) the Chairperson or, in his absence, any other member designated by the Board; and

(b) the Executive Director or, in his absence, any other employee designated by the Executive Director.

(Added by Act nº 21 of 2016)

46.- Offences Any person who:

(a) by any form of emission, radiation, induction or other electromagnetic effect, harms the functioning of an information and communication service, including telecommunication service;

(b) with intent to defraud or to prevent the sending or delivery of a message, takes an information and communication message, including telecommunication message from the employee or agent of a licensee;

(c) with intent to defraud, takes a message from a place or vehicle used by a licensee in the performance of his functions;

(d) steals, secretes or destroys a message;

(e) wilfully or negligently omits or delays the transmission or delivery of a message;

(f) forges a message or transmits or otherwise makes use of a message knowing that it has been forged;

(g) knowingly sends, transmits or causes to be transmitted a false or fraudulent message;

(ga) uses telecommunication equipment to send, deliver or show a message which is obscene, indecent, abusive, threatening, false or misleading, or is likely to cause distress or anxiety;

(h) uses, in any manner other than that specified in paragraph (ga), an information and communication service, including telecommunication service,

(i) for the transmission or reception of a message which is grossly offensive, or of an indecent, obscene or menacing character; or

(ii) for the purpose of causing annoyance, inconvenience or needless anxiety to any person;

(iii) for the transmission of a message which is of a nature likely to endanger or compromise State defence, public safety or public order.

(i) dishonestly obtains or makes use of an information and communication service, including telecommunication service with intent to avoid payment of any applicable fee or charge;

(j) by means of an apparatus or device connected to an installation maintained or operated by a licensee:

(i) defrauds the licensee of any fee or charge properly payable for the use of a service;

(ii) causes the licensee to provide a service to some other person without payment by such other person of the appropriate fee or charge; or

(iii) fraudulently installs or causes to be installed an access to a telecommunication line;

(k) wilfully damages, interferes with, removes or destroys an information and communication installation or service including telecommunication installation or service maintained or operated by a licensee;

(ka) wilfully tampers or causes to be tampered the International Mobile Station Equipment (IMEI) of any mobile device;

(l) establishes, maintains or operates a network or service without a licence or in breach of the terms or conditions of a licence;

(m) without the prior approval of the Authority, imports any equipment capable of intercepting a message;

(n) discloses a message or information relating to such a message to any other person otherwise tan:

(i) in accordance with this Act;

(ii) with the consent of each of the sender of the message and each intended recipient of the message;

(iii) for the purpose of the administration of justice, or

(iv) as authorised by a Judge;

(na) knowingly provides information which is false or fabricated;

(o) except as expressly permitted by this Act or as authorized by a Judge, intercepts, authorises or permits another person to intercept, or does any act or thing that will enable him or another person to intercept, a message passing over a network;

(p) in any other manner contravenes this Act or any regulations made under this Act, shall commit an offence.

(Amended by Act nº 21 of 2016)

47.- Penalties

(1) Any person who commits an offence under this Act, shall, on conviction, be liable to a fine not exceeding 1,000,000 rupees and to imprisonment for a term not exceeding 5 years.

(2) The Court before which a person is convicted of an offence under this Act may, in addition to any penalty imposed pursuant to subsection (1), order:

(a) the forfeiture of any installation or apparatus used in connection with the offence;

(b) the cancellation of the licence held by the person convicted;

(d) that a service provided to a person convicted of an offence under this Act shall be suspended for such period as the Court thinks fit.

(3) An offence under this Act shall:

(a) be triable by the Intermediate Court;

(b) not be triable by a District Court.

48.- Regulations

(1) The Minister may, after consultation with the Board, make such regulations as he thinks fit for the purpose of this Act.

(2) Any regulation made under subsection (1) may provide:

(a) for the levying of fees and taking of charges;

(b) for an amendment of the Schedules;

(c) for the prescription of charging principles on the recommendation of the Board and such other matters as may be prescribed under this Act;

(d) that any person who contravenes them shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding one year.

(Amended by Act nº 21 of 2016)

49.- Repeal

The following enactments are repealed:

(a) The Telecommunications Act 1998;

(b) Section 21A of the National Computer Board Act 1988.

50.- Consequential amendments

(1) The Central Tender Board Act is amended in the First Schedule, in Part IV, by inserting in its appropriate alphabetical order, the following ítem:

The Information and Communication Technologies Authority.

(2) Subject to subsections (3) and (4), the Schedule to the Statutory Bodies (Accounts and Audit) Act is amended in Part II by adding the ítem:

The Information and Communication Technologies Authority.

(3) For the purposes of the Statutory Bodies (Accounts and Audit) Act, the period extending from the commencement of this Act to 30 June next following shall be deemed to be the first financial year of the Authority.

(4) Section 7(1) of the Statutory Bodies (Accounts and Audit) Act shall not apply in relation to the first financial year of the Authority.

(5) The auditor to be appointed under section 5(1) of the Statutory Bodies (Accounts and Audit) Act shall be the Director of Audit.

(6) The Independent Broadcasting Authority Act 2000 is amended in the First Schedule by inserting therein the following ítems:

Subscription Television Rebroadcasting Services Licence.

Subscription Television Direct to Home Satellite Broadcasting

Service Provider Licence”

51.- Transitional provisions

(1) Every tariff allowed or amended by the Authority under the repealed section 31 shall cease to be valid 6 months after the coming into operation of section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions) (No.2) Act 2011.

(2) Every tariff submitted to the Authority under the repealed section 31, pending before the commencement of section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions nº 2 Act 2011), shall, on the commencement of that section, be dealt with in accordance with section 31.

(3) Every public operator shall, at least 15 days before the expiry of the period of 6 months referred to in subsection (1), submit to the Authority, in such form and manner as the Authority may determine, with a tariff for every information and communication service which he wishes to continue to supply, in accordance with section 31.

(4) Every tariff submitted to the Authority under subsection (3) shall be in conformity with section 31.

(5) In subsections (1) and (2):

“repealed section 31” means the section 31 repealed by section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions nº 2 Act 2011).

(Added by Act nº 38 of 2011)

SECTION (1 – 9) BELOW SPENT AS PER LEXIS NEXIS

(1) Every act done by, or in relation to, the Mauritius Telecommunication Authority established under section 4 of the Telecommunications Act 1998 shall be deemed to have been done, or commenced, as the case may be, by or in relation to the Authority.

(2) Notwithstanding subsection (1), every person who has before the commencement of this Act been licensed under the Telecommunications Act 1998 for the operation of a telecommunication network or service shall

(a) be deemed to be licensed for a period not exceeding 3 months after the coming into operation of this Act, after which he shall surrender his licence or authority granted to him; and

(b) furnish to the Authority such further information as it may require concerning his operation under that licence or authority.

(3) Section 20(2) shall not apply to the first financial year of the Authority.

(4) Notwithstanding section 24 and subject to subsection (9), no public operator or any other person shall, in respect of the period commencing on the date of coming into operation of this Act and not extending beyond 31 December 2002, supply or offer to supply telecommunication services between places within Mauritius and places outside Mauritius otherwise than in accordance with an interconnection agreement with the Mauritius Telecom Ltd.

(Amended by Act nº 22 of 2002)

(5) A person who uses or provides a service otherwise than specified in subsection (4) shall commit an offence and shall be liable to a fine not exceeding 1,000,000 rupees and to imprisonment not exceeding 5 years.

(6) The Court may, in addition to the penalty imposed under subsection (5), order disconnection of any installation of apparatus used in the commission of the offence.

(7) It shall not be a defence to any prosecution under subsection (5) that the person prosecuted did not know of the non-existence of the interconnection agreement referred to in that subsection.

(8) For the purposes of subsection (5)

(i) “a telecommunication service between places within Mauritius and places outside Mauritius” includes a “call back service”;

(ii) “a call back service” includes a service permitting an international call to be made by a caller or subscriber in Mauritius whereby a foreign telecommunication service provider, or a reseller in a foreign country, initiates a return call or provides a dialling tone which enables the caller or subscriber to make an international call through the foreign telecommunication service provider or the reseller resulting in Mauritius Telecom Ltd being deprived of international call charges.

(9) Notwithstanding any other provision of this Act, the Mauritius Telecom Ltd shall be deemed to have, for period not extending beyond 31 December 2002, the exclusive right to supply, or to enter into an interconnection agreement or other appropriate agreement for the supply of telecommunication services between places within Mauritius and places outside Mauritius.

(10) The type of licences defined in the First Schedule shall continue until and unless the Authority determines otherwise.

(Amended by Act nº 33 of 2002)

52.- Commencement

Proclaimed by:

(Proclamation nº 6 of 2002) w.e.f. 11th February 2002 (Section 1 and Part VII)

(Proclamation nº 27 of 2002) w.e.f. 1st June 2002 (Sections 2 and 3, PARTS II to VI and PART IX)

(Proclamation nº 35 of 2003) w.e.f. 1st December 2003 Part VIII

10Jul/17

Decision of the President of the Communications Regulatory Authority nº 7 of 2016,

10 julio, 2017Decisión, QatarDecision of the President of the Communications Regulatory Authority nº 7 of 2016, Legislación Informática Jurídica, Legislación Qatar, Passive InfrastructureJosé Cuervo

Decision of the President of the Communications Regulatory Authority nº 7 of 2016, promulgating the Template Standard Access Offer (Passive Infrastructure)

The President of Communications Regulatory Authority,

Pursuant to the Telecommunications Law, promulgated by Law nº 34/2006 (especially Articles 18, 19, 45, 53, and 62),

Amiri Decision nº 42/2014 Establishing the Communications Regulatory Authority,

Decision of the Board of Supreme Council of Information and Communications Technology nº 1/2009 promulgating the Telecommunications by-law,

Council of Ministers Decision nº 51/2014 Establishing the Telecommunication Infrastructure Coordination Committee,

Decision of the President of the Communications Regulatory Authority nº 3 of 2015

Promulgating the Passive Civil Infrastructure Access Regulation, and Having consulted with stakeholders,

Has decided as follows:

Article 1

Access Providers must comply with the Template Standard Access Offer (Passive Civil Infrastructure) attached hereto when preparing a standard access offer for passive civil infrastructure.

Article 2

All competent authorities, each within its jurisdiction, shall implement this Decision, which shall take effect from publication in the official website of the Communications Regulatory Authority.

Mohammed Ali Al-Mannai
President of Communications Regulatory Authorit

10Jul/17

Decision of the Presidente of the Communications Regulatory Authority nº 3 of 2015, promulgating the Passive Civil Infrastructure Access Regulation

10 julio, 2017Decisión, QatarComunications, Decision of the Presidente of the Communications Regulatory Authority nº 3 of 2015, Legislación Informática, Legislación Qatar, promulgating the Passive Civil Infrastructure Access RegulationJosé Cuervo

Decision of the Presidente of the Communications Regulatory Authority nº 3 of 2015, promulgating the Passive Civil Infrastructure Access Regulation

The President of Communications Regulatory Authority,

Pursuant to the Telecommunications Law, promulgated by Law nº 34/2006 (especially Articles 18, 19, 45, 53, and 62),

Amiri Decision nº 42/2014 Establishing the Communications Regulatory Authority,

Decision of the Board of Supreme Council of Information and Communications Technology nº 1/2009 promulgating the Telecommunications by-law,

Council of Ministers Decision nº 51/2014 Establishing the Telecommunication Infrastructure Coordination Committee, and

Having consulted with stakeholders,

Has decided as follows:

Article 1

The Passive Civil Infrastructure Access Regulation attached hereto shall come into force.

Article 2

All competent authorities, each within its jurisdiction, shall implement this Decision, which shall take effect three months after publication in the Official Gazette.

Mohammed Ali Al-Manai
President of Communications Regulatory Authority

Passive Civil Infrastructure Access Regulation

1. Definitions

For the purposes of this Regulation, unless the context otherwise requires:
Authority means the Communications Regulatory Authority.

[Access means Access]

Access Agreement means an agreement between the Access Provider and Access Seeker for the provision of access to Passive Civil Infrastructure.

Access Provider means any person who owns, builds, or directly controls access to Passive Civil Infrastructure.

Access Seeker means a Service Provider.

Access Request means a request for access made by an Access Seeker, based on an Access Agreement, for access to Passive Civil Infrastructure.

Bottleneck Facility means a facility that cannot feasibly be economically or technically substituted in order to provide a Telecommunications Service in a reasonable amount of time or which based on prevailing state of competition is necessary to enable fair competition in the State of Qatar.

Regulatory Framework means the Telecommunications Law (Decree nº 34 of 2006) and any decisions based on that law, including the Executive By-Law for the Telecommunications Law (Decree nº 1 of 2009), and individual icenses.

Passive Civil Infrastructure means physical facilities or supporting facilities that are considered a Bottleneck Facility.

Standard Access Offer means a set of binding minimum terms and conditions to be included in an Access Agreement between an Access Providers and an Access Seekers.

2. Purpose and Application

2.1 The objectives of this Regulation are:

(a) To establish the obligation for Access Providers to grant access to Access Seekers;

(b) To enable Service Providers to seek access to Passive Civil Infrastructure;

(c) To provide clarity and certainty in relation to the supply of access to Passive Civil Infrastructure by setting out minimum terms and conditions:

(i) on which an Access Provider will make the Passive Civil Infrastructure available to Access Seekers;

(ii) which an Access Seeker must meet in seeking access to the Passive Civil Infrastructure made available by the Access Provider; and

(d) To be sufficiently flexible to deal with change as it occurs.

2.2 This Regulation does not apply to the following:

(a) Real estate developments, unless they are of one hundred (100)
residential or twenty (20) commercial dwellings and above or buildings of five (5) stories high or above.

(b) Electronic transmission equipment or telecom cables

2.3 Access Providers include:

(a) Real estate developers;

(b) Service Providers;

(d) Other Non-Governmental Organizations (NGO) or private entities.

2.4 Passive Civil Infrastructure includes:

(a) drop and lead in ducts, conduits, manholes, hand holes, cable trays,
equipment mounting, riser shafts and overhead aerial;

(b) telecommunications towers, masts and rooftops;

(c) collocation spaces in telecommunications rooms and central offices, and cabinets, including ancillary collocation facilities, and any additional space which cannot be leased or otherwise disposed of, and which form part of the Telecommunications Network;

(d) equipment such as air conditioning units, back-up generators, and any
associated storage facilities for such equipment such as cabins, racks,
telecoms rooms or cupboards that are ancillary to the establishment of a
Telecommunications Network; and

(e) means to access electrical power connections and the capacity for the
required power.

3. Access Principles

3.1 An Access Provider must provide access:

(a) on reasonable terms and conditions;

(b) on a non-discriminatory basis, unless objectively justified;

(d) on a timely basis in accordance with established processes;

(e) in accordance with transparent procedures;

(f) where it is technically feasible; and

(g) by negotiating in good faith for alternative solutions in cases of insufficient capacity.

4. Non-Discrimination Obligation

4.1 An Access Provider must not discriminate:

(a) between Access Seekers;

(b) in favour of any party;

(d) on any basis including product, price, processes, quality and engineering rules.

4.2 An Access Provider is exempt from the obligation in previous paragraph if
differences are objectively justifiable, and as far as the Access Provider notifies in writing the Access Seeker and the Authority of such justifications, regardless of the ownership status of any entity.

5. Standard Access Offer

5.1 An Access Provider must only offer access to Passive Civil Infrastructure
through a Standard Access Offer that is compliant with this Regulation.

5.2 A Standard Access Offer must follow the templates issued by the Authority,
following consultations with stakeholders and the Passive Civil Infrastructure
Committee.

5.3 The Standard Access Offer must set out, as a minimum:

(a) a description of each access component and the related procedures for
seeking access, including forecasting, ordering, provisioning and billing
procedures as well as ongoing operations and maintenance;

(b) the process to enable Access Seekers to obtain information such as
diagrams, maps and other information showing the location and routes of the Passive Civil Infrastructure;

(c) the necessary technical specifications of access to any and all of the
components of the Passive Civil Infrastructure;

(d) processes for the reservation of capacity;

(e) the applicable charges for access to any and all of the components of the Passive Civil Infrastructure;

(f) the conditions related to service level agreements (SLAs), including the
relevant monitoring mechanisms and where relevant provision for
compensation should the service not be provided according to the SLAs;

(g) the financial security requirements to be imposed, set against the terms and conditions of the facilities or services provided;

(h) conditions related to maintenance, site access, and safety standards;
and

(i) conditions related to decommissioning of services.

5.4 Access Providers must not offer access to Passive Civil Infrastructure through a new Standard Access Offer, or materially change a previously approved one, unless approved by the Authority, in accordance with the following:

(a) If the Authority does not issue a decision within (10) working days, the
Standard Access Offer is deemed approved.

(b) If the Authority determines that the Standard Access Offer is in violation of the Regulatory Framework, it may issue an Order requiring the Access Provider to amend the Standard Access Offer, and provide guiding templates for this purpose.

(c) If the Access Provider does not resubmit a compliant Standard Access
Offer within (20) working days of notice of an Order issued under the
previous paragraph, the amendment proposed by the Authority shall be
deemed made by the Access Provider and approved by the Authority.

5.5 An Access Provider must publicly disclose (on its website or any other suitable media) all Standard Access Offers approved by the authority under previous paragraph no later than twenty (20) Working Days after the approval.

6. Negotiation

6.1 When an Access Provider negotiates an Access Agreement with an Access Seeker:

(a) both parties must use their best endeavours to conclude the Access
Agreements within sixty (60) Working Days of a written request to
commence negotiations;

(b) negotiations must be conducted in good faith and a commercially
reasonable terms and conditions.

6.2 An Access Provider must register with the Authority any Access Agreement
within five (5) Working Days of its conclusion.

6.3 If negotiations are not completed within the sixty (60) Working Days, an Access Provider or Access Seeker may, at any time, request the Authority to intervene under the dispute resolution rules issued under Article 61 of the
Telecommunications Law.

7. Ordering

7.1 An Access Request must be in writing, reasonable and contain at least the
following information:

(a) the name and contact details of the Access Seeker;

(b) the timeline for access for when access is required;

(i) Route Access Request (RAR): Defined start and end point of the
required route, and/or;

(ii) Area Access Request (AAR) a specific area or development site
as a whole or part;

(d) a forecast of the capacity the Access Seeker will require.

7.2 Access to Passive Civil Infrastructure may be requested in whole or in part.

7.3 The Access Provider must within ten (10) Working Days of receipt of an Access Request, respond to the Access Seeker in writing acknowledging receipt of the Access Request, and either accept or reject it.

7.4 If the Access Provider accepts the Access Request, the Access Provider must state reasonable timing for making available all schematics, diagrams and pertinent information detailing the passive Civil Infrastructure pertaining to the specifics of the Access Request.

7.5 If the access seeker does not provide information required with the Access
Request, or the information provided is irregular, the Access Provider must
inform the Access Seeker within (5) Working Days of the Access Request of
any steps that need to be taken to complete the information required to process the Access Request, and give the Access Seeker five (5) Working Days for that purpose. Once the information is received from the Access Seeker, the Access Provider must reconsider the Access Request in accordance with this Regulation.

7.6 Without limiting any other grounds that may be relied upon under law, an
Access Provider must not refuse an Access Request, except on the grounds
that:

(a) The Access Seeker has not provided all of the information required in
accordance with this Regulation after being given the opportunity to rectify the omissions in accordance with the procedures above;

(b) It is not technically feasible to provide access to the facilities or services
requested by the Access Seeker;

(c) The Access Provider has insufficient capacity to satisfy the request as the Passive Civil Infrastructure is already consumed to capacity or near full capacity, or reserved for future use by the Access Provider or another Access Seeker.

7.7 If a Passive Civil Infrastructure is reserved for use by another Access Seeker, such use must commence no later than six (6) months from the date such Access Seeker makes the Access Request; otherwise, it shall be considered available.

7.8 If access is refused due to capacity constraints, and without violating the
capacity constraints requirements set out in the this Regulation, the Access
Provider must offer alternative options to the Access Seeker within twenty (20)
Working Days from the rejection notice.

7.9 The Access Provider and the Access Seeker may define shorter timeframes in their Access Agreement, but cannot extend the timeframe without the approval of the Authority upon reasonable justification.

7.10 If the Access Provider does not respond to the Access Request within the
timeframe prescribed in this regulation, the parties may refer the dispute to:

(a) the Passive Civil Infrastructure Committee for an amicable solution within five (5) Working Days, or

(b) the Authority in accordance with dispute resolution rules issued under
Article 61 of the Telecommunications Law.

8. Access Provisioning

8.1 An Access Provider must provide access to the Passive Civil infrastructure
within twenty (20) Working Days of accepting an Access Request.

8.2 If an Access Provider cannot reasonably meet the accepted Access Request within the requested timeframe, the Access Provider must enter into good-faith negotiations with the Access Seeker in regard to an alternative reasonable timeframe for provisioning access to the Passive Civil Infrastructure.

9. Capacity Constraints

9.1 Where new Passive Civil Infrastructure is to be deployed by an Access
Provider, the Access Provider must offer to the Access Seeker the following:

(a) to enter into a joint-investment agreement to build and finance the new
Passive Civil Infrastructure, as far as the Access Seekers and the Access Provider are licensed Service Providers. The agreement shall be reciprocal and govern how both parties will build and share Passive Civil Infrastructure. The right of each party must be based on a percentage of the respective investments and corresponding capacity allocation.

(b) an Indefeasible Right of Use covering a minimum commitment period of
twenty (20) years; or

9.2 In order to foster investment in Passive Civil Infrastructure by Service
Providers, a “surcharge” may be applied to (b) and (c). The surcharge shall be
determined at the sole discretion of the Authority.

9.3 If an Access Provider is unable to provide access due to insufficient capacity in existing Passive Civil Infrastructure, it must offer the Access Seeker, if technically feasible, to:

(a) scale the Passive Infrastructure and offer the Access Seeker an
Indefeasible Right of Use covering a minimum commitment period of twenty (20) years; or

(b) scale the Passive Infrastructure and offer the Access Seeker to enter into a lease agreement upon minimum commitment from Access Seekers.

9.4 Access Providers and Access Seekers must abide by the following:

(a) Access Providers and Access Seekers must enter into confidentiality
agreements with rules governing how information about an Access
Provider’s roll-out plans are not used by Access Seekers to gain unfair
competitive advantage;

(b) an Access Provider must notify all Access Seekers in writing of any
planned construction work of a Passive Civil Infrastructure for purposes of developing an infrastructure sharing plan prior to the design and planning stages and no less than six (6) month prior to commencing the planned construction work;

(c) An Access Provider must consult with all Access Seekers on the design and planning of the planned construction works; and

(d) Access Seekers must respond to the request to develop the infrastructure sharing plan within one (1) month from receipt of the build/change notification, subject to subsections (a) to (c) above.

10. Removal or Modification of Existing Physical Infrastructure

10.1 An Access Provider must issue a notice in writing to Access Seekers to whom access has been granted prior to conducting any civil works necessitating the removal or modification of any component of the Passive Infrastructure. The Access Provider must state in the notice the commencement date and duration of the removal or modification work. Except in cases of emergency, the notice must be issued no less than three months prior to the commencement of the planned works.

10.2 For any civil work carried out by an Access Provider which involves
modification of the Passive Infrastructure, the Access Provider must ensure
that the modified infrastructure is compliant with the Regulatory Framework,
through the following:

(a) Where the Passive Civil Infrastructure was compliant with the
Regulatory Framework, the Access Provider shall reinstate the Passive Civil Infrastructure to its original condition of compliance, and

(b) Where the Passive Civil Infrastructure was not compliant with the
Regulatory Framework, the Access Provider must proceed to do all the
necessary improvements to the Passive Civil Infrastructure to ensure compliance, subject to feasibility and long term commitment from
Access Seekers for use of the modified infrastructure.

11. Charging Principles

11.1 Access to existing and new Passive Civil Infrastructure must be charged based on the cost of efficient service provision, according with the following principles:

(a) an Access Provider must be capable of demonstrating that charges are
derived from cost;

(b) Charges must not be based on the position the Access Provider enjoys in the market or in the area;

(c) Only costs which are directly associated with the provision of the Passive Civil Infrastructure can be taken into account.; and

(d) Charges shall be claimed only for the access capacity made effectively
available by the Access Provider to the Access Seeker and no minimal
charge shall be claimable.

11.2 The charges may include a reasonable rate of return on investment, and the following cost elements:

(a) Depreciation of the relevant assets and cost of capital;

(b) Operating costs for the Passive Civil Infrastructure in direct relation to
the access effectively granted;

(d) Wholesale cost management.

11.3 An Access Provider must submit all charges relating to access to Passive Civil Infrastructure, with justifications, to the Authority for approval at least thirty (30) Working Days prior to implementation date; and the Access Provider must adjust the charges as directed by the Authority.

11.4 The Authority may consult with the Access Provider and may rely on
international best practice in seeking any adjustments to the charges.

11.5 Access Providers must maintain a record of all applicable charges issued and payments received.

11.6 If the Access Provider’s charges are not in accordance with the Regulatory Framework, the Authority may, at any time, set the relevant charges to be applied by the Access Provider.

12. Confidentiality

12.1 Whenever any or all of the components of the Passive Civil Infrastructure is supplied to an Access Seeker the following provisions apply:

(a) An Access Provider will keep all Access Seeker confidential information in confidence and will not disclose Access Seeker confidential Information to any third party other than as necessary for the provision of the Access to that Access Seeker;

(b) An Access Seeker will not use the Access Provider confidential information other than for the stated purpose.

13. Financial Security

13.1 An Access Provider and an Access Seeker must require the other to provide a financial security of a reasonable amount set against the respective obligations in the Access Agreement.

13.2 The Access Provider and Access Seeker shall be entitled to draw down on the security payment in accordance with the terms and conditions set out in the Access Agreement.

14. Reporting

14.1 An Access Provider must:

(a) Supply at least on an annual basis to the Authority all information on
deployment of Passive Civil Infrastructure already underway or planned
over the next six (6) months;

(b) Provide a report to the Authority and to Access Seekers which signed an Agreement based on Standard or Reference Offers on the service level agreement as prescribed in accordance with the Standard Access Offer.

15. Monitoring

15.1 Where the Authority has reasonable grounds to believe that there has been a violation of this Regulation, or where the Authority has received a complaint from any Access Provider or Access Seeker concerning non-compliance with this Regulation, the Authority may request in writing such information as is relevant to support its investigation of non-compliance with this Regulation which must be submitted within a reasonable period of time.

15.2 All complaints made to the Authority shall be managed in accordance with Article 61 of the Telecommunications Law and the Dispute Resolution Process, which shall not limit any party’s recourse to other legal remedies, including using the administrative courts.

15.3 Access Providers and Access Seekers must enable their respective technical systems to interface with an automated infrastructure management system implemented and operated by the Authority no later than six (6) months after the Authority implements the relevant system.

16. Non Compliance Fee

16.1 The Authority may impose a non-compliance fee on an Access Provider or an Access Seeker for breach of any obligation prescribed in this Regulation of Ten Thousand (10,000) Qatari Riyals for each specified non-compliance.

16.2 In the case of a continuing breach, the Authority may impose a non-compliance fee on the Access Provider and/or Access Seeker of One Thousand (1,000) Qatari Riyals for each day, or part of a day during which the specified noncompliance continues after a finding of non-compliance.

16.3 In the case of repeated non-compliance incidences, the non-compliance fee may be doubled for each specified non-compliance incident.

16.4 The Authority shall assess the appropriate non-compliance fee based on the seriousness of the non- compliance and its effect, on a case by case basis.

16.5 Notwithstanding the above, the Authority may issue an injunction to require the Access Provider and/or Access Seeker to do, or refrain from doing specific acts related to the specified non-compliance.

17. Telecommunication Infrastructure Coordination Committee

17.1 The powers of the Telecommunication Infrastructure Coordination Committee under this regulation is limited to making recommendations, and does not extend to decision making or dispute resolution.

18. Third Party

18.1 The Access Agreement must be signed between the Access Provider and the Access Seeker, and if the Access Provider delegates the operation or
management of such Passive Civil Infrastructure to a third party, including
Service Providers, the third party must adhere to all the obligations pursuant to this Regulation and such third party delegation will not exempt the Access
Provider of any of its obligations under this Regulation.

10Jul/17

Decree-Law nº 34 of 2006, Promulgating the Telecommunications Law

10 julio, 2017Decreto Ley, QatarDecree-Law nº 34 of 2006, Decreto Ley, Legislación Derecho Informático, Legislación Qatar, Promulgating the Telecommunications Law, TelecomunicacionesJosé Cuervo

We, Hamad Bin Khalifa Al-Thani, the Emir of the State of Qatar,

In accordance with the Constitution and with regard to the following:

Law nº 11 of 1997 establishing the Qatari General Authority for Radio and Television, as amended by Law nº 9 of 2004;

Law nº 21 of 1998 concerning the conversion of the Qatari Public Telecommunications Establishment to a Qatari Shareholding Company;

Decree Law nº 36 of 2004 concerning the establishment of the Supreme Council for Telecommunications and Information Technology;

The proposal of the Supreme Council for Telecommunications and Information Technology; and the draft Law submitted by the Council of Ministers

Have decided the following Law:

Article 1.- Introduction

The provisions of the Telecommunications Law attached to this Law shall apply.

Article 2.- Introduction

The provisions of the attached Law shall apply to all government agencies, public bodies, institutions and persons, to all those who may have been granted special concessions or provisions concerning the regulation of telecommunications prior to the application of this Law, especially those subject to the provisions of the aforesaid Law nº 21 of 1998, and the Law of the Qatar Financial Centre by Law nº 7 of 2005, and Law nº 34 of 2005 of Free Zones Investment, and Law nº 36 of 2005 of establishing Free Zone for Science and Technology Park.

Article 3.- Introduction

The provisions of the attached Law shall not apply to:

1. The content of the video and audio broadcast services which are subject to other statutory provisions.

2. The content transmitted through IP networks telecommunications.

3. The wireless devices or terminals which are imported or used by the armed forces, the Ministry of Interior or other security organizations.

Such parties shall abide by registering the data and frequencies of these devices or terminals. Registration shall be free of charge.

Article 4.- Introduction

The concession granted to Qatar Telecom (Qtel) under the aforementioned Law nº 21 of 1998 shall be revoked from the date of enforcing this Law, and all the powers and prerogatives concerning the organization of telecommunications, which were prescribed to Qatar Telecom (Qtel), shall devolve to the Supreme Council. Until a competitor Service Provider who is licensed under the attached Law starts to provide its services to the public, the company shall be committed to pay the annual fee provided for in Article 4 of the aforementioned Law nº 21 of 1998, and to provide the services it is undertaking in accordance with its provisions.

Article 5.- Introduction

Whoever owns operates or manages a Telecommunications Network, or provides telecommunications services in the State, at the enforcement date of this Law, shall operate according to the provisions of the attached law, within six months from the date of its enforcement. The Supreme Council has the power to extend this period.

Article 6.- Introduction

The Board of Directors shall issue the implementing regulation of the attached Law and the Secretary-General shall issue such other regulations, and the Board of Directors shall also issue the decisions, orders, rules, instructions and circulars necessary to implement the provisions of the attached Law.

Article 7.- Introduction

Any articles contrary to the provisions of the attached Law shall be revoked

Article 8.- Introduction

All competent authorities, each in its jurisdiction, shall implement this decree, which shall be published in the Official Gazette.

Chapter One.- Definitions

Article 1

In the application of the provisions of this Law, the following words and terms shall have the meanings assigned to them, unless the context otherwise requires:

Supreme Council: The Supreme Council of Telecommunications and Information Technology (I.C.T-Qatar).Board: Board of Directors of the Supreme Council.

Secretariat-General: The Secretariat-General of the Supreme Council.

Secretary-General: The Secretary General of the Supreme Council.

Qtel: Qatar Telecom (Qtel).

Telecommunications: Transmitting, broadcasting or receiving writing, signals, symbols, images, sounds, data, texts or information of any kind, by means of wired or wireless, optical or other electromagnetic means, or by any other means of telecommunications.

Telecommunications Network: Any wired, wireless, or fiber-optic system or
Electromagnetic systems to pass, convert and transfer the Telecommunications services between the endpoints of the network, including terrestrial networks, fixed, mobile and satellite networks and power transmission systems or other systems (to the extent used for Telecommunications), and switch networks with circuit or package (including those used to serve Internet Protocol), and the networks used to provide Broadcasting Services (including cable TV networks).

Radio Telecommunications: Any transmission, broadcasting or receipt of symbols, signals, texts, images, sounds, data, texts or information of any kind through electromagnetic waves in the Frequency Spectrum.

Transmission Service: Broadcasting radio and television programmes to the public free of charge, for payment or on the basis of subscription or any other basis, through the use of any type of Telecommunications Networks.

Terms of Service: General terms and conditions based on which the Service Provider provides the Telecommunications services to customers in accordance with the provisions of this Law.

Universal service: The provision of Telecommunications services to the public in accordance with the policy of Universal Service approved in accordance with the provisions of this Law.

Client: The person subscribing or using Telecommunications services, whether these services are for its own use or for resale.

Service Provider: the person licensed to provide one or more Telecommunications services to the public, or licensed to own, establish or operate a Telecommunications network to provide Telecommunications services to the public. It includes information providers or content provided by the Telecommunications Network.

Dominance: The dominance exercised by any person over the decisions of another person in any way, by enjoying an economic power which creates the authority to behave to a certain extent independently of competitors or customers, either directly through the ownership of shares or bonds, or indirectly through any contracts or agreements.

Dominant Service Provider: The Service Provider who enjoys a strong marketing or Dominance over a market or markets of the Telecommunications services in accordance with the provisions of Chapter IX of this Law.

Strong Position in the Market: The strong economic situation in the market for the Service Provider, which allows him to work independently of customers or competitors, or which allows him Dominance over the market or markets related to Telecommunications services, by working alone or together with others, all in accordance with the provisions of Chapter IX of this Law.

Telecommunications Facilities: Any facility, device, or other item used or which can be used in the transmission of Telecommunications services or in any process directly associated with the transmission of Telecommunications services.

Telecommunications Equipment: The equipment which can be linked directly or indirectly to a Telecommunications Network in order to send, transmit or receive Telecommunications services.

Interconnection: Physical and logical linking of the Telecommunications Networks used by the Service Provider itself or by a number of Service Providers, to enable the agents of the Service Provider to communicate among themselves or with customers belonging to another Service Provider, or enable them access to the services provided by another Service Provider.

Access: Access to Telecommunications Facilities or Telecommunications services between Service Providers, making these facilities, services, or both, available by the Service Provider for use by another Service Provider, according to specific terms and conditions, and on grounds of exclusive or non-exclusive rights to supply Telecommunications services, provided that the Access concept does not include, or will be applied to, the facilities or services for end users.

License: Individual or Class License issued pursuant to the provisions of Chapter III of this Law, or License to use the Frequency Spectrum, according to the provision of Chapter IV of this Law.

Licensee: The person holding a License in accordance with the provisions of this Law.

Individual License: The License granted to a particular person, in accordance with the provisions of Chapter III of this Law.

Class License: The License granted in accordance with the provisions of Chapter III of this Law to a defined group of Service Providers, which applies to any person within this category, without having to request this License.

Permit: Approval granted for using the frequency or the provision of Telecommunications service.

Frequency Spectrum: Spectrum of frequency that can be used in wireless Telecommunications according to the versions of the International Telecommunications Union.

License To Use The Frequency Spectrum: A License to use Frequency Spectrum, according to the plan, distributions, allocations and conditions set forth in Chapter IV of this Law.

Internet Protocol: Any set of Telecommunications protocols that define the standards of operational overlap, transmission and related systems within the Internet network, including the Transmission Dominance Protocol (TCP) and the protocol set (TCP/IP).

Frequency Band: Part of the Frequency Spectrum which begins with a frequency and ends with another.

National Plan For Frequency Spectrum: The plan which is prepared for the allocation and use of Frequency Spectrum to the concerned authorities.

Numbering: A pattern of serial numbers which defines a final point in the Telecommunications Network, and includes the information necessary to terminate calls to this final point.

Number Portability: Any service through which the Client can keep any current number without discomfort or any influence on the quality or availability of the service, when changing its position or moving from a Service Provider to another Service Provider.

National Numbering Plan: The plan prepared by the Secretariat-General for determining, allocating and distributing the numbers used in all Telecommunications services, or for any other purpose related to numbering.

International Rules: Any rules, instructions, orders, regulations, recommendations, guidelines, provisions, limitations, terminology, definitions or any other matters provided for in the agreements of the International Telecommunications Union and the Arab Union of Telecommunications, or any other agreements ratified by the State.

Chapter One: The Supreme Council of Telecommunications and Information Technology (I.C.T-Qatar)

Article 2.- Objectives

In addition to the objectives the Supreme Council is charged to achieve in accordance with the provisions of Article 3 of the aforementioned Decree Law nº 36 of 2004, it shall also achieve the following objectives:

Developing the Telecommunications sector in order to promote national, social and economic development.

Improving the performance of the Telecommunications sector in the State, by encouraging competition and promoting reliance on Telecommunications services.

Encouraging the introduction of information technology and advanced and innovative Telecommunications to meet the needs of customers and the public.

Increasing the benefits to customers and protecting their interests.

Encouraging sustainable investment in the Telecommunications sector.

Relying as much as possible on market forces for the protection of the interests of customers and the public.

Determining and addressing non-competitive practices in the Telecommunications sector.

Establishing a fair, objective and transparent licensing system for the Service Providers.

Developing a system that meets the requirements of a fair competitive market through the promotion of Interconnection and related procedures between the Service Providers.

Promoting the right of universal use of Telecommunications services.

Adopting an effective accreditation system for the Telecommunications Equipment.

Maintaining the organization of the Telecommunications sector in line with international norms.

Ensuring the systematic development and regulation of the Telecommunications sector.

Article 3.- The Powers and Functions of the Council

The Board shall assume the following powers and functions:

Granting, modifying, renewing, suspending, revoking and determining the conditions and procedures for issuance of the Individual and Class Licenses.
Determining the fees of the Individual and Class Licenses and the charges for the License To Use The Frequency Spectrum, and any other fees or expenses to be paid by the Service Providers.
Adopting national plans for the Frequency Spectrum, numbering and adopting the Universal Service policy.

Article 4.- The Powers and Functions of the Secretariat-General

The Secretariat-General shall assume the following powers and functions:

Granting, modifying, renewing, suspending and revoking Class Licenses and Permits and Licenses To Use The Frequency Spectrum, and determining the conditions and procedures for their issuance.

Monitoring the compliance of Licensees with the terms of Licenses and Permits issued to them.

Developing and managing the Frequency Spectrum plan and other scarce resources, ensuring optimal use, and maximizing their revenues to the extent required by International Rules.

Developing and implementing the appropriate measures to prevent Service Providers carrying out anti-competitive practices.

Developing the necessary procedures for the adoption of Telecommunications Equipment or their types that are connected to the Telecommunications Networks in the State, including the accreditation of the equipment that had already been accredited by other organizations or countries.

Drawing up the terms of Interconnection and Access between Service Providers.

Drawing up and managing the National Numbering Plan, and allocating numbers to Service Providers.

Protecting the interests of customers, including the drawing up of rules for tariff regulation and standards of service quality, and monitoring the terms and conditions for providing Telecommunications services.

Implementing any Universal Service program.

Requesting information that will enable them to exercise their powers and perform their functions, including plans for developing the network or services, and financial, technical and statistical information, accounting records and other information.

Verifying compliance with the provisions of this Law and its implementing regulations, and the rules and decisions issued in the implementation procedure.

The Secretariat-General, in order to achieve this, may use the services of specialized agencies, and academic or technical institutions or qualified consultants, to help perform some tasks and functions and cooperate and coordinate with ministries and other government agencies, bodies and public institutions.

Article 5.- Secretary-General

The Secretary-General shall undertake all the technical, administrative and financial tasks of the Supreme Council as well as issuing regulations, decisions, orders, rules, instructions and circulars related to the organization of the Telecommunications sector, as determined by this Law and its implementing regulations, or as authorized by the Supreme Council.

The Secretary General shall give the Council a detailed annual report on aspects of the activities of the Telecommunications organization sector.

Article 6.- Transparency and Non-Discrimination

The regulations, decisions, orders, rules, instructions and circulars issued pursuant to this Law must be transparent and non-discriminating between all Service Providers and other participants in the market.

It is not discrimination to take any decisions in accordance with the provisions of this Law and its implementing regulations, which would have a different impact on any Service Providers or any other participant in the market, when it is attributed to the particular circumstances of the aforementioned.

Article 7.- Conflict of Interest

None of the members of the Council, the Secretary-General or the staff of the Supreme Council may have any personal interest, direct or indirect, in the contracts concluded with or for the Supreme Council, the projects carried out, or Permits, works or activities which are issued in accordance with the provisions of this Law, or any other activities that are incompatible with the proper exercise of their responsibilities. In particular, the following shall be deemed prohibited personal interest in the application of the provisions of this Law:

The basic or participatory ownership of any kind of the Telecommunications Network operator, Telecommunications Services Provider, or the manufacturer or supplier of Telecommunications Equipment, provided that he possesses more than five percent (5%) of any class of shares, any ordinary shares or debt securities whose value exceeds that set in any circular issued by the Council.
Material benefit, or basic or participation ownership prohibited in accordance with the above item, which is transferred to any party concerned by virtue of this Article, as a result of a will or inheritance, or which becomes prohibited in accordance with any declaration made by the Board.

Conflict of interest, when realized according to the provision of any of the foregoing items, shall only cease if the material benefit or substantial or participatory ownership is reduced, to the extent set out in this Article, within three months from the date of transfer of the will or inheritance, or by the effective date of the pertinent declaration, as the case may be.

Article 8

All License fees of all kinds, and other fees and costs that the Service Providers shall pay, are from the funds realized by the Supreme Council from exercising its activities, which fall within the components of its financial resources in accordance with the provisions of Article 20 of the aforementioned Decree Law nº 36 of 2004.

Chapter Three.- Telecommunications Licenses

Article 9.- License Requirements

No person may, without a License, exercise any of the following:

The provision of Telecommunications services to the public for a fee, direct or indirect, whether services are provided partly or as a whole. This includes the resale of Telecommunications services that are obtained from third parties, even if the beneficiary of this service is one person.
Owning or operating a Telecommunications Network that is used to provide Telecommunications service to the public for a fee, direct or indirect.
Owning or operating any other Telecommunications Network.

Article 10.- Types of License

Telecommunications Licenses shall be as follows:

Individual Licenses.

Class Licenses.

The Secretariat-General shall publish the instructions that set forth the Telecommunications services and related activities that require Individual or Class Licenses, as determined by the implementing regulations of this Law.

Article 11.- License Provisions and Compliance

The Secretariat-General shall determine the fair and objective terms, conditions, procedures and standards required for the granting and renewal of Telecommunications Licenses in accordance with the provisions of this Law. The Secretary-General shall issue the relevant decisions, directives, orders and circulars, which shall be published in the Official Gazette.

The Secretariat-General shall have the power to monitor the extent of compliance, and scrutinize the Licensees with regard to the terms of their Licenses. The Secretary-General shall implement the work of this Dominance.

The Licensee who has an Individual License may only relinquish it to others with the approval of the Board. Regarding the category Licenses and Licenses To Use The Frequency Spectrum, they may only be waived after the approval of the Secretary-General.

Article 12.- Non-Renewal, Modification, Suspension and Revocation of Licenses

The Council shall, based on the proposal of the Secretary-General, have the right not to renew, modify, suspend or revoke the Individual Licenses. The Secretary-General shall have the same right regarding the Class Licenses, in any of the following circumstances:

Repeated violation of the provisions of the Law, its implementing regulations, rules, decisions, and orders implementing it or any of the terms of the License.

Non-payment of the fees prescribed for the License or for its renewal, or any other financial amount in accordance with the provisions of this Law and its implementing decisions.

Death, or the expiration of a legal licensed person for any reason.

Assignment of the License without the consent of the Council or the Secretary-General.

The Secretariat-General, in the event that the License is not renewed, or is modified, suspended or revoked, shall take appropriate measures to mitigate the negative impact that may ensue on the service and customers.

Chapter Fourth.- Frequency Spectrum

Article 13.- Frequency Spectrum

The Frequency Spectrum shall be a limited natural resource that is owned by the State, and the Supreme Council shall be the body responsible for organizing and managing all affairs relating to its use.

Article 14.- Procedures for the Management of the Frequency Spectrum

The Secretariat-General shall be entrusted with the management, allocation and distribution of frequencies in the Frequency Spectrum, systematically and effectively in accordance with the provisions of this Law and the relevant international norms. To this end, it may perform the following:

Drawing up and maintaining the National Plan For Frequency Spectrum, and managing, distributing and allocating frequencies in accordance with that plan.
Monitoring the implementation of the use of radio frequencies and Frequency Spectrum according to the National Plan For Frequency Spectrum, pertinent distributions and allocations and applicable License terms, and the preparation of the National Register for Frequencies wherein all information relating to frequencies, distribution, allocation and use are recorded.
The formation of and supervision over committees and over any committee or committees existing to coordinate the uses of frequencies, including civil, non-civil and commercial uses. The Secretariat-General may issue the regulations and rules necessary for the establishment and operation of these committees.

Article 15.- Licenses To Use The Frequency Spectrum

No person may operate any Telecommunications device or use frequencies until obtaining a License to Use the Frequency Spectrum, or a Permit to use the frequencies.

Article 16.- The Obligations of Licensees Using The Frequency Spectrum

The Licensee shall use the Frequency Spectrum according to the conditions set forth in this Law, its implementing regulations, rules and orders, in accordance with the conditions set forth in the License granted to him.

The Secretariat-General may monitor the use of Frequency Spectrum, detect the use of unlicensed frequencies and verify the commitment of Licensees with the terms of the License.

Article 17.- The Conditions of Non-renewing, Modifying, Suspending or Revoking the Licenses To Use The Frequency Spectrum

The Secretary-General may not renew, modify, suspend or revoke the issued Licenses to Use the Frequency Spectrum, in any of the following circumstances:

Repeated violation of the provisions of the Law, its implementing regulations, rules, decisions, and orders relating to it or any of the terms set out in the License.

Misusing the licensed frequencies or using them other than for the allocated purposes.

Non-payment of the fees prescribed for the License or for its renewal, or any other financial amount in accordance with the provisions of this Law and its implementing regulations.

Death or the expiration of the legal licensed person for any reason.

Assignment of the License without the consent of the Secretary-General.

The Secretariat-General, in the event that the License to Use the Frequency Spectrum is not renewed, or is modified, suspended or revoked, shall take appropriate measures to mitigate the negative impact that may ensue on the service and customers.

Chapter Five.- Interconnection and Access

Article 18.- The Rights, Obligations and Conditions of Interconnection and Access

The Secretariat-General shall determine the rights, obligations and conditions for Interconnection and Access, and shall oversee and monitor compliance. Each licensed Service Provider shall have the rights and obligations regarding Interconnection and Access as follows:

The right to engage in discussions, on the basis of good faith, with another Service Provider to reach an agreement on Interconnection and Access.

The right to Interconnection and Access to services or facilities of another Service Provider, according to the terms of Interconnection and Access.

The obligations set forth in Article 24 of this Law regarding the Dominant Service Provider for reasons of Interconnection and Access.

Abiding by the rules of Interconnection and Access as provided for in Article 21 of the Law.

The obligation to provide Interconnection and Access to services or facilities of another Service Provider, according to the terms of Interconnection and Access.

Article 19.- The Tasks and Duties of the Secretariat-General in the Field of Interconnection and Access

The Secretariat-General shall assume the following tasks and duties in the field of Interconnection and Access:

Promoting the appropriate, effective and low-cost Interconnection between the Telecommunications Networks, and promoting the Access of the Service Providers to the service facilities of the other Service Providers, to ensure the operational continuity of the Telecommunications services which begin or end in the State and to promote the growth of competitive markets for the Telecommunications services.

Establishing an open, transparent and commercially viable organizational structure that aims to facilitate regulatory procedures and eliminates or mitigates the effects of other barriers to entry into the Telecommunications market.

Facilitating negotiation between parties to reach agreements on Interconnection and Access.

Ensuring that the convention on Access and Interconnection meets the requirements of this Law and its implementing regulations and any regulations, rules or orders applicable to Interconnection and Access.

Determining which Service Provider is deemed a Dominant Service Provider in any Telecommunications market regarding Interconnection and Access.

Identifying the additional commitments on Interconnection and Access that apply to the Dominant Service Providers.

The obligations set forth in Articles 20, 22 and 24 of this Law, including those regarding Access to information and technical equipment, and related to requests for Interconnection and Access.

The obligations contained in or attached to the reference offer for Interconnection and which are specified by the Secretariat-General, in the case of a Dominant Service Provider and for the reasons of Interconnection and Access in accordance with the provisions of Article 24 of this Law.

Any obligations or requests for a Dominant Service Provider regarding Interconnection and Access as specified by the Secretariat-General, related to their charges, calculation of costs or the requirements of accounting separation in accordance with the provisions of Articles 24, 25 and 33 of this Law.

Article 20.- Interconnection Negotiations

Each Service Provider shall, on receipt of a written request from another Service Provider for Interconnection or Access, proceed to negotiate in good faith with the applicant in order to reach an agreement on Interconnection or Access for:

1.- Linking their respective networks.

2.- Providing Access to the Telecommunications Facilities including the main offices and other locations of the devices, emergency, towers, columns, lines of Telecommunications and underground facilities, wherever necessary and reasonable to enable the Service Providers to provide the same to their customers.

Article 21.- Controls of Interconnection and Access

No Service Provider is obliged to enter into any agreement for Interconnection and Access based on conditions that would, in its reasonable opinion, cause physical damage or harm to any person or property, cause material injury to its network and Telecommunications Facilities or adversely affect the performance of any of them, or the Telecommunications services he is providing, or which are not reasonable in the light of the technical or economic data available.

Article 22.- Breach of the Obligation to Negotiate in Good Faith

The following acts and practices shall be deemed a breach of the obligation to negotiate in good faith on Interconnection and Access:

1.- Hindering or disrupting negotiations or failing to make reasonable efforts to resolve the existing differences.

2.- Refusing to provide data on the services or Telecommunications Networks of the Service Provider or its facilities which are required to arrange Interconnection and Access processes.

3.- Influence in any way the ability of the Service Provider to communicate with the Supreme Council.

4.- Refusing to amend the terms of Interconnection and Access, without reasonable justification to suit the changes in this Law or any regulations, rules or orders.

Article 23.- Identification of the Dominant Service Providers

The Secretariat-General may, for purposes of Interconnection or Access, decide to deem any Service Provider as a Dominant Service Provider in one or more Telecommunications markets, according to the competition policy and the principles and procedures set forth in Chapter IX of this Law.

Article 24.- The Obligations of the Dominant Service Provider Regarding

Interconnection and Access

In addition to the provisions of Article 20 of this Law, the Dominant Service Provider must respond to any reasonable request for Interconnection and Access to its Telecommunications Network, whenever technically feasible.

In similar circumstances, it must apply the same terms to all Service Providers for obtaining Interconnection or Access.

It must also be committed to provide Interconnection and Access to all Service Providers using the same conditions and quality with which it provides its own connection services or those which belong to its subsidiaries.

Article 25.- The Rights and Obligations of the Dominant Service Providers

In addition to the provisions of this Chapter, the implementing regulations, rules and instructions issued in this regard shall set forth the rights and obligations of the Dominant Service Providers, including the following:

1.- Any requirements for obtaining prior approval from the Secretariat-General on the prices of Interconnection and Access, on calculating the cost or the accounting separation between the various costs.

2.- Any requirements relating to the preparation of a reference offer and the content of the offer.

3.- Any requirements relating to the deposition and publication of Interconnection and Access agreements.

Chapter Six.- Tariff Regulation for the Dominant Service Providers

Article 26.- Identification of the Elements of Tariff Offers

The Secretariat-General shall have the authority to define the elements necessary to provide tariff offers, and adopt and disseminate the same with regards to Telecommunications services. It may develop other rules for organizing prices and tariffs, including the application of any programme to restore balance in prices or define their ceilings.

Article 27.- Tariff Regulation for the Dominant Service Providers

The provisions regulating tariffs, as provided for in the following Articles, shall apply to the Service Providers who are classified by the Secretariat-General as Dominant Service Providers in one or more of the markets of Telecommunications service, according to competition policy, and the rules and regulations set forth in Chapter IX of this Law.

Article 28.- Presentation of Tariff Offers and their Pre-Approval

The Dominant Service Providers shall submit to the Secretariat-General tariffs offers, rates and fees for Telecommunications services in the markets where they have been classified as Dominant Service Providers and obtain pre-approval.

The Secretariat-General may exempt the Dominant Service Providers from providing their tariffs and obtaining a prior approval, if it considers that the competitive market forces alone are enough to protect the interests of customers, and the elimination of dangers harmful to competition.

Article 29.- Extra Fees

The tariff of the Telecommunications services provided by the Dominant Service Providers must be based on the cost of providing the service effectively, provided that the tariff does not contain any extra duties resulting from the position of Dominance enjoyed by the Service Provider. The Secretariat-General may issue substantiated resolutions to amend the tariff if it considers it is not commensurate with the cost of providing the service, provided that the ruling declares the new amount.

Article 30.- Approval of the Temporary Tariff

The Secretariat-General may issue an interim decision to adopt any temporary tariff until the completion of its evaluation, and it may amend that decision or make it final or revoked.

Article 31.- Compliance with the Tariff

No Dominant Service Provider may apply or change any tariff, rates, fees or any other payment that violates the tariff approved by the Secretariat-General. Any contrary agreement or arrangement between the Service Provider and any Client shall be prohibited.

Article 32.- Cost Studies

The Secretariat-General, at its expense, may assign any Dominant Service Provider to prepare or participate in a study on the cost of services provided, if the Secretariat-General deems that such a study is necessary to prevent any conduct that is harmful to competition or that is necessary to regulate the tariffs and prices.

Article 33.- Accounting Practices

If the Secretariat-General sees that some accounting practices or accounting separation, between the different types of activities and services, represent an effective and necessary tool to prevent conduct that is harmful to competition, or to regulate the tariffs and prices, it will be entitled to ask any Dominant Service Provider to adopt such practices or any other accounting practices to determine the cost of its services, including the preparation of cost studies for each type of activity or service, or make an accounting separation between the different types.

Article 34.- National Numbering Plan

The Secretariat-General shall develop and maintain a National Numbering Plan and shall manage the distribution and allocation of numbers, E-addresses, capabilities and associated resources and control their use in accordance with the terms of Licenses, and take action to enforce compliance. The National Numbering Plan must be in accordance with the International Rules. The Service Providers must ensure that the allocation, distribution and use of numbers and email addresses given to them, and related capabilities and resources, are compatible with the National Numbering Plan, regulations, orders, rules and declarations related to them.

Article 35.- Practicing Numbering

The distribution and allocation of numbers shall not gain any proprietary rights or private rights other than the right of use for the Service Provider or its customers, whether the distribution or allocation is in return for or without charge. The Secretariat-General may, where appropriate, re-distribute and allocate the numbers to the Service Providers. Furthermore, any Service Provider may change the number assigned to any customer on reasonable grounds and in accordance with the orders, decisions and circulars issued by the Secretariat-General in this regard. In the cases where the customer has obtained the number for a charge, the Service Provider shall be obliged to refund or compensate it fairly. The Secretariat-General may issue the orders, rules, decisions and circulars governing the distribution and allocation of numbers and re-distribution or allocation of the same, including the rules governing the collection of any fee or charge for receiving those numbers.

Article 36.- Plans for the Application of Number Portability and Selection of Service Providers

The Secretariat-General, after consulting the concerned Service Providers and relevant parties, may issue the necessary decisions on the development of a plan for Number Portability and Service Provider selection. The development plan must include the Service Providers’ obligations in the operational and financial aspects of the facilities and systems necessary to implement this plan.

Chapter Eight.- Universal Service Policy

Article 37.- Application of Universal Service Policy

The Secretariat-General shall be responsible for the application of any Universal Service policy, including the following:

1.- Definition of the rights and duties of the Service Providers in the application of Universal Service initiatives.

2.- Identification of means of funding for any Universal Service initiatives.

Article 38.- The Obligation of the Service Provider to Provide Universal Service

Service Providers shall comply with the regulations, decisions and orders issued by the Secretariat-General to implement the Universal Service, including the obligations related to funding.

Article 39.- Universal Service Fund

The Council, after the adoption of the Universal Service policy, may establish a fund called the Universal Service Fund to support the costs of providing Universal Service. A decision shall be issued by the Secretary-General for regulating the fund, defining its powers, its procedures of payment and the Service Providers’ obligations to contribute to it.

Chapter Nine.- Competition Policy

Article 40.- Development and Application of Competition Policy

The Secretariat-General shall develop and apply the competition policy and the related regulations in the Telecommunications sector and in the Telecommunications markets defined in the State. To this end, it shall do the following:

1.- Review the state of competition in the Telecommunications markets in the State, exercise its powers, functions and authorities to promote competition in the provision of Telecommunications services.

2.- Update the competition policy and its related regulations to reflect the state of competition in those markets, provided that the aim of relying on market forces is consistent with protecting the interests of the customers and the public.

3.- Determine the criteria to be applied in the classification of Service Providers who have a Strong Position in the Market or who enjoy a Dominant position in specific Telecommunications markets, and the application of that criteria in any classification process.

4.- Control and prevent the misuse of the market power or Dominant position and anti-competitive practices, as defined under this Law.

5.- Determine the appropriate procedures and arrangements to address the misuse of market power and behavior specified as non-competitive, and apply the same to promote competition and to protect the interests of customers and the public.

Article 41.- The Prohibition of Anti-Competitive Practices

Service providers shall be prohibited from exercising non-competitive practices. Service providers who are classified as enjoying a Strong Position in the Market, or who are Dominant in a market or several markets of Telecommunications in the State, shall undertake not to abuse their market power or Dominance in those markets or anything related to them. The Secretariat-General may determine whether the conduct of any of the Service Providers constitutes an abuse of the market power, or an abuse of Dominance, or any other non-competitive practice. If the Secretariat-General decides that abuse has occurred it may take such action as it sees fit.

Article 42.- Categories of Strong Position in the Market

The Secretariat-General shall classify the Service Providers and determine the extent of the strong or Dominant position they enjoy in the market. Before classification, it shall do the following:

1.- Identify the markets of the relevant products and services, including the geographical area or region.

2.- Determine the criteria and methodology to be applied in determining the degree of market power, or the other standards of the Strong Position in the Market or Dominance in the relevant markets.

3.- Undertake an analysis of the markets of relevant products and services through the application of the relevant criteria and methodology.

The decisions that classify the Service Providers as having a Strong Position in the Market or Dominance shall define the markets of relevant products and services, the standards, and the methodology and circumstances relied upon to justify this classification. The Secretariat-General may consult the Service Providers, customers or any of the other stakeholders when identifying any market, analyzing or classifying the market forces in accordance with the provisions of this Article. The implementing regulations, other regulations, rules and issued orders shall define the standards, methodologies and processes for the classification of market forces.

Article 43.- Abuse of Dominance

Dominant Service Providers are prohibited to engage in activities or acts that constitute an abuse of dominance. The following acts and activities, in particular, shall be considered as abuse of dominance:

1- Failure to supply Interconnection or Access services or facilities to other service providers within a reasonable period of time from the time requests for such services had been presented. Excluded are cases when failure to supply any of such services is justified;

2- Failure to supply Interconnection or Access related services or facilities to other service providers on the same terms the service provider provides such services and facilities to its own facilities or those of its subsidiaries or affiliates. Excluded are the cases where the differences in the terms of services are justified;

3- Bundling up a number of telecommunications services in one package so that a competitor service provider has to obtain such package as a pre-requite for providing any of such services from Dominant Service Provider;

4- Providing an offer on more preferential terms and conditions and in a manner not based on differences in costs where a competing service provider is to acquires a service that is not required of him;

5- Monopolising the use of scarce facilities or resources of exclusive use, with the effect of denying a competing service provider from using such facilities or resources or from enjoying its right of Access.

6- Supplying competitive telecommunications services at prices below long-term incremental costs or any other cost criteria specified by the General Secretariat;

7- Using revenues or transferring a part of the cost of a specific telecommunications service to subsidise another telecommunications service supplied by same service provider, except where such subsidy is approved by the General Secretariat;

8- Failure to meet Interconnection service obligations;

9- Performing any acts that have the effect of substantially reducing competition in any telecommunications market, in particular any of the following acts:

a. reducing the margin of profit available to a competitor that requires a set of telecommunications services from Dominant Service Provider;

b. agreeing with a supplier not to sell to a competitor;

c. adopting technical specifications for networks or systems for the purposes of preventing interconnection or interoperability with a network or system of a competing service provider;

d. failure to make available within an appropriate period of time technical specifications, and information about essential telecommunications facilities or services or other related commercial information which are required by other service providers to provide telecommunications services; and

e. the use by Dominant Service Providers of information related to interconnection or other telecommunications facilities or services provided by competing service providers with the purposes of competing with them.

Article 44.- The Prohibition of Unjustified Discrimination

The Dominant Service Providers shall provide the conditions and quality of a standard service for all customers, including the tariff fee. The Secretariat-General may decide otherwise if differing conditions were justified objectively based on a difference in the conditions of service supply, including the various costs, traffic volumes or the lack of available facilities or resources. This shall be applied to customers who receive service for resale to their own customers and end-users. The Dominant Service Provider shall submit to the Secretariat-General sufficient justification for the existence of any discrimination, and must cease discrimination when receiving a notification from the Secretariat-General.

Article 45.- Other Non-Competitive Practices

No person shall participate in any practices that prevent competition or lead to a drop in the Telecommunications markets, in particular, the agreement between two or more Service Providers to determine the rates and conditions of service in the Telecommunications markets, distribution of employment opportunities and contracts, or sharing of Telecommunications markets among them.

Article 46.- Treatment of Non-Competitive Practices

If the Service Provider carries out non-competitive practices or the Dominant Service Provider abuses its Dominance, the Secretariat-General may issue any decisions to remedy anti-competitive practices or abuse of Dominance, and is entitled to do the following:

Oblige the persons concerned to stop the work or activity that causes this practice, or make specific changes in the work or activity to eliminate or mitigate its negative impact on competition.
Oblige the concerned Service Providers to submit periodic reports to the Secretariat-General to determine the extent of their adherence to its decisions.
Refer the violator to the prosecution authority with a view to initiating criminal proceedings.

Article 47.- The Powers of the Secretariat-General in the Transfer of Dominance

The Secretariat-General shall review the proposals for the transfer of Dominance over the Service Providers. The Secretariat-General, upon reviewing the proposals for the transfer of Dominance, shall have the right to approve the transfer, grant conditional approval or reject the transfer. When deciding to approve the transfer, grant conditional approval, or reject, the Secretariat-General shall take into account the effects of the proposed transfer on the Telecommunications markets in the State, particularly its effects on competition in those markets and the related interests of customers and the public.

Chapter Ten.- Consumer Protection

Article 48.- Preparation and Development of Consumer Protection Policy

The Secretariat-General shall prepare a policy for consumer protection in accordance with this Law, or any other related laws.

Article 49.- The Application of Consumer Protection Policy

When applying the consumer protection policy, the Secretariat-General shall carry out the following powers:

Control the conditions of service between the Service Providers and customers.
Determine and develop the applied standards of the quality of the service.
Follow up and prevent abusive and misleading trade practices.
Ensure the availability of effective procedures to resolve customer disputes.
Review the conditions of competition in any markets for Telecommunications services that are determined by the State, review and update the consumer protection policy and related regulations to reflect the state of competition in those markets with the purpose of relying on market forces to protect the interests of customers. The Service Providers must abide by the rules, conditions, standards and practices relating to the policy of consumer protection.

Article 50.- Consumer Protection Regulations

The Secretariat-General shall determine the rules that regulate the drawing-up, development and application of the consumer protection policy, in the following matters:

The practice of Service Providers regarding the issuance of invoices and retention of documents and papers relating to the services provided.
The Terms of Service delivery, its adoption, publication and posting.
The procedures for Service Providers to resolve disputes and complaints of the customers.
The provision of telephone directories, directory services and service centres.
The exploitation of Telecommunications services in the promotion of products and other goods.
The requirements of service quality, quality control and quality compliance.
Access to the Clients’ premises and property.
The responsibility of Service Providers for the services and mandates they provide, and the limits of that responsibility.

Article 51.- Fair Practices

The Service Provider must provide the Client, before its subscription to the service, or before assuming any commercial obligations towards the Service Provider, with the Terms of Service and any other terms and conditions and all tariffs, prices and costs applicable to any Telecommunications service. The Service Providers may impose on the Client only the service fee specified for the selected Telecommunications, or the fee specified for Telecommunications Equipment requested by the Client. The Client shall not be responsible for paying any fee for any service or equipment for communications it did not request.

Article 52.- Protection of Customer Information

The Service Providers in managing their networks, facilities and related systems, shall take into account the rights of privacy of the Client. It is their responsibility to maintain the information and data of the Client and the Telecommunications in their possession, and they shall provide adequate protection for the same. The Service Provider may not collect, use, retain or announce any information of any customer except with its consent or as permitted by Law. The Service Providers must ensure that the information submitted is accurate, complete and valid for the purpose of use.

The customers shall have the right to request correction or deletion of any information relating to them. Nothing in the provisions of this Article shall prevent the relevant authorities from obtaining any confidential information or communications relating to the customers in accordance with this Law.

Chapter Eleven.- Access to property

Article 53.- Access Procedures

The Secretariat-General shall develop the rules necessary to facilitate Access to private and public property, in order to install, operate and maintain the Telecommunications Facilities according to the provisions of this Law in coordination with the relevant authorities.

Chapter Twelve.- Accreditation of the Criteria for Telecommunications Equipment

Article 54.- Definition and Accreditation of the Criteria for Telecommunications Equipment

The Secretariat-General shall define the technical standards and specifications for the Telecommunications Equipment, their types, accreditation requirements and the procedures to be applied to those standards and specifications, according to the provisions of this Law, and any other relevant Laws.

Article 55.- The compliance of the Service Providers and Suppliers with the

Telecommunications Equipment Standards and Accreditation and Certification Requirements

The Service Providers and suppliers of Telecommunications Equipment shall undertake that all the Telecommunications Equipment used, imported, manufactured or supplied in any way for use in the State shall be consistent with the standards of equipment, International Rules, and certification requirements established by the Secretariat-General

Article 56.- Definition of Equipment Standards

The Secretariat-General, in exercising its powers regarding the definition and accreditation of equipment standards and adoption, shall carry out the following:

Set forth the technical standards or specifications for the Telecommunications Equipment or their types.
Define the technical standards or specifications for the Telecommunications Equipment or their types which are set by the other authorities or bodies concerned with standards, in order to be approved and adopted in the State.
Create or identify the test systems and facilities to accredit the use of Telecommunications Equipment or their types.
Identify the appropriate international and regional regulations or testing facilities for the accreditation of Telecommunications Equipment or their types and approval of the use.
Approve the accreditation of other certifications of Telecommunications Equipment by the other competent authorities or bodies, and consider the same as sufficient for using this equipment, in accordance with the International Rules.

The Secretariat-General may, whenever it is necessary to avoid any damage or interference with the work of Telecommunications Networks, issue an order prohibiting the manufacture, import or use of certain Telecommunications Equipment or their types. The Secretariat-General shall ensure that the technical standards and specifications and the requirements for mandatory accreditation are compatible with the approved technical requirements for the electrical equipment, wireless Telecommunications devices and products designed for use in the State.

Article 57.- Management of Criteria

The Secretariat-General shall keep records of accredited and prohibited Telecommunications Equipment. It shall make one or more declaration indicating the applicable standards and specifications required and the bodies responsible for test and measurement, the foundations for issuing the certification, accreditation of Telecommunications Equipment or their types and the adopted procedures and practices

Article 58.- Telecommunications Equipment Used before Enforcing the Law

The Telecommunications Equipment approved before enforcing the provisions of this Law, installed or connected to a public Telecommunications Network, shall be certified and approved for use in the State, unless the Secretariat-General has decided that they interfere with the work of any Telecommunications Network, equipment or facilities, or pose a public danger.

Chapter Thirteen.- National security and cases of public emergency

Article 59.- The Obligations of Service Providers

The Service Providers must comply with the requirements of the security authorities in the country especially with the requirements of maintaining national security and adhere to the guidance of government agencies in cases of public emergency. They must also observe the implementation of the orders and instructions issued by the Secretariat-General on the development of a service network or mechanism to meet those requirements.

Article 60.- Compensation and Recovery of Expenses

The Service Providers may request and recover any expenses resulting from the execution of orders and directives issued in accordance with the provisions of the preceding Article. Such a claim may not be based on loss of income, expenses, or indirect damages resulting from any period of suspension of service.

Chapter Fourteen.- Settlement of Disputes

Article 61.- Settlement of Disputes by the Secretariat-General

The Secretariat-General shall settle the disputes that arise among the Service Providers and between them and others. The decision issued by the Secretariat-General regarding the dispute shall be final and enforceable. No case regarding the dispute may be accepted until a decision is issued by the Secretariat-General or until the passage of sixty days from the date of it being submitted, whichever is earlier. The implementing regulations shall govern the rules and procedures related to the dispute.

Chapter Fifteen.- The Authority to Inspect, Verify and Control

Article 62.- Provision of Information

The Secretariat-General may request the Service Providers or others to supply information necessary for the exercise of its powers. The information must be provided in the form, manner and time determined by the Secretariat-General. Any person required to provide information shall inform the Secretariat-General of any reasons which prevent this, and may request that the information provided may not be disclosed, in whole or part, because of its commercial nature or confidentiality.

Article 63.- The Authority to Inspect, Verify and Control

The employees of the Supreme Council, who shall be invested with the power of judicial control based on a decision from the prosecutor in agreement with the President of the Council, shall have the power to investigate and prosecute the crimes committed in violation of the provisions of this Law. They will have the authority to enter relevant places and have Access to records and documents, as well as checking equipment and Telecommunications systems and any other related things and requesting the data and clarifications they deem necessary.

Chapter Sixteen.- Offences and Sanctions

Article 64

Without prejudice to any severer penalty provided for in any other law, the offences set forth in the following Articles shall be punished based on the penalties indicated.

Article 65

Whoever intentionally causes the disruption of Telecommunications or intentionally damages for this purpose some of the buildings or facilities allocated to the Telecommunications Networks, infrastructure or their Telecommunications lines, or makes all or part of them unfit for use shall be punished with imprisonment for not less than one year and not more than five years and with a fine of not less than fifty thousand (50,000) Riyals and not more than 500,000(five hundred thousand) Riyals. If any of the acts referred to in the preceding paragraph are as a result of negligence or lack of precaution, the punishment shall be imprisonment for not more than three months and a fine of not more than fifty thousand (50,000 ) Riyals, or either one of the penalties. In all cases, the court shall compel the person who committed such act(s) to pay the value of the damage, or the cost of restoration, without prejudice to the right to compensation, if required.

Article 66

Whoever intentionally commits one of the following acts shall be punished with imprisonment for a period not exceeding one year and with a fine not exceeding fifty thousand (50,000 ) Riyals, or with either of the penalties:

Using one of the Telecommunications Facilities or obtaining one of its services without payment of the costs prescribed.
Accessing a Telecommunications Network or facility or a system associated with it by penetrating the security measures with the purpose of obtaining data or Telecommunications service.
Wiretapping Telecommunications not intended for the public with technical means, intercepting radio waves which are intended for others, interfering with radio waves which are intended for others or other purposes which are contrary to this Law.
Causing damage to, repealing, intercepting, altering or discontinuing the work of any Telecommunications Network or tool, or tampering with it in any way.
Possessing, producing, selling or providing for the purpose of usage or importation, or distributing or providing a device in any other way, or password in the computer, Access code or any similar data that allows Access to a facility or network from Telecommunications, or a system linked with it, with the intent of committing any of the crimes provided in the previous four items of this Article.
Using or allowing the use of a Telecommunications Network with the purpose of the disturbance, excitement or abuse of any person.
Using any Telecommunications service or facility in a manner that leads to a violation of the provisions of this Law or other laws.

Article 67

Whoever violates a provision in any of Article 9, paragraph 3 of Article 11, and Articles 15 and 16 of this Law or violates any of the licensing or Permit conditions shall be punished with imprisonment for a period not exceeding one year and with a fine not exceeding one million) (1,000,000) Riyals.

Article 68

Whoever commits, without obtaining a License, one of the following acts shall be punished with imprisonment for a period not exceeding one year and with a fine that not exceeding twenty thousand (20,000) Riyals:

Importing or manufacturing one of the of Telecommunications devices with the purpose of marketing the same.
Acquiring, installing or operating any wireless Telecommunications devices.

Punishment shall be imprisonment for not less than two years and not exceeding five years if the import or manufacturing or acquisition is for the purpose of violating national security. The court shall in all cases order the confiscation of the equipment and devices used in committing the crime.

Article 69

Whoever, while performing its duty in the field of Telecommunications or as a result of the same, commits one of the following acts shall be punished with imprisonment for a period not exceeding one year and a fine not exceeding 100,000 (one hundred thousand) Riyals, or with either penalty:

Disclosing, publishing or broadcasting any information about an institution operating in the field of Telecommunications where this would lead to unfair competition between the establishments operating in this area.
Disclosing, publishing, broadcasting or recording the content of a Telecommunications message or part thereof without a legal basis.
Hiding, changing, hindering or modifying any Telecommunications message or any part thereof that might have reached that person.

Disclosing any information concerning the users of Telecommunications Networks or concerning their outgoing or incoming Telecommunications, without a legal basis.

Article 70

Whoever violates any of the provision of Articles 18(4)#(8) and Articles 22, 24, 28, 31, the last paragraph of Article 34, Articles 38, 41, 43, 44, 45, the last paragraph of Article 49, and Articles 51, 52, 55, 59 and 62 of this Law shall be punished with imprisonment for a period not exceeding two years and with a fine not exceeding 100,000 (one hundred thousand) Riyals or either punishment.

Article 71

Whoever, being responsible for the actual management of the violator shall be punished with the same penalties prescribed for the acts committed in violation of the provisions of this Law if it is proved that the same were committed with his knowledge, or if his breach of the duties imposed by that management has contributed to the crime.

Article 72

The penalty shall be doubled in the case of recurrence. Any of the crimes specified in this Law committed within three years from the date of implementing the penalty preceding it shall be deemed recurrent.

10Jul/17

Decision of the Board of The Supreme Council for Information and Communication Technology nº 1 of 2009 on the promulgation of the Executive By-Law for the Telecommunications Law

10 julio, 2017Decisión, QatarDecision of the Board of The Supreme Council for Information and Communication Technology nº 1 of 2009 on the promulgation of the Executive By-Law for the Telecommunications Law, Legislación Derecho Informático, Legislación Qatar, Legislación TelecomunicationsJosé Cuervo

Decision of the Board of The Supreme Council for Information and Communication Technology nº 1 of 2009 on the promulgation of the Executive By-Law for the Telecommunications Law

The Board,

Having perused the Telecommunications Law issued by Decree Law nº 34 of 2006;

Emiri Decision nº 29 of 1996 regarding the decisions of the Council of Ministers that are submitted to The Emir for certification and promulgation, and

The Council of Ministers’ approval of the draft of this Decision in its ordinary meeting nº 24 of 2008 held on 2/7/2008;

Have decided the following:

Article 1.- Introduction

The By-Law for the Telecommunications Law enclosed with this Decision, shall be effective.

Article 2.- Introduction

All competent authorities, each within its own competence, shall implement this decision which shall come into force on date of publication in the Official Gazette.

Tamim Bin Hamad Al-Thani
The Chairman of the Board

The Supreme Council for Information and Communication Technology
Issued on: 2/7/1430 A.H.
Corresponding to: 25/6/2009 A.D.

THE TELECOMMUNICATIONS BY-LAW

Chapter One.- Definitions and General Provisions

Article (1)
For implementation of this By-Law, the following terms and expressions shall have the meanings assigned to them, unless the context requires otherwise:

Supreme Council: The Supreme Council of Information and Communication Technology “ictQATAR.”

Board: The Board of the Supreme Council.

General Secretariat: the General Secretariat of the Supreme Council.

Law: The Telecommunications Law issued by Decree Law nº 34 of 2006.

By-Law: The Executive By-Law of the Telecommunications Law.

Person: a natural or juridical person of any type or form.

Access: access to any telecommunications network, telecommunications facilities or telecommunications services between Service Providers which makes facilities, services or both facilities and services available by one Service Provider to another Service Provider, under defined terms and conditions, on either an exclusive or non-exclusive basis, for the purpose of providing telecommunications services. It includes access to network elements and associated facilities, the connection of equipment, and in particular includes access to the local loop and to facilities and services necessary to provide services over the local loop, access to physical infrastructure including buildings, ducts and masts, access to relevant
software systems including operational support systems, access to number translation or systems offering equivalent functionality, access to fixed and mobile networks for roaming and access to conditional access systems for digital broadcasting services; but does not include access to facilities or services by end-user customers.

Control: the power of a Person to exercise decisive influence over, or to determine the actions of another Person in any manner, whether directly through the ownership of shares, stocks or other securities or voting rights, or indirectly through an agreement or arrangement of any type. Many factors shall be taken into consideration in determining Control including any Person that owns or has at its disposal, directly or indirectly, at least 10% of voting rights in another Person shall be deemed to be in control of such other Person.

Customer: subscriber, user or consumer of telecommunications services, whether an individual, corporation, governmental body or any other public or private legal entity and regardless of whether the services are acquired for the customer’s own use or for resale.

License: The permission issued by the Board or the General Secretariat to an individual or class of individuals to own or operate a telecommunications network, provide telecommunications services, or use radio frequency spectrum and it does not constitute a contract or bilateral agreement.

Significant Market Power: a position of an economic strength of a service provider in the market that permits it to act independently of customers or competitors, or to dominate one or more identified telecommunications service markets, through acting either individually or jointly with others, in accordance with the provisions of chapter nine of the Law and in accordance with chapter eight of this By-Law. Also referred to as “SMP”.

Telecommunications Equipment: equipment capable of being connected directly or indirectly to a telecommunications network in order to send, transmit or receive telecommunications services, and includes radio-communications equipment.

Affiliate or Affiliated Person: any natural or juridical person that directly or indirectly, is related to, is controlled by, or is under common control with another person.

Allocation of radio spectrum: entry in the national frequency allocation table, prepared by the General Secretariat pursuant to this By-Law, of a given frequency band for the purpose of its use by one or more terrestrial or space radio-communications services or the radio astronomy service under specified conditions.

Assignment of a radio frequency or radio frequency channel: authorization given by the General Secretariat pursuant to this By-Law for a radio station to use a radio frequency or radio frequency channel under specified conditions.

Information Request: an order issued by the General Secretariat requiring the provision of specified information, including original documents or copies of the same, pursuant to the Law or this By-Law.

Tariff: any statement of prices, rates, charges or any other compensation including related service descriptions or terms and conditions such as rebates, waivers or discounts offered by a Service Provider regarding any of its services.

Telecommunications Service: any form of transmission, emission or reception of signs, signals, writing, text, images, sounds or other intelligence provided by means of a telecommunications network to a third party.

Article (2)

The Board may issue amendments to this By-Law as it deems appropriate after following the procedures set out by law.

Article (3)

Licensees and Service Providers shall comply with the Law, this By-Law, the terms and conditions of their respective Licenses, and all regulations, decisions, orders, rules, and notices issued thereunder.

Article (4)

The Secretary General shall issue other regulations, decisions, rules, orders, instructions and notices for the implementation of the provisions of the Law and this By-Law.

Article (5)

The General Secretariat shall carry out the powers and authorities stipulated in the Law and this By-Law.

Article (6)

The General Secretariat shall take measures, actions and decisions, as it deems appropriate, to ensure that Licensees and Service Providers comply with the provisions of the Law, this ByLaw and the provisions of the Licenses, or to remedy their breaches.

Chapter Two.- Telecommunications Licenses

Article (7)

Individual Licenses shall be in writing, and the General Secretariat shall make copies of them available on the Supreme Council’s official website, in addition to paper copies available for inspection by the public and it may exclude from published copies of Individual Licenses any information that it determines is confidential or commercially sensitive.

Article (8)

The licensing criteria, procedures and the basic terms and conditions of the Individual License shall be published on the official website of the Supreme Council. The form of Class License and the scope of licensed activities shall also be published on the official website of the Supreme Council. In all cases, the publication shall contain the period of time expected to reach a decision concerning an application for a License.

Article (9)

The General Secretariat shall establish the terms and conditions of granting Individual Licenses on a case by case basis and the terms and conditions of granting Class Licenses.

Article (10)

In determining whether Telecommunications Networks and Telecommunications Services should be subject to an Individual License, the following general criteria shall be taken into account:

(1) whether the Telecommunications Services are provided to the public, directly or indirectly, or to another Individual Licensee in return for a direct or indirect fee.

(2) whether the owners or operators of a Telecommunications Network or
Telecommunications Facility use the network or facility to provide services to the public, directly or indirectly, or to another Individual Licensee in return for a direct or indirect fee.

(3) any other criteria that the Supreme Council considers relevant for the efficient and effective administration of the licensing process and supervision of compliance by Licensees.

Article (11)

Class Licenses will generally be issued to authorize more than one person of the same class to provide Telecommunications Services or own or operate Telecommunications Networks or Telecommunications Facilities in cases where Individual Licenses are not issued.

Article (12)

The General Secretariat may issue regulations or instructions containing further requirements for applicants for Individual and Class Licenses and service providers in order to provide clarification of services, telecommunications and related activities that require an Individual
or Class License.

Article (13)

An Individual License will not be deemed to be assigned by contract or for any other reason, without the prior approval of the Board.

If a Licensee wishes to assign its Individual License to another person, the Licensee shall deliver to the General Secretariat a written notification of the intended transaction and the written notification shall be given without delay, within a period not less than sixty (60) days prior to the intended completion date of the transaction. The written notification shall with sufficient clarity identify the parties to the transaction, including their respective Affiliates,
and shall state the nature of the transaction, including the intended completion date in order for the General Secretariat to review the proposed assignment. The Licensee shall provide information, and comply with the procedural requirements, as specified by the General Secretariat.

The term “Assignment” shall include, without limitation, a transfer of the Individual License or a change of control of a Licensee.

The Board shall determine whether to approve such assignment or not within thirty (30) days from the date of receiving the request, unless the review requires a longer period, the term of which shall be specified by the General Secretariat before expiry of the initial 30 day period.

In the event that the assignment involves an assignment of radio spectrum or a transfer of control, the General Secretariat shall also follow a coordinated procedure with respect to its review it in accordance with this Article and Articles (32), (33), (77), (78), (79), (80), (81), (82), (83), (84) and (85) of this By-Law.

The Licensee will have 180 days to consummate the proposed assignment from the date of approval by Board and notify the General Secretariat of its completion. The General Secretariat may approve one or more extensions to the above-mentioned period upon request of the Licensee.

Article (14)

The Board may amend Individual Licenses and the General Secretariat may amend Class Licenses in one of the following cases:

(1) in accordance with the Law, this By-Law, rules, regulations or the applicable License terms and conditions.

(2) following changes to international treaties or any other applicable laws that require an amendment.

(3) where an amendment has been requested or agreed to by the Licensee.

(4) the Licensee have committed repeated violations of the provisions of the Law, this By-Law, regulations, orders, decisions of the Board or the General Secretariat, or License terms.

Article (15)

The Board may suspend, revoke or refuse to renew Individual Licenses and the General Secretariat may suspend, revoke or refuse to renew Class Licenses in one of the following cases:

(1) in accordance with the Law, this By-Law, and the applicable License terms and conditions.

(2) the Licensee have committed repeated violations of the provisions of the Law, this By-Law, regulations, orders or decisions issued by the Board or the General Secretariat, or License terms.

(3) non-payment of fees specified for the License or its renewal or any other financial amount pursuant to the provisions of the Law or this By-Law.

(4) The death of a natural person or the dissolution of a juridical person for any ground specified by law.

(5) The Individual Licensee assigned the Individual License without the approval of the Board or the Class Licensee assigned the Class license without the approval of the Secretary General.

Article (16)

Prior to amendment, suspension, revocation or non-renewal of an Individual License by the Board, pursuant to the preceding two Articles, the General Secretariat shall notify the Licensee of this in order for the Licensee to submit its comments and the General Secretariat shall comply with the following:

(1) shall give the Licensee sufficient time to prepare comments on the intended action.

(2) shall set out any procedures the Board may use in further consideration of the action.

(3) request comments from other interested parties or the general public, when necessary.

(4) study the comments received.

Article (17)

If the Board amends an Individual License, it shall provide the Licensee with a reasonable amount of time as determined by the Board to implement any changes needed to comply with the amendment.

Article (18)

The Board shall not suspend or revoke or refuse to renew an Individual License without giving the Licensee a reasonable amount of time, as determined by the Board, to remedy any breach or reason that is the basis for the suspension, revocation or refusal to renew, unless proven that the breach or the reason still continues after receipt by the Licensee of one or more written warnings issued by the General Secretariat ordering the Licensee to remedy same.

Article (19)
Where a License is amended, suspended, revoked or not renewed, the General Secretariat shall take measures to ensure the continuity of service to customers and include in its orders in this regard terms and conditions as it deems appropriate.

Article (20)

The General Secretariat may issue regulations, rules or orders containing further procedures related to the amendment, revocation, suspension or non-renewal of a License.

Article (21)

The term of a License shall be stated in the License. Upon request by the Licensee, a License may be renewed by the Board or the General Secretariat on the same conditions or on the basis of new conditions, subject to the applicable License terms, regulations and decisions issued by the Supreme Council in this regard.

Article (22)

The Board shall determinate the License fees, any other fees, remuneration or charges and the General Secretariat shall issue in this regard, from time to time, regulations, decisions and orders regulating this matter.

Article (23)

The regulations, decisions and orders issued in accordance with the preceding Article shall contain the following:

(1) the entity which the fees and charges are to be paid to.

(2) fees and charges may be based on a percentage or proportion of the revenues of Licensees.

(3) fees and charges payable under the Law and this By-Law as set by the Board are in addition to any other fees or charges that must be paid by Service Providers in connection with their operations or commercial activities.

(4) the totality of fees applied to each Licensee and to the sector as a whole pursuant to the Law, and the impact on Licensees and end users shall be considered in the light of the objectives stated in paragraphs (1), (2) and (3) of Article (2) of the Law.

Chapter Three.- Radio Spectrum Management

Article (24)

In relation to radio spectrum management, the General Secretariat shall:

(1) prepare and publish a national frequency assignment plan for the spectrum allocated to the telecommunications sector and to promote the optimal and most efficient use of radio spectrum, and assign radio spectrum in accordance with that plan.

(2) prepare and publish a national frequency allocation table identifying all radio spectrum allocations.

(3) ensure that the use of radio spectrum is consistent with the national frequency assignment plan, related allocations and assignments, any applicable international treaties, commitments, protocols and standards and Radio Spectrum License conditions, including taking related compliance and enforcement actions.

(4) ensure the best and most efficient use of radio spectrum in accordance with international best practice in order to promote the objectives identified in Article (2) of the Law.

(5) determine, allocate, and assign, and re-allocate or re-assign, radio frequencies and frequency bands and channel assignments, and issue Radio Spectrum Licenses or radio frequency Authorizations, in accordance with the national frequency assignment plan.

(6) advise the Council of Ministers and government agencies on matters specifically referred to the Supreme Council relating to the use or management of radio spectrum.

(7) regulate matters related to radio spectrum fees.

(8) conduct public inquiries relating to the use or management of radio spectrum as it deems appropriate.

(9) mediate, resolve and manage interference disputes, where such disputes are not resolved by the disputing parties to the satisfaction of the General Secretariat.

(10) issue regulations, rules, orders or notices relating to the use of radio spectrum as the General Secretariat deems appropriate.

(11) determine any other matters relating to the transmission of radio-communications whether by satellite, terrestrial or other transmissions.

(12) perform such other radio spectrum-related functions as are conferred on the Supreme Council by other applicable laws or regulations.

Article (25)

The General Secretariat shall issue Radio Spectrum Licenses in writing and shall refer to the Licenses in the national frequency assignment plan available on the Supreme Council’s website.

Article (26)

The General Secretariat shall develop a regulation to implement an efficient approach to management of the radio spectrum in the State of Qatar. This regulation shall include in particular the following:

(1) specify the procedures, conditions and restrictions relating to the operation of the radio spectrum and radio-communications equipment, including the use of radio spectrum and operation of radio-communications equipment without authorization.

(2) specify the requirements for Radio Spectrum Licenses in respect of the operation of the radio spectrum.

(3) specify the requirements for any other authorization for the use of radiocommunications equipment.

(4) specify the technical requirements and standards in relation to radio-communications equipment, interference-causing equipment and radio-sensitive equipment.

Article (27)

All service providers utilising radio spectrum or radio-communications equipment in the State of Qatar shall comply with the regulation mentioned in the preceding Article.

Article (28)

Applications for Radio Spectrum Licenses shall be submitted separately from applications for Licenses to provide Telecommunications Networks and Services. The General Secretariat may from time to time publish procedures of general or specific applicability to facilitate the simultaneous review of Individual Licenses with associated applications for Radio Spectrum
Licenses.

Article (29)

The General Secretariat shall grant the Radio Spectrum Licenses or Authorizations in accordance with the national frequency assignment plan.

Article (30)

In all circumstances where a Radio Spectrum License or Authorisation is required, the General Secretariat shall publish on the website of the Supreme Council the following:

(1) the applicable licensing procedures and licensing criteria.

(2) the basic terms and conditions of the License.

(3) the period of time expected to reach a decision concerning an application for a License.

Article (31)

The General Secretariat shall establish the terms and conditions of all Licenses and shall monitor compliance by Licensees with the terms and conditions of their Licenses, and the General Secretariat may take any measures and procedures in this regard.

The General Secretariat may establish the criteria through Radio Spectrum Regulations in order to determine what radio spectrum should be available for common use and this may be awarded by means of a Class License.

Article (32)

A Radio Spectrum Licensee may not assign a License or Authorization, spectrum rights or any portion thereof by contract or for any other reason, without the approval of the Secretary General.

A transfer or change of control of a Licensee or segregation or partitioning of radio frequency spectrum rights, or combination of the two or sharing radio frequency spectrum rights with a third party shall be deemed to be an assignment of the License, Authorization, spectrum rights or any portion thereof.

Article (33)

The Licensee shall notify the Secretary General in writing of its wish to assign a License or Authorization at least 60 days before the date of the proposed assignment. The Licensee shall provide the information, and comply with the procedural requirements specified in the regulations issued by the General Secretariat in this regard.

The Secretary General shall issue its decision, whether to approve such assignment or not, within 30 days from receiving the request, unless the Secretary General finds that circumstances warrant a longer period of review, the term of which shall be specified by the General Secretariat before expiry of the initial 30 day period.

In the event that the assignment of a Radio Spectrum Licence also involves assignment of an Individual Licence or a transfer of control, the General Secretariat will follow a coordinated procedure with respect to its review in accordance with Articles (13), (32), (33), (77), (78), (79), (80), (81), (82), (83), (84) and (85) of this By-Law, as the case may be.

The Secretary General shall determine whether to approve such assignment based on the suitability of the proposed assignee to use the radio spectrum, in accordance with the terms of the Individual License, the terms of its issuance, and the provisions of the Law and this ByLaw.

A Licensee will have 180 days, from the date of approval by the Secretary General, to consummate the proposed assignment and notify the General Secretariat of its completion. If necessary, the Licensee may request, and the General Secretariat may approve, one or more extensions to the 180-day deadline.

Article (34)

The General Secretariat may amend a Radio Spectrum License in one of the following circumstances:

(1) in accordance with the Law, this By-Law, and the terms and conditions of the License.

(2) as requested or agreed to by the Licensee.

(3) to implement changes to international treaties or laws that require the amendment.

Article (35)

The Supreme Council may suspend, revoke or refuse to renew Radio Spectrum Licenses in one of the following cases:

(1) the Licensee have committed repeated violations of the Law, this By-Law, other regulations, orders or decisions issued by the Board or the General Secretariat, or the terms of the License.

(2) the misuse of radio spectrum or its use for an unauthorised purpose.

(3) non-payment of fees specified for the License or its renewal or any other financial amount pursuant to the provisions of the Law or this By-Law.

(4) The death of a natural person or the dissolution of a juridical person for any ground specified by law.

(5) The Licensee assigned the License without the approval of the Secretary General.

Article (36)

The General Secretariat shall, prior to amendment, suspension, revocation, or refusal to renew a License, notify the Licensee of this in writing and shall consider any comments submitted by the Licensee in this regard. The notice shall contain the following:

(1) provide the Licensee with sufficient time to prepare comments on the intended action.

(2) specify the procedures that the General Secretariat may use in further consideration of the action.

(3) may invite comments from interested parties or the general public regarding the intended action.

Article (37)

In the case where the General Secretariat amends the License, the General Secretariat shall provide the Licensee with a period of time as it deems appropriate, to implement any changes needed to comply with the amendment.

Article (38)

The General Secretariat shall not implement the suspension, revocation or refuse to renew a License without giving the Licensee a period of time, as it deems appropriate, to remedy any breach or reason that is the basis for the suspension, revocation or refusal to renew, unless proven that the breach or reason continues following the issuance of one or more written warnings by the General Secretariat to remedy such breach or reason.

Article (39)

Where a License is amended, suspended, revoked or not renewed, the General Secretariat shall take measures to ensure continuity of service to customers and include in its orders terms and conditions as it deems appropriate to ensure the least amount of negative disruption to customers which may result therefrom.

Article (40)

The General Secretariat my issue regulations, rules or orders containing further procedures related to the amendment or revocation of a License.

Article (41)

The term of a License shall be stated in the License. Upon application by the Licensee, a License may be renewed by the General Secretariat in accordance with the provisions of the License, regulations and decisions issued by the General Secretariat.

Article (42)

The Board shall set the License fees and any other fees, remuneration or charges and the General Secretariat shall issue in this regard, from time to time, the regulations and orders regulating this matter.

Article (43)

Any regulations, decisions and orders issued pertaining to fees shall contain the following principles:

(1) stipulate the entity which the fees and charges are to be paid to.

(2) fees and charges shall be levied on Licensees in an impartial manner.

(3) fees and charges may be based on factors such as the amount of radio frequency spectrum provided in the License; whether the Licensee is operating in a shared or exclusive frequency band; or a percentage or proportion of the revenues of Licensees from the use of radio spectrum.

(4) fees and charges payable under the Law and this By-Law are in addition to any other fees or charges that must be paid by Service Providers in connection with their operations or commercial activities.

Article (44)

In resolving radio spectrum interference disputes, the General Secretariat may carry out the following:

(1) assign its professional staff or technical experts to mediate the dispute, and if failing mediation to submit a report to the General Secretariat on possible ways to resolve the dispute.

(2) submit the dispute for arbitration in accordance with the procedure of the International Telecommunications Union (ITU), or such other arbitration rules or processes as the General Secretariat shall select.

(3) issue an order to resolve the dispute.

Article (45)

The Supreme Council shall consult with and coordinate the use of the radio spectrum with other countries, users, and organizations such as the International Telecommunications Union “ITU”, as required by law, treaty in force or as otherwise determined by the General Secretariat.

Chapter Four.- Interconnection and Access

Article (46)

The General Secretariat shall issue regulations, orders or notices to specify interconnection and access terms, conditions and processes, including the types of interconnection and facilities access that shall be provided by one or more Service Providers, and to facilitate interconnection and related access in accordance with its duties and objectives pursuant to the Law.

The General Secretariat shall have the authority to determine and oversee compliance with the rights, obligations, terms and conditions governing interconnection of telecommunications networks and access to telecommunications facilities and telecommunications services, in accordance with the Law, this By-Law and any regulations, rules, orders or notices issued by the General Secretariat and the License terms.

Article (47)

Subject to any limitations that may be established concerning the types of Service Providers that are entitled to interconnect, a Service Provider shall, upon receipt of a written request by another Service Provider licensed to operate a telecommunications network, enter into good faith negotiations to reach interconnection or access agreement in order to achieve the following objectives:

(1) connect and keep connected the telecommunications networks of both Service Providers.

(2) provide access to such telecommunications facilities, including but not limited to central offices and other equipment locations, mast sites, towers, conduits, poles, subscriber access lines and underground facilities, as are reasonably requested in order for the Service Providers to provide telecommunications service to their customers. Any co-location of facilities shall also be subject to Articles (112) and (113) of this By-Law.

The parties shall have a period of (60) day from date of receipt of the request for interconnection in which to reach agreement. If the parties are unable to reach agreement, either or both parties may resort to the General Secretarial for resolution. The General Secretariat may issue interim orders before final determination.

Service Providers and any other interested parties may at any time request the General Secretariat to clarify or interpret the interconnection and access rights or obligations set out in the Law, this By-Law, any regulation, rule or order, or any interconnection or access agreement. Decisions issued by the General Secretariat shall be binding.

Article (48)

Articles (49), (50), (51) and (52) of this By-Law apply only to Service Providers that the General Secretariat has designated as Dominant Service Providers in one or more telecommunications markets relevant to interconnection and related facilities access in accordance with Chapter Nine of the Law and Chapter Eight of this By-Law.

Article (49)

Interconnection or access arrangements offered by Dominant Service Providers designated in accordance with the preceding Article, in addition to meeting the requirements of Article (47) of this By-Law shall:

(1) meet all requirements of the Law, this By-Law and any regulations, rules and orders issued by the General Secretariat, including any requirements relating to interconnection or access charges, interconnection provisioning intervals or quality of service.

(2) be in accordance with any applicable reference interconnection offer approved by the General Secretariat for the Service Provider.

(3) meet all reasonable requests for interconnection with the Dominant Service Provider’s telecommunications network, at any technically feasible point, including to permit traffic originating on the Dominant Service Provider’s network to be terminated on the networks of the interconnecting Service Provider and all other licensed Service Providers.

(4) incorporate reasonable terms and conditions, including technical standards and specifications.

Every Dominant Service Provider designated, shall ensure that:

(1) it applies substantially the same terms and conditions to all Service Providers requiring interconnection or facilities access under similar circumstances.

(2) it provides interconnection and facilities access to all Service Providers under substantially the same conditions and quality as it provides for its own
telecommunications service operations or those of its Affiliates.

(3) it makes available on request, and without delay, all necessary or reasonably required information and specifications to Service Providers requesting interconnection or facilities access.

(4) it uses information received from a Service Provider seeking interconnection or facilities access only for the purposes for which it was supplied and does not disclose the information or use the information for any other anti-competitive purpose.

Article (50)

(1) The General Secretariat may require that interconnection or access charges of any Dominant Service Provider be subject to Article (29) of the Law and Articles (56), (57), (58) and (59) of this By-Law. The General Secretariat may also direct Dominant Service Providers to implement specific interconnection or access charges, or changes to such charges, as determined by the General Secretariat.

(2) Interconnection and facilities access charges of Dominant Service Providers designated in accordance with Article (48) of this By-Law shall be cost-based and in accordance with rules or standards determined by the General Secretariat.

(3) In establishing charges for interconnection or facilities access, Dominant Service Providers designated in accordance with Article (48) of this By-Law shall comply with any rules or orders applicable to interconnection or access, including any pricing, costing and cost separation requirements as prescribed by the General Secretariat.

Article (51)

(1) Every Dominant Service Provider designated in accordance with Article (48) of this By-Law shall perform the following:

(a) prepare a reference interconnection offer for approval by the General Secretariat within the time period prescribed by order of the General Secretariat.

(b) periodically update the reference interconnection offer as directed by orders of the General Secretariat.

(-) filing a copy with the Supreme Council, who shall publish the reference
interconnection offer on the Supreme Council’s official website.

(-) making a copy available to the public in its principal business offices;

(-) publishing the agreement on the Service Provider’s website.

(-) sending a copy to any other Service Provider on request.

(2) Every reference interconnection offer shall:

(a) comply with any rules or orders applicable to interconnection or facilities access, including any applicable instructions regarding the form and content of a reference interconnection offer as prescribed by the General Secretariat.

(b) include a full list of services, sufficiently unbundled, to be supplied to Service Providers, setting out the associated terms and conditions, including the provisioning processes and charges for each service.

(3) In the event that a Dominant Service Provider does not submit a reference
interconnection offer within the time period prescribed by the General Secretariat, or delays finalization of a reference interconnection offer acceptable to the General Secretariat, the General Secretariat may require the Dominant Service Provider to adopt a reference interconnection offer as prepared or prescribed by the General Secretariat.

Article (52)

(1) Every Dominant Service Provider designated in accordance with Article (48) of this By-Law shall within five (5) days from signing the interconnection or access agreement, file a copy of the agreement with the General Secretariat.

(2) Subject to the following paragraph, the Supreme Council may place a copy of any interconnection or access agreements filed with it in accordance with paragraph (1) of this Article on its official website.

(3) A Dominant Service Provider or any other party to an interconnection or access agreement that has been filed with the General Secretariat may identify specific information contained in the interconnection or access agreement as confidential, and may request that such confidential information be excluded from the copy of the agreement placed on the Supreme Council’s official website. Details of interconnection or access charges and all other essential terms and conditions offered by any Dominant Service Provider shall not be considered confidential; and the General Secretariat shall determine what information will be treated as confidential.

Article (53)

If the General Secretariat decides that an interconnection or access agreement is in violation of the Law or this By-Law, or the requirements of any regulation, rule, order, notice or License, it may issue an order requiring one or more of the parties to the agreement to amend the agreement.

Chapter Five.- Tariff Regulation

Article (54)

The General Secretariat shall have the authority to review all Service Provider tariffs, including wholesale and retail tariffs, and to determine any requirements regarding tariffs, their approval and publication, and the General Secretariat may issue regulations or orders to regulate the tariffs of Service Providers.

Article (55)

Articles (56), (57), (58) and (59) of this By-Law apply to Service Providers that the General Secretariat has designated as Dominant Service Providers in one or more telecommunications markets, in accordance with Articles (72), (73) and (74) of this By-Law. These tariff requirements shall apply to all service tariffs of a Dominant Service Provider, including all retail and wholesale tariffs. These tariff requirements shall also apply to interconnection or access related charges where those charges have been the subject of an order under paragraph (1) of Article (50) of this By-Law.

Article (56)

Tariffs that are subject to filing with and approval by the General Secretariat shall enter into force only after they have been approved by a decision from the General Secretariat.

The General Secretariat shall be entitled to issue interim orders regarding service tariffs and tariff related matters pending further evaluation and final determination. Final orders may confirm, amend or revoke any interim order.

Article (57)

Unless the General Secretariat orders otherwise, the Service Provider shall from the date on which the tariff or tariff revision is filed until the tariff or tariff revision is approved publish an electronic copy on its website; and maintain a paper copy available to the public at its main business offices; and within ten (10) days from the day on which the tariff or tariff revision is filed, place a notice of the tariff filing summarizing its contents and specifically identifying its effects, including its commercial impact on customers, in two local newspapers published in Arabic and English, or as otherwise directed by the General Secretariat.

Dominant Service Providers shall also comply with the tariff information and disclosure requirements of Articles (97), (98) and (99) of this By-Law and License Terms.

Article (58)

Tariffs charged by a Dominant Service Provider to other Service Providers shall be filed with and subject to approval by the General Secretariat in accordance with Article (29) of the Law and Article (56) of this By-Law; and the terms of the License.

Those tariffs must also comply with the orders issued by the General Secretariat.

Article (59)

The General Secretariat may require a Dominant Service Provider to prepare or participate in the development of a cost study of its telecommunications services if it determines that a cost study would be an effective and necessary means of addressing the effects of dominance or significant market power, preventing anti-competitive conduct or would otherwise be effective and necessary in implementing any scheme of tariff or price regulation.

The General Secretariat may require any Dominant Service Provider to prepare or participate in the development of a cost study for the purpose of determining the costs of providing different types of telecommunications services or the business activities of the Service Provider and the General Secretariat shall decide on the cost categories, form, approach, procedures and timing of the cost study; the Service Provider shall comply with all
requirements identified by the General Secretariat; and shall file with the General Secretariat the study.

The General Secretariat shall consult with the Service Provider required to file a cost study and any other interested parties before it makes an order requiring the study.

The General Secretariat may require a Dominant Service Provider to adopt identified cost accounting practices to facilitate cost studies or to achieve any other regulatory purpose under the Law or this By-Law, including the separation of accounts among different categories of business activities or services or as directed by the General Secretariat.

Article (60)

The General Secretariat may develop methods of price control and may consult Service Providers or any other interested parties.

The General Secretariat may issue orders or notices prescribing guidelines for the development of proposals for methods of price control; or setting out directions for the further development of any proposal that has been filed with the General Secretariat or any method of price control that is under development by the General Secretariat.

The General Secretariat may also approve of a proposal or method of price control for implementation by one or more Service Providers. Following development and approval of any method of price control, the General Secretariat may also issue regulations, rules, orders or notices required for its implementation.

Chapter Six.- Numbers and Numbering

Article (61)

The General Secretariat shall prepare, publish and manage a National Numbering Plan and shall allocate and assign numbers and number ranges in accordance with the National Numbering Plan. The General Secretariat shall, in preparing the National Numbering Plan take into account the following:

(1) The National Numbering Plan shall be consistent with the requirements of
international agreements, commitments, conventions, regulations and
recommendations to which the State of Qatar is party therewith.

(2) expected growth in demand for telecommunications services, and to allow numbers to be assigned with no delay.

(3) the plan and resulting allocation and assignment of numbers shall reflect the needs of Service Providers and customers, and be consistent with the efficient use of the Service Providers’ telecommunications networks.

(4) the plan may provide for many features such as number portability and service provider selection when required.

(5) allocation or assignment of numbers shall not confer an unreasonable advantage or disadvantage to any Service Provider.

Article (62)

In preparing and managing the National Numbering Plan, the General Secretariat shall have due regard for existing allocations and assignments of numbers and for the costs to Service Providers in accommodating the plan.

Article (63)

The General Secretariat may modify the National Numbering Plan and notify the Service Providers of this within a period of time as it deems appropriate, prior to the date when the modification is to be effected. Service Providers shall notify their customers regarding any such modification and its practical effects in accordance with any direction issued by the General Secretariat.

Article (64)

Service Providers and customers shall not have any property rights in numbers.

Article (65)

A Service Provider shall only change a customer’s number in the following cases:

(1) based on the request of the customer.

(2) a change in the location of fixed service customer which makes the retention of the existing number not technically or economically feasible.

(3) modification to the National Numbering Plan which orders this or any direction from the General Secretariat.

(4) the Service Provider has other reasonable grounds, including compliance with any orders, decisions or notices issued by the General Secretariat, and in this case the Service Provider has to give a written notice to the customer in question, stating the reason and anticipated date of change including any compensation to be paid by the Service Provider in accordance with Article (35) of the Law. In cases of emergency, oral notice with subsequent written confirmation shall be sufficient.

Article (66)

The General Secretariat may publish instructions on practices and procedures for the allocation and assignment of numbers, including identification of any fees or charges payable by Service Providers or customers for the allocation or assignment of numbers. The instructions will form part of the National Numbering Plan.

Article (67)

Subject to the requirements of any statement published by the General Secretariat, Service Providers shall ensure, at the time of allocation or assignment, that customers understand that they have no ownership, special or property rights in numbers and that numbers may be reallocated or re-assigned, including where the customer has paid a special fee or charge for the assignment or use of a particular number. Service Providers shall also ensure that they provide customers with adequate remedies in the event such numbers are re-allocated or reassigned, including appropriate refunds of any special fees or charges or other form of fair compensation.

Article (68)

The General Secretariat may, after consultation with Service Providers and other interested parties, issue an order to one or more Service Providers to develop or to assist in the development of a number portability implementation plan, for approval and implementation by the General Secretariat. Such order will form part of the National Numbering Plan. Any order issued by the General Secretariat in this regard shall contain:

(1) the schedule for implementation of number portability.

(2) markets and Service Providers covered by the plan.

(3) the technical means of providing number portability.

(4) the recovery of costs for implementation of the plan.

The number portability implementation plan shall identify specific responsibilities for the supply, development and operation of the facilities and systems needed to implement number portability.

Following development and approval of a number portability implementation plan, the General Secretariat may issue any other regulations, rules, orders or notices required for its implementation.

Article (69)

The General Secretariat may, after consultation with Service Providers and other interested parties, issue an order directing one or more Service Providers to develop or to assist in the development of a Service Provider selection or Service Provider pre-selection implementation plan, for approval and implementation by the General Secretariat.

Following development and approval of a Service Provider selection or Service Provider preselection implementation plan, the General Secretariat may issue any other regulations, rules, orders or notices required for its implementation.

Chapter Seven.- Universal Service

Article (70)

(1) The General Secretariat may set out a policy stating specific objectives, and related principles and service obligations, relating to the provision of universal service and related access to telecommunications services and telecommunications facilities in the State of Qatar and the General Secretariat may consult with Service Providers and other interested parties when developing a universal service policy.

(2) In setting out the universal service policy, the General Secretariat shall take into account the following:

(a) the objectives for the development of universal service, including the state of universal access.

(b) the telecommunications services and telecommunications facilities to be included in universal service offerings.

(d) the costs of the universal service obligations, and how these costs should be met.

In developing a universal service policy, the General Secretariat shall ensure that any universal service obligations of Service Providers are administered in a transparent, nondiscriminatory and competitively neutral manner.

Article (71).- Universal Service Fund

Following approval by the Board of the universal service policy, the General Secretariat may issue a regulation to establish a Universal Service Fund to subsidize the net costs of providing universal service. The regulation shall determine how the Universal Service Fund shall be operated and administered. The Universal Service Fund shall be administered by and under
the direction of, the General Secretariat.

All Service Providers shall contribute to the Universal Service Fund in accordance with the policy approved by the Board, the terms of their Licenses, any implementing regulation or decisions issued by the General Secretariat.

The disbursement procedures of the Universal Service Fund shall be prescribed by the Secretary General, and shall be administered in a transparent, non-discriminatory and competitively neutral manner.

Chapter Eight.- Competition Policy

Article (72)

The General Secretariat shall issue a notice which establishes the standards and methodology that it will apply in determining whether Significant Market Power exists in a particular relevant market. The General Secretariat shall publish the methodology on the website of the Supreme Council and may be modified from time to time by it.

The methodology may include the following elements and any other relevant factors which will be applied in accordance with criteria set out in third paragraph of this Article:

(1) definition of the relevant telecommunications market or markets in terms of products and geographic scope.

(2) assessment of market power based on a review of the economic and behavioural characteristics of the relevant market and an examination of the extent to which a Service Provider, acting alone or jointly with others, is in a position to behave independently of customers or competitors.

The methodology may include the following criteria for assessing the degree of market power in a relevant market:

(1) market share.

(2) absolute and relative size of the firm in the relevant market.

(3) degree of control of facilities and infrastructure that would be uneconomical for another person to develop to provide services in the relevant market.

(4) economies of scope and scale.

(5) absence of countervailing buyer power, including customer churn characteristics.

(6) structural and strategic barriers to entry and expansion.

(7) any other factors relevant to evaluating the existence of market power in a particular market.

The methodology may also provide guidance on the parameters that will be used for measuring market share (number of lines, number of minutes, revenues or other relevant metrics), and for ease of administration, the General Secretariat may, in the absence of evidence to the contrary, may deem that an individual Service Provider with a share of more than 40 percent of the relevant market is a Dominant Service Provider.

Article (73)

The General Secretariat shall undertake a baseline review of those telecommunications markets that it determines should be examined as a matter of priority. In undertaking its assessment, the General Secretariat shall rely on the best data available to it, and all market participants shall cooperate fully in furnishing information requested by the General Secretariat in order to carry out its evaluation. Where true, complete and accurate data is not
available, the assessment may be based on reasonable estimates, proxies and regulatory actions in comparable jurisdictions in the region.

Article (74)

The General Secretariat’s decisions on dominance designations shall be published on the official website of the Supreme Council in a format that conceals information classified by the General Secretariat as confidential, along with a current list of all Service Providers which the General Secretariat has designated as dominant and the specific market(s) in which they been found to be dominant.

The General Secretariat shall, from time to time, review its designation of service providers as dominant in the relevant markets and the specific requirements imposed upon those service providers as a result of that designation. In doing so, the General Secretariat will take into account the presence of new market entrants and evaluate whether market forces are
sufficient to safeguard the interests of customers and the public.

Article (75)

Dominant Service Providers are prohibited from undertaking any activities or actions that abuse their dominant position. In addition to the conduct and activities specifically identified in Article (43) of the Law, the General Secretariat may prohibit any other action or activities engaged in by a Dominant Service Provider that the General Secretariat determines to have
the effect or to be likely to have the effect of substantially lessening competition in any telecommunications market.

Article (76)

In addition to the provision of Article (46) of the Law and any other remedies identified by the General Secretariat from time to time in accordance with this By-Law, the General Secretariat may require the Service Provider involved in the abusive action or anticompetitive practices, and the persons affected by such actions or practices, to meet and attempt to determine remedies for such actions or practices.

In case of repeated breaches of an order made by the General Secretariat to prohibit a Dominant Service Provider from the abuse of its dominant position or other anti-competitive action or activities, the General Secretariat may issue a order requiring the Service Provider to divest itself of some lines of business provided that:

(1) the Service Provider is notified in writing prior to issuing such an order to allow the Service Provider to provide its comments regarding this matter.

(2) the General Secretariat determines that such an order is an effective measure to end an abuse of dominant position or anti-competitive practices.

Article (77)

No transfer of control of a Service Provider shall become effective by any transaction without one or more parties providing written notification of the intended transaction to the General Secretariat. The written notification shall be given without delay, within a period of not less than sixty (60) days prior to the intended completion date of the transaction. The written notification shall in reasonable detail and with sufficient clarity identify all the parties to the
transaction, including their respective Affiliates or any related Persons, and shall summarize the nature of the transaction, including the intended completion date. In addition, the Licensee shall provide such information, and comply with such procedural requirements, as the General Secretariat may specify.

Within thirty (30) days of receiving the above-mentioned notification, the General Secretariat shall issue a written order in reply to the parties confirming whether the transaction will require approval under Article (78) of this By-Law. If approval of the transaction is not required, the order will state this. In such case, the order will also specify the conditions, if any, that would apply to any additional ownership, voting or other rights in the entity to be
acquired, or to any Affiliates of the entity to be acquired. The order will also indicate under what circumstances any proposal to acquire additional rights in the entity must be notified to the General Secretariat for review.

Article (78)

No transfer of control of a Service Provider shall be effected without the prior approval of the General Secretariat if:

(1) a Dominant Service Provider, or an Affiliate of a Dominant Service Provider is the Person ultimately acquiring control of the Service Provider; or the Person whose control is being transferred.

(2) the General Secretariat determines, in its sole but reasonable discretion, that as a result of the transfer a Person, alone or with its Affiliates or related persons, may become a Dominant Service Provider.

(3) The General Secretariat determines, in its sole but reasonable discretion, that the proposed transfer of control may result in a substantial lessening of competition.

Article (79)

No transfer of control that requires prior approval under the preceding Article shall be completed or have any legal force or effect unless the Person makes written application for approval of the transfer to the General Secretariat, and receives written approval for the transfer from the General Secretariat.

Article (80)

Applications for transfers of control stipulated under the preceding Article shall contain detailed information regarding the proposed transaction(s) provided that such information shall, at a minimum, include the following:

(1) the Persons involved in the transaction(s), including the buyers, sellers, their affiliated Persons, any related persons, and any shareholders or other Persons that have ownership rights in all such Persons;

(2) a description of the nature of the transaction(s) and a summary of the commercial terms.

(3) financial information regarding the Persons involved in the transaction(s), including their annual revenues from telecommunications markets identified by specific markets, value of assets for the telecommunications business and copies of any updated annual or quarterly financial reports.

(4) a description of the relevant telecommunications markets where those Persons involved or engaged in the transaction(s) operate in.

Article (81)

The General Secretariat may request at any time additional information regarding any transaction that is the subject of a notification under Articles (77) and (79) of this By-Law.

Article (82)

The General Secretariat shall, within sixty (60) days from receipt of the above-mentioned application stipulated under Article (79), or from date of receipt of the additional information requested pursuant to the preceding Article:

(1) approve the transfer of control with no conditions.

(2) conditional approval of the transfer of control. The conditions shall be related to the promotion and development of telecommunications markets in order to make them open and competitive in the State of Qatar and related to the protection of customers’ interests.

(3) deny the transfer of control.

(4) issue an order extending the review period for an identified period of time.

(5) issue a notice to initiate an investigation regarding the proposed transfer of control and take one of the above-mentioned decisions set out in subparagraphs (1), (2) or (3) of this Article.

Article (83)

Any party to a proposed transaction may apply to the Supreme Council requesting expedited approval of the transaction, including in the event that the General Secretariat does not take any of the decisions identified in the preceding Article within the identified 60 day period.

Article (84)

Transfers of control involving the assignment of Individual Licenses or Radio Spectrum Licences shall be reviewed by the General Secretariat pursuant to the competition policy and criteria, and in accordance with Articles (13), (32), (33) of this By-Law, also pursuant to a coordinated timetable corresponding to the provisions of Articles (77), (78), (79), (80), (81), (82), (83), (84), (85).
Article (85)

Following approval by the General Secretariat, a party seeking to effect a transfer of control of the Licensee will have 180 days to consummate the proposed transaction and notify the General Secretariat of its completion. If necessary, the General Secretariat may approve one or more extensions to the above-mentioned period upon request of the Licensee.

Chapter Nine.- Consumer Protection Provisions

Article (86)

Licensees and Service Providers shall comply with the provisions of this Chapter, the terms and conditions of applicable Licenses and with any regulations, rules, orders or notices issued by the General Secretariat in this regard.

Article (87)

Service Providers shall not transfer or attempt to transfer customers, and shall not charge customers for services, except in accordance with customer orders, agreed service terms or other written customer directions.

In addition to the orders issued by the General Secretariat regarding customer terms, service provision or billing, the Service Providers shall provide customers with invoices as follows:

(1) at least once every three (3) months and for free.

(2) in paper form, or in electronic form if the customer consents.

(3) in a plain and simple format.

(4) that provide accurate information on the services provided, the amounts due for each service and the method of calculation of tariffs for any service on which invoices are based, on the length of calls or other measure of usage.

Article (88)

Service Providers shall retain accurate records of all customer orders, service provisioning and billing for a period of at least twelve (12) months from the relevant billing date, and shall make them available to the General Secretariat upon request in accordance with the Law.

Article (89)

Where the General Secretariat has a concern relating to billing practices, it may require Service Providers to publish information on billing systems or billing practices or to take such other steps relating to their billing systems or billing practices as the General Secretariat may consider appropriate.

Article (90)

No Service Provider shall make any false or misleading claim or suggestion regarding the availability, price or quality of its telecommunications services or equipment; or the telecommunications services or equipment of another Service Provider.

A claim or suggestion is false or misleading if the Service Provider knew or ought to have known at the time it was made that it was false or misleading or that it was likely to deceive or mislead the person to whom it was made.

Article (91)

Service Providers shall take all reasonable steps to ensure the confidentiality of customer communications. Service Providers shall not intercept, monitor or alter the content of a customer communication, except with the customer’s explicit consent or as expressly permitted or required by applicable laws of the State of Qatar.

Article (92)

The purposes for which customer information is collected by a Service Provider shall be identified at or before collection, and a Service Provider shall not, except as permitted or required by law, or with the consent of the person to whom the information relates, collect, use, maintain or disclose customer information for undisclosed or unauthorised purposes. The Service Provider shall be entitled to use customer information for all legitimate purposes identified in its terms of service, or in accordance with the customer’s consent in accordance with legal and constitutional controls.

A Service Provider shall be responsible for any records, which are under its custody or control or under the custody or control of its agents, containing customer information and communications. Service Providers shall ensure that customer information and customer communications are protected by security and technical safeguards that are appropriate to their sensitivity.

A Service Provider shall not disclose customer information to any person without the customer’s consent, unless disclosure is required or permitted by the General Secretariat in accordance with the applicable laws or regulations of the State of Qatar.

All customer-specific information, and in particular billing-related information, shall be retained and used by a Service Provider only for purposes specifically provided for in the applicable terms of service or other agreed customer terms, or in accordance with any rules or orders made by the General Secretariat, or as otherwise permitted by applicable laws.

Service Providers shall ensure that customers’ information is accurate, complete and updated regularly for the purposes for which it is to be used.

Article (93)

Nothing in this By-Law prohibits or infringes upon the rights of authorized governmental authorities to access confidential information or communications relating to a customer, in accordance with applicable laws.

Article (94)

Service Providers shall identify a person or group of persons to receive complaints from customers other than Service Providers. Details of how to contact such person or group of persons shall be provided on all written communications sent to customers and also on each Service Provider’s website.

Service Providers shall set certain procedures to deal with complaints of customers other than Service Providers and have them published in the form and manner that is approved by the General Secretariat. These procedures along with any amendments introduced shall be subject to the approval of the General Secretariat.

Service Providers shall not disconnect or change the telecommunications services being provided to a customer that are the subject of a complaint or dispute, other than in accordance with the terms of service approved by the General Secretariat pursuant to Article (96) of this By-Law or as permitted by an order made by the General Secretariat.

Article (95)

The General Secretariat shall undertake any other appropriate action to protect the public from harassing, offensive or illegal telecommunications in accordance with the Law, this ByLaw and other applicable laws.

Article (96)

The General Secretariat may require a Service Provider to submit to it draft terms of service to it for approval and may prescribe a timetable for review, approval and implementation of the terms of service.

Terms of service shall be consistent with the Law, this By-Law, and all applicable regulations, rules, orders and License conditions, and shall describe the basic terms of the relationship between the Service Provider and its customers in the provision and use of telecommunications services.

The General Secretariat shall approve draft terms of service as submitted to it or after introducing changes to it as the General Secretariat deems appropriate. Once approved, the terms of service will replace the customer terms used by a Service Provider and shall become binding on the Service Provider and its customers.

The General Secretariat may issue an order discontinuing the requirement for a Service Provider to submit draft terms of service to the General Secretariat for approval where it determines that its approval is no longer required to protect the interests of customers.

Article (97)

Each Service Provider shall publish the following information on its website:

(1) the current version of any terms of service or other standard customer terms and conditions of service approved by the General Secretariat.

(2) Its tariffs, rates and charges for any equipment or services, including all approved tariffs and proposed tariff changes which have been filed with the General Secretariat in accordance with Article (55) of this By-Law.

(3) the official website address and other contact information of the Supreme Council, along with a clear statement that the Service Provider is regulated by the Supreme Council under the Law, this By-Law and any other applicable laws, and that customers and other Service Providers may contact the Supreme Council if they are unable to resolve disputes with Service Providers.

(4) a user-friendly navigation system that allows a customer to locate the abovementioned information easily.

Article (98)

Service Providers shall also maintain paper copies of the information described in the preceding Article at all of their business offices. This information shall also be made available for public inspection, without charge, during normal business hours. Copies of the information shall also be sent to the Supreme Council for public reference, and may be published by the Supreme Council in the manner that the General Secretariat deems
appropriate.

Article (99)

If required by an order of the General Secretariat, a Service Provider shall include the current version of its terms of service or other standard customer terms and conditions, copies of its tariffs, rates and charges being available for review at its business offices and the other information described in paragraph (3) of Article (97) of this By-Law in the introductory pages to every telephone directory published by it or on its behalf. Service Providers shall
provide, upon request and at a reasonable charge, paper copies of its terms of service and all applicable tariffs, rates and charges to any customer who requests them.

Article (100)

The General Secretariat may issue regulations, rules or orders requiring Service Providers to provide customers with a telephone directory and access to directory services.

Service Providers shall provide customers with a telephone directory and access to directory services in accordance with any regulations, rules or orders issued by the General Secretariat.

Service Providers shall also exchange and compile customer information as required to facilitate the production of telephone directories or the provision of directory services in accordance with any regulations, rules or orders issued by the General Secretariat.

Article (101)

The General Secretariat shall set the minimum quality of service standards and may have them amended by following consultation with the related Service Providers.

The Supreme Council may include those criteria in the Licenses, or issue them by an order from it.

A Service Provider shall deliver to the General Secretariat a written quality of service report each quarter in the form and detail prescribed by the General Secretariat and setting out therein the Service Provider’s actual results for each quality of service standard.

Article (102)

If the quality of service report mentioned in the preceding Article shows that a quality of service standard has not been fulfilled nor achieved, the Service Provider shall provide a clear explanation stating the reason behind it and the steps it has taken or to taken by it in order to implement that standard.

The General Secretariat shall advise the Service Provider within thirty (30) days from receipt of quality of service reports and whether it accepts the report and the explanation submitted regarding any standard not achieved. If the General Secretariat does not reply within the above-mentioned period, this shall be deemed approval by the General Secretariat of the report, including the explanation.

In case the General Secretariat does not accept the explanation, the General
Secretariat shall issue an order stating the extra steps that the Service Provider shall take and the time frame within which those steps shall be taken, including submission of any additional reports by the Service Provider until the standard is achieved; and specific refunds, if any, or any other customer remedies to be implemented by the Service Provider as a result of its failure to comply with the quality of service standards.

Article (103)

A Service Provider shall publish on its website, in accordance with the orders of the General Secretariat, the quality of service report or any other additional related material submitted by it to the General Secretariat. The Supreme Council may also post on its official website the quality of service report or any additional related material submitted by a Service Provider.

The General Secretariat may require a Service Provider to publish all of the quality of service reports or parts therefrom or any information relating to quality of service in both the Arabic and English languages and in two local newspapers.

The Supreme Council may issue press releases and publish information regarding Service Provider quality of service performance, including comparisons regarding the quality of service performance among different Service Providers.

Article (104)

The service obligations of Service Providers described in this Chapter shall extend to the installation, operation, maintenance and repair of all telecommunications facilities that are owned or provided by the Service Provider and located on the customer’s property.

A Service Provider shall have the right to enter a customer’s premises or property for the purposes described in the preceding paragraph, subject to the following conditions:

(1) the Service Provider has given the customer a notice and has received the consent of the customer.

(2) the Service Provider dispatches identified and qualified personnel.

Article (105)

The General Secretariat may issue any orders relating to Service Provider liability, customer refunds and damages associated with the provision of services. The General Secretariat may take these provisions into consideration in the course of approving terms of service pursuant to Article (96) of this By-Law.

Chapter Ten.- Access to Property

Article (106)

Where a Service Provider cannot, on commercially reasonable terms and within sixty (60) days following the commencement of negotiations between the Service Provider and the concerned party obtain the consent of the government authority having jurisdiction over State Public and Private Property or facilities to construct, maintain or operate telecommunications
network facilities on that land or facility; or gain access to the pole, duct, tower or other supporting structure of a telecommunications, electrical power, or other transmission system constructed on that property or facility that is owned or controlled by the State, the Service Provider may apply to the Supreme Council for assistance or to exercise its powers under applicable laws and regulations.

Article (107)

Upon receipt of an application for assistance in accordance with the preceding Article, the General Secretariat shall consult with the concerned government authority to find a solution acceptable to both the Service Provider and the concerned government authority. If the General Secretariat’s consultation fails to produce agreement within a period of (60) days from date of receipt by the General Secretariat of the request, the General Secretariat may refer the matter for resolution to any administrative, executive or any other competent
authority that has jurisdiction, or the General Secretariat may provide assistance as it deems appropriate, or the parties to the dispute may refer the matter to the courts for resolution.

Article (108)

The Service Provider may apply to the General Secretariat for assistance in reaching an agreement with the owner of private land or private facility, or for the exercise of powers under applicable laws or regulations to obtain access to private land or private facility to construct, maintain or operate telecommunications network facilities, or to provide telecommunications services; if the Service Provider cannot, on commercially reasonable
terms, reach an agreement with the owner of the private land or private facility within thirty (30) days from date of commencement of negotiations with the concerned party.

Article (109)

Upon receipt of an application for assistance in accordance with the preceding Article, the General Secretariat shall take the steps it deems necessary to assist the concerned parties. If the General Secretariat’s consultation fails to produce agreement within a period of sixty (60) days, from the date of receipt by the General Secretariat of request for assistance, the General Secretariat may refer the dispute to any administrative, executive or other competent body that has jurisdiction, or the General Secretariat may provide assistance as it deems appropriate, or the parties to the dispute may refer the matter for resolution by the court.

Article (110)

The Secretary General may prescribe regulations that require any Service Provider to allow other Licensees to have access to conduit, ducts, cabling, wire and space for switching facilities inside multi-tenanted buildings where historic or contractual arrangements create anti-competitive conditions in respect of such access. Such regulations shall prohibit any Service Provider from providing, installing or continuing to service inside wiring, duct, conduit and related facilities unless the property owner also permits other duly authorized Licensees to have the same rights of access, absent a proof showing of undue burden to the property-owner based on unusual circumstances.

Article (111)

A Service Provider shall, in exercising any rights of access stipulated in Articles (106), (107), (108), (109), (110) of this By-Law, comply with all other applicable laws and regulations and with all applicable planning and approvals requirements and related processes. Service Providers shall indemnify property owners for any damage to property, injury or expense caused by the Service Provider acting contrary to any terms of access, laws, regulations or
planning and approvals processes.

In exercising the functions identified in Articles (106), (107), (108), (109), (110) or as otherwise appropriate to facilitate the construction, maintenance or operation of telecommunications facilities, the General Secretariat may establish and oversee the operation of a committee or other body to coordinate applicable planning and approvals requirements and related processes. The General Secretariat may issue regulations, rules, orders or notices required for the establishment or operation of such a committee or
coordinating body.

Article (112)

Service Providers with existing telecommunications network facilities shall allow other Service Providers, whom the General Secretariat have decided that they are entitled to co-locate, to co-locate their telecommunications network facilities on those existing facilities, including central office premises and other equipment locations, land and roof tops, mast sites, towers, conduits, ducts, poles and underground facilities, and physical and virtual colocation arrangements, where such co-location is technically and economically feasible.

In the event that the parties fail to reach agreement within 30 days following the commencement of such negotiations, either party may request the assistance of the General Secretariat to reach an agreement in accordance with the provisions of the Articles (106), (107), (108), (109), (110) of this By-Law.

The party requesting co-location shall compensate the party required to provide colocation for such an amount as the parties may agree to or where the parties are unable to agree, the party requesting co-location shall compensate for such an amount as determined by the General Secretariat.

Where the parties are unable to agree on the terms of co-location, any party may request the General Secretariat to resolve the dispute in accordance with Articles (121), (122), (123) of this By-Law.

Article (113)

In addition to the rules and conditions of this Chapter, the terms of co-location shall be subject to Chapter Four of this By-Law.

Article (114)

New telecommunications facilities shall be installed in a manner that do not create an undue adverse effect on existing telecommunications facilities or other existing installations including installations used to maintain public ways, water and gas lines, oil pipelines and electrical installations or other.

Article (115)

Any person installing new telecommunications facilities shall compensate affected persons for the reasonable costs of relocating, modifying or protecting existing facilities or installations which result from the installation of the new facilities.

Article (116)

The General Secretariat may issue regulations, rules, decisions, orders or notices related to access to private or public property, in coordination with other concerned authorities.

Chapter Eleven.- Telecommunications Equipment Standards and Approval

Article (117)

The General Secretariat may issue regulations, rules, orders and notices regarding technical standards and specifications, equipment specifications, testing facilities, the application and procedures for certification or type approval of telecommunications equipment; and any other aspect of practice or procedure relevant to equipment standards or certification. The General Secretariat may consult with the Ministry of Health in the State of Qatar regarding some matters relating to public health and telecommunications equipment, if any.

Article (118)

In exercising its functions and powers regarding equipment standards and certification procedures or type approval, the General Secretariat may require from the concerned any information or documentation regarding equipment performance, standards or certification.

Article (119)

The General Secretariat shall ensure that all technical standards, specifications and certification requirements that it identifies as mandatory requirements for telecommunications equipment, are consistent with, the technical requirements and procedures generally applicable to electrical equipment, radio-communications apparatus and consumer products approved for sale or use in the State of Qatar.

Article (120)

The General Secretariat may issue instructions regarding ceasing use or removal of the equipment that was in use prior to the effective date of the Law if it determines that such telecommunications equipment interfere(s) with the operation of other telecommunications equipment, or constitute a public hazard and may issue instructions regarding of any replacement or modified equipment.

Chapter Twelve.- Dispute Resolution

Article (121)

In accordance with Article (61) of the Law, the General Secretariat shall resolve disputes arising between service providers, or between service providers and others, which are under its jurisdiction in accordance with the Law and this By-Law, and the General Secretariat shall establish procedures for the fair and efficient resolution of such disputes.

Article (122)

The General Secretariat may issue regulations, rules, orders and notices related to dispute resolution.

Article (123)

Where Service Providers have been unable to agree on the resolution of a matter following reasonable efforts to reach an amicable settlement, one or more Service Providers may apply to the General Secretariat for assistance in resolving the dispute, and the General Secretariat may take any of the following measures:

(1) assign members of its staff or an expert consultant to attempt to resolve the dispute.

(2) issue a decision to resolve the dispute, and the decision shall be binding.

(3) take any other action as it deems appropriate.

(4) direct the parties to refer the dispute to the competent Court.

Article (124)

Where a customer other than a Service Provider has a dispute with a Service Provider that the parties have been unable to resolve among themselves, by means of the Service Provider’s customer complaint process approved by the General Secretariat, either party may request the assistance of the General Secretariat to resolve the dispute, and the General Secretariat may take any of the following measures:

(1) assign members of its staff or an expert consultant to attempt to resolve the dispute.

(2) issue a decision to resolve the dispute and the decision shall be binding.

(3) take such other action as it deems appropriate.

(4) direct the parties to refer the dispute to the competent Court.

Article (125)

Parties to a dispute may refer the dispute to private mediation or arbitration and all costs arising therefrom including any travel or other expenses incurred by the General Secretariat in connection with any assistance in resolving the dispute, shall be paid for by the parties of the dispute.

Article (126)

Service Providers shall be subject to the dispute resolution processes defined or initiated by the General Secretariat pursuant to the Law and this By-Law or any other applicable laws, regulations or procedural rules. Service Providers shall also be subject to any customer complaint procedures established or approved by the General Secretariat.

Chapter Thirteen.- Provision of Information

Article (127)

The General Secretariat may require Service Providers or others to provide it with information that it deems necessary for the exercise of its powers or that enables it to perform its functions.

Article (128)

Such information shall be provided in the format specified by the Information Request and may include, but not limited to, data that must be calculated or compiled by the recipient of the Information Request, original paper-based documents and information stored in digital electronic format.

Article (129)

The Information Request shall specify the data that is required, identify the proceeding and purpose for which the data is being collected, and indicate the time period within which the information must be supplied to the General Secretariat. The General Secretariat may extend the deadline for the submission of part or all of the information requested if the recipient of the Information Request provides a convincing justification, in writing, at least five (5) working days before the date on which the information is due.

Article (130)

The General Secretariat shall take into consideration a request made by the recipient of the Information Request for the confidential treatment of the information provided and the General Secretariat shall ensure that appropriate measures are taken to protect the confidentiality of information, which the General Secretariat determines to be confidential or commercially sensitive.

Article (131)

The recipient of an Information Request shall cooperate fully and shall provide true and complete answers to the questions posed within the timeframe established by the General Secretariat.

Article (132)

If a recipient of an Information Request does not furnish the requested information within the time stipulated by the General Secretariat, the General Secretariat may base its decisions or any other actions on the best alternative data available to it, and may collect the alternative data from published reports issued by third parties, relevant benchmarks, and reasonable estimates based on known data.

09Jul/17

Resolución 109/2016, del 16 de diciembre de 2016, del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA). Estándar del Servicio de Provisión de Internet en forma inalámbrica (WIFI)

9 julio, 2017Argentina, Resolucióndel 16 de diciembre de 2016, del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA). Estándar del Servicio de Provisión de Internet en forma inalámbrica (WIFI), Legislación 2016, Legislación Argentina, Legislación Derecho Informático, Legislación Internet, Resolución 109/2016José Cuervo

VISTO el Expediente nº 35/14 del Registro del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), los Decretos nros. 375 de fecha 24 de abril de 1997, 500 de fecha 2 de junio de 1997, ambos ratificados por el Decreto de Necesidad y Urgencia nº 842 de fecha 27 de agosto de 1997, los Decretos nros. 163 de fecha 11 de febrero de 1998, 1799 de fecha 4 de diciembre de 2007 y la Resolución nº 96 de fecha 31 de julio de 2001 del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), y

CONSIDERANDO:

Que en el Expediente citado en el Visto tramita actualmente la propuesta del Departamento de Control de Calidad de este Organismo Regulador de implementar el “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del SIistema Nacional de Aeropuertos (SNA)”, a fin de garantizar la prestación en forma libre y gratuita del servicio en el marco de un determinado estándar, mejorando la experiencia del usuario.

Que cabe considerar que el área técnica del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) analizó las características y la calidad del servicio de provisión de Internet en forma inalámbrica (WIFI) que se brinda en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), realizando pruebas de velocidad en varios de los referidos aeropuertos.

Que de dicho análisis surgió que el mencionado servicio se presta en diferentes condiciones en los distintos aeropuertos y que no existe una calidad mínima establecida que satisfaga las necesidades del usuario aeroportuario en el Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA).

Que en tal sentido el Departamento de Control de Calidad manifiesta que “El ORSNA como parte de su misión debe velar por la calidad de los servicios aeroportuarios que se ofrecen en los Aeropuertos del SNA, por ello debemos garantizar que la experiencia del usuario del servicio WIFI sea satisfactoria”.

Que el Departamento de Control de Calidad informa que los canales en las frecuencias 2,4Ghz y 5Ghz están ocupados por redes WIFI de prestadores, de organismos oficiales y del Concesionario Aeropuertos Artentina 2000 Sociedad Anónima, generando, de este modo, interferencias y degradando la calidad de las transmisiones de internet gratuito y la calidad del servicio prestado al usuario.

Que el área técnica expresa que “Se observa que los explotadores determinan características del servicio heterogéneas entre sí y además que no existe una calidad mínima establecida que satisfaga las necesidades del usuario aeroportuario, se sugiere que este Organismo establezca un estándar mínimo de servicio para garantizar un servicio adecuado”.

Que el mencionado Departamento, a los efectos de garantizar un servicio adecuado, indica que “Analizando distintos mecanismos que proponen los fabricantes y analistas, establecer una velocidad mínima garantizada en los horarios de conexiones pico resulta el más indicado dada la distribución horaria en las terminales aeroportuarias”.

Que el Departamento de Control de Calidad concluye que “La implementación del esquema de velocidad mínima permite la utilización del ancho de banda ocioso el resto del tiempo en que hay menos usuarios, por ello este mecanismo maximiza la utilización del ancho de banda para el usuario”. A ello agregó que “En base a las mediciones formuladas, y teniendo en cuenta lo dicho se sugiere la adecuación del espectro wifi y el establecimiento de un estándar para la provisión del servicio wifi gratuito”. Así también se sugiere que el servicio wifi esté disponible a la mayor cantidad de usuarios aeroportuarios posible”. Por último el área técnica en cuestión señala que “…habiéndose analizado el equipamiento adquirido por parte del concesionario Aeropuertos Argentina 2000 S.A, se sugiere que los aeropuertos bajo su administración conformen la primera etapa de implementación del estándar wifi dado que resultan capaces y suficientes”.

Que conforme lo expuesto en los considerandos precedentes, se prevé la necesidad de establecer un estándar para la prestación del servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA).

Que para el establecimiento del estándar propiciado en el servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), el Departamento de Control de Calidad utilizó como parámetro similar la calidad del servicio en cuestión prestado en la región y en otros países del mundo.

Que de dicho estudio surge que la prestación del servicio de provisión de Internet en forma inalámbrica (WIFI) libre y gratuito es una práctica habitual que se realiza en otros aeropuertos del mundo que favorece la comunicación de los usuarios aeroportuarios, ofreciéndose en condiciones de igualdad, libre acceso y no discriminación en el uso de dicho servicio.

Que la estandarización de los parámetros de calidad en el citado servicio otorga previsibilidad en la prestación del mismo, favoreciendo de esta manera a los usuarios, quienes incorporan a su cotidianeidad el uso de equipos de comunicación portátiles en los aeropuertos.

Que asimismo, el establecimiento de un estándar respecto de este servicio aporta orden y seguridad en el uso del espectro del servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA).

Que el estándar que propicia el Departamento de Control de Calidad fija un mínimo de velocidad garantizada en los horarios en que se encuentran presentes la mayor cantidad de conexiones simultáneas, y prevé que en el resto de los horarios la velocidad de conexión se distribuya según la cantidad de conexiones establecidas.

Que ello permite que en caso de existir pocas conexiones los usuarios incrementen su velocidad y así mejore su experiencia y satisfacción en el uso del servicio de provisión de Internet en forma inalámbrica (WIFI).

Que la implementación del esquema de velocidad mínima permite la utilización del ancho de banda ocioso el resto del tiempo en que hay menor cantidad de usuarios.

Que asimismo, con la presente medida se busca otorgar un servicio seguro que evite cualquier tipo de filtración de los datos sensibles.

Que la medida propuesta por el Departamento de Control de Calidad será sometida, a continuos exámenes de eficiencia y eficacia en forma constante a los fines de evaluar su aplicación y los logros obtenidos.

Que asimismo, cabe considerar que el Decreto nº° 375 de fecha 24 de abril de 1997 establece en su Artículo 14 Inciso a), que el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) tiene entre sus principios y objetivos asegurar la igualdad, el libre acceso y la no discriminación en el uso de los servicios e instalaciones aeroportuarias.

Que dentro de los servicios que se prestan actualmente en los aeropuertos, se encuentra el de provisión de Internet en forma inalámbrica (WIFI), por lo que este Organismo Regulador debe llevar adelante los mecanismos pertinentes a los fines de establecer los requisitos mínimos de su prestación.

Que de acuerdo a lo establecido en el Título Primero, Numeral 1, Punto a) del Pliego de Bases y Condiciones aprobado por el Decreto nº 500 de fecha 2 de junio de 1997 el Estado Nacional persiguió con la Licitación del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA) “mejorar substancialmente la actual infraestructura y operación de los aeropuertos objeto de la presente licitación y llevarla a los mayores niveles de operatividad, seguridad, tecnología y confianza posibles, acordes con los estándares internacionales en la materia, de forma de garantizar la mejor prestación del servicio aeroportuario a los usuarios”.

Que otro de los propósitos de la concesión, plasmado en el Punto c) del Numeral 1 de la citada norma fue el de “Incrementar la calidad de la prestación del servicio aeroportuario a los efectos de beneficiar a los usuarios destinatarios de tales mejoras”.

Que la concesión para la administración, explotación y funcionamiento de los aeropuertos integrantes del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos ha sido otorgada a la empresa Aeropuertos Argentina 2000 Sociedad Anónima por medio del Decreto nº 163 de fecha 11 de febrero de 1998, exigiendo que la administración y explotación comercial que el Concesionario ejerce, se desarrolle llevando a cabo todas las medidas y acciones necesarias para asegurar la continuidad en la prestación de los servicios cuya explotación se comprenda en los términos de la concesión, y el mantenimiento de los aeropuertos involucrados en óptimas condiciones operativas, asegurando además a los usuarios condiciones de seguridad y confort en el uso de las instalaciones (Artículo 13, numeral XXV).

Que el Numeral 3 de la Parte Cuarta del Acta Acuerdo de Adecuación de Contrato de Concesión, ratificada por Decreto nº 1799 de fecha 4 de diciembre de 2007, prevé la obligación del Concesionario de cumplir con los estándares de calidad que establezca el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), los cuales deben ser prudentes y establecidos de manera razonable por este Organismo Regulador según lo previsto en el Anexo I de la referida Acta Acuerdo

Que por su parte, el “Reglamento General de Uso y Funcionamiento de los Aeropuertos del Sistema Nacional de Aeropuertos” aprobado por la Resolución nº 96 de fecha 31 de julio de 2001 de este Organismo Regulador estableció en el Artículo 5.6.1 que el explotador aeroportuario deberá: “Aplicar y cumplir el nivel de servicio y los estándares de calidad de atención al pasajero, usuario y público en general, establecidos por el ORSNA o por la Autoridad de aplicación que corresponda”.

Que, en este sentido, el estándar propuesto en la presente se encuentra acorde con los lineamientos básicos por los cuales se determinó la concesión para la explotación, administración y funcionamiento del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA).

Que el Departamento de Sistemas y de Tecnología Informática de este Organismo Regulador ha tomado la intervención pertinente en el ámbito de su competencia.

Que la Gerencia de Asuntos Jurídicos, ha tomado la debida intervención.

Que el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) es competente para el dictado de la presente, conforme lo dispone el Artículo 3° de la Ley Nacional de Procedimientos Administrativos nº 19.549 y demás normativa citada precedentemente.

Que en reunión de Directorio de fecha 18 de noviembre de 2016 se ha considerado el asunto, facultándose al suscripto a dictar la presente medida.

Por ello,

EL DIRECTORIO DEL ORGANISMO REGULADOR DEL SISTEMA NACIONAL DE AEROPUERTOS

RESUELVE:

Artículo 1°.- Aprobar el “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)” que como ANEXO I integra la presente medida.

Artículo 2°.- Instruir a la empresa Aeropuertos Argentina 2000 Sociedad Anónima a que implemente la provisión del servicio de Internet en forma inalámbrica (WIFI) de acuerdo al “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)”, aprobado en el Artículo 1° de la presente medida, en el marco de las instrucciones emitidas por el Departamento de Control de Calidad de este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) y/o el área que lo reemplace.

Artículo 3°.- Instruir al Departamento de Control de Calidad y al Departamento de Sistemas y de Tecnología Informática a los efectos de que analice y verifique la provisión del servicio en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA) sobre la base del estándar aprobado en el Artículo 1° de la presente medida.

Artículo 4°.- Regístrese, Notifíquese al Concesionario Aeropuertos Argentina 2000 Sociedad Anónima, publíquese, dése a la Dirección Nacional del Registro Oficial y cumplido, archívese.

Lic. PATRICIO DI STEFANO, Presidente, Organismo Regulador del Sistema Nacional de Aeropuertos, O.R.S.N.A.

ANEXO I.- Estándar del Servicio de Provisión de Internet en Forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)

1.- Ámbito de Aplicación
El Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) será de aplicación en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), debiendo el Concesionario Aeropuertos Argentina 2000 Sociedad Anónima brindar el mencionado servicio de acuerdo al presente estándar, asegurando su prestación libre, gratuita y en condiciones de igualdad y no discriminación.

2.- Área de Cobertura
El servicio deberá ser prestado y estar disponible en la parte pública y la zona estéril de la terminal de pasajeros, entendida esta última como el sector comprendido entre un puesto de inspección y la aeronave, cuyo acceso está estrictamente controlado y sirve para la permanencia de los pasajeros que aguardan un determinado vuelo.

3.- Servicio Prestado

a) Los usuarios podrán conectarse por el término de UNA (1) hora de duración con reconexiones ilimitadas.

b) El servicio de WIFI deberá estar disponible las 24 (VEINTICUATRO) horas del día, los 365 (TRESCIENTOS SESENTA Y CINCO) días del año. Es decir que debe prestarse en forma continua e ininterrumpida.

c) El usuario deberá poder moverse por todo el aeropuerto —en las áreas en las que corresponda su prestación en los términos del Punto 2 de este Anexo I— sin necesidad de reconectarse al servicio, salvo el caso de reconexión previsto en el apartado a) del presente punto.

4.- Página de Inicio

4.1.- Al conectarse a la red WI-FI, el servicio provisto por el Concesionario deberá indicar al usuario que debe aceptar las políticas de uso y privacidad, términos y condiciones para su utilización.

4.2.- Una vez aceptadas se deberá presentar un sitio web con las siguientes características:
• Todo el sitio deberá adaptarse a la pantalla del dispositivo (responsive design).
• Todo el sitio deberá estar en el idioma Castellano, Inglés y Portugués.
• No podrá contener publicidades comerciales.
• Cada página del sitio web no deberá ser mayor a TRESCIENTOS (300) KB.
• Deberá incluir un link para visualizar los términos y condiciones del servicio provisto.
• El usuario deberá aceptar los términos y condiciones para acceder al servicio.
• La comunicación deberá estar cifrada.
• Todo el sitio deberá cumplir los estándares W3C.

5.- Características de la conexión

a) El Concesionario deberá prestar el servicio en las frecuencias 2,4Ghz (IEEE 802.11b/g/n) y 5Ghz (IEEE 802.11 a/n/ac) dentro del área de cobertura descripta en el Punto 2 del presente Anexo I.

b) El Concesionario deberá garantizar un mínimo de 1024 Kbps simétrico de ancho de banda ya sea nacional y/o internacional por cada conexión.

c) El ancho de banda de cada conexión no podrá ser limitado.

d) El Concesionario deberá garantizar la capacidad del vínculo al servicio para satisfacer a las “conexiones hora pico”.

e) El ancho de banda deberá estar distribuido en base a la cantidad de conexiones establecidas y deberá implementar mecanismos de balanceo de carga para tal fin.

f) El Concesionario deberá evaluar diariamente el tráfico total consumido y si el consumo fuera mayor al NOVENTA POR CIENTO (90%) de su capacidad deberá ampliar el vínculo a Internet. No deberá requerir información personal al usuario.

g) El Concesionario no podrá instalar software en los dispositivos de los usuarios.

6.- Señalización

a) El SSID deberá ser: WIFI-FREE (Nombre del Aeropuerto).

b) La calidad del beacon WIFI deberá ser superior al CINCUENTA POR CIENTO (50%).

c) La configuración del beacon interval del WIFI deberá ser entre CINCUENTA (50) y CIEN (100) milisegundos.

d) La intensidad de señal del punto de acceso más cercano deberá ser mayor a 70dBm.

e) Deberá proveerse IEEE 802.11 (b/g/n) en 2,4GHz y IEEE 802.11(a/n/ac) en 5GHz.

f) El Concesionario deberá garantizar la exclusividad del canal Mhz utilizado para la red WIFI evitando la superposición de canales.

g) Deberán utilizar el canal UNO (1) y SEIS (6) en 2,4GHz y del TREINTA Y SEIS (36) al CIENTO VEINTE (120) en 5Ghz para la red WIFI.

h) El resto de las redes WIFI del aeropuerto deberán utilizar el canal ONCE (11) en 2,4Ghz y los canales del CINTO VEINTE (120) en adelante en 5Ghz.

7.- Seguridad

a) El Concesionario deberá implementar un nivel de seguridad sobre la navegación a fin de evitar que los usuarios naveguen por sitios que puedan infringir las normativas vigentes.

b) El Concesionario deberá garantizar la privacidad de los usuarios conectados, mediante mecanismos de validación y encriptación:
Cada conexión a internet deberá ser única y no podrán verse los dispositivos entre sí.

Las comunicaciones entre el cliente y el “hotspot” deberán estar encriptadas.
El algoritmo de encriptación deberá ser WPA2 o superior.

c) El Concesionario deberá resguardar la seguridad de la red y de los sistemas del Aeropuerto de que se trate. Para ello, deberá contar con equipos destinados a tal fín. Deberá aplicar: filtros antispam; pornografía; fishing, propagandas, evitación de filtro, hacking, actividades ilegales, descargas ilegales, drogas ilegales, y armas, siendo esta enumeración meramente enunciativa pudiendo este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) requerir otros filtros.

d) El Concesionario deberá garantizar que en la red a la cual se conecten los usuarios no se propaguen programas y/o paquetes que afecten a la seguridad.

e) El Concesionario no podrá almacenar el contenido del tráfico de los usuarios.

f) El Concesionario deberá implementar mecanismos a fin de evitar conexiones “Man in the Middle”.

8.- Implementación del Servicio

a) El Departamento de Control de Calidad de este Organismo Regulador y/o el área que lo reemplace emitirá instrucciones al Concesionario Aeropuertos Argentina 2000 Sociedad Anónima respecto a la implementación del “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)”.

b) El Concesionario deberá requerir a los organismos públicos con presencia en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA) y a los prestadores aeroportuarios, la adecuación de sus redes inalámbricas a la presente medida.

c) El Concesionario deberá auditar que los diferentes prestadores del servicio cumplan con la presente ordenando los canales en las frecuencias 2,4Ghz y 5Ghz.

9.- Información a suministrar por Aeropuertos Argentina 2000 Sociedad Anónima.

El Concesionario deberá remitir en formato digital antes del décimo día de cada mes a este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) a la dirección electrónica [email protected] un informe sobre la capacidad y ocupación del servicio WIFI.

En dicho informe deberán figurar datos estadísticos que reflejen el funcionamiento del servicio y la acreditación del cumplimiento del estándar fijado por el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA).

Entre los datos a informar al Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), deberán figurar:

a. Ancho de banda total (nacional e internacional).

b. Ancho de banda nacional e internacional consumido.

c. Cantidad de usuarios conectados por hora por día.

d. Kb/s promedio por usuario.

e. Total de tráfico promedio por usuario.

f. Cantidad de tráfico por servicio/protocolo.

g. Rango de los DIEZ (10) servicios o aplicaciones que consuman más tráfico.

h. Cantidad de incidentes del servicio, especificando su tipo y duración.

i. Cantidad de reclamos por el servicio.

j. Histograma mensual del tráfico total.

Cabe destacar que la precedente enumeración es meramente enunciativa, pudiendo el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) requerir toda otra que considere pertinente.

10.- Falla en el Servicio
Cualquier tipo de contingencia que tenga el Concesionario respecto de la prestación del presente servicio que no permita ser suministrado en las modalidades aquí establecidas, deberá ser puesto en conocimiento del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) a la mayor brevedad posible a la dirección electrónica [email protected].

11.- Incumplimentos
La falta de cumplimiento de la presente medida será pasible de la aplicación de los procedimientos sancionatorios que correspondan.

09Jul/17

Internet de Argentina 2016

9 julio, 20172016, Argentina, InternetInternet, Internet de Argentina 2016José Cuervo

Resolución 109/2016, del 16 de diciembre de 2016, del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA). Estándar del Servicio de Provisión de Internet en forma inalámbrica (WIFI)

09Jul/17

Acordada 9/2016, de 29 de marzo de 2016, de la Corte Suprema de Justicia de la Nación (CSJN)

9 julio, 2017Acordada, ArgentinaAcordada 9/2016, de 29 de marzo de 2016, de la Corte Suprema de Justicia de la Nacion (CSJN), Legislación 2016, Legislación Argentina, Legislación Derecho InformáticoJosé Cuervo

Exp. 1074/2016

En Buenos Aires, a los 29 días del mes de marzo del año 2016, los
señores Ministros que suscriben la presente,

CONSIDERARON:

I. Que dentro del proceso de cambio y modernización en la prestación del servicio de justicia, que la Corte Suprema de Justicia de la Nación viene desarrollando en el marco del programa de fortalecimiento institucional del Poder Judicial de la Nación, en uso de las facultades que le otorga la Constitución Nacional en razón de lo dispuesto por las leyes nº
25.506, 26.685 y 26.856 este Tribunal ha procedido reglamentar distintos
aspectos vinculados al uso de tecnologías electrónicas digitales, y en
consecuencia dispuso su gradual implementación en el ámbito del Poder
Judicial de la Nación a partir de la puesta marcha de distintos proyectos de
informatización y digitalización.

II. Que en el marco de los principios universales del Desarrollo Sustentable contenidos en la Declaración de Río de Janeiro de 1992 sobre Medio Ambiente y Desarrollo y receptados por nuestra Constitución Nacional en su art. 41, por la Ley General del Ambiente, Ley nº 25.675, que vienen siendo implementados por este Tribunal (acordadas 35/11, 38/11, entre otras), resulta prioritario implementar medidas de acción que permitan cooperar en este aspecto.

Que a fin de continuar con esta política, se adoptara esta medida que racionaliza el uso del papel y redunda su vez en un mejor aprovechamiento del espacio físico.

III. Que la implementación de los distintos Sistemas de Gestión en las dependencias del Poder Judicial de la Nación, permite la integración de las actuaciones por tecnología digital sustituyendo los medios de uso convencional para la realización de las actividades vinculadas a las
actuaciones que aquí se tramitan.

IV. Que en el marco de este plan de modernización y, teniendo en cuenta el convenio firmado con la Oficina Nacional de Tecnología de la Información (ONTI), el 2 de septiembre de 2011, corresponde disponer la utilización de la firma digital en los trámites administrativos vinculados las resoluciones de la Secretaría General de Administración de la Corte Suprema de Justicia de la Nación.

V. Que ello se realizará progresivamente en las distintas dependencias de dicha Secretaria empleando un procedimiento y una metodología homogénea y transparente, lo cual permitirá resguardar la seguridad jurídica de los actos y la sustitución del soporte papel; debiéndose publicar las disposiciones administrativas firmadas de acuerdo al método indicado en los sitios web del Tribunal.

VI. Que la presente medida se dicta en ejercicio de las competencias propias de esta Corte Suprema de Justicia de la Nación como cabeza de este poder del Estado (art. 108 de la Constitución Nacional, cuyas atribuciones se encuentran ampliamente desarrolladas en los antecedentes que cita la acordada 4/2000, considerandos 1 al 7) por cuanto el dictado de sentencias, acordadas y resoluciones resulta un acto propio del Poder Judicial, en tanto el Tribunal tiene las facultades de dictar su reglamento interior (art. 113 de la Constitución Nacional).

Por ello,

ACORDARON:

1°) Aprobar el uso de la firma digital en el ámbito de la Secretaria General de Administración de la Corte Suprema de Justicia de la Nación en los actos que rubrique el señor Secretario General de Administración y los funcionarios que él designe.

2°) Establecer que en todos los casos en que se aplique la firma digital, no será necesario la utilización del soporte papel, quedando lo resuelto en soporte electrónico cuyo almacenamiento y resguardo estará a cargo de la Dirección de Sistemas del Tribunal.

Todo lo cual dispusieron, ordenando que se comunique, publique en la
página web del Tribunal, en el Boletín Oficial, en la página del CIJ y se
registre en el libro correspondiente, por ante mí, que doy fe.

RICARDO LUIS LORENZETTI, Presidente de la Corte Suprema de Justicia de la Nación

ELENA HIGHTON DE NOLASCO, Ministro de la Corte Suprema de Justicia de la Nación

JUAN CARLOS MAQUEDA, Ministro de la Corte Suprema de Justicia de la Nación

HECTOR DANIEL MARCHI, Secretario General de Administración de la Corte Suprema de Justicia de la Nación

09Jul/17

Acordada 16/2016, de 7 de junio de 2016, de la Corte Suprema de Justicia de la Nación

9 julio, 2017Acordada, ArgentinaAcordada 16/2016, de 7 de junio de 2016, de la Corte Suprema de Justicia de la Nación., Legislación Argentina, Legislación InformáticaJosé Cuervo

Exp. 6830/2015

En Buenos Aires, a los 7 días del mes de junio del año dos mil dieciséis, los señores Ministros que suscriben la presente,

CONSIDERARON:

Que dentro del proceso de cambio y modernización en la prestación del servicio de justicia que la Corte Suprema de Justicia de la Nación viene
desarrollando en el marco del Programa de Fortalecimiento Institucional del Poder Judicial de la Nación, en uso de las facultades que le otorga la Constitución Nacional en razón de lo dispuesto por las leyes nº 26.685 y 26.856, este Tribunal ha procedido a reglamentar distintos aspectos
vinculados al uso de tecnologías electrónicas digitales y así dispuso su gradual implementación en el ámbito del Poder Judicial de la Nación, partir de la puesta en marcha del Sistema de Gestión Judicial (Lex100).

2) Que la ley 48 del 14 de septiembre de 1863 reconoció en cabeza de esta Corte la atribución de dictar los reglamentos necesarios para la ordenada tramitación de los pleitos, facultad que diversos textos legislativos han
mantenido inalterada para procurar la mejor administración de justicia (art. 10 de la ley 4055; art. 4°, ley 25.488); y que justifica la sistematización que se lleva cabo.

3) Que la implementación del Sistema de Gestión Judicial en todos los fueros dependencias del Poder Judicial de la Nación permite la integración de las partes por medios telemáticos para la realización de tramites vinculados a las causas.

4) Que en el marco de este plan de modernización, corresponde estandarizar y reglamentar los trámites vinculados al ingreso de causas por medios
electrónicos, sin necesidad de concurrir a la sede del tribunal.

5) Que, por otra parte, resulta necesario establecer un procedimiento y una metodología homogénea y transparente para el sorteo y la asignación de causas, lo cual permitirá resguardar la seguridad jurídica de los justiciables.

6) Que, a tal efecto, en aquellas ciudades en las que existe mas de un tribunal con idéntica competencia, las causas deberán ser sorteadas a través del sistema Lex 100, con las excepciones establecidas en el reglamento que
integra la presente acordada.

7) Que, asimismo, y con el fin de brindar mayor celeridad al proceso, en todas las instancias en las que se requiera la elevación, asignación y sorteo del expediente, se ha desarrollado una herramienta informática dentro del
sistema Lex 100, para que las dependencias judiciales lo
efectúen en forma directa, sin la intervención de la Mesa de Entradas.

8) Que a su vez, se considera conveniente establecer los requisitos formales necesarios para la admisibilidad de los escritos.

9) Que en concordancia con lo dispuesto en la Ley 26.856 y en la acordada nº 15/13 se deben publicar las asignaciones que se efectúen a través del Sistema Informático de Gestión Judicial.

Por ello,

ACORDARON:

1°) Aprobar el Reglamento para el ingreso de causas por medios electrónicos, sorteo y asignación de de expedientes que establece las reglas generales aplicables a todos los tribunales nacionales federales del Poder Judicial de la Nación, que obra como Anexo I.

2°) Establecer que toda elevación de una causa una instancia superior se efectuara través del Sistema de Gestión Judicial desde el juzgado, cámara o
tribunal oral que la disponga, sin intervención de la Mesa de Entradas, salvo situaciones de excepción que requieran un procedimiento distinto.

3º) Aprobar las “Reglas para la interposición de demandas y presentaciones en general” obrantes como Anexo II, que establecen los requisitos que deben cumplir los escritos que se presenten en las actuaciones judiciales a los efectos de su admisibilidad formal.

4°) Publicar en la página del Centro de Información Judicial las causas asignadas diariamente a través Sistema Informático de Gestión, con las excepciones que se indican en el anexo I y las que surjan de las
disposiciones legislativas administrativas.

5º) Disponer que las medidas que aquí se sancionan se aplicarán partir del primer día hábil de marzo de 2017.

Todo lo cual dispusieron, ordenando que se comunique, publique en la página web del Tribunal, en el Boletín Oficial, en la página del CIJ y se registre en el libro correspondiente, por ante mi, que doy fe.

RICARDO LUIS LORENZETTI, Presidente de la Corte Suprema de Justicia de la Nación.

JUAN CARLOS MAQUEDA, Ministro de la Corte Suprema de Justicia de la Nación.

ELENA I. HIGHTON DE NOLASCO, Ministro de la Corte Suprema de Justicia de la Nación.

HECTOR DANIEL MARCHI, Secretario General de Administración de la Corte Suprema de la Nación

09Jul/17

Acordada 5/2017 de 28 de marzo de 2017 de la Corte Suprema de Justicia de la Nación

9 julio, 2017Acordada, ArgentinaAcordada 5/2017 de 28 de marzo de 2017 de la Corte Suprema de Justicia de la Nación, Corte Suprema de Justicia de la Nación, medios electrónicosJosé Cuervo

Expte. nº 6830/2015

En Buenos Aires, a los 28 días del mes de marzo del año dos mil diecisiete,
los Señores Ministros que suscriben la presente;

CONSIDERARON:

I. Que mediante la acordada 16/2016 -del 7 de junio de 2016- se dispuso que partir del primer día hábil de marzo de 2017 el ingreso, sorteo y asignación de causas, en todos los tribunales nacionales federales del Poder Judicial de la Nación, se realizaría por medios electrónicos conforme el Reglamento que allí se aprobó.

II. Que el Consejo de la Magistratura, través de la Directora de Tecnología, del Subadministrador General de su Presidente, hizo saber oportunamente que “la complejidad apreciable del desarrollo del sistema hace prever que no se podría arribar en condiciones de implantación al primer día de marzo de 2017, fecha prevista del ingreso web de causas”.

Por lo que requirió posponer su puesta en marcha (esc. 4279/2016).

III. Que con fecha 22 de febrero del corriente año el Colegio Público de Abogados de la Capital federal solicitó también el diferimiento de la acordada 16/2016.

Por ello, en razón la importancia de la adecuada implementación de esta herramienta digital y a efectos de garantizar la correcta prestación del servicio de justicia,

ACORDARON:

I. Postergar hasta el primer día hábil de septiembre de 2017 la implementación de las cláusulas previstas por la acordada 16/2016
en toda la justicia Nacional Federal, cuya vigencia comenzaba a regir el
primer día hábil del mes de marzo de 2017.

II. Exhortar nuevamente al Consejo de la Magistratura de la Nación para que adopte con carácter de urgente todas las medidas conducentes para el desarrollo y puesta en marcha, en tiempo forma, del sistema del ingreso web de causas dispuesto en la acordada 16/2016.

Todo lo cual dispusieron mandaron, ordenando que se comunique, se publique en la página web del Tribunal, en la página del CIJ y en el Boletín Oficial, se registre en el libro correspondiente, por ante mí, que doy fe.

RICARDO LUIS LORENZETTI, Presidente de la Corte Suprema de Justicia de la Nación

ELENA I. HIGHTON DE NOLASCO, Ministro de la Corte Suprema de Justicia de la Nación

JUAN CARLOS MAQUEDA, Ministro de la Corte Suprema de Justicia de la Nación

CARLOS FERNANDO ROSENKRANTZ, Ministro de la Corte Suprema de Justicia de la Nación

HORACIO DANIEL ROSATTI, Ministro de la Corte Suprema de Justicia de la Nación

HECTOR DANIEL MARCHI, Secretario General de Administración de la Corte Suprema de Justicia Militar

08Jul/17

Acordada nº 6/2016 de 2 de marzo de 2016, de la Corte Suprema de Justicia de la Nacion (CSJN)

8 julio, 2017Acordada, ArgentinaAcordada nº 6/2016 de 2 de marzo de 2016, Bases de Datos, de la Corte Suprema de Justicia de la Nacion (CSJN), Seguridad InformáticaJosé Cuervo

Acordada nº 6/2016 de 2 de marzo de 2016, de la Corte Suprema de Justicia de la Nacion (CSJN), que dispone que este Tribunal, a través de la Dirección de Sistemas, dependiente de la Secretaria General de Administración, tendrá su cargo la seguridad informática

ACORDADA nº 6 de la Corte Suprema de Justicia de la Nación (CSJN), Expediente nº 931/2014

En Buenos Aires, a los 2 días del mes de marzo del año dos mil dieciséis, los Señores Ministros que suscriben la presente,

CONSIDERARON:

1°) Que este Tribunal viene desarrollando, desde el año 2004, una política activa en materia de publicidad transparencia con el fin de posibilitar el ejercicio por parte de la comunidad del derecho al control de los actos de gobierno, ordenando la difusión de las decisiones jurisdiccionales administrativas emanadas de los distintos tribunales,

2°) Que en este sentido, en su condición de órgano superior de la organización judicial argentina, ha dispuesto medidas para promover la difusión de las decisiones judiciales administrativas tanto de este Tribunal como de las distintas cámaras federales nacionales tribunales orales, con el objeto de permitir la comunidad una comprensión más acabada del quehacer judicial (acordadas 2, ambas de 2004, 15/2013, 24/2013 4/2014, entre otras).

Esta fue, precisamente, una de las razones por las que fue creada la Dirección de Comunicación Pública, en el marco de una política de comunicación abierta con la declarada finalidad de dar transparencia difusión aquellas decisiones (confr. acordadas 17/2006 9/2012),

3°) Que para asegurar el cumplimiento de esta finalidad, se estableció que resulta facultad exclusiva de la Corte Suprema de Justicia de la Nación, la captura transmisión de toda actividad procesal que se desarrolle en el Poder Judicial de la Nación, que por su naturaleza merezca difusión pública, quedando a su disposición los recursos tecnológicos necesarios de toda la jurisdicción para su concreción (conf. acordada 4/2014).

4°) Que la información almacenada en el Sistema Informático de Gestión Judicial, con la totalidad de los documentos registrados, constituye una base de datos de la Corte Suprema de Justicia de la Nación (conf. anexo de la acordada 24/2013).

5°) Que el Tribunal ya ha advertido la importancia de asegurar la transmisión de la información, audio, video aplicaciones de bases de datos la necesidad de establecer pautas de funcionamiento respecto de su control su disponibilidad (conf. acordada 4/2014).

Por ello,

ACORDARON:

Disponer que este Tribunal, través de la Dirección de Sistemas, dependiente de la Secretaria General de Administración, tendrá su cargo la seguridad informática de las bases de datos del Poder Judicial de la Nación vinculadas funciones jurisdiccionales; para lo cual adoptará las decisiones medidas que estime pertinentes, incluidas aquellas que tiendan preservar la integridad, infraestructura control del Centro de Datos del Poder Judicial de la Nación, lo que comprende servidores, equipos de comunicaciones, bases de datos, seguridad informática todo otro componente del servicio, sin que esto implique la transferencia de los mismos.

Todo lo cual dispusieron mandaron, ordenando que se comunique al Consejo de la Magistratura, se publique en la página web del Tribunal, en la página del CIJ se registre en el libro correspondiente, por ante mi, que doy fe.

08Jul/17

Resolución 640-E/2016 de 11 de agosto de 2016

8 julio, 2017Argentina, Resolucióncibercrimen, criminalidad informática, Programa Nacional contra Criminalidad, Resolución 640-E/2016 de 11 de agosto de 2016José Cuervo

Resolución 640-E/2016 de 11 de agosto de 2016, del Ministerio de Justicia y Derechos Humanos. Transfiere el Programa Nacional contra la Criminalidad Informática a la órbita de la Subsecretaría de Política Criminal.

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

Resolución 640-E/2016

Buenos Aires, 11 de agosto de 2016

VISTO el Expediente nº S04:0008872/2016 del registro de este Ministerio, la Resolución M.J. y D.H. nº 69 del 11 de marzo de 2016, y

CONSIDERANDO:

Que mediante la Resolución citada en el Visto se creó el Programa Nacional contra la Criminalidad Informática en la órbita de la Unidad Ministro de este Ministerio.

Que debido a la reorganización de tareas y funciones dentro de esta cartera de Estado, resulta oportuno transferir el citado Programa a la órbita de la Subsecretaría de Política Criminal de la Secretaría de Justicia de este Ministerio.

Que asimismo, deviene necesario integrar el Comité Consultivo previsto en el artículo 3° de la mencionada Resolución, designando a tales efectos y con carácter “ad honorem”, a los doctores Pablo Palazzi (D.N.I. n° 21.586.348), Gustavo Pressman (D.N.I. n° 13.914.620), Ezequiel Sallis (D.N.I. n° 23.093.606) y Marcos G. Salt (D.N.I. n° 16.037.555).

Que los profesionales nombrados cuentan con reconocida trayectoria y prestigio en la materia para integrar dicho ámbito.

Que el doctor Marcos G. Salt reúne asimismo las condiciones necesarias de experiencia, idoneidad y capacidad para desempeñar la función de supervisor operativo del referido Comité.

Que ha tomado la intervención de su competencia la Dirección General de Asuntos Jurídicos de este Ministerio.

Que la presente medida se dicta en virtud de las facultades conferidas por el artículo 4°, inciso b), apartado 9 de la Ley de Ministerios (T.O. 1992) y sus modificaciones.

Por ello,

EL MINISTRO DE JUSTICIA Y DERECHOS HUMANOS

RESUELVE:

Artículo 1º.- Transfiérase el Programa Nacional contra la Criminalidad Informática de la Unidad Ministro de esta cartera a la órbita de la Subsecretaría de Política Criminal de la Secretaría de Justicia de este Ministerio.

Artículo 2º.- El Comité Consultivo previsto en el artículo 3º de la Resolución M.J. y D.H. N° 69/16 estará integrado por los doctores Pablo Palazzi (D.N.I. nº 21.586.348), Gustavo Pressman (D.N.I. nº 13.914.620), Ezequiel Sallis (D.N.I. nº 23.093.606) y Marcos G. Salt (D.N.I. nº 16.037.555), quienes se desempeñarán con carácter “ad honorem”.

Artículo 3º.- Asígnase al doctor Marcos G. Salt (D.N.I. nº 16.037.555) la función de Supervisor Operativo del Comité Consultivo del Programa Nacional contra la Criminalidad Informática.

Artículo 4º.- Déjase sin efecto, a partir del 11 de marzo de 2016, el artículo 5º de la Resolución M.J. y D.H. nº 69/16.

Artículo 5º.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

GERMÁN CARLOS GARAVANO, Ministro, Ministerio de Justicia y Derechos Humanos.

08Jul/17

Disposición 17/2016, de 14 de julio de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP)

8 julio, 2017Argentina, Disposiciónde 14 de julio de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP), Disposición 17/2016, Legislación Argentina, Legislación Argentina 2016, Legislación Derecho InformáticoJosé Cuervo

Disposición 17/2016, de 14 de julio de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP). Obligados ante el Registro Nacional “No llame”

Visto el Expediente nº S04:0012306/2016 del registro de este Ministerio, la Ley nº 26951 y su reglamentación aprobada por el Decreto nº 2501 del 17 de diciembre de 2014, las Disposiciones DNPDP nº 3 del 16 de enero de 2015 y 44 del 18 de agosto de 2015, y

CONSIDERANDO:

Que entre las atribuciones asignadas a esta Dirección Nacional se encuentra la de dictar las normas reglamentarias que se deben observar en el desarrollo de las actividades comprendidas por la Ley nº 26951 y el Decreto nº 2501/14.

Que la Ley mencionada crea en el ámbito de la Dirección Nacional de Protección de Datos Personales, el Registo Nacional “No llame” con el objeto de proteger a los titulares o usuarios autorizados de los servicios de telefonía, en cualquiera de sus modalidades, de los abusos del procedimiento de contacto, publicidad, oferta, venta y regalo de bienes o servicios no solicitados.

Que en virtud del artículo 7 de la Ley nº 26951, quienes publiciten, oferten, vendan o regalen bienes o servicios utilizando como medio de contacto los servicios de telefonía en cualquiera de sus modalidades, no podrán dirigirse a ninguno de los inscriptos en el Registro Nacional “No llame” y deberán consultar la lista de inscriptos proporcionada por la autoridad de aplicación con una periodicidad de TREINTA (30) días correspondiendo a la Autoridad de Aplicación determinar el procedimiento para dicha consulta.

Que por la Disposición DNPDP nº 003/15, se implementó el Registro Nacional “No llame”, estableciéndose el procedimiento para la descarga del Formulario “C06 – Certificación de Requisitos de Obligados por el Registro Nacional No llame.- Ley 26.951“, el que habilita para la descarga de la lista de inscriptos en el Registro Nacional “No llame”.

Que el objeto de dicho procedimiento es que esta Autoridad de Control verifique que los obligados por la Ley 26.951 cumplan con los requisitos legales que les son exigidos para poder consultar el citado Registro.

Que, entre otros requisitos, en su carácter de usuarios y responsables de archivos, registros y bancos de datos de acuerdo a lo establecido en la Ley nº 25326 y su modificatoria, deben encontrarse inscriptos ante el Registro Nacional de Bases de Datos habilitado por esta Dirección Nacional, según establece el artículo 7, párrafo tercero, del Anexo I al Decreto nº 2501/14.

Que el artículo 7 de la Disposición DNPDP nº 2 del 14 de febrero de 2005 establece que la inscripción en el Registro Nacional de Bases de Datos tendrá validez anual.

Que a los fines de mantener actualizada la nómina de obligados por el Registro Nacional “No llame”, también resulta indispensable establecer un límite temporal a la validez de la misma.

Que por Disposición DNPDP nº° 44/15 se aprobó el “Sistema de Gestión de Denuncias”, cuya finalidad es determinar el trámite a ser asignado en cada caso y conformar las planillas con el detalle de las denuncias recibidas que se adjuntarán a las respectivas intimaciones.

Que es necesario fijar un criterio para los casos en que corresponda la apertura de actuaciones administrativas, a los fines de iniciar el procedimiento sancionatorio establecido en el artículo 31 , apartado 3 de la reglamentación de la Ley nº 25326 , aprobada por el Decreto nº 1558 del 29 de noviembre de 2001 y su modificatorio.

Que se considera apropiado iniciar actuaciones administrativas mensualmente, en concordancia con el plazo dispuesto en el artículo 7 de la Ley 26.951 para la consulta de inscripciones y bajas en el Registro Nacional “No llame”.

Que teniendo en cuenta la experiencia de esta Dirección Nacional a UN (1) año de la vigencia de la Ley 26.951 y normas reglamentarias y complementarias, se considera conveniente, a fin de evitar un dispendio administrativo desmedido, que la apertura de actuaciones administrativas se realice no sólo mensualmente, sino también teniendo en cuenta una cantidad de denuncias por denunciado que permita mayor celeridad y sencillez en la atención del procedimiento aplicable y, consecuentemente, una mejor protección de los derechos amparados por la Ley 26.951.

Que las denuncias que correspondan a empresas denunciadas que no alcancen el número considerado para la apertura de actuaciones administrativas, se incluirán en los meses sucesivos.

Que ha tomado intervención el servicio permanente de asesoramiento jurídico de este Ministerio.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 9 de la Ley nº 26.951 y el artículo 2 del Anexo I al Decreto nº 2501 del 17 de diciembre de 2014.

Por ello,

EL DIRECTOR NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

DISPONE:

Artículo 1.- La habilitación de obligados ante el Registro Nacional “No llame” tendrá validez anual. Dentro del plazo de CUARENTA Y CINCO (45) días corridos anteriores a la fecha de vencimiento de dicha inscripción, deberá solicitarse su renovación, completando el Formulario “C06 – Certificación de Requisitos de Obligados por el Registro Nacional No llame. Ley 26.951“.

Artículo 2.- Las habilitaciones que cuenten con más de UN (1) año desde su aprobación, deberán regularizar su situación dentro de los CUARENTA Y CINCO (45) días desde la entrada en vigencia de la presente.

Artículo 3.- La apertura de actuaciones administrativas se hará mensualmente, teniendo en cuenta una cantidad de denuncias por denunciado que permita mayor celeridad y sencillez en la atención del procedimiento aplicable. Las denuncias que correspondan a empresas denunciadas que no alcancen el número considerado para la apertura de actuaciones administrativas, se incluirán en los meses sucesivos.

Artículo 4.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.-

EDUARDO BERTONI, Director, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

08Jul/17

Disposición 55-E/2016, de 25 de octubre de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP)

8 julio, 2017Argentina, Disposiciónde 25 de octubre de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP), Disposición 55-E/2016, Legislación Argentina, Legislación Argentina 2016, Legislación Derecho Informático, Protección de datosJosé Cuervo

Disposición 55-E/2016, de 25 de octubre de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP), que aprueba el “Procedimiento de Inspección y Control de la Dirección Nacional de Protección de Datos Personales” de 2016.

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

Disposición 55-E/2016

Ciudad de Buenos Aires, 25 de octubre de 2016

VISTO el Expediente nº EX-2016-00206789- -APN-DNPDP del registro de este Ministerio, la Ley nº 25.326 y su Decreto Reglamentario nº 1558 del 29 de noviembre de 2001, modificado por su similar nº 1160 del 11 de agosto de 2010 y la Disposición nº 3 del 31 de julio de 2012 de esta Dirección Nacional, y

CONSIDERANDO:

Que la Ley nº 25.326 tiene por objeto la protección integral de los datos personales asentados en archivos, registros, bancos de datos, u otros medios técnicos de tratamiento de datos, sean éstos públicos, o privados destinados a dar informes, para garantizar el derecho al honor y a la intimidad de las personas, así como también el acceso a la información que sobre las mismas se registre, de conformidad a lo establecido en el artículo 43, párrafo tercero de la Constitución Nacional.

Que es facultad de esta Dirección Nacional diseñar los instrumentos que considere adecuados para la mejor protección de los datos personales y para el cumplimiento de sus funciones y atribuciones.

Que de conformidad con lo establecido en el artículo 29, inciso 1, apartados b) y e), de la Ley nº 25.326, se encuentran entre sus funciones y atribuciones, las de dictar las normas y reglamentaciones que se deben observar en el desarrollo de sus actividades; y las de solicitar la información pertinente a las entidades públicas y privadas, en orden a proporcionar los antecedentes, documentos, programas u otros elementos relativos al tratamiento de los datos que se le requieran.

Que asimismo tiene la facultad de controlar la observancia de las normas sobre integridad y seguridad de datos por parte de los archivos, registros o bancos de datos. A tal efecto podrá solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la Ley nº 25.326, conforme el artículo 29, inciso 1, apartado d), de la mencionada norma.

Que se ha iniciado un proceso de revisión interna de los procedimientos sobre inspecciones a efectos de hacerlo más eficiente y fortalecer el rol de órgano de control de esta Dirección Nacional.

Que, con la sanción de la Ley nº 26.951, que crea el Registro Nacional “No llame”, se establece que esta Dirección Nacional es su autoridad de aplicación, conforme su artículo 9°.

Que, por lo tanto, se impone ampliar el control que lleva a cabo este organismo a fin de fiscalizar el cumplimiento de las obligaciones que impone la norma citada en el párrafo precedente.

Que, por todo lo expuesto, deviene necesario derogar el procedimiento de inspección aprobado por la Disposición DNPDP nº 3/12, aprobando un nuevo procedimiento de inspección y control.

Que ha tomado la intervención que le compete la Dirección General de Asuntos Jurídicos de este Ministerio.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 29, inciso 1, apartado b) de la Ley nº 25.326 y el artículo 29, inciso 5, apartado a) del Anexo I del Decreto nº 1558/01 y su modificatorio.

Por ello,

EL DIRECTOR NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

DISPONE:

Artículo 1°.- Derógase la Disposición DNPDP N° 3 del 31 de julio de 2012.

Artículo 2°.- Apruébase el “Procedimiento de Inspección y Control de la Dirección Nacional de Protección de Datos Personales” que se dispone en el Anexo IF-2016-02519312-APN-DNPDP y que forma parte de la presente.

Artículo 3°.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

EDUARDO BERTONI, Director Nacional, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

ANEXO I.- “PROCEDIMIENTO DE INSPECCIÓN Y CONTROL DE LA DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES”

1) Objetivos de las inspecciones

a) Fiscalizar y controlar las actividades del responsable del tratamiento de datos, los datos personales que administra, y los medios y la forma en que lo hace.

b) Evaluar el grado de cumplimiento conforme lo dispuesto por la Ley nº 25.326, la Ley nº 26.951, y demás normativa aplicable en el marco de la competencia de la Dirección Nacional de Protección de Datos Personales (DNPDP), con el objeto de:

I) detectar incumplimientos a la normativa vigente; y

II) realizar los requerimientos necesarios para adecuar el tratamiento de datos a la normativa vigente.

2) Competencia

Las facultades de la DNPDP para llevar adelante las inspecciones están establecidas en las siguientes normas:

Artículo 29, inciso 1, apartado d), Ley nº 25.326: “Controlar la observancia de las normas sobre integridad y seguridad de datos por parte de los archivos, registros o bancos de datos. A tal efecto podrá solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la presente ley”.

Artículo 29, inciso 1, apartado e), Ley nº 25.326: “Solicitar información a las entidades públicas y privadas, las que deberán proporcionar los antecedentes, documentos, programas u otros elementos relativos al tratamiento de los datos personales que se le requieran. En estos casos, la autoridad deberá garantizar la seguridad y confidencialidad de la información y elementos suministrados”.

3) Alcance de la inspección

Las inspecciones abarcarán los siguientes aspectos, sin perjuicio de otros que puedan contemplarse al momento de llevarse a cabo:

a) Licitud de las bases de datos (artículos 3°, 21 y 24, Ley nº 25.326).

b) Calidad de los datos tratados (artículo 4°, Ley nº 25.326).

c) Consentimiento del titular del dato e información (artículos 5° y 6°, Ley nº 25.326).

d) Cumpliento de los principios de categrías de datos, seguridad y confidencialidad (artículos 7°, 9° y 10, Ley nº 25.326).

e) Requisitos de la cesión de datos y transferencia internacional de datos (artículos 11 y 12, Ley nº 25.326).

f) Ejercicio de los derechos de los titulares del dato (artículos 14, 15, 16 y 19, Ley nº 25.326).

g) Prestación de servicios de información crediticia (artículo 25, Ley nº 25.326).

h) Tratamiento de datos con fines de publicidad (artículo 27, Ley nº 25.326; Ley N° 26.951).

4) Tipos de inspección

a) De oficio: aquellas que la DNPDP inicia en ejercicio de sus facultades de fiscalización. Se dividen en:

I) Planificadas: las que surgen de la planificación anual.

II) Espontáneas: las que se originan en razones que llegan a conocimiento de la DNPDP, y que pueden impactar en la protección de datos personales y en el derecho a la privacidad.

b) Por denuncia: aquellas que se inician en el marco de una investigación que se sustancia a raiz de una denuncia interpuesta ante la DNPDP. La inspección en este caso tiene el carácter de medida probatoria del sumario administrativo.

5) Planificación de las inspecciones

La DNPDP implementará una planificación de las inspecciones que se llevarán a cabo durante un período determinado, sin perjuicio de otras que puedan ser ordenadas de forma espontánea o como consecuencia de un sumario administrativo.

La selección de los sujetos a inspeccionar estará basada en criterios objetivos de selección, tales como categorías de datos procesados; impacto del tratamiento de datos sobre la privacidad; cantidad de denuncias recibidas; tipo de denuncias recibidas; incumplimiento del deber de inscripción o renovación ante el RNBD.

El proceso de selección se sustanciará mediante un expediente administrativo y tendrá el objeto de identificar a los responsables de tratamientos de datos, sectores o grupos sobre los cuáles se llevaran a cabo las inspecciones. En las actuaciones se dejará constancia del o los criterios objetivos de selección utilizados.

6) Procedimiento de la inspección

a) Apertura del expediente y notificación al responsable sujeto a inspección

Se procederá a la apertura de un expediente administrativo por cada responsable sujeto a inspección seleccionado.

Mediante una providencia se identificarán los inspectores a cargo de cada actuación, quienes actuarán en forma conjunta y/o indistinta.

Se notificará la apertura del procedimiento y se requerirá completar y remitir en un plazo de QUINCE (15) días hábiles administrativos el Formulario de Inspección, debiendo el inspeccionado adjuntar la documentación respaldatoria de sus respuestas. El formulario será puesto a disposición del inspeccionado como anexo de la primera notificación o a través de la página web de la DNPDP, mediante la indicación de su URL para su descarga.

En los casos en los que se considere que la notificación previa pueda afectar el resultado de la inspección, aquella podrá omitirse mediante acto fundado. En estos casos se procederá directamente a llevar a cabo la visita presencial de los inspectores prevista en el punto 6.c de la presente.

b) Programación y notificación de las visitas presenciales

Recibido el formulario de inspección, se programarán las visitas presenciales que llevaran a cabo los inspectores.

La fecha, hora y lugar de la visita presencial se notificará con una antelación no menor a DIEZ (10) días hábiles administrativos. En la notificación podrán incluirse los requerimientos que a criterio del inspector resulten necesarios, y que podrán cumplirse por el inspeccionado hasta la fecha de la visita presencial.

c) Visita presencial

Los inspectores se harán presentes en domicilio denunciado por el inspeccionado, a los fines de la visita presencial, para acceder a locales, equipos o programas de tratamientos de datos personales y verificar el correcto cumplimiento de las obligaciones establecidas por la Ley nº 25.326.

Presentación: Los inspectores, previa acreditación, procederán a informar los objetivos y procedimiento de la inspección y verificarán las identidades de los representantes del responsable de tratamiento, corroborando la correspondiente personería o autorización.

Alcance: La inspección abarcará los aspectos jurídicos y técnicos del tratamiento de datos personales y su adecuación a las exigencias de la normativa vigente.

Para la realización de la inspección técnica, se podrán llevar a cabo todas las acciones destinadas a controlar la observancia de las normas sobre integridad y seguridad de datos.

Metodología: Con el objeto de formar un juicio objetivo, se emplearán las siguientes técnicas:

I) Verificaciones verbales: se llevarán a cabo entrevistas al personal del inspeccionado para obtener información verbal sobre los tratamientos de datos efectuados;

II) Verificaciones oculares: mediante la observación, se constatará el cumplimiento de aquellas obligaciones que permitan ser corroboradas visualmente;

III) Verificaciones documentales: análisis de los documentos aportados;

IV) Verificaciones técnicas: mediante las acciones destinadas a controlar la observancia de las normas sobre integridad y seguridad de datos.

Acta: En la visita presencial se labrará un Acta de Inspección, que podrá contener observaciones y requerimientos que a criterio del inspector sean necesarios, sin perjuicio de otros que eventualmente surjan en etapas procedimentales posteriores.

El Acta será suscripta por todos por los inspectores intervinientes y por al menos un representante del inspeccionado que acredite personería o autorización. Si el representante del inspeccionado se negare a firmar, se dejará debida constancia en el Acta, la que será suscripta sólo por los inspectores intervinientes.

En el caso que la inspección técnica deba realizarse en un local distinto al de la visita presencial, se hará constar dicha circunstancia en el Acta, determinando fecha y lugar de realización. Al momento de realizar la inspección técnica en local distinto, se labrará nueva Acta.

Autorización judicial para acceso a locales, equipos y programas: En caso de que resultare necesario solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la Ley nº 25.326, el inspector deberá elaborar un informe al Jefe de Departamento de Investigación y Difusión, o la unidad orgánica que eventualmente lo sustituya, quién elevará la respectiva petición al Director Nacional. En caso de compartir el criterio, se formulará el correspondiente requerimiento.

d) Cierre de la inspección

Con la información obtenida en las distintas etapas del procedimiento de inspección, los inspectores elaborarán y suscribirán un Informe Final en el que se establezca el nivel de cumplimiento del responsable inspeccionado.

Incorporado el Informe Final a las actuaciones, se procederá al cierre de la inspección mediante un acto que será subscripto por el Jefe de Departamento de Investigación y Difusión, o la unidad orgánica que eventualmente lo sustituya. Tanto el Informe Final como el acto de cierre serán notificados al inspeccionado.

Si en el Informe Final no se hubieran formulado observaciones, se procederá al archivo de las actuaciones. En caso contrario, las actuaciones pasarán a la etapa de seguimiento, sin perjuicio de la potestad del Director Nacional de ordenar la sustanciación de un sumario administrativo a fin de verificar la posible comisión de infracciones conforme Disposición DNPDP nº 7/15, concordantes y modificatorias.

e) Seguimiento de las inspecciones

En esta etapa se controlorá que el inspeccionado de cumplimiento a los requerimientos dispuestos para subsanar las observaciones señaladas en el Informe Final. A esos efectos, se lo intimará por el plazo de QUINCE (15) días hábiles administrativos.

En aquellos casos en los que el responsable no acredite su cumplimiento en tiempo y forma, se promoverá la sustanciación del correspondiente sumario administrativo.

Cumplidos la totalidad de los requerimientos en tiempo y forma, se dispondrá el archivo las actuaciones.

07Jul/17

Disposición 71-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP)

7 julio, 2017Argentina, DisposiciónDirección Nacional de Protección de Datos Personales (DNPDP), Disposición 71-E/2016, Legislación Informática de Argentina, Protección de datosJosé Cuervo

Disposición 71-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP). Nuevos topes máximos a la Graduación de Sanciones por idéntica conducta

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

Disposición 71- E/2016

Ciudad de Buenos Aires, 13 de diciembre de 2016

VISTO el Expediente n° EX 2016-00311622-APN-DNPDP del registro de este Ministerio, las Leyes nº 25.326 y 26.951 y sus reglamentaciones aprobadas por los Decretos nº 1558 del 29 de noviembre de 2001 y 2501 del 17 de diciembre de 2014, respectivamente y la Disposición DNPDP nº 7 del 8 de noviembre de 2005 y sus modificatorias, y

CONSIDERANDO:

Que esta Dirección Nacional es la Autoridad de Aplicación de ambas normas legales, contando con la facultad de imponer sanciones en caso de incumplimientos a lo por ellas normado.

Que por la Disposición DNPDP n° 7/05 y sus modificatorias se ha fijado el régimen de “Clasificación de Infracciones” y “Graduación de Sanciones” aplicable.

Que el punto 7 del Anexo II a la disposición citada establece que “Cada infracción deberá ser sancionada en forma independiente, debiendo acumularse cuando varias conductas sancionables se den en las mismas actuaciones”.

Que se ha observado que la aplicación de algunas de las sanciones previstas, cuando se trate de un cúmulo elevado de infracciones en las mismas actuaciones, daría lugar a montos muy altos que resultarían contrarios al logro de la finalidad preventiva o disuasoria de la sanción.

Que ello colocaría al sancionado en un estado de imposibilidad de pago y llevaría a interpretar el monto final de estas multas como confiscatorio o irrazonable, razón por la cual se estima necesario fijar topes al monto de las multas que pudieren resultar, teniendo en consideración que esa determinación brindará mayor razonabilidad y proporcionalidad al castigo impuesto, entendiendo ello como una exigencia de congruencia entre la entidad de las infracciones y la gravedad de las sanciones.

Que la Corte Suprema de Justicia de la Nación ha sostenido que “…la circunstancia de que la Administración obrase en ejercicio de facultades discrecionales, en manera alguna puede aquí constituir un justificativo de su conducta arbitraria; puesto que es precisamente la razonabilidad con que se ejercen tales facultades el principio que otorga validez a los actos de los órganos del Estado y que permite a los jueces, ante planteos concretos de parte interesada, verificar el cumplimiento de dicha exigencia” (Industria Maderera Lanín, Fallos 298:223) y que “…la facultad de graduación de una multa entre el mínimo y el máximo previsto por ley no escapa al control de razonabilidad que corresponde al Poder Judicial respecto de la Administración Pública, incluso cuando se trata de facultades discrecionales. Ello, pues la discrecionalidad no implica en modo alguno una libertad de apreciación extralegal, que obste una revisión judicial de la proporción o ajuste de la alternativa punitiva elegida por la autoridad, respecto de las circunstancias comprobadas, de acuerdo a la finalidad de la ley” (Prefectura Naval Argentina, Fallos 321:3103).

Que la doctrina ha sostenido que “Con acierto se ha escrito que el vicio de un acto afectado por exceso de punición es determinante de su irrazonabilidad, y que ésta se concreta en la falta de concordancia o proporción entre la pena aplicada y el comportamiento que motivó su aplicación. En otros términos, que la razonabilidad implica congruencia, adecuación de relación de medio a fin; el exceso identifica lo irrazonable (Marienhoff, Miguel S., “El exceso de punición como vicio del acto administrativo”, LL, 1989,- E, 969”) e implica “una violación del principio recogido en el Artículo 7º, inc. f, primer párrafo, in fine, de la Ley de Procedimientos Administrativos, que expresamente establece que las medidas que el acto involucre deben ser proporcionalmente adecuadas a las finalidades que resulten de las normas que asignan las facultades pertinentes al órgano emisor del acto”, de modo que “…el exceso de punición … no es sino, en definitiva, una variante de irrazonabilidad como vicio posible de todo acto jurídico estatal. En este orden de ideas una norma o un acto será excesivo en su punición cuando la sanción imponible impuesta a un particular no guarde adecuada proporcionalidad con la télesis represiva que sustentó -es razonable suponer- tanto el dictado de la norma como la emisión del acto individual que hace aplicación de ella” (Comadira, Julio Rodolfo, “Procedimientos Administrativos” Tomo I, pag. 331 Edit. La Ley).

Que a los fines de determinar el tope máximo de multa a aplicar se ha tomado como referencia el monto máximo de las multas establecidas en el artículo 47 de la Ley nº 24.240, sobre Protección y Defensa de los Consumidores, que regula las sanciones que puede aplicar la Autoridad de Aplicación de la mencionada ley y prevé multas de PESOS CIEN ($ 100.-) a PESOS CINCO MILLONES ($ 5.000.000.-).

Que ha tomado intervención el servicio permanente de asesoramiento jurídico de este Ministerio.

Que la presente medida se dicta en uso de las facultades conferidas por los artículos 29, inciso 1, apartado b) de la Ley nº 25.326 y 29, inciso 5, apartado a) del Anexo I al Decreto nº 1558/01 y 9° de la Ley n° 26.951.

Por ello,

EL DIRECTOR NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

DISPONE:

Artículo 1°.- Establécese que cuando un acto administrativo condenatorio incluya más de una sanción pecuniaria por idéntica conducta sancionable dentro de cada uno de los niveles de “Graduación de Sanciones” previsto por la Disposición DNPDP nº 7/05 y sus modificatorias, deberán aplicarse los siguientes topes máximos: a) para las infracciones leves: PESOS UN MILLÓN ($ 1.000.000.-), b) para las infracciones graves: PESOS TRES MILLONES ($ 3.000.000.-) y c) para las infracciones muy graves: PESOS CINCO MILLONES ($ 5.000.000.-),

Artículo 2°.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

EDUARDO BERTONI, Director Nacional, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

07Jul/17

Disposición 60-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP)

7 julio, 2017Argentina, DisposiciónArgentina, Decisión, Dirección Nacional de Protección de Datos Personales (DNPDP), Legislación Derecho InformáticoJosé Cuervo

Disposición 60-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP), que aprueba las cláusulas contractuales tipo de transferencia internacional para la cesión y prestación de servicios de datos personales

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

Disposición 60-E/2016

Ciudad de Buenos Aires, 16 de noviembre de 2016

VISTO el EX-2016-00311578- -APN-DNPDP y las competencias atribuidas a esta Dirección Nacional por la Ley nº 25.326 y su Decreto Reglamentario nº 1558 de fecha 29 de noviembre de 2001, y

CONSIDERANDO:

Que el artículo 12 del Anexo I al Decreto nº 1558/01, faculta a la Dirección Nacional de Protección de Datos Personales a “evaluar, de oficio o a pedido de parte interesada, el nivel de protección proporcionado por las normas de un Estado u organismo internacional”.

Que la misma norma sostiene que “el carácter adecuado del nivel de protección que ofrece un país u organismo internacional se evaluará atendiendo a todas las circunstancias que concurran en una transferencia o en una categoría de transferencias de datos; en particular, se tomará en consideración la naturaleza de los datos, la finalidad y la duración de tratamiento o de los tratamientos previstos, el lugar de destino final, las normas de derecho, generales o sectoriales, vigentes en el país de que se trate, así como las normas profesionales, códigos de conducta y las medidas de seguridad en vigor en dichos lugares, o que resulten aplicables a los organismos internacionales o supranacionales”.

Que, asimismo, dispone “que un Estado u organismo internacional proporciona un nivel adecuado de protección cuando dicha tutela se deriva directamente del ordenamiento jurídico vigente, o de sistemas de autorregulación, o del amparo que establezcan las cláusulas contractuales que prevean la protección de datos personales”.

Que por tales motivos, nuestra legislación admite como garantías adecuadas a los fines de la transferencia internacional de datos personales la existencia de autorregulación o cláusulas contractuales que brinden una protección similar a la de nuestra normativa.

Que a tales fines resulta pertinente determinar las garantías y requisitos necesarios para que las cláusulas contractuales protejan adecuadamente los datos personales que se transfieran a países sin legislación adecuada en los términos del artículo 12 del Anexo I al Decreto nº 1558/01.

Que entiende esta Dirección Nacional que se garantizaran mejor los derechos del titular de los datos personales mediante la aprobación de un modelo de contrato de transferencia internacional, tanto para los casos de cesión como para los de prestación de servicios, el que deberá ser adoptado por quienes deban realizar transferencias internacionales de datos.

Que, asimismo, cabe considerar los casos en que el responsable del tratamiento decida apartarse del modelo que se propone, situación en la que se estima conveniente exigir la presentación del contrato de transferencia internacional ante esta Dirección Nacional para su aprobación, a fin de una adecuada tutela de los derechos de los titulares de los datos a ser transferidos.

Que a los fines de la confección de los contratos modelo cabe tener en cuenta la experiencia internacional, en particular las conclusiones del documento de trabajo relativo a las transferencias de datos personales a terceros países del Grupo de Trabajo del Artículo 29 de la Directiva 95/46/EC, del 24 de julio de 1998 y las cláusulas contractuales tipo de la Comisión de la Comunidad Europea dispuestas en la Decisión 2001/497/CE del 15 de junio de 2001 y la Decisión 2010/87/UE del 5 de febrero de 2010.

Que cabe distinguir en las cláusulas modelo las dos alternativas prácticas más habituales de una transferencia internacional, como son la cesión de datos personales y la prestación de servicios, proponiendo modelos de cláusulas tipo diferenciadas para ambos supuestos.

Que a los fines de la aplicación de la presente medida resulta conveniente determinar aquellos países que a criterio de esta Dirección Nacional de Protección de Datos Personales poseen legislación adecuada.

Que en el expediente EXP-S04:0071111/2011 se analizó la legislación de aquellos países calificados como legislación adecuada por parte de la Unión Europea, concluyéndose sobre el nivel equivalente de las normativas de dichos países respecto de la Ley nº 25.326.

Que resulta conveniente informar al público los países con legislación adecuada a través de la página de Internet de la Dirección Nacional de Protección de Datos Personales, en particular si se tiene en cuenta que la definición de la adecuación de un país respecto de la ley argentina es una cuestión que puede sufrir variaciones periódicas.

Que es menester destacar que el reconocimiento a ciertos países como poseedores de legislación adecuada no importará una calificación, respecto de todos los demás países no incluidos en esa enumeración, como naciones que carecen de esa legislación adecuada.

Que la Dirección General de Asuntos Jurídicos de este Ministerio ha tomado la intervención de su competencia.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 29, inciso 1, apartado b) de la Ley nº 25.326 y el artículo 29, inciso 5, apartado a) y 12 del Anexo I al Decreto nº 1558/01.

Por ello,

El Director Nacional de Protección de Datos Personales

DISPONE:

ARTÍCULO 1°.- Apruébanse las cláusulas contractuales tipo de transferencia internacional para la cesión y prestación de servicios incorporadas en los Anexos I y II que forman parte integrante de la presente medida, respectivamente, a fin de garantizar un nivel adecuado de protección de datos personales en los términos del artículo 12 de la Ley nº 25.326 y del Anexo I al Decreto nº 1558/01 en aquellas transferencias de datos que tengan por destino países sin legislación adecuada.

ARTÍCULO 2°.- Dispónese que aquellos responsables de tratamiento que efectúen transferencias de datos personales a países que no posean legislación adecuada en los términos del artículo 12 de la Ley nº 25.326 y su Decreto reglamentario nº 1558/01, y utilicen contratos que difieran de los modelos aprobados en el artículo anterior o no contengan los principios, garantías y contenidos relativos a la protección de los datos personales previstos en los modelos aprobados, deberán solicitar su aprobación ante esta Dirección Nacional presentándolos, a más tardar, dentro de los TREINTA (30) días corridos de su firma.

ARTÍCULO 3°.- A los fines de la aplicación de la presente disposición se consideran países con legislación adecuada a los siguientes: Estados miembros de la Unión Europea y miembros del espacio económico europeo (EEE), Confederación Suiza, Guernsey, Jersey, Isla de Man, Islas Feroe, Canadá sólo respecto de su sector privado, Principado de Andorra, Nueva Zelanda, República Oriental de Uruguay y Estado de Israel sólo respecto de los datos que reciban un tratamiento automatizado. Esta enumeración será revisada periódicamente por esta Dirección Nacional, publicando la nómina y sus actualizaciones en su sitio oficial en Internet.

ARTÍCULO 4°.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

EDUARDO BERTONI, Director Nacional, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

ANEXO I.- Contrato modelo de transferencia internacional de datos personales con motivo de la cesión de datos personales

Entre, por una parte, ______________________________________, con domicilio en la calle________, localidad_____________, provincia de __________, Argentina, (en adelante, “el exportador de datos”) y, por otra, ____________________________ (nombre), __________ (dirección y país), (“en adelante, el importador de datos”), en conjunto “las partes”, convienen el presente contrato de transferencia internacional de datos personales, sometiéndola a los términos y condiciones que se detallan a continuación.

Cláusula 1) Definición de términos

A los efectos del presente contrato se entenderá por los siguientes términos:

a) “datos personales”, “datos sensibles”, “tratamiento”, “responsable” y “titular del dato”, el mismo significado que el establecido en la Ley nº 25.326, de Protección de Datos Personales.

b) “autoridad” o “autoridad de control”, la Dirección Nacional de Protección de Datos Personales de la República Argentina;

c) “exportador”, el responsable del tratamiento que transfiera los datos personales;

d) “importador”, el responsable del tratamiento radicado fuera de la jurisdicción argentina que reciba los datos personales procedentes del exportador de datos para su tratamiento de conformidad con los términos del presente.

Cláusula 2) Características específicas y finalidad del tratamiento

La finalidad y otros detalles específicos de la transferencia, como por ejemplo características de los datos personales transferidos, forma en que se atenderán los pedidos del titular del dato o la autoridad de control, cesiones o transferencias previstas a terceros, y jurisdicción en que se radicarán los datos, se especifican en el Anexo A, que forma parte del presente contrato. Las partes podrán suscribir en el futuro anexos adicionales a fin de incorporar detalles y características de aquellas transferencias que se realicen con posterioridad y que se enmarquen en el presente contrato.

Cláusula 3) Obligaciones del exportador de datos

El exportador de datos acuerda y garantiza lo siguiente:

a) La recopilación, el tratamiento y la transferencia de los datos personales se han efectuado y efectuarán de conformidad con la Ley nº 25.326, y manifiesta que ha cumplido en informar a los titulares de los datos que su información personal podía ser transferida a un tercer país con niveles inferiores de protección de datos a los de la República Argentina.

b) Hará entrega al importador de copia de la legislación vigente en Argentina aplicable al tratamiento de datos previsto.

c) En caso de ejercicio por parte del titular de los datos de los derechos que le otorga la Ley nº 25.326 respecto del tratamiento de sus datos personales previstos en el presente contrato, en especial sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, dará respuesta al mismo respetando los plazos de ley y disponiendo los medios para tal fin, sea por los datos en su poder o por pactarse como obligación a su cargo, lo que se indica en el Anexo A. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador, a menos que las partes hayan acordado que sea el importador quien responda a estas consultas. Aun en este supuesto, será el exportador quien deba responder, en la medida de lo posible y a partir de la información de que pueda disponer, si el importador de datos no responde.

d) Pondrá a disposición de los titulares de los datos, en su carácter de terceros beneficiarios a tenor de la cláusula 5, y a petición de éstos, una copia de las cláusulas que se relacionen al tratamiento de sus datos personales, derechos y garantías.

e) Ha realizado esfuerzos razonables para determinar que el Importador de datos es capaz de cumplir las obligaciones pactadas en el presente contrato. A tal efecto, el exportador podrá solicitar al importador la contratación de un seguro de responsabilidad para eventuales perjuicios ocasionados con motivo del tratamiento previsto, conforme se especifica en el Anexo A.

Cláusula 4) Obligaciones del importador de datos

El importador de datos acuerda y garantiza lo siguiente:

a) Disponer las medidas de seguridad y confidencialidad necesarias y efectivas para evitar la adulteración, pérdida, consulta o tratamiento no autorizado de los datos, y que permitan detectar desviaciones, intencionales o no, ya sea que los riesgos provengan de la acción humana o del medio técnico utilizado verificando que no sean inferiores a las dispuestas por la normativa vigente, de manera tal que garanticen el nivel de seguridad apropiado a los riesgos que entraña el tratamiento y a la naturaleza de los datos que han de protegerse;

b) dispondrá de procedimientos que garanticen que todo acceso a los datos transferidos se realizará por personal autorizado para ello, estableciendo niveles de acceso y claves, quienes cumplirán con el deber de confidencialidad y seguridad de los mismos, suscribiendo convenios a tales fines.

c) que ha verificado que la legislación local no impide el cumplimiento de las obligaciones, garantías y principios previstos en el presente contrato relativos al tratamiento de los datos personales y sus titulares, e informará al exportador de datos en forma inmediata en caso de tener conocimiento de la existencia de alguna disposición de esta índole;

d) tratará los datos personales para los fines descritos en el Anexo A;

e) comunicará al exportador de datos un punto de contacto dentro de su organización autorizado a responder a las consultas que guarden relación con el tratamiento de datos personales y cooperará de buena fe con el exportador de datos, el titular del dato y la autoridad respecto de tales consultas dentro de los plazos de ley. En caso de que el exportador de datos haya cesado de existir jurídicamente, o si así lo hubieran acordado las partes, el importador de datos asumirá las tareas relativas al cumplimiento de las disposiciones de la letra b) de la cláusula 3;

f) pondrá a disposición, a solicitud del exportador de datos o la autoridad, sus instalaciones de tratamiento de datos, sus ficheros y toda la documentación necesaria para el tratamiento, a efectos de revisión, auditoría o certificación. Estas labores serán realizadas, previa notificación razonable y durante horas laborables normales, por un inspector o auditor imparcial e independiente designados por el exportador o la autoridad, a fin de determinar si se cumplen las garantías y los compromisos previstos en el presente contrato;

g) tratará los datos personales de conformidad con la Ley nº 25.326 de protección de datos personales;

h) notificará sin demora al exportador de datos sobre:

i) toda solicitud jurídicamente vinculante de ceder datos personales presentada por una autoridad encargada de la aplicación de ley a menos que esté prohibido por la normativa aplicable (en la medida que no excedan lo necesario en una sociedad democrática siguiendo las pautas del epígrafe siguiente, punto 2),

ii) todo acceso accidental o no autorizado,

iii) toda solicitud sin respuesta recibida directamente de los titulares de los datos, a menos que se le autorice;

i) no cederá ni transferirá los datos personales a terceros excepto que:

1) se establezca de manera específica en el Anexo A del presente contrato o resulte necesario para su cumplimiento, verificando en ambos casos que el destinatario se obligue en iguales términos que el importador en el presente y siempre con el conocimiento y conformidad previa del exportador, o

2) la cesión sea requerida por ley o autoridad competente, en la medida que no exceda lo necesario en una sociedad democrática, por ejemplo, cuando constituya una medida necesaria para la salvaguardia de la seguridad del Estado, la defensa, la seguridad pública, la prevención, la investigación, la detección y la represión de infracciones penales o administrativas, o la protección del titular del dato o de los derechos y libertades de otras personas.

Al recibir la solicitud señalada arriba como punto 2), el Importador deberá de manera inmediata: a) verificar que la autoridad solicitante ofrezca garantías adecuadas de cumplimiento de los principios del artículo 4° de la Ley nº 25.326, y de los derechos de los titulares de los datos para el acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326 salvo en los siguientes casos y condiciones (conforme artículo 17 de la Ley nº 25.326):

i) previstos por la ley o mediante decisión fundada en la protección de la defensa de la Nación, el orden y la seguridad públicos, o la protección de los derechos e intereses de terceros,

ii) mediante resolución fundada y notificada al afectado, cuando pudieran obstaculizar actuaciones judiciales o administrativas en curso vinculadas a la investigación sobre el cumplimiento de obligaciones sujetas a control estatal y relativas al orden público, como ser: tributarias o previsionales, el desarrollo de funciones de control de la salud y del medio ambiente, la investigación de delitos penales y la verificación de infracciones administrativas; sin perjuicio de ello, se deberá brindar el acceso a los datos en la oportunidad en que el afectado tenga que ejercer su derecho de defensa; y b) en caso que la autoridad no otorgue u ofrezca las garantías indicadas en el punto a) inmediato anterior, prevalecerá la ley argentina, por lo que el Importador procederá a suspender el tratamiento en dicho país reintegrando los datos al Exportador según las instrucciones que este le imparta y notificando este último a la autoridad de control.

j) atenderá los pedidos que reciba del titular del dato (en su caso del exportador cuando actúe a su solicitud) respecto de los derechos que le otorga la Ley nº 25.326 sobre el tratamiento de sus datos personales previstos en el presente contrato —en su carácter de tercero beneficiario—, en especial sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, respetando los plazos de ley y disponiendo los medios para tal fin. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad —también en carácter de tercero beneficiario— relativas al tratamiento de los datos personales que realiza, sin perjuicio que las partes hayan acordado de otra forma respecto de quién responda a estas consultas;

k) destruirá, certificando tal hecho, y/o reintegrará al exportador, según se pacte en las condiciones particulares del Anexo A, los datos personales objeto de la transferencia cuando se produzca alguna de las siguientes circunstancias:

1) resolución del presente contrato;

2) imposibilidad de cumplimiento de las disposiciones de la Ley nº 25.326;

3) extinción de la finalidad por la que se transmitieron. Si a dicho momento la legislación nacional o la reglamentación local aplicable al importador no le permita devolver o destruir dichos datos en forma total o parcial, el importador se compromete a informar el plazo legal previsto y guardar el secreto sobre los mismos y a no volver a someterlos a tratamiento. En caso que dicho plazo de conservación sea contrario a los principios de protección de datos personales aplicables al caso no se reiterará la transferencia resolviéndose el contrato, al ser una causal de incumplimiento; y si se verificara tal condición durante la ejecución del contrato, éste deberá resolverse reintegrando los datos al Exportador conforme a las instrucciones que este le imparta.

l) llevará registro del cumplimiento de las obligaciones asumidas en la presente cláusula, cuyo informe estará disponible a pedido del exportador o la autoridad.

Cláusula 5) Responsabilidad y terceros beneficiarios

a) Cada una de las partes deberá responder ante los titulares de los datos por los daños que le hubiese provocado como resultado de la afectación de derechos reconocidos en este contrato en los términos previstos por la Ley nº 25.326, sus normas reglamentarias y derecho de fondo de Argentina.

b) Los titulares de los datos, podrán exigir al Importador, en carácter de terceros beneficiarios, el cumplimiento de las disposiciones de la Ley nº 25.326 relacionadas con el tratamiento de sus datos personales, conforme a las obligaciones y responsabilidades asumidas por las partes en el presente contrato, en particular lo relativo a los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos. 13 a 20 de la Ley nº 25.326; a tal fin, se someten a la jurisdicción argentina, tanto en sede judicial como administrativa. En aquellos casos en que se alegue incumplimiento por parte del importador de datos, el titular del dato podrá requerir al exportador que emprenda acciones apropiadas a fin de cesar dicho incumplimiento.

c) El importador acepta que la autoridad de control ejerza sus facultades respecto del tratamiento de datos que asume a su cargo, con los límites y facultades que le otorga la Ley nº 25.326, aceptando sus facultades de control y sanción, otorgándole a tales fines, en lo que resulte pertinente, el carácter de tercero beneficiario. Las tareas de auditoría podrán ser realizadas tanto por personal de la autoridad de control como por terceras personas idóneas por ella designadas para dicho acto o autoridades locales de competencias análogas en colaboración con la autoridad.

El importador de datos informará sin demora al exportador de datos en el caso de que la legislación existente aplicable a él o a cualquier subencargado no permita auditar al importador ni a los subencargados.

d) En caso que el Importador revoque, o no cumpla no obstante ser intimado por el Exportador otorgando un plazo perentorio de CINCO (5) días hábiles, con los derechos y facultades reconocidos a terceros beneficiarios en esta cláusula, tal hecho será causal de resolución automática del presente Contrato.

e) Las partes no se oponen a que los titulares de los datos estén representados por una asociación u otras entidades previstas por la ley argentina.

Cláusula 6) Legislación aplicable y jurisdicción

El presente contrato se regirá por la ley de la República Argentina, en particular la Ley nº 25.326, sus normas reglamentarias y disposiciones de la Dirección Nacional de Protección de Datos Personales, y entenderán en caso de conflicto vinculado a la protección de datos personales la jurisdicción judicial y administrativa de la República Argentina.

Cláusula 7) Resolución de conflictos con los titulares de los datos o con la autoridad

a) En caso de conflicto o de reclamación interpuesta contra una o ambas partes por un titular del dato o por la autoridad en relación con el tratamiento de datos personales, una parte informará a la otra sobre esta circunstancia y ambas cooperarán con objeto de alcanzar una solución lo antes posible y dentro de los plazos fijados por la Ley nº 25.326, participando activamente en cualquier proceso obligatorio.

b) Las partes acuerdan atender cualquier procedimiento de mediación que haya sido iniciado por un titular del dato o por la autoridad. Si deciden participar en el procedimiento no vinculante, podrán hacerlo a distancia (p. ej. por teléfono u otros medios electrónicos).

c) Cada una de las partes se compromete a acatar cualquier decisión de los tribunales competentes o de la autoridad cuyas decisiones sean finales y contra la que no pueda entablarse recurso alguno.

Cláusula 8) Resolución del Contrato

a) En caso que el importador de datos incumpla las obligaciones que le incumben en virtud de las presentes cláusulas, el exportador de datos deberá suspender temporalmente la transferencia de datos personales al importador hasta que se subsane el incumplimiento en plazo perentorio que le fije según la gravedad del hecho, notificando de dicho hecho a la autoridad de control.

b) El contrato se tendrá por resuelto, y así deberá declararlo el exportador previa intervención de la autoridad de control, en caso de que:

i) la transferencia de datos personales al importador de datos haya sido suspendida temporalmente por el exportador de datos durante un período de tiempo superior a TREINTA (30) días corridos de conformidad con lo dispuesto en la letra a);

ii) el cumplimiento por parte del importador de datos del presente contrato y la ley aplicable sean contrarios a disposiciones legales o reglamentarias en el país de importación;

iii) el importador de datos incumpla de forma sustancial o persistente cualquier garantía o compromiso previstos en las presentes cláusulas;

iv) una decisión definitiva y firme, contra la que no pueda entablarse recurso alguno de un tribunal argentino o de la Dirección Nacional de Protección de Datos Personales, que establezca que el importador o el exportador de datos han incumplido el Contrato; o

v) el exportador de datos, sin perjuicio del ejercicio de cualquier otro derecho que le pueda asistir contra el importador de datos, podrá resolver las presentes cláusulas cuando: se haya solicitado la administración judicial o la liquidación del importador de datos, ya sea a título personal o como empresario, y dicha solicitud no haya sido desestimada en el plazo previsto al efecto con arreglo a la legislación aplicable; se emita una orden de liquidación; se designe a un administrador para algunos de sus activos; se nombre un síndico de la quiebra; el importador de datos haya solicitado la declaración de concurso de acreedores; o se encuentre en una situación análoga ante cualquier jurisdicción.

En los casos contemplados en los incisos i), ii), o iv), también podrá proceder a la resolución el importador de datos sin necesidad de intervención de la autoridad de control.

c) Las partes acuerdan que la resolución del presente contrato por motivo que fuere no las eximirá del cumplimiento de las obligaciones y condiciones relativas al tratamiento de los datos personales transferidos.

Cláusula 9) Variación de las cláusulas

Las partes se comprometen a no modificar este contrato de forma tal que implique una disminución del nivel de tutela y garantías que otorga al titular del dato y la autoridad de control.

En prueba de conformidad, en la ciudad de _________________________ de ________________, se firman dos ejemplares de un mismo tenor y a un solo efecto a los ________ días del mes de __________ del año __________________.

……………………………………………. ………………………………………

Por el Importador de Datos Por el Exportador de Datos

ANEXO A.- DESCRIPCIÓN DE LA TRANSFERENCIA

(Deberá ser cumplimentado por las partes conteniendo la naturaleza y categorías de los datos a transferir, detallando los mismos, la finalidad del tratamiento al que serán sometidos, forma en que se atenderán los pedidos del titular del dato o la autoridad, y la jurisdicción en la que se radicarán los datos).

ANEXO II.- Contrato modelo de transferencia internacional de datos personales con motivo de prestación de servicios

Entre, por una parte, ______________________________________, con domicilio en la calle________, localidad_____________, provincia de __________, Argentina, (en adelante, “el exportador de datos”) y, por la otra, ____________________________ (nombre), __________ (dirección y país), (“en adelante, el importador de datos”), en conjunto “las partes”, convienen el presente contrato de transferencia internacional de datos personales para la prestación de servicios, sometiéndola a los términos y condiciones que se detallan a continuación.

Cláusula 1) Definiciones

A los efectos del presente contrato se entenderá por los siguientes términos:

b) “autoridad” o “autoridad de control”, la Dirección Nacional de Protección de Datos Personales de la República Argentina.

c) “exportador”, el responsable del tratamiento que transfiera los datos personales;

d) “importador” o “encargado del tratamiento”, el prestador de servicios en los términos del artículo 25 de la Ley nº 25.326 radicado fuera de la jurisdicción argentina que reciba los datos personales procedentes del exportador de datos para su tratamiento de conformidad con los términos del presente.

e) por «legislación de protección de datos» se entenderá la Ley nº 25.326 y normativa reglamentaria.

Cláusula 2) Características, finalidad de la transferencia y términos específicos

Los detalles y otros términos específicos de la transferencia y servicio previsto, como por ejemplo características de los datos personales transferidos, forma en que las partes pactan atender los pedidos del titular del dato o de la autoridad de control, transferencias previstas a terceros, y jurisdicción en que se radicarán los datos, se especifican en el Anexo A, que forma parte del presente contrato. Las partes podrán suscribir en el futuro anexos adicionales a fin de incorporar detalles y características de aquellas transferencias que se realicen con posterioridad y que se enmarquen en el presente contrato.

Cláusula 3) Responsabilidad y terceros beneficiarios

a) Los titulares de los datos, podrán exigir al Importador, en carácter de terceros beneficiarios, el cumplimiento de las disposiciones de la Ley nº 25.326 relacionadas con el tratamiento de sus datos personales, en particular lo relativo a los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, conforme a las obligaciones y responsabilidades asumidas por las partes en el presente contrato; a tal fin, se someten a la jurisdicción argentina, tanto en sede judicial como administrativa. En aquellos casos en que se alegue incumplimiento por parte del importador de datos, el titular del dato podrá requerir al exportador que emprenda acciones apropiadas a fin de cesar dicho incumplimiento.

b) El importador acepta que la Autoridad de Control ejerza sus facultades respecto del tratamiento de datos que asume a su cargo, con los límites y facultades que le otorga la Ley nº 25.326, aceptando sus facultades de control y sanción, otorgándole a tales fines, en lo que resulte pertinente, el carácter de tercero beneficiario.

c) En caso que el Importador revoque, o no cumpla no obstante ser intimado por el Exportador otorgando un plazo perentorio de CINCO (5) días hábiles, con los derechos y facultades reconocidos a terceros beneficiarios en esta cláusula, tal hecho será causal de resolución automática del presente Contrato.

d) Los titulares de los datos podrán exigir al importador el cumplimiento de obligaciones asumidas en el presente contrato relativas al tratamiento de los datos que sean propias del exportador, cuando este último haya desaparecido de hecho o haya cesado de existir jurídicamente, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigirlos a dicha entidad.

e) Los titulares de los datos podrán exigir al eventual subencargado de tratamiento de datos el cumplimiento de la presente cláusula y el cumplimiento de obligaciones asumidas en el presente contrato por parte del exportador y el importador, relativas al tratamiento de los datos que sean propias del exportador, cuando ambos hayan desaparecido de facto o hayan cesado de existir jurídicamente, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas de alguno de ellos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigirlos a dicha entidad. La responsabilidad civil del subencargado del tratamiento de datos se limitará a sus propias operaciones de tratamiento de datos según lo pactado entre las partes y estas cláusulas.

f) Las partes no se oponen a que los titulares de los datos estén representados por una asociación u otras entidades previstas por la ley Argentina.

Cláusula 4) Obligaciones del exportador de datos

El exportador de datos acuerda y garantiza lo siguiente:

a) La recopilación, el tratamiento y la transferencia de los datos personales se han efectuado y efectuarán de conformidad con la Ley nº 25.326.

b) Ha realizado esfuerzos razonables para determinar si el importador de datos es capaz de cumplir las obligaciones pactadas en el presente contrato. A tal efecto, el exportador podrá solicitar al importador la contratación de un seguro de responsabilidad para eventuales perjuicios ocasionados con motivo del tratamiento previsto, conforme se especifica en el Anexo A.

c) Durante la prestación de los servicios de tratamiento de los datos personales, dará las instrucciones necesarias para que el tratamiento de los datos personales transferidos se lleve a cabo exclusivamente en su nombre y de conformidad con la Ley nº 25.326 y el presente contrato;

d) Hará entrega al importador de copia de la legislación vigente en Argentina aplicable al tratamiento de datos previsto.

e) Garantiza que ha cumplido en informar a los titulares de los datos que su información personal podía ser transferida a un tercer país con niveles inferiores de protección de datos a los de la República Argentina;

f) Garantiza que en caso de subtratamiento la actividad se llevará a cabo por un subencargado que deberá contar con su conformidad previa expresa del exportador y que proporcionará por lo menos el mismo nivel de protección de los datos personales y derechos de los titulares de los datos que los aquí pactados con el importador de datos, celebrando un contrato a tales fines, y quien estará también bajo las instrucciones del Exportador;

g) En caso de ejercicio por parte del titular de los datos —como tercero beneficiario— de sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, dará respuesta al mismo dentro de los DIEZ (10) días corridos si se refiere a un pedido de acceso y de CINCO (5) días hábiles si se refiere a un pedido de rectificación, supresión o actualización, y disponiendo los medios para tal fin, sea por los datos en su poder o por haberse pactado como obligación a su cargo, lo que se indica en el Anexo A. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador, a menos que las partes hayan acordado que sea el importador quien responda a estas consultas. Aun en este supuesto, será el exportador quien deba responder, en la medida de lo razonablemente posible y a partir de la información de que razonablemente pueda disponer, si el importador de datos es incapaz de responder o no lo realiza.

h) Pondrá a disposición de los titulares de los datos, en su carácter de terceros beneficiarios a tenor de la cláusula 3, y a petición de éstos, una copia de las cláusulas que se relacionen al tratamiento de sus datos personales, derechos y garantías, así como una copia de las cláusulas de otros contratos necesarios para los servicios de subtratamiento de los datos que deba efectuarse de conformidad con este contrato.

Cláusula 5) Obligaciones del importador de datos

El importador de datos acuerda y garantiza lo siguiente:

a) tratará los datos personales transferidos solo en nombre del exportador de datos, de conformidad con sus instrucciones y las cláusulas. En caso de que no pueda cumplir estos requisitos por la razón que fuere, informará de ello sin demora al exportador de datos, en cuyo caso este estará facultado para suspender la transferencia de los datos o rescindir el contrato;

b) disponer las medidas de seguridad y confidencialidad necesarias y efectivas para evitar la adulteración, pérdida, consulta o tratamiento no autorizado de los datos, y que permitan detectar desviaciones, intencionales o no, ya sea que los riesgos provengan de la acción humana o del medio técnico utilizado verificando que no sean inferiores a las dispuestas por la normativa vigente, de manera tal que garanticen el nivel de seguridad apropiado a los riesgos que entraña el tratamiento y a la naturaleza de los datos que han de protegerse;

c) dispondrá de procedimientos que garanticen que todo acceso a los datos transferidos se realizará por personal autorizado para ello, estableciendo niveles de acceso y claves, quienes cumplirán con el deber de confidencialidad y seguridad de los mismos, suscribiendo convenios a tales fines.

d) que ha verificado que la legislación local no impide el cumplimiento de las obligaciones, garantías y principios previstos en el presente contrato relativos al tratamiento de los datos personales y sus titulares, e informará al exportador de datos en forma inmediata en caso de tener conocimiento de la existencia de alguna disposición de esta índole, en cuyo caso el Exportador podrá suspender la transferencia;

e) tratará los datos personales siguiendo las expresas instrucciones que le imparta el exportador conforme a los fines y forma descriptos en el Anexo A;

f) comunicará al exportador de datos un punto de contacto dentro de su organización autorizado a responder a las consultas que guarden relación con el tratamiento de datos personales y cooperará de buena fe con el exportador de datos, el titular del dato y la autoridad respecto de tales consultas dentro de los plazos de ley. En caso de que el exportador de datos haya cesado de existir jurídicamente, o si así lo hubieran acordado las partes, el importador de datos asumirá las tareas relativas a su cumplimiento conforme a lo dispuesto en la letra d) de la cláusula 3;

g) pondrá a disposición, a solicitud del exportador de datos o la autoridad, sus instalaciones de tratamiento de datos, sus ficheros y toda la documentación necesaria para el tratamiento, a efectos de revisión, auditoría o certificación. Estas labores serán realizadas, previa notificación razonable y durante horas laborables normales, por un inspector o auditor imparcial e independiente designados por el exportador o la autoridad, a fin de determinar si se cumplen las garantías y los compromisos previstos en el presente contrato;

h) tratará los datos personales de conformidad con la Ley nº 25.326, de protección de datos personales;

i) notificará sin demora al exportador de datos sobre:

ii) todo acceso accidental o no autorizado,

iii) toda solicitud sin respuesta recibida directamente de los titulares de los datos, a menos que se le autorice;

j) no cederá ni transferirá los datos personales a terceros excepto que:

i) previstos por la ley o mediante decisión fundada en la protección de la defensa de la Nación, el orden y la seguridad públicos, o la protección de los derechos e intereses de terceros,

k) atenderá los pedidos que reciba del titular del dato como tercero beneficiario, o del exportador, con motivo del ejercicio de los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, respetando los plazos de ley y disponiendo los medios para tal fin. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador de datos, sin perjuicio que las partes hayan acordado de otra forma quien responda a estas consultas en el Anexo A, siguiendo las instrucciones de la autoridad de control;

l) destruirá, certificando tal hecho, y/o reintegrará al exportador los datos personales objeto de la transferencia, cuando por cualquier causa se resuelva el presente Contrato.

ll) que, en caso de subtratamiento de los datos, habrá informado previamente al exportador de datos y obtenido previamente su consentimiento por escrito;

m) que los servicios de tratamiento por el eventual subencargado del tratamiento se llevarán a cabo de conformidad con la cláusula específica nº 10;

n) enviará sin demora al exportador de datos una copia del contrato que celebre con el subencargado del tratamiento con arreglo a este contrato y en el que se ha de otorgar al Exportador el carácter de tercero beneficiario a fin de impartir las instrucciones que considere necesarias y facultades para resolverlo.

ñ) llevará registro del cumplimiento de las obligaciones asumidas en la presente cláusula, cuyo informe estará disponible a pedido del exportador o la autoridad.

Cláusula 6) Responsabilidad

a) Las partes acuerdan que los titulares de los datos que hayan sufrido daños como resultado del incumplimiento de las obligaciones pactadas en el presente Contrato por cualquier parte o subencargado del tratamiento, tendrán derecho a percibir una indemnización del exportador de datos para reparar el daño sufrido.

b) En caso que el titular del dato no pueda interponer contra el exportador de datos la demanda de indemnización a que se refiere el epígrafe 1 por incumplimiento por parte del importador de datos o su subencargado de sus obligaciones impuestas en las cláusulas 5 y 10, por haber desaparecido de facto, cesado de existir jurídicamente o ser insolvente, el importador de datos acepta que el titular del dato pueda demandarle a él en el lugar del exportador de datos, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigir sus derechos a dicha entidad. El importador de datos no podrá basarse en un incumplimiento de un subencargado del tratamiento de sus obligaciones para eludir sus propias responsabilidades.

c) En caso de que el titular del dato no pueda interponer contra el exportador de datos o el importador de datos la demanda a que se refieren los apartados 1 y 2, por incumplimiento por parte del subencargado del tratamiento de datos de sus obligaciones impuestas en la cláusula 3 o en la cláusula 10, por haber desaparecido de facto, cesado de existir jurídicamente o ser insolventes ambos, tanto el exportador de datos como el importador de datos, el subencargado del tratamiento de datos acepta que el titular del dato pueda demandarle a él en cuanto a sus propias operaciones de tratamiento de datos en virtud de las cláusulas en el lugar del exportador de datos o del importador de datos, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos o del importador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigir sus derechos a dicha entidad. La responsabilidad del subencargado del tratamiento se limitará a sus propias operaciones de tratamiento de datos con arreglo a las presentes cláusulas.

Cláusula 7) Legislación aplicable y jurisdicción

Cláusula 8) Resolución de conflictos con los titulares de los datos

a) El importador de datos acuerda que si el titular del dato invoca en su contra derechos de tercero beneficiario o reclama una indemnización por daños y perjuicios con arreglo a las cláusulas, aceptará la decisión del titular del dato de:

i) someter el conflicto a mediación por parte de una persona independiente;

ii) presentar denuncia ante la Dirección Nacional de Protección de Datos Personales; y

iii) someter el conflicto a los tribunales argentinos competentes.

b) Las partes acuerdan que las opciones del titular del dato no obstaculizarán sus derechos sustantivos o procedimentales a obtener reparación de conformidad con otras disposiciones de Derecho nacional o internacional.

Cláusula 9) Cooperación con las autoridades de control

a) Las partes acuerdan que la autoridad de control está facultada para auditar al importador, o a cualquier subencargado, en la misma medida y condiciones en que lo haría respecto del exportador de datos conforme a la Ley nº 25.326, poniendo a disposición sus instalaciones de tratamiento de los datos. Las tareas de auditoría podrán ser realizadas tanto por personal de la autoridad de control como por terceras personas idóneas por ella designadas para dicho acto o autoridades locales de competencias análogas en colaboración con la autoridad.

b) El importador de datos informará sin demora al exportador de datos en el caso de que la legislación existente aplicable a él o a cualquier subencargado no permita auditar al importador ni a los subencargados.

Cláusula 10) Subtratamiento de datos

a) El importador de datos no subcontratará ninguna de sus operaciones de procesamiento llevadas a cabo en nombre del exportador de datos con arreglo a las cláusulas sin previo consentimiento por escrito del exportador de datos. Si el importador de datos subcontrata sus obligaciones deberá realizarse mediante un acuerdo escrito en el que el subencargado asuma iguales obligaciones que el importador, en lo que resulte compatible, sea frente al exportador de datos como el titular del dato y la autoridad de control, como terceros beneficiarios. En los casos en que el subencargado del tratamiento de datos no pueda cumplir sus obligaciones de protección de los datos con arreglo a dicho acuerdo escrito, el importador de datos seguirá siendo plenamente responsable frente al exportador de datos del cumplimiento de las obligaciones del subencargado del tratamiento de datos con arreglo a dicho acuerdo.

b) El contrato escrito previo entre el importador de datos y el subencargado del tratamiento contendrá asimismo una cláusula de tercero beneficiario que incluya aquellos casos en que el titular del dato no pueda interponer la demanda de indemnización a que se refiere el apartado a) de la cláusula 6 contra el exportador de datos o el importador de datos por haber estos desaparecido de facto, cesado de existir jurídicamente o ser insolventes, y ninguna entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos o del importador de datos en virtud de contrato o por ministerio de la ley. Dicha responsabilidad civil del subencargado del tratamiento se limitará a sus propias operaciones de tratamiento de datos conforme tareas subcontratadas.

c) Las disposiciones sobre aspectos de la protección de los datos en caso de subcontratación de operaciones de procesamiento se regirán por la legislación Argentina. Este requisito puede verse satisfecho mediante contrato entre importador y subencargado en el cual este último es cosignatario del presente Contrato.

d) El exportador de datos conservará la lista de los acuerdos de subtratamiento celebrados por el importador de datos, lista que se actualizará al menos una vez al año. La lista estará a disposición de la autoridad de control.

Cláusula 11) Resolución del Contrato

b) El contrato se tendrá por resuelto, y así deberá declararlo el exportador previa intervención de la autoridad de control, en caso de que:

ii) el cumplimiento por parte del importador de datos del presente contrato y la ley aplicable sean contrarios a disposiciones legales o reglamentarias en el país de importación;

iii) el importador de datos incumpla de forma sustancial o persistente cualquier garantía o compromiso previstos en las presentes cláusulas;

v) El exportador de datos, sin perjuicio del ejercicio de cualquier otro derecho que le pueda asistir contra el importador de datos, podrá resolver las presentes cláusulas cuando: se haya solicitado la administración judicial o la liquidación del importador de datos y dicha solicitud no haya sido desestimada en el plazo previsto al efecto con arreglo a la legislación aplicable; se emita una orden de liquidación o se decrete su quiebra; se designe a un administrador de cualquiera de sus activos; el importador de datos haya solicitado la declaración de concurso de acreedores; o se encuentre en una situación análoga ante cualquier jurisdicción.

En los casos contemplados en los incisos i), ii), o iv), también podrá proceder a la resolución el importador de datos sin necesidad de intervención de la autoridad de control.

Cláusula 12) Obligaciones una vez finalizada la prestación de los servicios de tratamiento de los datos personales

Las partes acuerdan que, una vez finalizada la prestación de los servicios de tratamiento de los datos personales, por motivo que fuere, el importador y el subencargado deberán, a discreción del exportador, o bien devolver todos los datos personales transferidos y sus copias, o bien destruirlos por completo y certificar esta circunstancia al exportador, a menos que la legislación aplicable al importador le impida devolver o destruir total o parcialmente los datos personales transferidos, verificando que dicho plazo de conservación no sea contrario a los principios de protección de datos personales aplicables, y en caso afirmativo se notificará a la autoridad de control.

En nombre del exportador de datos:

Nombre (completo):

……………………………………………………………………………………………………………………………………………….

Cargo: ……………………………………………………………………………………………………………………………………

Dirección: ……………………………………………………………………………………………………………………………….

…………………………………………………………….…………………………………………………………….

Otros datos necesarios con vistas a la obligatoriedad del contrato (en caso de existir):

…………………………………………………………………….…………………………………….………………

…………………………………………………………………………………………………………………………..

(Sello de la entidad)

Firma: …………………………………………………………………………………………………………………………………….

En nombre del importador de los datos:

Nombre (completo):

……………………………………………………………………………………………………………………………………………….

Cargo: ……………………………………………………………………………………………………………………………………

Dirección: ……………………………………………………………………………………………………………………………….

…………………………………………………………………………..………………………………………………

Otros datos necesarios con vistas a la obligatoriedad del contrato (en caso de existir):

……………………………………………………………………………………………………….………………….

……………………………………………………………………………….………………………………………….

…………………………………………………………………………….…………………………………………….

(Sello de la entidad)

Firma: …………………………………………………………………………………………………………………………………….

ANEXO A.- DESCRIPCIÓN DE LA TRANSFERENCIA Y SERVICIOS PREVISTOS

Exportador de datos

El exportador de datos es (especifique brevemente sus actividades correspondientes a la transferencia):

……………………………………………………………………………………..……………………………………….

……………………………………………………………………………………………………………………………………………….

Importador de datos

El importador de datos es (especifique brevemente sus actividades correspondientes a la transferencia):

……………………………………………………………………………………………………………………………………………….

Titulares de los datos

Los datos personales transferidos se refieren a las siguientes categorías de titulares de los datos:
………………………………………………………………………………………………………………………………………………

……………………………………………………………………………………………………………………………………………….

Características de los datos

Los datos personales transferidos se refieren a las siguientes categorías de datos: …………………

……………………………………………………………………………………………………………………………………………….

Tratamientos previstos y finalidad

Los datos personales transferidos serán sometidos a los siguientes tratamientos y finalidades:

……………………………………………………………………………………………………………………………..

………………………………………………………………………………………………………………………………………………

EXPORTADOR DE DATOS

Nombre: …………………………………………………………………………………………………………………………………

Firma ……………………………………………………………………………………………………………………………………..

IMPORTADOR DE DATOS

Nombre: …………………………………………………………………………………………………………………………………

Firma………………………………………………………………………………………………………………………………………

04Jul/17

Directriz nº 067-MICITT-H-MEIC, de 25 de abril de 2014

4 julio, 2017Costa Rica, DirectrizCertificados digitales, documentos electrónicos, firmas digitalesJosé Cuervo

Directriz nº 067-MICITT-H-MEIC, de 25 de abril de 2014 (La Gaceta Diario Oficial nº 79)

LA PRESIDENTA DE LA REPÚBLICA Y LOS MINISTROS DE CIENCIA, TECNOLOGÍA Y TELECOMUNICACIONES, DE HACIENDA Y LA MINISTRA DE ECONOMÍA, INDUSTRIA Y COMERCIO

En uso de las facultades conferidas en los artículos 140 incisos 3) y 18) y 146 de la Constitución Política de Costa Rica; artículos 25 inciso 1) y 28 inciso 2.b) de la Ley n° 6227, “Ley General de la Administración Pública”, publicada en el Diario Oficial La Gaceta n° 102 del 30 de mayo de 1978, Alcance n° 90; artículos 3, 4 y 100 de la Ley n° 7169, “Ley de Promoción del Desarrollo Científico y Tecnológico”, publicada en el Alcance nº 23 del Diario Oficial La Gaceta n° 144 del 01 de agosto de 1990 y sus reformas; artículos 1, 3, 9, 10, 11, 12, 23 y 24 inciso g) de la Ley n° 8454, “Ley de Certificados, Firmas Digitales y Documentos Electrónicos, publicada en el Diario Oficial La Gaceta
n° 197 del 13 de octubre del 2005; artículo 3 de la Ley n° 8131, “Ley de la Administración Financiera y Presupuestos Públicos”, publicada en el Diario Oficial La Gaceta nº 198 del 16 de octubre del 2001; artículos 4, 23, 24 y 25 del Decreto Ejecutivo n° 33018-MICIT, “Reglamento a la Ley de Certificados, Firmas Digitales y Documentos Electrónicos”, publicado en el Diario Oficial La
Gaceta n° 77 del 21 de abril del 2006 y sus reformas; la Ley n° 8220, “Ley de Protección al Ciudadano del Exceso de Trámites y Requisitos Administrativos”, publicada en el Diario Oficial La Gaceta n° 49 del 11 de marzo del 2002; el Decreto Ejecutivo n° 37045, “Reglamento a la Ley de
Protección al Ciudadano del Exceso de Requisitos y Trámites Administrativos”, publicado en el Diario Oficial La Gaceta nº° 60 del 23 de marzo de 2012, Alcance n° 36; la Política de Certificados para la Jerarquía Nacional de Certificadores Registradores; y la Política de Formatos Oficiales de los Documentos Electrónicos Firmados Digitalmente.

Considerando:

I.—Que el Estado costarricense debe implementar las Tecnologías de la Información y Comunicación bajo principios racionales de eficiencia en el uso de recursos y efectividad en su aplicación con el objetivo de garantizar la eficiencia y transparencia de la administración, así como para propiciar incrementos sustantivos en la calidad del servicio brindado a los ciudadanos de acuerdo con los derechos establecidos constitucionalmente.

II.—Que la Dirección de Certificadores de Firma Digital (DCFD), perteneciente al Ministerio de Ciencia, Tecnología y Telecomunicaciones (MICITT), es el órgano administrador, fiscalizador y supervisor del Sistema Nacional de Certificación Digital (SNCD).

III.—Que dentro de sus facultades, la Dirección de Certificadores de Firma Digital tiene la responsabilidad y potestad de definir políticas y requerimientos para el uso de los certificados digitales, así como establecer todas las medidas que estime necesarias para proteger los derechos, los intereses y la confidencialidad de los usuarios, la continuidad y eficiencia del servicio, y de velar por la ejecución de tales disposiciones.

IV.—Que los artículos 3 y 9 de la Ley de Certificados, Firmas Digitales y Documentos Electrónicos reconocen el mismo valor y eficacia probatoria de los documentos electrónicos firmados digitalmente con respecto a los documentos físicos firmados de manera manuscrita.

V.—Que de conformidad con el inciso k) del artículo 4 de la Ley de Promoción del Desarrollo Científico y Tecnológico Ley n° 7169, es deber del Estado impulsar la incorporación selectiva de la tecnología moderna en la Administración Pública, a fin de agilizar y actualizar permanentemente,
los servicios públicos en el marco de una reforma administrativa que ayude a lograr la modernización del aparato estatal costarricense, en procura de mejores niveles de eficiencia operativa. Siendo así, el uso de la firma digital certificada como herramienta de identificación confiable y segura ofrece una oportunidad fundamental para el incremento de la eficiencia, la eficacia, la transparencia y el acometimiento de los fines estatales.

VI.—Que la Ley de Certificados, Firmas Digitales y Documentos Electrónicos, así como su Reglamento, facultan al Estado y a todas sus instituciones públicas para utilizar los certificados, firmas digitales y documentos electrónicos dentro de sus respectivos ámbitos de competencia,
incentivar su uso para la prestación directa de servicios a los administrados, así como para facilitar la recepción, tramitación y resolución electrónica de sus gestiones.

VII.—Que de conformidad con el artículo 4 del Reglamento a la Ley de Certificados, Firmas Digitales y Documentos Electrónicos, el Estado y todas las dependencias públicas incentivarán el uso de documentos electrónicos, certificados y firmas digitales para la prestación directa de servicios a los administrados, así como para facilitar la recepción, tramitación y resolución
electrónica de sus gestiones y la comunicación del resultado correspondiente.

De igual manera todas las dependencias públicas deben procurar ajustar sus disposiciones a los principios de neutralidad tecnológica e interoperabilidad, no pudiendo imponer exigencias técnicas o jurídicas que impidan o dificulten injustificadamente la interacción con las oficinas públicas mediante el uso
de certificados y firmas digitales.

VIII.—Que por medio del artículo 25 del Reglamento a la Ley de Certificados, Firmas Digitales y Documentos Electrónicos, se autoriza a las instituciones del Estado a presupuestar y girar recursos, en la medida de sus posibilidades jurídicas y materiales, con el fin de contribuir a lograr los objetivos de la DCFD.

IX.—Que de conformidad con el artículo 3 de la Ley de la Administración Financiera de la República y Presupuestos Públicos n° 8131, se debe propiciar dentro de las instituciones públicas que la obtención y aplicación de los recursos públicos se realice según los principios de economía,
eficiencia y eficacia, orientados a los intereses generales de la sociedad costarricense.

X.—Que de conformidad con lo establecido en el artículo 2 inciso 20 del Decreto Ejecutivo nº 33018-MICIT, y en el punto 4.1.2 del documento de “Política de Certificados para la Jerarquía Nacional de Certificadores Registrados”, el solicitante de la firma digital certificada, durante el
proceso de solicitud e inscripción ante una Autoridad de Registro, debe firmar el “Acuerdo de Suscriptor”, mediante el cual se obliga a una serie de responsabilidades y deberes personales que son asumidos al firmar de manera digital dicho acuerdo, lo que le brinda el carácter personal al
dispositivo seguro de creación de la firma digital.

XI.—Que en vista de la situación actual de las instituciones públicas y con el fin de potenciar el uso de certificados digitales y firmas digitales en nuestro país, se ha considerado preciso redefinir y promover que los diferentes procesos que ejecutan las instituciones públicas se ofrezcan a los
ciudadanos haciendo uso de las tecnologías de información y comunicación, y en el caso específico, potenciando el uso de los certificados y firmas digitales como mecanismos de garantía de autenticidad, integridad y no repudio de los actos de manifestación de voluntad en toda la función pública.

XII.—Que en razón de lo anterior el Gobierno de Costa Rica considera necesario promover en las instituciones públicas el desarrollo de sistemas de información – tanto a lo interno (para con sus funcionarios) como a lo externo (para con los ciudadanos y otras instituciones) -, cuya conceptualización, diseño e implementación consideren y utilicen los certificados digitales y firmas digitales, permitiendo un mejor, eficiente, eficaz, seguro y oportuno servicio a los funcionarios y ciudadanos.

XIII.—Que la implementación de servicios o sistemas informáticos que utilicen la firma digital, implica un ahorro importante de tiempo y recursos que redundan en beneficios para la Administración Pública y el administrado, garantizando además una mayor transparencia en la ejecución de los trámites. De igual manera permite a las instituciones posicionarse como
organizaciones tecnológicas, que invierten y mantienen infraestructura tecnológica altamente modernizada y eficiente, garantizando un adecuado servicio y potenciando la interconexión e interoperabilidad con otras instituciones del Estado, colaborando activamente en el desarrollo del
gobierno electrónico, de la simplificación de trámites, y brindando mayor agilidad y seguridad tecnológica y jurídica en los servicios que se ofrecen al ciudadano.

XIV.—Que la Ley de Protección al Ciudadano del Exceso de Requisitos y Trámites Administrativos, Ley n° 8220, ordena simplificar los trámites y requisitos establecidos por la Administración Pública frente a los ciudadanos, evitando duplicidades y garantizando en forma expedita el derecho de
petición y el libre acceso a los departamentos públicos, contribuyendo de forma innegable en el proceso de reforzamiento del principio de seguridad jurídica del sistema democrático costarricense.

XV.—Que uno de los objetivos estratégicos en el eje de competitividad e innovación del Plan Nacional de Desarrollo 2011-2014, consiste en aumentar la producción mediante el mejoramiento en aspectos de reforma regulatoria y tramitología. Como acción estratégica en este campo destaca el uso intensivo de las facilidades tecnológicas cuyo propósito es hacer los procesos más
eficientes.

XVI.—Que el Poder Ejecutivo en el ejercicio de su potestad de dirección en materia de Gobierno, y los Ministerios de Ciencia, Tecnología y Telecomunicaciones, de Hacienda y de Economía, Industria y Comercio, como rectores en materia de tecnologías de la información, de asignación de los recursos públicos y de eficiencia de la administración pública respectivamente, deben procurar la existencia de sistemas de información más eficientes mediante un proceso razonado y dirigido por las oportunidades de mejora del Estado que estas habilitan, y no por implementaciones
transitorias. Por tanto,

Emiten la siguiente directriz:

MASIFICACIÓN DE LA IMPLEMENTACIÓN Y EL USO DE LA FIRMA DIGITAL EN EL SECTOR PÚBLICO COSTARRICENSE

Artículo 1°.- A partir de la publicación de esta directriz, todas las instituciones del sector público costarricense deberán tomar las medidas técnicas y financieras necesarias que le permitan disponer de los medios electrónicos para que los ciudadanos puedan obtener información, realizar consultas, formular solicitudes, manifestar consentimiento y compromiso, efectuar pagos, realizar transacciones y oponerse a las resoluciones y actos administrativos. Se busca con esta directriz hacer efectivo el derecho a exigir igualdad en el acceso por medios electrónicos a todos los servicios que se ofrecen por medios físicos, pudiendo las personas físicas utilizar en cualquier
escenario la capacidad de firma digital certificada, ya sea para autenticarse o para firmar todos los trámites con la institución por vía electrónica.

Artículo 2°.- Las instituciones del sector público costarricense deberán incluir dentro de sus procesos de compra, y en la medida de sus posibilidades presupuestarias, la adquisición de los mecanismos de firma digital certificada para sus funcionarios. Además, deberán implementar procesos internos soportados en plataformas digitales que utilicen la capacidad de autenticación y de firma digital certificada de sus funcionarios, y que potencien la reducción en el uso de papel y la mejora de su eficiencia y eficacia operativa.

Artículo 3°.- Todo nuevo desarrollo, funcionalidad o implementación de sistemas de información de las instituciones del sector público costarricense, en los cuales se ofrezcan servicios de cara al ciudadano o de utilización interna, deberá incorporar:

a.- Mecanismos de autenticación mediante firma digital certificada. Cuando un ciudadano se autentique utilizando firma digital certificada, se reconocerá la autenticidad plena y el valor de su relación con la institución por el canal electrónico.

b.- Mecanismos de firma de documentos y transacciones electrónicas mediante firma digital certificada cuando el trámite así lo requiera, tanto para uso de los funcionarios como para los ciudadanos involucrados en el proceso.

Artículo 4°.- Todo nuevo desarrollo, funcionalidad o implementación de sistemas de información de las instituciones del sector público costarricense, en los cuales se ofrezcan servicios de cara al ciudadano, deberá incorporar en la emisión de sus certificaciones, comprobantes, facturas y/o
comunicaciones electrónicas, mecanismos de firma digital certificada mediante el uso de los certificados digitales de Sello Electrónico de Persona Jurídica, que garanticen su validez y certeza jurídica.

Artículo 5°.- Las instituciones del sector público costarricense deberán, dentro de sus posibilidades presupuestarias, modernizar y ajustar los sistemas de información que tengan en operación, en los cuales se ofrezcan servicios de cara al ciudadano o de utilización interna, para incorporar mecanismos de autenticación mediante firma digital certificada; así como mecanismos
de firma de documentos y transacciones electrónicas mediante firma digital certificada cuando los trámites así lo requieran.

Artículo 6°.- En todo momento, los mecanismos de firma digital certificada deberán implementarse respetando la normativa vigente al respecto, garantizando así la validez de las firmas digitales en el tiempo, potenciando la interoperabilidad en el intercambio de documentos electrónicos entre instituciones, la apropiada conservación de los documentos electrónicos
firmados digitalmente, y el valor legal de la interacción entre el ciudadano y la institución por medios electrónicos a través del tiempo.

Artículo 7°.- En todos los casos donde las instituciones del sector público costarricense adquieran la capacidad de firma digital para sus funcionarios, se entenderá que el dispositivo seguro de creación de la firma digital certificada pasará a formar parte del patrimonio del funcionario público, por ser considerado un bien personal indispensable para el ejercicio no solo de sus funciones públicas, sino también de sus derechos y de sus atribuciones individuales.

Artículo 8°.- Las instituciones del sector público costarricense deberán realizar campañas y actividades de educación para sus funcionarios, que les permita aprender a utilizar los mecanismos de firma digital, así como reconocer la equivalencia jurídica y la eficacia probatoria de los documentos electrónicos firmados digitalmente con respecto a los documentos en papel con
firmas autógrafas, tal como la Ley n° 8454 lo establece. Para el caso de aquellos funcionarios responsables de la recepción y/o trámite de los documentos electrónicos, deberán también capacitarlos técnicamente para poder reconocer, interpretar y validar las firmas digitales asociadas a éstos documentos electrónicos.

Artículo 9°.- Los distintos jerarcas de las instituciones del sector público costarricense serán los responsables de la aplicación de lo dispuesto en la presente directriz, en lo que les corresponda.

Artículo 10.- Se insta a las Autoridades Certificadoras debidamente registradas y autorizadas por la Dirección de Certificadores de Firma Digital, para que en la medida de sus posibilidades y dentro de la normativa jurídica vigente, contribuyan con el aporte de recursos económicos, logísticos y
técnicos para dar continuidad y garantizar la calidad, eficiencia y seguridad del Sistema Nacional de Certificación Digital, y a su vez potenciar la emisión, implementación, adquisición y uso de los mecanismos de firma digital certificada en Costa Rica.

Artículo 11.- Se insta a todas las instituciones del sector público costarricense y a las empresas privadas, para que en la medida de sus posibilidades presupuestarias y dentro de la normativa jurídica vigente, contribuyan con el aporte de recursos económicos, logísticos y técnicos para potenciar la exitosa emisión, implementación, adquisición y uso de los mecanismos de firma digital certificada en Costa Rica.

Artículo 12.- Transitorio único. La fecha límite para la aplicación de lo establecido en los artículos 4, 5 y 8 de ésta directriz, es el 16 de diciembre del 2016.

Artículo 13.- Rige a partir de su publicación.

Dada en la Presidencia de la República, a los tres días del mes de abril del año dos mil catorce.

LAURA CHINCHILLA MIRANDA.-

El Ministro de Ciencia, Tecnología y Telecomunicaciones, José Alejandro Cruz Molina.

El Ministro de Hacienda, Edgar Ayales Esna.

La Ministra de Economía, Industria y Comercio, Mayi Antillón Guerrero.

01Jul/17

Número 17, primer semestre 2017

1 julio, 2017Revista2017, Revista Informática JurídicaJosé Cuervo

ISSN 1989-5852
Título clave: Revista informática jurídica
Tít. abreviado: Rev. inform. jurid.

Introducción

En este decimoséptimo número de la Revista, aparecen artículos de colaboradores por orden alfabético.

Un agradecimiento especial a los 42 colaboradores que han aportado sus artículos para hacer posible la publicación semestral de esta revista, que ya lleva 8 años y medio

Un cordial saludo para todos y gracias por vuestra colaboración.

José Cuervo Álvarez

Introducción
Albizu Ortiz, Rayda L.
Almodóvar Pérez, Evelyn Judith
Avilés, Jeanevy
Barbosa Garriga, Teremari
Calbetó Vaillant, María
Casí Ladrón de Guevara, Yosvanys
Corchado López, Iliana
Correa Colón, Danishia
Cruz Cobián, Lorraine de la
De la Cruz Leyva, Viana
De la Cruz Moreno, César Miguel
Díaz-Cáceres, Vivian E.
Estrada Jiménez, Pedro Manuel
Fonseca Hernández, Juan Antonio
Gil, Anabelle
Hechavarria Derronselet, Yoendrís
Hernández Zamora, Cecilia Rosa
Jiménez, Yoileana
León Fonseca, Marcos Antonio
Leyva Regalon, José A.
López Álvarez, Lesbia
Mayoral Céspedes, Irisleydis
Morales Delgado, Irma
Muñiz Maldonado, Noralys
Negrón, Carlos M.
Ocasio Otero, María M.
Ortiz Mussenden, Rubén
Pompa Rodríguez, Lisandra
Rodríguez Cabrera, Julio
Rosales Arévalo, Evelio
Sánchez, Ramón
Santiago Gómez, Hector L.
Santisteban García, Rolando Bairon
Sasso Borges, Cedrid P.
Silva Del Rosario, Yamila
Sosa Gierbolini, Raquel
Torres Báez, Josúe
Torres Huertas, Gianina
Torres Manso, Wilma
Vázquez Guerrero, Iluminado Agustín
Velázquez Ballester, Rodolfo Villar
Velázquez Lominchar, Arlin

Albizu Ortiz, Rayda L.

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico

El Derecho a Desconectarse: La protección de la Privacidad del Empleado, frente al Patrono (Fuera del entorno laboral) Trabajo en colaboración con Cedric P. Sasso Borges y Vivian E. Díaz-Cáceres (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Almodóvar Pérez, Evelyn Judith

JD Candidate, School of Law. Interamerican University of Puerto Rico. BA in Political Science. University of Puerto Rico

Necesidad tipificación del cyberbulling como delito independiente en el Código Penal de Puerto Rico y sus limitaciones constitucionales (14.05. 2017) (Trabajo en colaboración con Jeanevy Avilés y Ramón Sánchez)

Avilés, Jeanevy

JD Candidate, School of Law. Interamerican University of Puerto Rico. BA in Political Science. University of Puerto Rico

Necesidad tipificación del cyberbulling como delito independiente en el Código Penal de Puerto Rico y sus limitaciones constitucionales (14.05. 2017) (Trabajo en colaboración con Evelyn Judith Almodóvar Pérez y Ramón Sánchez). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Barbosa Garriga, Teremari

Estudiante de Cyber Law, de la Facultad de Derecho. Universidad Interamericana de Puerto Rico.

Las redes sociales: vehículo de trata de niños. Trabajo realizado en colaboración con Danishia Correa Colón y Lorraine De la Cruz Cobián. (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Calbetó Vaillant, María

Estudiante de Derecho Cibernético del Profesor Fredrick Vega, en la Facultad de Derecho Interamericana de Puerto Rico.

Noticias falsas en las redes sociales e internet. Trabajo en colaboración con Julio Rodríguez Cabrera (14.05.2017).

Casí Ladrón de Guevara, Yosvanys

La tarea docente en la clase de programación (12.02.2017) (Trabajo en colaboración con Marcos Antonio León Fonseca, Juan Antonio Fonseca Hernández y Noralys Muñiz Maldonado)
Consideraciones metodológicas para la enseñanza de la programación (12.02.2017) (Trabajo en colaboración con Marcos Antonio León Fonseca, Juan Antonio Fonseca Hernández y Noralys Muñiz Maldonado)

Corchado López, Iliana

Estudiante de la Universidad Interamericana de Puerto Rico. Facultad de Derecho

El derecho del empleado frente al patrono por expresiones publicadas en las Redes Sociales. Trabajo en colaboración con Gianina Torres Huertas e Irma Morales Delgado (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Correa Colón, Danishia

Estudiante de Cyber Law, de la Facultad de Derecho. Universidad Interamericana de Puerto Rico.

Las redes sociales: vehículo de trata de niños. Trabajo realizado en colaboración con Teremari Barbosa Garriga y Lorraine De la Cruz Cobián. (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Cruz Cobián, Lorraine de la

Estudiante de Cyber Law, de la Facultad de Derecho. Universidad Interamericana de Puerto Rico.

Las redes sociales: vehículo de trata de niños. Trabajo realizado en colaboración con Danishia Correa Colón y Teremari Barbosa Garriga. (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

De la Cruz Leyva, Viana

Universidad de Granma

Análisis comparativo de algoritmos para recomendar documentos basados en filtrado colaborativo (20.06.2017) (Trabajo en colaboración con Rolando Bairon Santisteban García y Yamila Silva del Rosario)

De la Cruz Moreno, César Miguel

MSc Prof. Aux. César Miguel de la Cruz Moreno. Universidad de Granma. Sede “Blas Roca Calderío”

OBJEPLA (19.06.2017) (Trabajo en colaboración con Yoendrís Hechavarria Derronselet)

Díaz-Cáceres, Vivian E.

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico.

El Derecho a Desconectarse: La protección de la Privacidad del Empleado, frente al Patrono (Fuera del entorno laboral) Trabajo en colaboración con Rayda L. Albizu Ortiz y Cedric P. Sasso Borges (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Estrada Jiménez, Pedro Manuel

Profesor del departamento de Informática, Facultad de Ciencias Informáticas, Naturales y Exactas. Universidad de Granma. Cuba

Sistema Informático para la gestión de la información bibliográfica docente en la Universidad de Granma (23.06.2017) (Artículo en colaboración con Ing. Lisandra Pompa Rodríguez, Ing. Irisleydis Mayoral Céspedes e Ing. José A. Leyva Regalon)

Fonseca Hernández, Juan Antonio

La tarea docente en la clase de programación (12.02.2017) (Trabajo en colaboración con Marcos Antonio León Fonseca, Yosvanys Casí Ladrón de Guevara y Noralys Muñiz Maldonado)
Consideraciones metodológicas para la enseñanza de la programación (12.02.2017) (Trabajo en colaboración con Marcos Antonio León Fonseca, Yosvanys Casí Ladrón de Guevara y Noralys Muñiz Maldonado)

Gil, Anabelle

J. D. Candidata. Curso Law 348 D: International Private Law-Cyber Law. Prof. Fredrick Vega

Derivative Work: Super Mario Politics. (Trabajo realizado en colaboración con Yoileana Jiménez y María M. Ocasio Otero) (22.05.2017)

Hechavarria Derronselet, Yoendrís

Licenciado Yoendrís Hechavarria Derronselet, profesor Asistente de la Universidad de Granma, Sede “Blas Roca Calderío”

OBJEPLA (19.06.2017) (Trabajo en colaboración con César Miguel de la Cruz Moreno)
Conjunto de activades para desarrollar habilidades en la aplicación de microsoft word en los alumnos de séptimo grado de la ESBU “Paquito Rosales Benito” (19.06.2017)

Hernández Zamora, Cecilia Rosa

Aspirante a Doctora y profesora Asistente del Departamento Educación Laboral-Informática de la Universidad de Granma. Sede “Blas Roca Calderío” Manzanillo. Granma. Cuba

La disciplina lenguajes y técnicas de programación y el desarrollo del Pensamiento Algorítmico (19.06.2017) (Trabajo en colaboración con Evelio Rosales Arévalo)

Jiménez, Yoileana

J. D. Candidata. Curso Law 348 D: International Private Law-Cyber Law. Prof. Fredrick Vega

Derivative Work: Super Mario Politics. (Trabajo realizado en colaboración con Anabelle Gil y María M. Ocasio Otero) (22.05.2017)

León Fonseca, Marcos Antonio

La tarea docente en la clase de programación (12.02.2017) (Trabajo en colaboración con Juan Antonio Fonseca Hernández, Yosvanys Casí Ladrón de Guevara y Noralys Muñiz Maldonado)
Consideraciones metodológicas para la enseñanza de la programación (12.02.2017) (Trabajo en colaboración con Juan Antonio León Fonseca, Yosvanys Casí Ladrón de Guevara y Noralys Muñiz Maldonado)

Leyva Regalon, José A.

Profesor del departamento de Informática, Facultad de Ciencias Informáticas, Naturales y Exactas. Universidad de Granma. Cuba

Sistema Informático para la gestión de la información bibliográfica docente en la Universidad de Granma (23.06.2017) (Artículo en colaboración con Ing. Lisandra Pompa Rodríguez, Ing. Irisleydis Mayoral Céspedes e Ing. Pedro Manuel Estrada Jiménez)

López Álvarez, Lesbia

El proceso de enseñanza aprendizaje de la Didáctica de la Informática en entornos virtuales (13.02. 2017) (Trabajo en colaboración con MSc. Wilma Torres Manso)

Mayoral Céspedes, Irisleydis

Profesora del departamento de Informática, Facultad de Ciencias Informáticas, Naturales y Exactas. Universidad de Granma. Cuba

Sistema Informático para la gestión de la información bibliográfica docente en la Universidad de Granma (23.06.2017) (Artículo en colaboración con Ing. Lisandra Pompa Rodríguez, Ing. Irisleydis Mayoral Céspedes e Ing. Pedro Manuel Estrada Jiménez)

Morales Delgado, Irma

Estudiante de la Universidad Interamericana de Puerto Rico. Facultad de Derecho

El derecho del empleado frente al patrono por expresiones publicadas en las Redes Sociales. Trabajo en colaboración con Gianina Torres Huertas e Iliana Corchado López (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Muñiz Maldonado, Noralys

La tarea docente en la clase de programación (12.02.2017) (Trabajo en colaboración con Marcos Antonio León Fonseca, Juan Antonio Fonseca Hernández y Yosvanys Casí Ladrón de Guevara)
Consideraciones metodológicas para la enseñanza de la programación (12.02.2017) (Trabajo en colaboración con Marcos Antonio León Fonseca, Juan Antonio Fonseca Hernández y Yosvanys Casí Ladrón de Guevara)

Negrón, Carlos M.

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico

Los contratos Cibernéticos ¿Qué relación contractual tenemos con Facebook (14.05.2017) (Trabajo en colaboración con Raquel Sosa Gierbolini)

Ocasio Otero, María M.

J. D. Candidata. Curso Law 348 D: International Private Law-Cyber Law. Prof. Fredrick Vega

Derivative Work: Super Mario Politics. (Trabajo realizado en colaboración con Yoileana Jiménez y Anabelle Gil) (22.05.2017)

Ortiz Mussenden, Rubén

Estudiante de Juris Doctor. Facultad de Derecho, Universidad Interamericana de Puerto Rico

La privacidad y los aparatos voladores a control remoto recreacionales “Drones”. Trabajo en colaboración con Hector L. Santiago Gómez y Josúe Torres Báez (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Pompa Rodríguez, Lisandra

Especialista en gestión de la información bibliografía docente. Universidad de Granma. Cuba.

Sistema Informático para la gestión de la información bibliográfica docente en la Universidad de Granma (23.06.2017) (Artículo en colaboración con Ing. José A. Leyva Regalon, Ing. Irisleydis Mayoral Céspedes e Ing. José A. Leyva Regalon)

Rodríguez Cabrera, Julio

Estudiante de Derecho Cibernético del Profesor Fredrick Vega-Lozada, en la Facultad de Derecho Interamericana de Puerto Rico.

Noticias falsas en las redes sociales e internet. Trabajo en colaboración con María Calbetó Vaillant (14.05.2017).

Rosales Arévalo, Evelio

Lic. Evelio Rosales Arévalo, profesor Asistente, del Departamento Educación Laboral-Informática de la Universidad de Granma. Sede “Blas Roca Calderío”. Manzanillo. Granma. Cuba

La disciplina lenguajes y técnicas de programación y el desarrollo del Pensamiento Algorítmico (19.06.2017) (Trabajo en colaboración con Cecilia Rosa Hernández Zamora)

Sánchez, Ramón

JD Candidate, School of Law. Interamerican University of Puerto Rico. BA in Political Science. University of Puerto Rico

Necesidad tipificación del cyberbulling como delito independiente en el Código Penal de Puerto Rico y sus limitaciones constitucionales (14.05. 2017) (Trabajo en colaboración con Jeanevy Avilés y Evelyn Judith Almodóvar Pérez)

Santiago Gómez, Hector L.

Estudiante de Juris Doctor. Facultad de Derecho, Universidad Interamericana de Puerto Rico

La privacidad y los aparatos voladores a control remoto recreacionales “Drones”. Trabajo en colaboración con Rubén Ortiz Mussenden y Josúe Torres Báez (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Santisteban García, Rolando Bairon

Delegación Provincial de la Agricultura en Granma

Análisis comparativo de algoritmos para recomendar documentos basados en filtrado colaborativo (20.06.2017) (Trabajo en colaboración con Viana De la Cruz Leyva y Yamila Silva del Rosario)

Sasso Borges, Cedrid P.

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico

El Derecho a Desconectarse: La protección de la Privacidad del Empleado, frente al Patrono (Fuera del entorno laboral) Trabajo en colaboración con Rayda L. Albizu Ortiz y Vivian E. Díaz-Cáceres (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Silva Del Rosario, Yamila

Análisis comparativo de algoritmos para recomendar documentos basados en filtrado colaborativo (20.06.2017) (Trabajo en colaboración con Viana De la Cruz Leyva y Rolando Bairon Santisteban García)

Sosa Gierbolini, Raquel

Estudiante de la Facultad de Derecho de la Universidad Interamericana de Puerto Rico

Los contratos Cibernéticos ¿Qué relación contractual tenemos con Facebook (14.05.2017) (Trabajo en colaboración con Carlos M. Negrón)

Torres Báez, Josúe

Estudiante de Juris Doctor. Facultad de Derecho, Universidad Interamericana de Puerto Rico

La privacidad y los aparatos voladores a control remoto recreacionales “Drones”. Trabajo en colaboración con Hector L. Santiago Gómez y Rubén Ortiz Mussenden (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Torres Huertas, Gianina

Estudiante de la Universidad Interamericana de Puerto Rico. Facultad de Derecho

El derecho del empleado frente al patrono por expresiones publicadas en las Redes Sociales. Trabajo en colaboración con Iliana Corchado López e Irma Morales Delgado (14.05.2017). Trabajo de Derecho Cibernético (Cyber Law”) que imparte el Profesor Fredrick Vega-Lozada.

Torres Manso, Wilma

El proceso de enseñanza aprendizaje de la Didáctica de la Informática en entornos virtuales (13.02. 2017) (Trabajo en colaboración con MSc. Lesbia López Álvarez)

Vázquez Guerrero, Iluminado Agustín

Los marcadores, su utilidad en la solución de problemas en Ms word (19.06.2017) (Trabajo en colaboración con Arlín Velázquez Lominchar e Rodolfo Vidal Velázquez Ballester)

Velázquez Ballester, Rodolfo Villar

Los marcadores, su utilidad en la solución de problemas en Ms word (19.06.2017) (Trabajo en colaboración con Arlín Velázquez Lominchar e Iluminado Agustín Vázquez Guerrero)

Velázquez Lominchar, Arlin

Los marcadores, su utilidad en la solución de problemas en Ms word (19.06.2017) (Trabajo en colaboración con Rodolfo Vidal Velázquez Ballester e Iluminado Agustín Vázquez Guerrero)

01Jul/17

A0581

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0581

01Jul/17

A0582

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0582

01Jul/17

A0583

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0583

01Jul/17

A0584

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0584

01Jul/17

A0585

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0585

01Jul/17

A0586

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0586

01Jul/17

A0587

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0587[

01Jul/17

A0588

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0588

01Jul/17

A0589

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0589

01Jul/17

A0590

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0590

01Jul/17

A0591

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0591

01Jul/17

A0592

1 julio, 2017Certificados RevistaCertificados Revista Electrónica Informática JurídicaJosé Cuervo

A0592

01Jul/17

A0593

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0593

01Jul/17

A0594

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0594

01Jul/17

A0595

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0595

01Jul/17

A0596

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0596

01Jul/17

A0597

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0597

01Jul/17

A0598

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0598

01Jul/17

A0599

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0599

01Jul/17

A0564

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0564

01Jul/17

A0565

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0565

01Jul/17

A0566

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0566

01Jul/17

A0567

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0567

01Jul/17

A0568

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0568

01Jul/17

A0569

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0569

01Jul/17

A0570

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0570

01Jul/17

A0571

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0571

01Jul/17

A0572

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0572

01Jul/17

A0573

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0573

01Jul/17

A0574

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0574

01Jul/17

A0575

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0575

01Jul/17

A0576

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0576

01Jul/17

A0577

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0577

01Jul/17

A0578

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0578

01Jul/17

A0579

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0579

01Jul/17

A0580

1 julio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0580

24Jun/17

A0563

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0563

24Jun/17

A0562

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0562

https://www.informatica-juridica.com/wp-content/uploads/2017/06/A0562.docx

24Jun/17

A0561

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0561

24Jun/17

A0560

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0560

24Jun/17

A0559

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0559

24Jun/17

A0558

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0558

24Jun/17

A0557

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0557

24Jun/17

A0556

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0556

24Jun/17

A0555

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0555

24Jun/17

A0554

24 junio, 2017Certificados RevistaCertificado Revista Electrónica Informática JurídicaJosé Cuervo

A0554

27Abr/17

Proyecto de Ley de Protección de Datos en Chile, abril de 2017

27 abril, 2017Proyecto de Leyabril de 2017, Proyecto de Ley de Protección de Datos en ChileJosé Cuervo

Boletín n° 11.144 -07

Proyecto de ley, iniciado en mensaje de S. E. la Presidenta de la República, que regula la protección y el tratamiento de los datos personales y crea la Agencia de Protección de Datos Personales.

MENSAJE nº 001-365/
Honorable Senado:

Tengo el honor de someter a vuestra consideración el siguiente proyecto de ley que regula la protección y el tratamiento de los datos personales.

I.- ANTECEDENTES GENERALES

1. Desarrollo de la economía digital

En muchos sentidos el Siglo XXI representa el inicio de una nueva era. No sólo porque desde una perspectiva convencional y temporal marca el punto de partida del nuevo milenio, sino también porque en lo que va transcurrido de él se han sucedido cambios y transformaciones sociales, culturales y tecnológicas de extraordinaria envergadura. La mayor de estas transformaciones se puede sintetizar en el proceso de transición desde la sociedad industrial a la sociedad digital.

La sociedad digital ha expandido los espacios de libertad, autonomía y desarrollo de las personas, pero también ha diseñado nuevos y sofisticados sistemas de control y vigilancia que amenazan o limitan esa misma libertad.

Parte importante de los desafíos que actualmente enfrentan las sociedades y los gobiernos es crear reglas de conducta que permitan organizar las transformaciones en la sociedad digital. Se trata de diseñar instituciones, marcos normativos e incentivos que permitan generar convergencias entre la información personal y su uso, entre las libertades individuales y el interés público, entre la vida privada y la información pública, entre la interconexión global y las identidades locales, entre la tecnología y la humanidad.

La sociedad del conocimiento y la información han dado paso a una nueva economía: la economía digital. La inserción de los países a esta nueva realidad exige la adaptación de sus regulaciones, prácticas, instituciones y la organización industrial y productiva de las empresas al uso generalizado de las tecnologías de la información.

La expansión de la economía digital tiene evidentes efectos positivos para el bienestar de los ciudadanos. Entre otras cosas, es amigable con el medio ambiente, genera eficiencias en la asignación de recursos, posibilita la creación de nuevos negocios y aumenta la satisfacción de los consumidores.

Las barreras que enfrenta un desarrollo más vigoroso de la economía digital vienen dadas por restricciones en el acceso y uso de las nuevas tecnologías de la información y en la existencia de hábitos y prácticas culturales que enfatizan el uso de sistemas análogos por sobre los sistema digitales. Pero más aún, se alimenta en la desconfianza de los consumidores respecto de la seguridad relativa al cumplimiento de los requisitos de autenticidad, integridad y confidencialidad de las operaciones y sus registros, y en la falta de un marco normativo adecuado y de instituciones eficaces para sancionar las infracciones y resolver las controversias.

Otra restricción importante se encuentra en la configuración de los mercados y en la conducta de los agentes económicos. Muchas empresas mantienen rentas ancladas en prácticas que no son compatibles con sistemas abiertos, competitivos y transparentes propios de una sociedad y de una economía digital. En esta nueva era las empresas exitosas son aquellas que valoran el conocimiento, la información, la innovación y la competencia.

Chile es una economía pequeña y abierta al mundo. Las empresas chilenas se han insertado competitivamente en la economía global y el país es un destino atractivo para las inversiones extranjeras.

Sin embargo, para que Chile mantenga e incremente su trayectoria de desarrollo y crecimiento económico, es necesario, tal como lo ha venido planteando la OCDE en sus recomendaciones, emprender cambios y transformaciones que permitan avanzar hacia una economía más innovadora, basada en el conocimiento e integrada por más empresas que sean capaces de competir a nivel mundial y participar en las cadenas globales de valor, especialmente en el ámbito de los servicios globales.

Una de las mayores deudas en materia regulatoria es la falta de una legislación moderna y flexible que permita cumplir las normas y estándares internacionales en materia de protección y tratamiento de los datos personales.

2. Contexto internacional

Desde el año 2010, Chile es parte de la Organización para la Cooperación y el Desarrollo Económico (OCDE). El ingreso de nuestro país a dicha organización implicó esfuerzos significativos para lograr la adaptación de las políticas públicas y la legislación interna a las recomendaciones que emanan de esa organización, en materia social y económica.

En este sentido, este proyecto de ley recoge las recomendaciones que la propia organización ha puesto a disposición de los países miembros. Entre ellas, destacan las directrices sobre protección de la privacidad y flujos transfronterizos de datos personales. Estos instrumentos dan cuenta de los principios y contenidos básicos que deben recoger las normativas internas de los países para asegurar el respeto a la privacidad y la protección de los datos personales.

Las orientaciones de la OCDE relativas al flujo transfronterizo de datos personales es una materia de particular relevancia en este proyecto, dado el acelerado intercambio de información, la expansión del comercio electrónico y el desarrollo de la economía digital. Chile en la actualidad no cuenta con normas en esta materia y su incorporación resulta clave para el desarrollo de mercados emergentes de la economía como la exportación de servicios.

II.- DERECHO FUNDAMENTAL A LA VIDA PRIVADA Y SU PROTECCIÓN

La Constitución Política de la República garantiza el derecho fundamental a la vida privada y su protección. A su vez, la Declaración Universal de los Derechos Humanos de las Naciones Unidas prescribe que nadie sufrirá injerencias arbitrarias en su vida privada, su familia, domicilio o correspondencia, ni ataques a su honra o reputación. La Convención Americana sobre Derechos Humanos, denominada “Pacto de San José de Costa Rica”, por su parte consagra la protección de la honra y la dignidad de la persona, prohibiendo injerencias arbitrarias en su vida privada.

Consistente con el marco constitucional y los tratados internacionales ratificados por Chile, el año 1999 se dictó la ley n° 19.628, sobre protección de la vida privada, que establece las normas que actualmente regulan la protección y el uso de los datos de carácter personal de las personas naturales, tanto en sus aspectos sustantivos como procedimentales.

Si bien dicha ley constituyó un gran avance al momento de su dictación, es un hecho indiscutido que el acelerado desarrollo tecnológico, la masificación en el uso de las tecnologías de la información, el extendido acceso a internet, la expansión del comercio electrónico, unido a los nuevos desafíos que enfrentan las sociedades y los Estados para reconocer y proteger los derechos de sus ciudadanos, han llevado a que esta normativa haya terminado siendo insuficiente.

La obsolescencia de algunos de sus criterios u orientaciones y la ausencia de una autoridad de control que den eficacia a la ley, son parte de un diagnóstico en el que existe un amplio consenso entre los actores políticos e institucionales, agentes económicos, medios de comunicación social y la ciudadanía en general.

Este diagnóstico compartido se ha expresado en diversas propuestas e iniciativas orientadas a poner de manifiesto la necesidad de impulsar un nuevo marco regulatorio.

En la actualidad existen más de 60 iniciativas legales en tramitación, originadas mayoritariamente en mociones parlamentarias, que se refieren a estas materias, todas las cuales fueron consideradas en la elaboración del presente proyecto de ley. Asimismo, durante el mes de agosto de 2016, la Unidad de Evaluación de la Ley de la Cámara de Diputados presentó un informe en que evaluó los impactos y desafíos de la ley n° 19.628 y formuló un conjunto de conclusiones y recomendaciones, muchas de las cuales fueron recogidas en esta propuesta.

El Poder Judicial también ha sido un actor relevante en este proceso. La Corte Suprema ha contribuido a la reflexión jurídica y al debate doctrinario en torno a la garantía, protección y equilibrio de los diversos derechos fundamentales que entran en juego en este ámbito: vida privada, intimidad, honra, libertad de opinión e información, acceso a la información y transparencia, entre otros.

Por último, también han aportado a este debate el sector privado, las organizaciones empresariales, los académicos, la sociedad civil y la ciudadanía. En particular, es importante destacar las contribuciones técnicas realizadas por el Consejo de la Sociedad Civil de Economía Digital y la Mesa Público Privada de Protección de Datos. En consecuencia, este proyecto de ley busca balancear y equilibrar las diferentes miradas y opciones técnicas, económicas, jurídicas y políticas que se promueven por los diversos actores, instituciones y grupos de interés que participan de este debate, proponiendo un marco regulatorio que proteja los derechos y libertades de las personas, garantice el tratamiento lícito de los datos personales por parte de terceros, sin entrabar ni entorpecer la libre circulación de la información y, en definitiva, se alcance una legislación moderna y flexible que permita enfrentar los desafíos del país de cara al Siglo XXI.

III.- OBJETIVOS DEL PROYECTO DE LEY

1.- Objetivo general

Este proyecto de ley tiene como objetivo general actualizar y modernizar el marco normativo e institucional con el propósito de establecer que el tratamiento de los datos personales de las personas naturales se realice con el consentimiento del titular de datos o en los casos que autorice la ley, reforzando la idea de que los datos personales deben estar bajo la esfera de control de su titular, favoreciendo su protección frente a toda intromisión de terceros y estableciendo las condiciones regulatorias bajo las cuales los terceros pueden efectuar legítimamente el tratamiento de tales datos, asegurando estándares de calidad, información, transparencia y seguridad.

De esta forma, el principal desafío regulatorio es equilibrar la protección de los derechos de las personas, especialmente el respeto y protección a la vida privada e intimidad, con la libre circulación de la información, asegurando que las reglas de autorización y uso que se establezcan no entraben ni entorpezcan el tratamiento lícito de los datos por parte de las personas, organismos y empresas.

2.- Objetivos específicos

En cuanto a los objetivos específicos de este proyecto de ley, se plantean los siguientes:

a.- Establecer las condiciones regulatorias que permitan reforzar los derechos de los titulares de datos personales en relación a las operaciones de tratamiento de datos que legítimamente efectúen los agentes privados y públicos.

b.- Dotar al país de una legislación moderna y flexible en materia de tratamiento de datos personales, que sea consistente con los compromisos internacionales adquiridos luego de su incorporación a la OCDE y ajustada a las normas y estándares internacionales.

c.- Incrementar los estándares legales de Chile en el tratamiento de datos personales para transformarlo en un país con niveles adecuados de protección y seguridad, promoviendo el desarrollo de la economía digital y favoreciendo la expansión del mercado de los servicios globales.

d.- Definir estándares regulatorios, condiciones operacionales y un marco institucional que legitime el tratamiento de los datos personales por parte de los órganos públicos, garantizando el cumplimiento de la función pública y los derechos de los ciudadanos.

e.- Contar con una autoridad de control de carácter técnico y una institucionalidad pública que asuma los desafíos regulatorios y de fiscalización en materia de protección de las personas y tratamiento de los datos personales.

IV.- CONTENIDO DEL PROYECTO

1.- Determinación precisa del ámbito regulatorio

El objeto de la ley es regular el tratamiento de los datos personales, asegurando el respeto y protección de los derechos y libertades fundamentales de los titulares de datos (personas naturales), en particular el derecho a la vida privada.

El ámbito de aplicación de la ley es todo tratamiento de datos personales que realicen las personas naturales o jurídicas, incluidos los órganos públicos, que no se encuentre regido por una ley especial. Al mismo tiempo, se establece el carácter supletorio de esta normativa para todos aquellos tratamientos de datos regulados en leyes especiales.

Se excluyen expresamente de este régimen regulatorio al tratamiento de datos personales que se realice en el ejercicio de las libertades de emitir opinión y de informar regulado por las leyes especiales dictadas de conformidad al numeral 12 del artículo 19 de la Constitución Política de la República, y el tratamiento que efectúen las personas naturales en relación con sus actividades personales.

Además, cabe señalar que este proyecto de ley no innova respecto de la regulación específica y actualmente vigente, referida al tratamiento de los datos personales relativos a obligaciones de carácter económico, financiero, bancario o comercial, manteniendo íntegramente las normas contenidas en el Título III de la ley, salvo adecuaciones formales y de referencia.

2.- Principios rectores y actualización de definiciones legales

Se incorporan un conjunto de principios rectores en materia de protección y tratamiento de los datos personales que han sido reconocidos en las directrices de la OCDE y en la legislación comparada. Estos principios constituyen el marco teórico y normativo que inspiran toda la regulación del tratamiento de los datos personales y permiten orientar la aplicación e interpretación doctrinaria y jurisprudencial de esta normativa. Estos principios son la licitud del tratamiento, finalidad, proporcionalidad, calidad, seguridad, responsabilidad e información.

En el tratamiento de datos personales por parte de los organismos públicos se incorporan además los principios de coordinación, eficiencia, transparencia y publicidad.

Con el objeto de facilitar a los operadores del sistema la aplicación e interpretación de la ley, se actualizan e incorporan nuevas definiciones legales, adaptándolas a las que se usan en las legislaciones más modernas, las recomendaciones técnicas de los organismos internacionales y el estado actual del arte y la técnica.

3.- Reforzamiento y ampliación de los derechos de los titulares de datos
Se reconocen al titular de datos personales los derechos de acceso, rectificación, cancelación y oposición, los denominados “derechos ARCO”. Estos derechos son irrenunciables, gratuitos y no puede limitarse su ejercicio en forma convencional.

El derecho de acceso permite solicitar y obtener confirmación acerca de si sus datos personales están siendo tratados por el responsable y acceder a ellos, en su caso. El derecho de rectificación busca que se modifique o completen los datos cuando sean inexactos o incompletos. El derecho de cancelación persigue que se supriman o eliminen los datos del titular por las causales previstas en la ley. El derecho de oposición permite requerir que no se lleve a cabo un tratamiento de datos determinado por la concurrencia de las causales previstas en la ley.

Con el objeto de asegurar un ejercicio eficaz de los derechos ARCO, se establece un procedimiento directo y eficaz para que cualquier titular de datos pueda recurrir directamente ante el responsable de datos ejerciendo el correspondiente derecho ARCO, permitiéndose bloquear transitoriamente los datos en cuestión. Si el responsable no acoge la solicitud o no responde dentro del plazo que le fija la ley, el titular puede presentar un reclamo ante la autoridad de control. La resolución de la autoridad de control es reclamable ante la Corte de Apelaciones respectiva.

Siguiendo las tendencias regulatorias más modernas se introduce el derecho a la portabilidad de los datos personales, en virtud del cual el titular de datos puede solicitar y obtener del responsable en un formato electrónico estructurado, genérico y de uso habitual, una copia de sus datos personales y comunicarlos o transferirlos a otro responsable de datos.

Por otro lado y haciéndose cargo de un debate actual, complejo y que exige armonizar diversos bienes sociales, esta propuesta legislativa incorpora y refuerza la regulación del denominado “derecho al olvido” en relación a los datos relativos a infracciones penales, civiles, administrativas y disciplinarias. Se busca contar con una regla que equilibre adecuadamente el derecho de las personas a reducir el acceso a información desfavorable y que afecta su reputación social, con el derecho a la información y el interés público que hay envuelto en el acceso a ella.

4.- Consentimiento del titular como la principal fuente de legitimidad del tratamiento de datos

Concordante con el principio que los datos personales deben estar bajo la esfera de control de su titular, se establece el consentimiento como la fuente principal de legitimidad del tratamiento de los datos personales.

El consentimiento del titular debe ser libre, informado, inequívoco, otorgado en forma previa al tratamiento y específico en cuanto a su finalidad o finalidades.

Se consideran excepciones a las regla del consentimiento, tales como cuando la información ha sido recolectada de una fuente de acceso público; cuando sean datos relativos a obligaciones de carácter económico, financiero, bancario o comercial; o cuando el tratamiento sea necesario para la ejecución o el cumplimiento de una obligación legal o de un contrato en que es parte el titular.

5.- Régimen de responsabilidades de los responsables de datos

Con el objeto de reforzar la legitimidad del tratamiento de datos, se crean una serie de obligaciones y deberes para los responsables de datos, tales como acreditar la licitud del tratamiento que realizan; deberes de información; deberes de reserva y confidencialidad, de información y transparencia, y el deber de adoptar medidas de seguridad y reportar las vulneraciones dichas medidas.

Por otro lado, haciéndose cargo del propósito deliberado de no imponer trabas excesivas a la circulación de información, se establecen estándares diferenciados de cumplimiento de los deberes de información y de seguridad para personas naturales y jurídicas, el tamaño de la empresa y el volumen y las finalidades de los datos que trata.

Se regulan también la cesión o transferencia de las bases de datos personales que disponga o administre el responsable de datos, así como el régimen del tratamiento que efectúa un tercero o mandatario en representación o por encargo del responsable.

Una de las principales innovaciones de esta nueva normativa es la regulación del tratamiento automatizado de grandes volúmenes de datos, o “Big Data”, protegiendo la facultad de control del titular sobre su propia información, pero reconociendo también la licitud del acceso y uso de la información por parte de terceros y particularmente, de las empresas.

6.- Nuevos estándares para el tratamiento de datos sensibles y categorías especiales de datos personales

Se eleva el estándar para el tratamiento de los datos sensibles, estableciendo que sólo puede realizarse cuando el titular consienta libre e informadamente, en forma expresa.

Manteniendo la coherencia con el actual modelo normativo, se reconocen excepciones que legitiman el tratamiento de los datos personales sensibles, como cuando el titular ha hecho manifiestamente públicos su dato sensible o cuando exista una situación de emergencia médica o de salud, por ejemplo.

Adicionalmente, se introducen normas especiales para el tratamiento de los datos personales relativos a la salud, los datos biométricos y los datos relativos al perfil biológico humano; para el tratamiento de datos personales con fines históricos, estadísticos, científicos y para estudios o investigaciones que atiendan fines de interés público; y para el tratamiento de los datos personales de geolocalización o de movilidad del titular.

7.- Tratamiento de datos personales de niños, niñas y adolescentes

Se establece como regla basal que el tratamiento de los datos personales que conciernen a los niños, niñas y adolescentes sólo puede realizarse atendiendo al interés superior de éstos y al respeto de su autonomía progresiva.

Siguiendo las mejores prácticas de la legislación comparada y las recomendaciones internacionales, se regula en forma diferencia las autorizaciones de tratamiento para los niños y niñas y para los adolescentes.

En el caso de los niños y niñas, el tratamiento de datos requiere el consentimiento previo, específico y expreso de quien tiene a su cargo el cuidado personal. Respecto de los adolescentes, se establece que sus datos personales sensibles sólo pueden ser tratados con el consentimiento de quien tiene a su cargo el cuidado personal del adolescente. Para los demás datos personales, rigen las normas generales de autorización.

Consistente con la orientación protectora de los datos personales de los niños, niñas y adolescentes, se establece una obligación especial para los establecimientos educacionales y para las personas o entidades públicas o privadas que traten o administren este tipo de datos, incluyendo a quienes ejercen su cuidado personal, de velar por el uso lícito y la protección de la información personal que concierne a los niños, niñas y adolescentes.

8.- Regulación del flujo transfronterizo de datos personales

El proyecto de ley incorpora una regulación específica para la transferencia internacional de datos personales, ajustándola a los estándares y recomendaciones de la OCDE.

Se distingue entre países que disponen de un marco normativo que proporciona niveles adecuados de protección de datos y aquellos que no, entendiendo que un país posee niveles adecuados de protección de datos cuando cumple con estándares similares o superiores a los fijados en la ley chilena en materia de protección y tratamiento de datos personales. La autoridad de control, siguiendo parámetros técnicos y los estándares de la OCDE, determinará los países que poseen una legislación adecuada.

En el caso de los países adecuados se reconoce amplia autonomía a los intervinientes para transferir datos, sujeto al cumplimiento de las reglas generales. En el caso de países no adecuados, se permite la transferencia de datos sólo en un conjunto de circunstancias que autorizan el envío de la información, bajo la responsabilidad legal de quien efectúa la transferencia de datos y con aviso previo a la autoridad de control.

9.- Modernización de estándares para el tratamiento de datos personales por organismos públicos

Siendo la ley una de las fuentes de legitimidad del tratamiento de datos personales, el tratamiento de los datos personales que efectúan los órganos públicos será lícito cuando se realiza para el cumplimiento de sus funciones legales, dentro del ámbito de sus competencias y de conformidad a las normas legales correspondientes. Cumpliéndose esas condiciones, no se requiere el consentimiento del titular.

Con el objeto de evitar flujos innecesarios de los datos personales, pero al mismo tiempo promover la interconectividad y la eficiencia en la gestión pública, se regula la facultad de los órganos públicos para comunicar o ceder datos personales a otros órganos públicos, siempre que la comunicación o cesión de los datos sea necesaria para el cumplimiento de funciones legales y ambos órganos actúen dentro del ámbito de sus competencias. Se establece también que pueden comunicar o ceder datos personales cuando se requieran para un tratamiento que tenga por finalidad otorgar beneficios al titular, evitar duplicidad de trámites o reiteración de requerimientos de información o documentos para los titulares. También se regula la comunicación y cesión de datos a personas o entidades privadas.

Del mismo modo, se consagran y regulan los principios que rigen el tratamiento de los datos personales por parte de los órganos públicos, los derechos que se reconocen a los titulares, la forma de ejercer estos derechos y se define un procedimiento de reclamación administrativa y de tutela judicial efectiva para el ejercicio y protección de estos derechos.

Se define un régimen especial de responsabilidades y sanciones para que el tratamiento de datos se realice conforme a los principios y obligaciones establecidos en la ley.

Se regula también un régimen de excepción para el tratamiento de datos protegidos por normas de secreto o confidencialidad; cuando se refiere al tratamiento de datos vinculados a la investigación de infracciones penales, civiles y administrativas; cuando correspondan a actividades relacionadas con la seguridad de la nación, el orden público o la seguridad pública, y cuando en los casos que se hayan declarado estado de catástrofe o estado de emergencia.

Por último, se regulan las actividades de tratamiento de los datos personales que efectúan el Congreso Nacional, el Poder Judicial, la Contraloría General de la República, el Ministerio Público, el Tribunal Constitucional, el Banco Central, el Servicio Electoral y la Justicia Electoral, y los demás tribunales especiales creados por ley. Se contempla un modelo regulatorio, de fiscalización y cumplimiento compatible con la autonomía de estas instituciones.

10.- Creación de una autoridad de control

Para efectos de velar por la protección de los derechos y libertades de las personas titulares de datos y por el adecuado cumplimiento de las normas relativas al tratamiento de los datos, se requiere contar con una autoridad de control dotada de facultades para regular, supervisar, fiscalizar y en última instancia, sancionar los incumplimientos. Sin una autoridad de control con potestades normativas y fiscalizadoras suficientes, la ley tiene escasa eficacia.

Con tal propósito, se crea una institución especializada y de carácter técnico, denominada “Agencia de Protección de Datos Personales, encargada de velar y fiscalizar el cumplimiento de esta normativa, que se relaciona con el Presidente de la República a través del Ministerio de Hacienda y se encuentra afecto al Sistema de Alta Dirección Pública.

Con el objeto de evitar o precaver conflictos de normas y asegurar la coordinación, cooperación y colaboración entre la Agencia de Protección de Datos Personales y el Consejo para la Transparencia, se consagra un modelo de coordinación regulatoria entre ambas instituciones.

11.- Modelo general de cumplimiento de la ley

Se contempla un catálogo específico de infracciones a los principios y obligaciones establecidos en la ley, que se califican en leves, graves y gravísimas, estableciendo sanciones correlativas a la gravedad de la infracción que van desde la amonestación escrita a multas que oscilan entre 1 y 5.000 UTM. En casos excepcionales se contempla el cierre o clausura de las operaciones de tratamiento de datos. La determinación de las infracciones y la aplicación de la sanción respectiva corresponden a la Agencia de Protección de Datos Personales. En el caso de los órganos públicos y de los agentes de la Administración del Estado, las investigaciones las realiza la Agencia y las sanciones las aplica la Contraloría General de la República.

Se incorpora, asimismo, un procedimiento de reclamación judicial de ilegalidad para cualquier persona natural o jurídica que se vea afectada por una resolución de la Agencia de Protección de Datos Personales, ante la Corte de Apelaciones correspondiente. Para el conocimiento y resolución de estas controversias se establece un procedimiento judicial concentrado y de rápida resolución.

Finalmente, como una forma de incentivar y promover el cumplimiento de la ley, y siguiendo las recomendaciones de la OCDE, se regula la adopción por parte del sector privado y del sector público de modelos de prevención de infracciones, fijando para ellos los estándares y requisitos mínimos con los que deberán cumplir.

La certificación y supervisión de estos programas estará a cargo de la Agencia de Protección de Datos Personales.

12.- Disposiciones transitorias

Por último, el proyecto contempla disposiciones transitorias que la ley entrará en vigencia el día primero del mes décimo tercero posterior a su publicación en el Diario Oficial.

Los reglamentos señalados en la ley deberán dictarse dentro de los seis meses posteriores la publicación.

Se establece el plazo de nueve meses para que, mediante uno o más decretos con fuerza de ley, el Presidente de la República regule al personal de la Agencia de Protección de Datos Personales. Dentro de los 60 días siguientes a la publicación de la ley deberá convocarse al concurso público para nombrar al primer director o directora de la Agencia de Protección de Datos Personales.

En mérito de lo expuesto, tengo el honor de someter a vuestra consideración el siguiente

PROYECTO DE LEY:

Artículo primero.- Introdúcense las siguientes modificaciones a la ley nº 19.628, sobre protección de la vida privada:

1) Reemplázase el artículo 1 por el siguiente:

“Artículo 1.- Objeto y ámbito de aplicación. La presente ley tiene por objeto regular el tratamiento de los datos personales que realicen las personas naturales o jurídicas, públicas o privadas, con el propósito de asegurar el respeto y protección de los derechos y libertades de quienes son titulares de estos datos, en particular, el derecho a la vida privada. Todo tratamiento de datos personales que realicen las personas naturales o jurídicas, incluidos los órganos públicos, que no se encuentre regido por una ley especial quedará sujeto a las disposiciones de esta ley. Con todo, en los asuntos no regulados en las leyes especiales se aplicarán supletoriamente las normas de esta ley.

El régimen de tratamiento y protección de los datos personales establecidos en esta ley no se aplicará al tratamiento de datos que realicen los medios de comunicación social en el ejercicio de las libertades de emitir opinión y de informar regulado por las leyes a que se refiere el artículo 19 n° 12 de la Constitución Política de la República, ni al que efectúen las personas naturales en relación con sus actividades personales.”.

2) Modifícase el artículo 2 del siguiente modo:

a) Intercálase el siguiente epígrafe: “Definiciones.”.

b) Reemplázanse las letras c), f), g) e i) por las siguientes:

“c) Comunicación o transmisión de datos personales: dar a conocer por el responsable de datos, de cualquier forma, datos personales a personas distintas del titular a quien conciernen los datos, sin llegar a cederlos o transferirlos. Las comunicaciones que realice el responsable de datos deben contener información exacta, completa y veraz.

f) Dato personal: cualquier información vinculada o referida a una persona natural, identificada o identificable a través de medios que puedan ser razonablemente utilizados.

g) Datos personales sensibles: aquellos datos personales que conciernen o se refieren a las características físicas o morales de una persona, tales como el origen racial, ideología, afiliación política, creencias o convicciones religiosas o filosóficas, estado de salud físico o psíquico, orientación sexual, identidad de género e identidad genética y biomédica.

i) Fuentes de acceso público: todas aquellas bases de datos personales, públicas o privadas, cuyo acceso o consulta puede ser efectuado en forma lícita por cualquier persona, sin existir restricciones o impedimentos legales para su acceso o utilización.

Las dudas o controversias que se susciten sobre si una determinada base de datos es considerada fuente de acceso público serán resueltas por la Agencia de Protección de Datos Personales, quien podrá identificar categorías genéricas, clases o tipos de registros o bases de datos que posean esta condición.”.

c) Elimínase la letra j), pasando la actual letra k) a ser j) y así sucesivamente.

d) Sustitúyense las actuales letras l), m), n), ñ) y o), que pasaron a ser k), l), m), n) y ñ), respectivamente, por las siguientes:

“k) Proceso de anonimización o disociación: procedimiento en virtud del cual los datos personales no pueden asociarse al titular ni permitir su identificación, por haberse destruido el nexo con toda información que lo identifica o porque dicha asociación exige un esfuerzo no razonable, entendiendo por tal el empleo de una cantidad de tiempo, gasto o trabajo desproporcionados. Un dato anonimizado deja de ser un dato personal.

l) Base de datos personales: conjunto organizado de datos personales, cualquiera sea la forma o modalidad de su creación, almacenamiento, organización y acceso, que permita relacionar los datos entre sí, así como realizar el tratamiento de ellos.

m) Responsable de datos o responsable: persona natural o jurídica, pública o privada, a quien compete decidir acerca del tratamiento de datos personales, con independencia de si los datos son tratados directamente por él o a través de un tercero o mandatario, y de su localización.

n) Titular de datos o titular: persona natural, identificada o identificable, a quien conciernen o se refieren los datos personales.

ñ) Tratamiento de datos: cualquier operación o conjunto de operaciones o procedimientos técnicos, de carácter automatizado o no, que permitan recolectar, procesar, almacenar, comunicar, transmitir o utilizar de cualquier forma los datos personales.”.

e) Agréganse los siguientes literales o), p), q), r), s), t) y u), nuevos:

“o) Consentimiento: toda manifestación de voluntad libre, específica, inequívoca e informada mediante la cual el titular de datos, su representante legal o mandatario, según corresponda, autoriza el tratamiento de los datos personales que le conciernen.

p) Derecho de acceso: derecho del titular de datos a solicitar y obtener del responsable confirmación acerca de si sus datos personales están siendo tratados por él, acceder a ellos en su caso, y a la información prevista en esta ley.

q) Derecho de rectificación: derecho del titular de datos a solicitar y obtener del responsable que modifique o complete sus datos personales, cuando están siendo tratados por él y sean inexactos o incompletos.

r) Derecho de cancelación: derecho del titular de datos a solicitar y obtener del responsable que suprima o elimine sus datos personales, de acuerdo a las causales previstas en la ley.

s) Derecho de oposición: derecho del titular de datos que se ejerce ante el responsable con el objeto de requerir que no se lleve a cabo un tratamiento de datos determinado, de conformidad a las causales previstas en la ley.

t) Derecho a la portabilidad de los datos personales: derecho del titular de datos a solicitar y obtener del responsable en un formato electrónico estructurado, genérico y de uso habitual, una copia de sus datos personales y comunicarlos o transferirlos a otro responsable de datos.

u) Registro Nacional de Cumplimiento y Sanciones: registro nacional de carácter público administrado por la Agencia de Protección de Datos Personales, que consigna las sanciones impuestas a los responsables de datos por infracción a la ley, los modelos de prevención de infracciones que implementes los responsables y los programas de cumplimiento debidamente certificados.”.

3) Reemplázase el artículo 3 por el siguiente:

“Artículo 3.- Principios. El tratamiento de los datos personales se rige por los siguientes principios:

a) Principio de licitud del tratamiento. Los datos personales sólo pueden tratarse con el consentimiento de su titular o por disposición de la ley.

b) Principio de finalidad. Los datos personales deben ser recolectados con fines específicos, explícitos y lícitos. El tratamiento de los datos personales debe limitarse al cumplimiento de estos fines.

En aplicación de este principio, no se pueden tratar los datos personales con fines distintos a los informados al momento de la recolección, salvo que el titular otorgue nuevamente su consentimiento, los datos provengan de fuentes de acceso público o así lo disponga la ley.

c) Principio de proporcionalidad. Los datos personales que se traten deben limitarse a aquellos que resulten necesarios en relación con los fines del tratamiento.

Los datos personales deben ser conservados sólo por el período de tiempo que sea necesario para cumplir con los fines del tratamiento, luego de lo cual deben ser cancelados o anonimizados. Un período de tiempo mayor requiere autorización legal o consentimiento del titular.

d) Principio de calidad. Los datos personales deben ser exactos y, si fuera necesario, completos y actuales, en relación con los fines del tratamiento.

e) Principio de responsabilidad. Quienes realicen tratamiento de los datos personales serán legalmente responsables del cumplimiento de los principios, obligaciones y deberes de conformidad a esta ley.

f) Principio de seguridad. En el tratamiento de los datos personales se deben garantizar niveles adecuados de seguridad, protegiéndolos contra el tratamiento no autorizado, pérdida, filtración, destrucción o daño accidental y aplicando medidas técnicas u organizativas apropiadas.

g) Principio de información. Las prácticas y políticas sobre el tratamiento de los datos personales deben estar permanentemente accesibles y a disposición de cualquier interesado de manera precisa, clara, inequívoca y gratuita.”.

4) Reemplázase el título I por el siguiente:

“Título I De los derechos del titular de datos personales

Artículo 4.- Derechos del titular de datos. Toda persona, actuando por sí o a través de su representante legal o mandatario, según corresponda, tiene derecho de acceso, rectificación, cancelación, oposición y portabilidad de sus datos personales, de conformidad a la presente ley.

Los derechos de acceso, rectificación, cancelación y oposición son personales, intransferibles e irrenunciables y no pueden limitarse por ningún acto o convención.

En caso de fallecimiento del titular de datos, los derechos que reconoce esta ley pueden ser ejercidos por sus herederos.

Artículo 5.- Derecho de acceso. El titular de datos tiene derecho a solicitar y obtener del responsable confirmación acerca de si los datos personales que le conciernen están siendo tratados por él y, en tal caso, acceder a dichos datos y a la siguiente información:

a) Los datos tratados y su origen.

b) La finalidad o finalidades del tratamiento.

c) Las categorías, clases o tipos de destinatarios a los que se han comunicado o cedido los datos o se prevé comunicar o ceder, según corresponda.

d) El período de tiempo durante el cual los datos serán tratados.

El responsable no estará obligado a entregar al titular la información establecida en las letras anteriores cuando el titular ya disponga de esta información por haber ejercido este derecho con anterioridad; cuando su comunicación resulte imposible o requiera de un esfuerzo no razonable; cuando su entrega imposibilite u obstaculice gravemente un tratamiento de datos con fines históricos, estadísticos o científicos y para estudios o investigaciones que atiendan fines de interés público o vayan en beneficio de la salud humana; cuando los datos estén protegidos por una norma de secreto o una obligación de confidencialidad que impida su comunicación, o cuando lo disponga expresamente la ley.

Artículo 6.- Derecho de rectificación. El titular de datos tiene derecho a solicitar y obtener del responsable la rectificación de los datos personales que le conciernen y que están siendo tratados por él, cuando sean inexactos, desactualizados o incompletos.

La rectificación y su contenido serán públicas y deberán difundirse cuando así lo requiera el titular y sea necesario para los fines del tratamiento realizado.

Artículo 7.- Derecho de cancelación. El titular de datos tiene derecho a solicitar y obtener del responsable la cancelación o supresión de los datos personales que le conciernen cuando éstos no resulten necesarios en relación con los fines del tratamiento; cuando haya retirado su consentimiento para el tratamiento y éste no tenga otro fundamento legal; cuando se trate de datos caducos; cuando los datos hayan sido obtenidos o tratados ilícitamente por el responsable o cuando la cancelación deba realizarse para el cumplimiento de una obligación legal.

Sin perjuicio de lo anterior, no procede la cancelación o supresión de los datos en los siguientes casos:

a) Cuando el tratamiento sea necesario para ejercer el derecho a las libertades de emitir opinión y de informar regulado por las leyes a que se refiere el artículo 19 n° 12 de la Constitución Política de la República.

b) Cuando se requiera el tratamiento de los datos para el cumplimiento de una obligación legal o la ejecución de un contrato del que el titular es parte.

c) Cuando existan razones de interés público en el ámbito de la salud pública.

d) Cuando el tratamiento se realice con fines históricos, estadísticos o científicos y para estudios o investigaciones que atiendan fines de interés público, en la medida que la cancelación de los datos imposibilite u obstaculice gravemente el propósito de este tratamiento.

e) Cuando se requieran para la formulación, ejercicio o defensa de una reclamación formulada en el marco de esta ley.

Artículo 8.- Derecho de oposición. El titular de datos tiene derecho a oponerse ante el responsable a que se realice un tratamiento específico o determinado de los datos personales que le conciernan, en los siguientes casos:

a) Cuando el tratamiento de datos afecte sus derechos y libertades fundamentales.

b) Cuando el tratamiento de datos sea utilizado exclusivamente con fines de marketing directo de bienes o servicios, así como cualquier otro propósito comercial o fines publicitarios, salvo que exista un contrato entre las partes que expresamente contemple dicho uso de su información.

c) Cuando se realice tratamiento automatizado de sus datos personales y se adopten decisiones que impliquen una valoración, evaluación o predicción de su comportamiento realizada únicamente en base a este tipo de tratamiento, salvo las excepciones previstas en el artículo 15 ter de esta ley.

d) Cuando el titular de los datos hubiere fallecido. En este caso, la oposición deberá ser formulada por los herederos. Con todo, no procederá la oposición cuando el tratamiento de los datos se realice exclusivamente con fines históricos, estadísticos o científicos o para estudios o investigaciones que atiendan fines de interés público.

Artículo 9.- Derecho a la portabilidad de los datos personales. El titular de datos tiene derecho a solicitar y recibir del responsable una copia de los datos personales que le conciernen de manera estructurada, en un formato genérico y de uso común que permita ser operado por distintos sistemas, y a comunicarlos o transferirlos a otro responsable de datos, cuando concurran las siguientes circunstancias o requisitos:

a) El titular haya entregado sus datos personales directamente al responsable.

b) Se trate de un volumen relevante de datos y sean tratados en forma automatizada.

c) Exista consentimiento del titular para el tratamiento o se requiera para la ejecución o cumplimiento de un contrato.

El responsable debe utilizar los medios más expeditos, menos onerosos y sin poner trabas u obstáculos para el ejercicio de este derecho.

El responsable también debe comunicar al titular de manera clara y precisa las medidas necesarias para recuperar sus datos personales y especificar las características técnicas para llevar a cabo estas operaciones.

Artículo 10.- Forma y medios de ejercer los derechos del titular de datos. Los derechos reconocidos en esta ley se ejercen por el titular, en forma personal o debidamente representado, ante el responsable de datos. Si los datos personales del titular se encuentran en una base de datos que es administrada o tratada por diversos responsables, el titular puede ejercer sus derechos ante cualquiera de ellos.

Los responsables de datos deben implementar mecanismos y herramientas tecnológicas que permitan que el titular ejerza sus derechos en forma expedita, ágil y eficaz. Los medios dispuestos por el responsable deben ser sencillos en su operación.

El ejercicio de los derechos de rectificación, cancelación y oposición siempre serán gratuitos para el titular. El derecho de acceso también se ejercerá en forma gratuita, al menos, trimestralmente.

El responsable de datos sólo puede exigir el pago de los costos directos en que incurra cuando el titular ejerza su derecho de acceso más de una vez en el trimestre o cuando ejerza el derecho a la portabilidad.

La Agencia de Protección de Datos Personales deberá velar por el efectivo ejercicio y cumplimiento de los derechos que esta ley reconoce al titular.

Artículo 11.- Procedimiento ante el responsable de datos. Para ejercer los derechos que le reconoce esta ley, el titular debe presentar una solicitud o requerimiento escrito ante el responsable dirigido a la dirección de correo electrónico establecida para este fin o a través de un formulario de contacto o de un medio electrónico equivalente. La solicitud o el medio de contacto deben contener, a lo menos, las siguientes menciones:

a) Individualización del titular y de su representante legal o mandatario, según corresponda, y autenticación de su identidad de acuerdo a los procedimientos, formas y modalidades que establezca el reglamento.

b) Indicación de una dirección de correo electrónico o de otro medio electrónico equivalente para comunicar la respuesta.

c) Identificación de los datos personales o del tratamiento determinado, según corresponda, respecto de los cuales se ejerce el derecho correspondiente.

d) En las solicitudes de rectificación el titular debe indicar las modificaciones o actualizaciones precisas a realizar y acompañar, en su caso, los antecedentes que las sustenten. Cuando se trate de solicitudes de cancelación u oposición al tratamiento de datos, el titular debe indicar la causal o fundamento invocado para ello y acompañar también los antecedentes que las sustenten, si correspondiere. En el caso del derecho de acceso, basta con la individualización del titular.

e) Cualquier otro antecedente que facilite la localización de los datos personales.

Recibida la solicitud, el responsable debe pronunciarse sobre ella inmediatamente o a más tardar dentro de los 10 días hábiles siguientes a la fecha de ingreso.

El responsable debe responder por escrito al titular a la dirección de correo electrónico fijada por éste. Cuando la respuesta se entregue por otro medio electrónico, el responsable debe almacenar los respaldos que le permitan demostrar la transmisión y recepción de la respuesta, su fecha y el contenido íntegro de ella. En caso de denegación total o parcial de la solicitud, el responsable debe fundar su decisión indicando la causa invocada y los antecedentes que la justifican. En esta misma oportunidad, el responsable debe señalar al titular que dispone de un plazo de 10 días hábiles para formular una reclamación ante la Agencia de Protección de Datos Personales, de acuerdo al procedimiento establecido en el artículo 45.

Transcurridos los 10 días hábiles a que hace referencia el inciso segundo sin que haya respuesta del responsable, el titular puede formular directamente una reclamación ante la Agencia de Protección de Datos Personales, en los mismos términos del inciso anterior.

Cuando se formule una solicitud de rectificación o cancelación, el titular tiene derecho a solicitar y obtener del responsable el bloqueo temporal de los datos. La solicitud de bloqueo temporal debe ser fundada y el responsable deberá responder a este requerimiento dentro de los 2 días hábiles siguientes a su recepción. En caso de negativa, el responsable deberá invocar una causa justificada y fundar su respuesta.

La rectificación o cancelación de los datos se aplicarán sólo respecto de los responsables a quienes se les haya formulado la solicitud.”.

5) Reemplázase el título II por el siguiente:

“Título II.- Del tratamiento de los datos personales y de las categorías especiales de datos

Párrafo Primero.- Del consentimiento del titular, de las obligaciones y deberes del responsable y del tratamiento de datos en general

Artículo 12.- Regla general del tratamiento de datos. Es lícito el tratamiento de los datos personales que le conciernen al titular cuando otorgue su consentimiento para ello o lo autorice la ley.

El consentimiento del titular debe ser libre e informado, otorgarse en forma previa al tratamiento y debe ser específico en cuanto a su finalidad o finalidades. Debe manifestarse de manera inequívoca, mediante una declaración verbal, escrita o realizada a través de un medio electrónico equivalente o mediante un acto afirmativo que dé cuenta con claridad de la voluntad del titular. Cuando el consentimiento lo otorgue un mandatario, éste deberá encontrase expresamente premunido de esta facultad.

El titular puede revocar el consentimiento otorgado en cualquier momento y sin expresión de causa, utilizando medios similares o equivalentes a los empleados para su otorgamiento. La revocación del consentimiento no tiene efectos retroactivos.

Los medios utilizados para el otorgamiento o la revocación del consentimiento deben ser expeditos, fidedignos, gratuitos y estar permanentemente disponibles para el titular.

Corresponde al responsable probar que el tratamiento de datos realizado contó con el consentimiento del titular o fue efectuado por disposición de la ley.

Artículo 13.- Excepciones al consentimiento. No se requiere el consentimiento del titular en los siguientes casos:

a) Cuando el tratamiento se refiere a datos personales que han sido recolectados de una fuente de acceso público.

b) Cuando el tratamiento esté referido a datos relativos a obligaciones de carácter económico, financiero, bancario o comercial y se realice de conformidad con las normas del título III de esta ley.

c) Cuando el tratamiento sea necesario para la ejecución o el cumplimiento de una obligación legal o de un contrato en que es parte el titular.

Artículo 14.- Obligaciones del responsable de datos. El responsable de datos, sin perjuicio de las demás disposiciones previstas en esta ley, tiene las siguientes obligaciones:

a) Informar y poner a disposición del titular, de manera expedita y cuando le sean requeridos, los antecedentes que acrediten la licitud del tratamiento de datos que realiza.

b) Asegurar que los datos personales se recojan con fines específicos, explícitos y lícitos, y que su tratamiento se limite al cumplimiento de estos fines.

c) Comunicar o ceder, en conformidad a las disposiciones de esta ley, información exacta, completa y veraz. d) Cumplir con los demás principios que rigen el tratamiento de los datos personales previstos en esta ley.

Artículo 14 bis.- Deber de secreto o confidencialidad. El responsable de datos está obligado a mantener secreto o confidencialidad acerca de los datos personales que conciernan a un titular, salvo aquellos que provengan de fuentes de acceso público o el titular los ha hecho manifiestamente públicos. Este deber subsiste aún después de concluida la relación con el titular.

El deber de secreto o confidencialidad no obsta a las comunicaciones o cesiones de datos que deba realizar el responsable en conformidad a la ley, y al cumplimiento de la obligación de dar acceso al titular e informar el origen de los datos, cuando esta información le sea requerida por el titular o por un órgano público dentro del ámbito de sus competencias legales.

El responsable debe adoptar las medidas necesarias con el objeto que sus dependientes o las personas naturales o jurídicas que ejecuten operaciones de tratamiento de datos bajo su responsabilidad, cumplan el deber de secreto o confidencialidad establecidos en este artículo.

Quedan sujetas a la obligación de secreto o confidencialidad las personas e instituciones y sus dependientes que, en cumplimiento de una obligación legal, han remitido información a un organismo público sujeto al régimen de excepciones establecido en el artículo 24, en cuanto al requerimiento y al hecho de haber remitido dicha información.

Artículo 14 ter.- Deber de información y transparencia. El responsable de datos debe mantener permanentemente a disposición del público, en su sitio web o en cualquier otro medio de información equivalente, al menos, la siguiente información:

a) La política de tratamiento de datos personales que ha adoptado, la fecha y versión de la misma.

b) La individualización del responsable de datos, su representante legal, y la identificación del encargado de prevención si existiere.

c) La dirección de correo electrónico, el formulario de contacto o la identificación del medio tecnológico equivalente a través del cual se le notifican las solicitudes que realicen los titulares.

d) Las categorías, clases o tipos de bases de datos que administra; la descripción genérica del universo de personas que comprenden las bases de datos; los destinatarios a los que se prevé comunicar o ceder los datos; y las finalidades del tratamiento que realiza.

e) La política y las medidas de seguridad adoptadas para proteger las bases de datos personales que administra.

Artículo 14 quáter.- Deber de adoptar medidas de seguridad. El responsable de datos debe adoptar las medidas necesarias para resguardar el cumplimiento del principio de seguridad establecido en esta ley, considerando el estado actual de la técnica y los costos de aplicación, junto con la naturaleza, alcance, contexto y fines del tratamiento, así como la probabilidad de los riesgos y la gravedad de sus efectos en relación con el tipo de datos tratados. Las medidas aplicadas por el responsable deben asegurar la confidencialidad, integridad, disponibilidad y resiliencia de los sistemas de tratamiento de datos.

Si las bases de datos que opera el responsable tienen distintos niveles de criticidad deberá adoptar las medidas de seguridad que correspondan al nivel más alto.

Ante la ocurrencia de un incidente de seguridad, y en caso de controversia judicial o administrativa, corresponderá al responsable acreditar la existencia y el funcionamiento de las medidas de seguridad adoptadas en base a los niveles de criticidad y a la tecnología disponible.

Artículo 14 quinquies.- Deber de reportar las vulneraciones a las medidas de seguridad. El responsable de datos debe reportar a la Agencia de Protección de Datos Personales, por los medios más expeditos posibles y sin dilaciones indebidas, las vulneraciones a las medidas de seguridad que ocasionen la destrucción, filtración, pérdida o alteración accidental o ilícita de los datos personales que trate, o la comunicación o acceso no autorizados a dichos datos.

El responsable de datos deberá registrar estas comunicaciones, describiendo la naturaleza de las vulneraciones sufridas, sus efectos, las categorías de datos y el número aproximado de titulares afectados y las medidas adoptadas para gestionarlas y precaver incidentes futuros.

Cuando dichas vulneraciones se refieran a datos personales sensibles o a datos relativos a obligaciones de carácter económico, financiero, bancario o comercial, el responsable deberá también efectuar esta comunicación a los titulares de estos datos. Esta comunicación debe realizarse en un lenguaje claro y sencillo, singularizando los datos afectados, las posibles consecuencias de las vulneraciones de seguridad y las medidas de solución o resguardo adoptadas. La notificación se debe realizar a cada titular afectado y si ello no fuere posible se realizará mediante la difusión o publicación de un aviso en un medio de comunicación social masivo y de alcance nacional.

Artículo 14 sexies.- Diferenciación de estándares de cumplimiento. Los estándares o condiciones mínimas que se impongan al responsable de datos para el cumplimiento de los deberes de información y de seguridad establecidos en los artículos 14 ter y 14 quáter, respectivamente, serán determinados considerando si el responsable es una persona natural o jurídica; el tamaño de la entidad o empresa de acuerdo a las categorías establecidas en el artículo segundo de la ley n° 20.416, que fija normas especiales para las empresas de menor tamaño, y el volumen y las finalidades de los datos personales que trata.

Los estándares de cumplimiento y las medidas diferenciadas serán especificados en un reglamento dictado por el Ministerio de Hacienda y suscrito por el Ministro o Ministra de Economía, Fomento y Turismo.

Artículo 15.- Cesión o transferencia de bases de datos personales. Se podrán ceder todo o parte de las bases de datos personales que disponga o administre el responsable de datos cuando la cesión sea necesaria para cumplir con los fines del tratamiento o las funciones del cedente o del cesionario, de conformidad con las disposiciones de esta ley.

La cesión de datos personales requiere el consentimiento previo del titular a quien conciernen los datos, salvo las excepciones legales.

En caso que el consentimiento otorgado por el titular al momento de realizarse la recolección de los datos personales no haya considerado la cesión de los mismos, éste debe recabarse antes que se produzca, considerándose para todos los efectos legales como una nueva operación de tratamiento.

Con el objeto que el titular preste su consentimiento a la cesión, el responsable debe entregar la información necesaria que le permita conocer la finalidad a la cual se destinarán los datos y el tipo de actividades que realiza el cesionario. La cesión de datos debe constar por escrito o a través de cualquier medio electrónico idóneo. En ella se deberá individualizar a las partes, las bases de datos que son objeto de la cesión, las finalidades previstas para el tratamiento y los demás antecedentes o estipulaciones que acuerden el cedente y el cesionario.

El tratamiento de los datos personales cedidos debe realizarse por el cesionario de conformidad a las finalidades establecidas en el contrato de cesión.

Una vez perfeccionada la cesión, el cesionario adquiere la condición de responsable de datos para todos los efectos legales, respecto de las bases de datos que fueron objeto de la cesión. El cedente, por su parte, también mantiene la calidad de responsable de datos, respecto de las operaciones de tratamiento que continúe realizando.

Si se verifica una cesión de datos sin contar con el consentimiento del titular, siendo éste necesario, o sin informarle acerca de la finalidad a la cual serán destinados los datos cedidos o el tipo de actividades que desarrolla el cesionario, la cesión será considerada nula para todos los efectos legales, debiendo el cesionario cancelar todos los datos recibidos, sin perjuicio de las responsabilidades legales que correspondan.

A las cesiones de datos anonimizados no le son aplicables las reglas señaladas en este artículo.

Artículo 15 bis.- Tratamiento de datos por parte de un tercero o mandatario. El responsable puede efectuar el tratamiento de datos en forma directa o a través de un tercero mandatado para este efecto. En este último caso, el tercero o mandatario realiza el tratamiento de datos personales conforme al encargo y a las instrucciones que le imparta el responsable, quedándole prohibido su tratamiento, cesión o entrega para un objeto distinto del convenido con el responsable.

Si el tercero trata, cede o entrega los datos o la base de datos con un objeto distinto del encargo convenido o a una persona distinta del responsable, se le considerará como responsable de datos para todos los efectos legales, debiendo responder solidariamente por las infracciones y los perjuicios en que hubiere incurrido, sin perjuicio de las responsabilidades contractuales que le correspondan frente al responsable de datos.

Cumplida la prestación del servicio de tratamiento por parte del tercero, los datos que obran en su poder deben ser cancelados o devueltos al responsable de datos, según corresponda.

Artículo 15 ter.- Tratamiento automatizado de grandes volúmenes de datos.- El responsable de datos puede establecer procedimientos automatizados de tratamiento y de transferencia de grandes volúmenes de datos, siempre que éstos cautelen los derechos del titular y el tratamiento guarde relación con las finalidades de las personas o entidades participantes.

El titular de datos tiene derecho a solicitar al responsable que ninguna decisión que le afecte de manera significativa se adopte exclusivamente basada en el tratamiento automatizado de sus datos, salvo que sea necesario para la celebración o ejecución de un contrato entre el titular y el responsable, exista consentimiento previo y explícito del titular o lo disponga la ley.

Párrafo Segundo.- Del tratamiento de los datos personales sensibles

Artículo 16.- Regla general para el tratamiento de datos personales sensibles. El tratamiento de los datos personales sensibles sólo puede realizarse cuando el titular a quien conciernen estos datos preste su consentimiento libre e informado, otorgado previamente, para un tratamiento específico y lo manifieste en forma expresa a través de una declaración escrita, verbal o por un medio tecnológico equivalente.

No obstante lo anterior, no se requiere el consentimiento del titular en los siguientes casos:

a) Cuando el tratamiento se refiere a datos personales sensibles que el titular ha hecho manifiestamente públicos.

b) Cuando el tratamiento es realizado por una fundación, una asociación o cualquier otra entidad que no persiga fines de lucro, cuya finalidad sea política, filosófica, religiosa, cultural, deportiva, sindical o gremial, siempre que el tratamiento que realicen se refiera exclusivamente a sus miembros o afiliados, tenga por objeto cumplir sus finalidades específicas, la entidad otorgue las garantías necesarias para evitar un uso o tratamiento no autorizado, y los datos no se comuniquen o cedan a terceros. Cumpliéndose todas estas condiciones, las entidades señaladas no requerirán el consentimiento de los titulares para tratar sus datos personales, incluidos sus datos sensibles. En caso de duda o controversia administrativa o judicial, el responsable de datos deberá acreditar que el tratamiento realizado cumple con los requisitos anteriores.

c) Cuando el tratamiento de los datos personales, incluidos los datos relativos a la salud del titular, resulte indispensable para salvaguardar la vida, salud o integridad física o psíquica del titular o de otra persona, o cuando el titular se encuentre física o jurídicamente impedido de otorgar su consentimiento. Una vez que cese el impedimento, el responsable debe informar detalladamente al titular los datos que fueron tratados y las operaciones específicas de tratamiento que fueron realizadas.

d) Cuando el tratamiento de datos personales sensibles lo autoriza o mandata expresamente la ley.

Artículo 16 bis.- Datos personales relativos a la salud. Los datos personales relativos a la salud del titular sólo pueden ser objeto de tratamiento cuando sean necesarios para el diagnóstico de una enfermedad o para la determinación de un tratamiento médico, siempre que el diagnóstico o el tratamiento, según corresponda, se realicen por establecimientos de salud públicos o privados o por un profesional de la salud titular del secreto profesional o por otra persona sujeta a una obligación equivalente de secreto, establecido en la ley o en un contrato.

También es lícito el tratamiento de los datos personales relativos a la salud del titular, en los siguientes casos:

a) Cuando exista una urgencia médica o sanitaria declarada por la autoridad.

b) Cuando se deba calificar el grado de dependencia o discapacidad de una persona.

c) Cuando resulte indispensable para la ejecución o cumplimiento de un contrato cuyo objeto o finalidad exija tratar datos relativos a la salud del titular.

d) Cuando sean utilizados con fines históricos, estadísticos o científicos, para estudios o investigaciones que atiendan fines de interés público o vayan en beneficio de la salud humana o para el desarrollo de productos o insumos médicos que no podrían desarrollarse de otra manera.

Artículo 16 ter.- Datos personales biométricos. El responsable que trate datos personales biométricos, tales como la huella digital, el iris, los rasgos de la mano o faciales y la voz, deberá proporcionar al titular la siguiente información específica:

a) La identificación del sistema biométrico usado.

b) La finalidad específica para la cual los datos recolectados por el sistema biométrico serán utilizados.

c) El período durante el cual los datos biométricos serán utilizados.

d) La forma en que el titular puede ejercer sus derechos.
Un reglamento regulará la forma y los procedimientos que se deben utilizar para la implementación de los sistemas biométricos.

Con todo, no se podrán crear o mantener bancos de huellas digitales o de otros datos biométricos, salvo expresa autorización legal.

Artículo 16 quáter.- Datos personales relativos al perfil biológico humano. El responsable de datos sólo puede realizar tratamiento de datos personales relativos al perfil biológico del titular, tales como los datos genéticos, proteómicos o metabólicos, para los siguientes fines:

a) Realizar diagnósticos médicos.

b) Prestar asistencia médica o sanitaria en caso de urgencia.

c) Realizar estudios o investigaciones científicas, médicas, epidemiológicas, antropológicas, arqueológicas o de medicina forense, que vayan en beneficio de la salud humana.

d) Cumplir resoluciones judiciales recaídas en procesos civiles, de familia o penales.

Queda prohibido el tratamiento y la cesión de los datos relativos al perfil biológico de un titular y las muestras biológicas asociadas a una persona identificada o identificable, incluido el almacenamiento del material biológico, cuando los datos o muestras han sido recolectados en el ámbito laboral, educativo, deportivo, social o de seguros, salvo que la ley expresamente autorice su tratamiento en casos calificados.

Los prestadores institucionales de salud, sean públicos o privados, que requieren tratar datos personales relativos al perfil biológico humano dentro del marco de las funciones que les señala el Código Sanitario o la ley nº 20.120 y su normativa complementaria, deben adoptar y mantener los más altos estándares de control, seguridad y resguardo de esta información y de las muestras biológicas recolectadas. El resultado de los estudios e investigaciones científicas que utilicen datos personales relativos al perfil biológico humano pueden ser publicados o difundidos libremente, debiendo previamente anonimizarse los datos que se publiquen.

Párrafo Tercero.- Del tratamiento de categorías especiales de datos personales

Artículo 16 quinquies.- Datos personales relativos a los niños, niñas y adolescentes. El tratamiento de los datos personales que conciernen a los niños, niñas y adolescentes sólo puede realizarse atendiendo al interés superior de éstos y al respeto de su autonomía progresiva.

Cumpliéndose la exigencia establecida en el inciso anterior, para tratar los datos personales de los niños y niñas se requiere el consentimiento otorgado en forma específica, expresa y previa por quien tiene a su cargo el cuidado personal, salvo que expresamente lo autorice o mandate la ley.

Los datos personales de los adolescentes, salvo los datos personales sensibles, se pueden tratar de acuerdo a las normas de autorización previstas en esta ley para los adultos. Los datos personales sensibles de los adolescentes sólo se podrán tratar con el consentimiento otorgado en forma específica, expresa y previa por quien tiene a su cargo el cuidado personal, salvo que expresamente lo autorice o mandate la ley.

Para los efectos de esta ley se consideran niños a los menores de catorce años, y adolescentes a los mayores de catorce y menores de dieciocho años.

Es una obligación especial de los establecimientos educacionales y de todas las personas o entidades públicas o privadas que traten o administren datos personales de niños, niñas y adolescentes, incluido quienes ejercen su cuidado personal, velar por el uso lícito y la protección de la información personal que concierne a los niños, niñas y adolescentes.

Artículo 16 sexies.- Datos personales con fines históricos, estadísticos, científicos y de estudios o investigaciones. Las personas naturales o jurídicas, de derecho público o privado, podrán tratar datos personales con fines históricos, estadísticos, científicos y para estudios o investigaciones que atiendan fines de interés público, cuando el titular haya prestado su consentimiento en forma inequívoca, específica, previa e informada. El responsable de datos debe acreditar, cuando le sea requerido, que ha adoptado todas las medidas de calidad y seguridad necesarias con el objeto de resguardar que los datos se utilicen exclusivamente para tales fines. Cumplidas estas condiciones, el responsable puede almacenar y utilizar los datos por un período indeterminado de tiempo.

Los registros o bases de datos que se traten con estos fines se pueden ceder a otras personas naturales o jurídicas, previo consentimiento del titular y siempre que los cesionarios los utilicen para los mismos fines. El cedente debe asegurarse que el cesionario adopte medidas de calidad y seguridad iguales o superiores a las adoptadas por él.

Los responsables que hayan tratado datos personales exclusivamente con estas finalidades pueden efectuar publicaciones con los resultados y análisis obtenidos, debiendo previamente adoptar las medidas necesarias para anonimizar los datos que se publiquen.

Artículo 16 septies.- Datos de geolocalización. El tratamiento de los datos personales de geolocalización o de movilidad del titular se puede efectuar cuando el titular haya prestado su consentimiento en forma inequívoca.

El titular de datos deberá ser informado de manera clara, suficiente y oportuna, antes de obtener su consentimiento, del tipo de datos de geolocalización o movilidad que serán tratados, de la finalidad y duración del tratamiento y si los datos se comunicarán o cederán a un tercero para la prestación de un servicio con valor añadido.

En cualquier momento el titular podrá revocar el consentimiento otorgado.

Los datos de geolocalización se podrán tratar sin limitaciones cuando previamente hayan sido anonimizados.”.

6) Reemplázase en el artículo 17 la frase “banco de datos” por la expresión “base de datos”, todas las veces que aparece en el texto.

7) Modifícase el artículo 19 de la siguiente forma:

a) Reemplázase en el inciso primero el guarismo “12” por el guarismo “4”.

b) Reemplázase la frase “bancos de datos” por la expresión “bases de datos” todas las veces que aparece en el texto.

c) Sustitúyese en el inciso final la frase “de acuerdo a lo previsto en el artículo 16” por la frase “de conformidad a lo dispuesto en el título VII de esta ley”.

8) Reemplázase el título IV por el siguiente:

“Título IV.- Del tratamiento de datos personales por los órganos públicos

Artículo 20.- Regla general del tratamiento de datos por órganos públicos. Es lícito el tratamiento de los datos personales que efectúan los órganos públicos cuando se realiza para el cumplimiento de sus funciones legales, dentro del ámbito de sus competencias, de conformidad a las normas establecidas en sus leyes especiales y a las disposiciones previstas en este título. En esas condiciones, los órganos públicos actúan como responsables de datos y no requieren el consentimiento del titular para tratar sus datos personales.

Los órganos públicos tampoco requieren el consentimiento del titular cuando, cumpliendo las exigencias establecidas en el inciso anterior, realizan tratamiento de datos personales exclusivamente con fines históricos, estadísticos o científicos y para estudios o investigaciones que atiendan fines de interés público.

Artículo 21.- Principios y normas aplicables al tratamiento de datos de los órganos públicos. El tratamiento de los datos personales que realicen los órganos públicos se rige por los principios establecidos en el artículo 3 de esta ley y los principios de coordinación, eficiencia, transparencia y publicidad.

En virtud del principio de coordinación, los organismos públicos deben propender a un alto grado de interoperabilidad y coherencia, de modo de evitar contradicciones en la información almacenada y reiteración de requerimientos de información o documentos a los titulares de datos. Conforme al principio de eficiencia, se debe evitar la duplicación de procedimientos y trámites entre los organismos del Estado, entre los organismos públicos y los particulares, y en los trámites y gestiones que realicen los titulares de la información. De acuerdo con los principios de transparencia y publicidad, los organismos públicos deben dar acceso a la información que tengan a su disposición, resguardando los derechos de las personas que pudieran verse afectadas por ello, de conformidad con lo establecido en el artículo 20 de la Ley de Trasparencia de la función pública y de acceso a la información de la Administración del Estado, contenida en el artículo primero de la ley n° 20.285.

Sin perjuicio de las demás normas establecidas en el presente título, son aplicables al tratamiento de datos que efectúen los órganos públicos las disposiciones establecidas en los artículos 14, 14 bis, 14 ter, 14 quáter y 14 quinquies, los artículos de los párrafos segundo y tercero del título II, los artículos del título V y los artículos del párrafo cuarto del título VII de esta ley.

Artículo 22.- Comunicación o cesión de datos por un órgano público. Los órganos públicos están facultados para comunicar o ceder datos personales específicos o todo o parte de sus bases de datos a otros órganos públicos, siempre que la comunicación o cesión de los datos resulte necesaria para el cumplimiento de funciones legales y ambos órganos actúen dentro del ámbito de sus competencias. La comunicación o cesión de los datos se debe realizar para un tratamiento específico y el órgano público receptor no los podrá utilizar para otros fines.

Asimismo, se podrán comunicar o ceder datos o bases de datos personales entre organismos públicos, cuando ellos se requieran para un tratamiento que tenga por finalidad otorgar beneficios al titular, evitar duplicidad de trámites para los ciudadanos o reiteración de requerimientos de información o documentos para los mismos titulares.

El órgano público receptor de los datos sólo puede conservarlos por el tiempo necesario para efectuar el tratamiento específico para el cual fueron requeridos, luego de lo cual deberán ser cancelados o anonimizados. Estos datos se podrán almacenar por un tiempo mayor cuando el órgano público requiera atender reclamaciones o impugnaciones, realizar actividades de control o seguimiento, o sirvan para dar garantía de las decisiones adoptadas.

Para los efectos de poder comunicar o ceder datos personales a personas o entidades privadas, los organismos públicos deberán contar con el consentimiento inequívoco del titular, obtenido al momento de la recolección de los datos o con posterioridad a ella. Cuando se trate de comunicar o ceder datos personales en virtud de una solicitud de acceso a la información formulada con arreglo a lo establecido en el artículo 10 de Ley de Trasparencia de la función pública y de acceso a la información de la Administración del Estado, contenida en el artículo primero de la ley n° 20.285, los organismos públicos deberán contar con el consentimiento del titular obtenido en la oportunidad prevista en el artículo 20 de dicha ley. Respecto de la comunicación de los datos relativos a infracciones penales, civiles, administrativas y disciplinarias, se aplicará lo dispuesto en el artículo 25 de esta ley.

Las cesiones de todo o parte de sus bases de datos personales realizadas por un órgano público deberán constar por escrito a través de un convenio suscrito por el cedente y el órgano o persona cesionaria de la información. En el convenio se establecerán las finalidades específicas de los tratamientos para los cuales se utilizarán los datos.

Artículo 23.- Ejercicio de los derechos del titular y reclamo de ilegalidad. El titular de datos puede ejercer ante el órgano público los derechos de acceso y rectificación que les reconoce esta ley. El titular no podrá cancelar ni oponerse al tratamiento de datos efectuado por un órgano público salvo que el tratamiento realizado sea contrario a las disposiciones de este título.

El ejercicio de los derechos del titular se deberá realizar de acuerdo al procedimiento establecido en el artículo 11 de esta ley, dirigiéndose al jefe superior del servicio. En todo lo no regulado se aplicarán supletoriamente las normas de la ley n° 19.880, que establece bases de los procedimientos administrativos que rigen los actos de la Administración del Estado.

Las personas que se vean afectadas por la resolución de un órgano público, sea que les deniegue el ejercicio de un derecho reconocido en esta ley o adopte una decisión o dicte una acto que infrinja los principios y obligaciones establecidos en ella, causándole perjuicio, podrá deducir un reclamo de ilegalidad ante la Corte de Apelaciones de Santiago o del domicilio de reclamante, a su elección, de conformidad con las normas dispuestas en el artículo 47 de esta ley. El informe a que alude la letra d) del artículo 47 será evacuado por el órgano público reclamado.

Sin perjuicio de lo anterior, la Corte de Apelaciones respectiva podrá requerir informe a la Agencia de Protección de Datos Personales con el objeto de establecer si en las operaciones de tratamiento de datos realizadas por el órgano público hubo o no infracción a los principios y obligaciones establecidos en esta ley.

Artículo 24.- Régimen de excepciones. Las disposiciones de la presente ley no se aplican a los órganos públicos que, actuando en cumplimiento de sus funciones legales y dentro del ámbito de sus competencias, realizan tratamiento de datos personales en los siguientes casos:

a) Cuando efectúen tratamiento de datos que se encuentran protegidos por normas de secreto o confidencialidad establecidas en sus respectivas leyes. Cuando en cumplimiento de una obligación legal un órgano público comunica o cede a otro órgano público datos protegidos por normas de secreto o confidencialidad, el organismo público receptor deberá tratarlos manteniendo la misma obligación de secreto o confidencialidad.

b) Cuando realicen tratamiento de datos personales para la investigación, persecución, enjuiciamiento o sanción de infracciones penales, civiles y administrativas.

c) Cuando efectúen operaciones de tratamiento de datos personales en actividades relacionadas con la seguridad de la nación, la defensa nacional o la mantención del orden público o la seguridad pública.

d) Cuando se haya declarado estado de catástrofe o estado de emergencia, de conformidad a la ley y mientras permanezca vigente la respectiva declaración.

Sin perjuicio de lo señalado en el inciso anterior, los tratamientos de datos personales que realicen los organismos públicos deberán cumplir siempre con los principios de licitud del tratamiento, calidad, seguridad y responsabilidad establecidos en esta ley.

Artículo 25.- Datos relativos a infracciones penales, civiles, administrativas y disciplinarias. Los datos personales relativos a la comisión y sanción de infracciones penales, civiles, administrativas o disciplinarias sólo pueden ser tratados por los organismos públicos para el cumplimiento de sus funciones legales, dentro del ámbito de sus competencias y en los casos expresamente previstos en la ley.

En las comunicaciones o difusión de información que realicen los organismos públicos con ocasión del tratamiento de estos datos personales, deberán velar en todo momento porque la información comunicada o hecha pública sea exacta, suficiente, actual y completa.

No podrán comunicarse o hacerse públicos los datos personales relativos a la comisión y condena de infracciones penales, civiles, administrativas o disciplinarias una vez prescrita la acción penal, civil, administrativa o disciplinaria respectiva o una vez que se haya cumplido o prescrito la pena o la sanción impuesta, lo que deberá ser declarado o constatado por la autoridad pública competente. Lo anterior es sin perjuicio de la incorporación, mantenimiento y consulta de esta información en los registros que llevan los órganos públicos por expresa disposición de la ley, en la forma y por el tiempo previsto en la ley que establece la obligación específica correspondiente. Las personas que se desempeñen en los órganos públicos están obligadas a guardar secreto respecto de esta información, la que deberá ser mantenida como información reservada.

Cuando la ley disponga que la información relativa a la comisión y sanción de infracciones penales, civiles, administrativas y disciplinarias deba hacerse pública a través de su incorporación en un registro de sanciones o su publicación en el sitio web de un órgano público o en cualquier otro medio de comunicación o difusión, sin fijar un período de tiempo durante el cual deba permanecer disponible esta información, se seguirán las siguientes reglas:

a) Respecto de las infracciones penales se aplicarán los mismos plazos establecidos para la eliminación de las anotaciones prontuariales señaladas en el decreto ley n° 409, de 1932 y el decreto n° 64, de 1960, ambos del Ministerio de Justicia.

b) Respecto de las infracciones civiles, administrativas y disciplinarias permanecerán accesibles al público por el período de cinco años.

Exceptúanse de la prohibición de comunicación los casos en que la información sea solicitada por los Tribunales de Justicia u otro organismo público para el cumplimiento de sus funciones legales y dentro del ámbito de su competencia, quienes deben guardar secreto respecto de ella y mantener la debida reserva.

Artículo 26.- Reglamento. Las condiciones para la comunicación o cesión de datos personales entre organismos públicos y con personas u organismos privados, se regularán a través de un reglamento dictado por el Ministerio Secretaría General de la Presidencia, suscrito por el Ministro o Ministra de Hacienda. En este mismo reglamento se regularán los procedimientos de anonimización de los datos personales, especialmente los datos personales sensibles.”.

9) Reemplázase el título V por el siguiente:

“Título V.- De la transferencia internacional de datos personales

Artículo 27.- Reglas aplicables a países con niveles adecuados de protección de datos. Se podrán realizar operaciones y actividades de transferencia internacional de datos personales a personas, entidades u organizaciones sujetas al ordenamiento jurídico de un país que proporcione niveles adecuados de protección de datos.

Se entiende que el ordenamiento jurídico de un país posee niveles adecuados de protección de datos, cuando cumple con estándares similares o superiores a los fijados en esta ley. La Agencia de Protección de Datos Personales determinará los países que poseen niveles adecuados de protección de datos, considerando, a los menos, lo siguiente:

a) El establecimiento de principios para el tratamiento de los datos personales.

b) La existencia de normas que reconozcan y garanticen los derechos de los titulares de datos.

c) La imposición de obligaciones de información y seguridad a los responsables del tratamiento de los datos.

d) La determinación de responsa-bilidades en caso de infracciones.

La transferencia internacional de datos considera las operaciones de comunicación, transmisión o cesión de datos personales, según la necesidad y finalidades del tratamiento.

Artículos 28.- Reglas aplicables a países que no poseen niveles adecuados de protección de datos. Excepcionalmente, se podrán realizar operaciones específicas de transferencia internacional de datos a personas, entidades u organizaciones sujetas al ordenamiento jurídico de países cuyas legislaciones no cumplan con niveles adecuados de protección de datos, en los siguientes casos:

a) Cuando exista consentimiento expreso del titular de datos para realizar una transferencia o transmisión específica y determinada de datos.

b) Cuando se refiera a transferencias internacionales bancarias, financieras o bursátiles específicas y se realicen conforme a la legislación especial que corresponda.

c) Cuando la transferencia se efectúe entre sociedades o entidades que pertenezcan a un mismo grupo empresarial, empresas relacionadas o sujetas a un mismo controlador de acuerdo a las normas de la ley n° 18.045, de Mercado de Valores, siempre que todas ellas operen bajo los mismos estándares y políticas internas en materia de tratamiento de datos personales.

d) Cuando se deban transferir los datos para dar cumplimiento a obligaciones adquiridas en tratados o convenios internacionales que hayan sido ratificados por el Estado chileno y se encuentren vigentes.

e) Cuando la transferencia resulte necesaria por la aplicación de convenios de cooperación, intercambio de información o supervisión que hayan sido suscritos por los órganos del Estado para el cumplimiento de sus funciones y en el ejercicio de sus competencias.

f) Cuando la transferencia o el intercambio de datos haya sido autorizado expresamente por la ley a un organismo público para el cumplimiento de sus funciones legales.

g) Cuando se haga con el objeto de prestar o solicitar auxilio judicial internacional.

h) Cuando sea precisa para el reconocimiento, ejercicio o defensa de un derecho en un proceso judicial.

i) Cuando sea necesario adoptar medidas urgentes en materia médica o sanitaria, para la prevención o diagnóstico de enfermedades, para tratamientos médicos o la gestión de servicios de salud.

Los responsables deberán informar previamente y en forma electrónica a la Agencia de Protección de Datos Personales la transferencia o transmisión internacional de datos. En todos aquellos casos en que sea posible, las operaciones de transferencia o transmisión internacional de datos deberán quedar amparadas por cláusulas contractuales que establezcan los derechos y garantías de los titulares y las obligaciones de los responsables.

Cuando no se verifique ninguna de las circunstancias señaladas en las letras anteriores, la Agencia de Protección de Datos Personales podrá autorizar la transferencia o transmisión internacional de datos, siempre que el transmisor y el receptor de los datos otorguen las garantías adecuadas en relación con la protección de los derechos de las personas que son titulares de estos datos. La Agencia de Protección de Datos Personales podrá imponer condiciones previas para que se verifique la transferencia.

Artículos 29.- Exclusiones, comunicaciones y fiscalización.- No se considera transferencia internacional de datos personales cuando un responsable efectúa operaciones de tratamiento a través de un tercero sujeto a la legislación de otro país, siempre que ese tercero efectúe las operaciones de tratamiento por encargo y bajo las instrucciones del responsable de datos de acuerdo a lo establecido en el artículo 15 bis de esta ley.

El mandato o encargo señalado en el inciso anterior deberá constar a través de un contrato escrito. La realización de estas operaciones deberá ser comunicada previamente y en forma electrónica a la Agencia de Protección de Datos Personales.

La Agencia de Protección de Datos Personales fiscalizará las operaciones de transferencia o transmisión internacional de datos, pudiendo formular recomendaciones, adoptar medidas conservativas y en casos calificados, suspender temporalmente el envío de los datos.”.

10) Intercálanse los siguientes títulos VI, VII y VIII, nuevos:

“Título VI.- De la Agencia de Protección de Datos Personales

Artículo 30.- Agencia de Protección de Datos Personales. Créase la Agencia de Protección de Datos Personales, organismo público, de carácter técnico, descentralizado, con personalidad jurídica y patrimonio propio, encargado de velar por el cumplimiento de la normativa relativa al tratamiento de los datos personales y su protección, sometido a la supervigilancia del Presidente de la República a través del Ministerio de Hacienda y afecto al Sistema de Alta Dirección Pública establecido en la ley n° 19.882.

El domicilio de la Agencia de Protección de Datos Personales será la ciudad de Santiago.

Artículo 31.- Funciones y atribuciones. La Agencia de Protección de Datos Personales tendrá las siguientes funciones y atribuciones:

a) Dictar instrucciones y normas generales y obligatorias con el objeto de regular las operaciones de tratamiento de datos personales conforme a los principios establecidos en esta ley, salvo aquellos tratamientos de datos regidos por leyes especiales y sujetos a la potestad normativa de otro órgano público. Las instrucciones y normas generales que dicte la Agencia de Protección de Datos Personales deberán ser emitidas previa consulta pública efectuada a través de la página web institucional.

b) Prestar asistencia técnica, cuando le sea requerida, al Congreso Nacional, al Poder Judicial, a la Contraloría General de la República, al Ministerio Público, al Tribunal Constitucional, al Banco Central, al Servicio Electoral, a la Justicia Electoral y los demás tribunales especiales creados por ley, en la dictación y ejecución de las políticas y normas internas de estos organismos, con el objeto que sus operaciones y actividades de tratamiento de datos personales se realicen conforme a los principios y obligaciones establecidos en esta ley.

c) Fiscalizar el cumplimiento de las disposiciones de esta ley respecto de las operaciones y actividades de tratamiento de datos personales.

d) Requerir a quienes realicen tratamiento de datos personales la información que fuere necesaria para el cumplimiento de sus funciones normativas y fiscalizadoras.

e) Resolver los reclamos que formulen los titulares de datos en contra de los responsables de datos por infracción a esta ley, sus reglamentos o las instrucciones y normas generales dictadas por la Agencia de Protección de Datos Personales.

f) Ejercer la potestad sancionadora sobre las personas naturales o jurídicas, salvo los órganos públicos, que traten datos personales con infracción a esta ley e imponer las sanciones establecidas en ella.

g) Determinar las infracciones e incumplimientos en que incurran los órganos públicos en sus operaciones de tratamiento de datos, respecto de los principios y obligaciones establecidos en esta ley.

h) Requerir a la Contraloría General de la República que instruya los procedimientos administrativos competentes con el objeto de establecer las responsabilidades administrativas y aplicar las sanciones respectiva, al jefe superior del órgano público y a sus funcionarios, según corresponda, por infracción a los principios y obligaciones establecidos en esta ley.

i) Desarrollar programas, proyectos y acciones de difusión, promoción e información a la ciudadanía, en relación al respeto y protección del derecho a la vida privada y a la protección de sus datos personales.

j) Colaborar con los órganos públicos en el diseño e implementación de políticas y acciones destinadas a velar por la protección de los datos personales y su correcto tratamiento.

k) Celebrar convenios de cooperación y prestación de servicios con órganos públicos y desarrollar programas de asistencia técnica.

l) Participar, recibir cooperación y colaborar con organismos públicos internacionales en materias propias de su competencia.

m) Solicitar la representación judicial de sus intereses al Consejo de Defensa del Estado de conformidad a la ley.

n) Certificar, registrar y supervisar los modelos de prevención de infracciones y los programas de cumplimiento y administrar el Registro Nacional de Cumplimiento y Sanciones.

o) Ejercer las demás funciones y atribuciones que la ley le encomiende.

Artículo 32.- Coordinación regulatoria. Cuando la Agencia de Protección de Datos Personales deba dictar una instrucción o norma de carácter general y obligatoria que pueda tener efectos en los ámbitos de competencia del Consejo para la Transparencia, de acuerdo a las funciones y atribuciones señaladas en la ley n° 20.285, le remitirá todos los antecedentes y requerirá de éste un informe para efectos de evitar o precaver conflictos de normas y asegurar la coordinación, cooperación y colaboración entre ambos órganos.

El Consejo para la Transparencia deberá evacuar el informe solicitado dentro del plazo de treinta días corridos, contado desde la fecha en que hubiere recibido el requerimiento a que se refiere el inciso precedente.

La Agencia de Protección de Datos Personales considerará el contenido de la opinión del Consejo para la Transparencia expresándolo en la motivación de la instrucción o norma que dicte, de conformidad a lo dispuesto en el artículo 41 de la ley n° 19.880. Transcurrido el plazo sin que se hubiere recibido el informe, se procederá conforme al inciso segundo del artículo 38 de dicha ley.

A su vez, cuando el Consejo para la Transparencia deba dictar una instrucción general que tenga claros efectos en los ámbitos de competencia de la Agencia de Protección de Datos Personales, de acuerdo a las funciones y atribuciones señaladas en esta ley, el Consejo remitirá los antecedentes y requerirá informe a la Agencia de Protección de Datos Personales, quien deberá evacuarlo en el plazo de treinta días corridos, contado desde la fecha en que hubiere recibido el requerimiento. El Consejo considerará el contenido de la opinión de la Agencia de Protección de Datos Personales expresándolo en la motivación de la instrucción general que dicte al efecto.

Artículo 33.- Del Director o Directora de la Agencia de Protección de Datos Personales. La dirección y administración superior de la Agencia de Protección de Datos Personales estará a cargo de un Director o Directora, quien será el jefe superior del Servicio, nombrado por el Presidente de la República conforme al Sistema de Alta Dirección Pública regulado en el título VI de la ley n° 19.882, afecto al primer nivel jerárquico.

Son funciones y atribuciones del Director o Directora las siguientes:

a) Velar por el respeto, defensa y protección de los derechos y libertades de las personas que son titulares de datos, en particular el derecho a la vida privada, promoviendo una cultura de información, educación y participación ciudadana de acuerdo a los principios y derechos establecidos en esta ley.

b) Fiscalizar y supervigilar el tratamiento de los datos personales que realicen las personas naturales y jurídicas con el objeto que cumplan los principios y obligaciones establecidos en esta ley.

c) Asesorar al Ministro o Ministra de Hacienda en el estudio y proposición de las reformas legales aplicables al tratamiento de los datos personales y su protección.

d) Interpretar administrativamente las disposiciones legales en materia de protección y tratamiento de datos personales, dictar normas generales e impartir instrucciones para su aplicación y fiscalización.

e) Absolver las consultas sobre la aplicación e interpretación de las normas relativas a la protección de datos y su tratamiento que formulen las personas naturales y jurídicas.

f) Planificar las labores de fiscalización de la Agencia de Protección de Datos Personales y desarrollar políticas y programas que promuevan la prevención y la autorregulación.

g) Dirigir, organizar, planificar y coordinar el funcionamiento de la Agencia de Protección de Datos Personales; dictar las órdenes necesarias para una marcha expedita de ésta y supervigilar el cumplimiento de las instrucciones que imparta.

h) Representar a la Agencia de Protección de Datos Personales en todos los asuntos que le competan, incluidos recursos judiciales y los recursos extraordinarios que se interpongan en contra de la Dirección con motivo de actuaciones administrativas o jurisdiccionales.

i) Presentar al Ministerio de Hacienda, antes del 31 de marzo de cada año, una memoria anual sobre la marcha de la Agencia de Protección de Datos Personales.

j) Proponer al Presidente de la República, por intermedio del Ministerio de Hacienda, las medidas que, a su juicio, convenga adoptar para la mejor marcha de la Agencia de Protección de Datos Personales y desarrollar todas las iniciativas tendientes a tal fin.

Artículo 34.- Incompatibilidades e Inhabilidades. El desempeño del cargo de Director o Directora exige dedicación exclusiva y es incompatible con el desempeño de todo otro cargo o servicio, sea o no remunerado, que se preste en el sector privado. Asimismo, este cargo es incompatible con todo otro empleo o servicio retribuido con fondos fiscales o municipales, y con las funciones, remuneradas o no, de consejero, director o trabajador de instituciones públicas, organismos autónomos nacionales o extranjeros, empresas del Estado y, en general, de todo servicio público creado por ley, como, asimismo, de empresas, sociedades o entidades públicas o privadas en que el Estado, sus empresas, sociedades o instituciones centralizadas o descentralizadas, tengan aportes de capital mayoritario o en igual proporción o en las mismas condiciones, representación o participación. También es incompatible con cualquier otro servicio o empleo remunerado o gratuito en otros poderes del Estado.

El cargo de Director o Directora es compatible con el desempeño de cargos docentes en instituciones públicas o privadas reconocidas por el Estado, hasta un máximo de doce horas semanales. Del mismo modo, el Director o Directora puede desempeñarse en corporaciones o fundaciones, públicas o privadas, nacionales o extranjeras, siempre que en ellas no perciba remuneración y su desempeño no sea incompatible con sus funciones.

El o la cónyuge o conviviente civil del Director o Directora y sus parientes hasta el segundo grado de consanguinidad inclusive, no podrán ser director o directora ni tener participación en la propiedad de una empresa cuyo objeto o giro comercial verse sobre recolección, tratamiento o comunicación de datos personales.

En todo lo no expresamente regulado en este artículo, regirán las normas del párrafo 2 del título III de la ley nº 18.575, Orgánica Constitucional de Bases Generales de la Administración del Estado, cuyo texto refundido, coordinado y sistematizado fue fijado por el decreto con fuerza de ley n° 1-19653, de 2000, del Ministerio Secretaría General de la Presidencia.

Artículo 35.- Del personal. El personal de la Agencia de Protección de Datos Personales estará afecto a las disposiciones de la ley n° 18.834, sobre Estatuto Administrativo, cuyo texto refundido, coordinado y sistematizado fue fijado por el decreto con fuerza de ley n° 29, de 2004, y en materia de remuneraciones, a las normas del decreto ley n° 249, de 1974, que fija Escala Única de Sueldos, y su legislación complementaria.

En caso de ejercerse acciones judiciales por actos formales, acciones u omisiones producidos en el ejercicio de su cargo, en contra del personal de la Agencia de Protección de Datos Personales, incluido su Director o Directora, la Agencia de Protección de Datos Personales deberá proporcionarles defensa jurídica. Esta defensa se extenderá a todas aquellas acciones que se inicien en su contra por los motivos señalados, incluso después de haber cesado en el cargo.

Artículo 36.- Del patrimonio. El patrimonio de la Agencia de Protección de Datos Personales estará formado por:

a) El aporte que se contemple anualmente en la Ley de Presupuestos de la Nación.

b) Los bienes muebles e inmuebles que se le transfieran o que adquieran a cualquier título y por los frutos que de ellos se perciban.

c) Las donaciones que la Agencia de Protección de Datos Personales acepte. Las donaciones no requerirán del trámite de insinuación judicial a que se refiere el artículo 1401 del Código Civil.

d) Las herencias y legados que la Agencia de Protección de Datos Personales acepte, lo que deberá hacer siempre con beneficio de inventario. Dichas asignaciones estarán exentas de toda clase de impuestos y de todo gravamen o pago que les afecten.

e) Los aportes de la cooperación internacional.

Título VII.- De las infracciones y sus sanciones, de los procedimientos y de las responsabilidades de los responsables de datos

Artículo 37.- Régimen general de responsabilidad. El responsable de datos, sea una persona natural o jurídica, de derecho público o privado, que en sus operaciones de tratamiento de datos personales infrinja los principios y obligaciones establecidos en esta ley, será sancionado de conformidad con las normas del presente título.

Párrafo Primero.- De la responsabilidad por infracciones a la presente ley

Artículo 38.- Infracciones leves, graves y gravísimas. Las infracciones a los principios y obligaciones establecidos en esta ley cometidas por los responsables de datos se califican, atendida su gravedad, en leves, graves y gravísimas.

Se consideran infracciones leves las siguientes:

a) El incumplimiento total o parcial del deber de información y transparencia.

b) No disponer de una dirección de correo electrónico o de un medio electrónico equivalente, actualizado y operativo, a través del cual los titulares de datos puedan dirigir sus comunicaciones o ejercer sus derechos.

c) No responder o responder fuera de plazo las solicitudes formuladas por el titular de datos en conformidad a esta ley.

d) No informar o no remitir a la Agencia de Protección de Datos Personales las comunicaciones previstas en esta ley o en sus reglamentos.

e) No dar cumplimiento a las instrucciones impartidas por la Agencia de Protección de Datos Personales que no estén sancionadas específicamente como infracción grave o gravísima.

f) No efectuar el bloqueo temporal de los datos personales del titular cuando éste lo haya solicitado fundadamente o denegar la solicitud sin causa justificada.

g) Impedir el ejercicio legítimo del derecho a la portabilidad de los datos personales del titular.

h) Cometer cualquier otra infracción a los principios, deberes y obligaciones establecidas en esta ley que no sea calificada como una infracción grave o gravísima.

Se consideran infracciones graves las siguientes:

a) Tratar los datos personales sin contar con el consentimiento previo del titular de datos o sin la habilitación legal correspondiente o tratarlos con una finalidad distinta de aquélla para la cual fueron recolectados.

b) Comunicar o ceder datos personales sin el consentimiento del titular o cederlos para un fin distinto del autorizado por el titular.

c) Vulnerar en las operaciones de tratamiento de datos que realice, en forma manifiesta, los principios de proporcionalidad, calidad, seguridad y responsabilidad.

d) Realizar tratamiento de datos personales sensibles y de datos personales de niños, niñas y adolescentes con infracción a las normas previstas en esta ley.

e) Realizar tratamiento de datos personales sin cumplir los requisitos establecidos para las fundaciones, asociaciones o cualquier otra entidad que no persiga fines de lucro y cuya finalidad sea política, filosófica, religiosa, cultural, deportiva, sindical o gremial, respecto de los datos de sus asociados.

f) Vulnerar el deber de secreto o confidencialidad establecido en el artículo 14 bis.

g) Impedir u obstaculizar el ejercicio legítimo de los derechos de acceso, rectificación, cancelación u oposición del titular.

h) No adoptar las medidas de seguridad que resulten adecuadas, necesarias y oportunas para el tratamiento de datos y que se encuentren previstas en esta ley, en el reglamento respectivo o en las instrucciones de la Agencia de Protección de Datos Personales.

i) No efectuar las comunicaciones o no realizar los registros correspondientes en los casos de vulneración de las medidas de seguridad, según lo establecido en el artículo 14 quinquies.

j) Realizar operaciones de transferencia internacional de datos en contravención a las normas previstas en esta ley.

k) Adoptar medidas de calidad y seguridad insuficientes o no idóneas para el tratamiento de datos personales con fines históricos, estadísticos o científicos y para estudios o investigaciones que atiendan fines de interés público.

l) Entregar información falsa, incompleta o manifiestamente errónea en el proceso de registro o certificación del modelo de prevención de infracciones.

m) Recolectar maliciosamente a través de niños, niñas o adolescentes datos personales de integrantes de su grupo familiar.

n) No dar cumplimiento a las instrucciones específicas y directas que le haya impartido la Agencia de Protección de Datos Personales.

Se consideran infracciones gravísimas las siguientes:

a) Efectuar tratamiento de datos personales de manera manifiestamente fraudulenta.

b) Destinar maliciosamente los datos personales a una finalidad distinta de la consentida por el titular o prevista en la ley que autoriza su tratamiento.

c) Comunicar, transmitir o ceder a terceros, a sabiendas, información no veraz, incompleta, inexacta o desactualizada del titular de datos.

d) Vulnerar, a sabiendas, el deber de secreto o confidencialidad sobre los datos personales sensibles y datos personales relativos a la comisión y sanción de infracciones penales, civiles, administrativas y disciplinarias.

e) Comunicar o ceder a terceros, a sabiendas, datos personales sensibles sin el consentimiento del titular y en contravención a las normas dispuestas en el párrafo segundo del título II de esta ley.

f) Tratar datos personales sensibles con manifiesta falta de diligencia o cuidado.

g) No comunicar oportunamente, habiendo estado en conocimiento de ello y disponiendo de los medios para hacerlo, la vulneración de la medidas de seguridad que puedan afectar la confidencialidad, disponibilidad o integridad de los datos personales.

h) Actuar con falta de diligencia o cuidado en la protección de los datos personales que conciernen a los niños, niñas y adolescentes, especialmente respecto de quienes pesa la obligación especial de cuidado de esta información y que con ocasión de ello, se han efectuado tratamientos de datos de niños, niñas y adolescentes con infracción a las normas de esta ley.

Artículo 39.- Sanciones. Las sanciones a las infracciones en que incurran los responsables de datos serán las siguientes:

a) Las infracciones leves serán sancionadas con amonestación escrita o multa de 1 a 50 unidades tributarias mensuales.

b) Las infracciones graves serán sancionadas con multa de 51 a 500 unidades tributarias mensuales.

c) Las infracciones gravísimas serán sancionadas con multa de 501 a 5.000 unidades tributarias mensuales.

Artículo 40.- Determinación del monto de las multas. La cuantía de la multa, dentro del rango asignado para cada tipo de infracción, será determinada por la Agencia de Protección de Datos Personales teniendo en cuenta los siguientes criterios:

a) La conducta realizada por el responsable y la naturaleza de la infracción.

b) Si la conducta fue realizada por el responsable de datos con falta de diligencia o cuidado, a sabiendas o maliciosamente.

c) Si el infractor es una persona natural o jurídica.

d) Si se trata de una fundación, asociación o cualquier otra entidad que no persiga fines de lucro y cuya finalidad sea política, filosófica, religiosa, sindical o gremial.

e) En el caso de las empresas se debe tener en cuenta el monto de las ventas de la empresa infractora conforme a lo dispuesto en el artículo 16 de la ley nº 20.416.

f) El perjuicio producido con motivo de la infracción, especialmente el número de titulares de datos que se vieron afectados.

g) Los beneficios obtenidos por el responsable a consecuencia de la infracción.

h) La conducta anterior del responsable, la reiteración de los hechos y el carácter continuado de la infracción.

i) La existencia de circunstancias atenuantes de responsabilidad o de atenuantes calificadas.

Cuando concurran circunstancias atenuantes, la Agencia de Protección de Datos Personales estará autorizada para rebajar la sanción que corresponda a la infracción cometida dentro del rango respectivo o aplicar la sanción prevista para una infracción de menor gravedad. Cuando concurran atenuantes calificadas de responsabilidad, la Agencia de Protección de Datos Personales podrá, además, exonerar la conducta del infractor. En caso que exista reiteración o reincidencia, la Agencia de Protección de Datos Personales puede aplicar una multa de hasta tres veces el monto señalado en el artículo anterior, según corresponda al tipo de infracción cometida.

Se entenderá que hay reiteración o reincidencia, cuando existan dos o más sanciones ejecutoriadas impuestas en virtud de la presente ley, en un período de 24 meses.

En caso que se verifique la concurrencia de dos o más infracciones de la misma naturaleza, se aplicará la sanción correspondiente a la infracción más grave, estimándose los hechos constitutivos de una sola infracción. Si atendida la naturaleza y gravedad de las infracciones, éstas no pueden estimarse como una sola, se acumularán las sanciones correspondientes a cada una de las infracciones concurrentes.

Artículo 41.- Atenuantes de responsabilidad. Se consideran circunstancias atenuantes de responsabilidad las acciones unilaterales de reparación que realice el responsable de datos y los acuerdos reparatorios convenidos con los titulares de datos afectados.

Constituyen también atenuantes de responsabilidad la conducta anterior del responsable de datos y la colaboración que preste en la investigación administrativa que practique la Agencia de Protección de Datos Personales. Si el infractor detecta que ha cometido o está cometiendo una infracción a los principios y obligaciones que establece esta ley, podrá autodenunciarse ante la Agencia de Protección de Datos Personales. En esa misma oportunidad, el infractor deberá comunicar las medidas adoptadas para el cese de los hechos que originaron la infracción o las medidas de mitigación adoptadas, según corresponda. La autodenuncia será considerada como una atenuante calificada de responsabilidad.

También constituye una atenuante calificada de responsabilidad que el responsable acredite haber cumplido diligentemente sus deberes de dirección y supervisión para la protección de los datos personales sujetos a tratamiento, lo que se verificará con el certificado expedido de acuerdo a lo dispuesto en el artículo 53 de esta ley.

Artículo 42.- Sanciones accesorias. En caso que se impongan multas por infracciones graves o gravísimas reiteradas y existan circunstancias debidamente justificadas, la Agencia de Protección de Datos Personales podrá disponer la suspensión de las operaciones de tratamiento de datos por parte del responsable de datos hasta por un término de 30 días.

Durante el período de suspensión, el responsable de datos deberá adoptar las medidas necesarias a objeto de adecuar sus operaciones de tratamiento a las exigencias establecidas en la presente ley, de acuerdo a lo dispuesto en la resolución de la Agencia de Protección de Datos Personales que ordenó la suspensión.

Si el responsable no da cumplimiento a lo dispuesto en la resolución de suspensión, esta medida se podrá prorrogar por otros 30 días, hasta completar un período máximo de 6 meses de suspensión. De persistir el incumplimiento, el responsable no podrá volver a desarrollar actividades de tratamiento de datos personales.

Cuando la suspensión afecte a una entidad sujeta a supervisión por parte de un organismo público de carácter fiscalizador, la Agencia de Protección de Datos Personales deberá previamente poner los antecedentes en conocimiento de la autoridad regulatoria correspondiente y coordinar con ella la aplicación de la sanción con el objeto de no afectar a los usuarios del servicio que será suspendido.

Artículo 43.- Registro Nacional de Cumplimiento y Sanciones. Créase el Registro Nacional de Cumplimiento y Sanciones administrado por la Agencia de Protección de Datos Personales. El registro será público y su acceso gratuito. Se consultará y llevará en forma electrónica.

En este registro se deberán consignar a los responsables de datos que hayan sido sancionados por infringir los principios y obligaciones establecidos de esta ley, señalar la conducta infraccionada, las circunstancias atenuantes y agravantes de responsabilidad y la sanción impuesta.

Las anotaciones en el registro serán de acceso público por el período de 5 años a contar de la fecha en que se practicó la anotación.

Artículo 44.- Prescripción. Las infracciones previstas en esta ley prescriben en el plazo de tres años, contado desde la ocurrencia del hecho que originó la infracción.

En caso de infracciones continuadas, el plazo de prescripción se contará desde el día en que la infracción haya cesado.

Se interrumpe la prescripción con la notificación del inicio del procedimiento administrativo correspondiente.

Las sanciones que se impongan por una infracción a la presente ley prescriben en el plazo de dos años, contados desde la fecha en que la resolución que impone la sanción quede ejecutoriada. Las acciones establecidas en esta ley prescribirán en el plazo de tres años.

Las acciones civiles que deriven de una infracción a la presente ley prescribirán en el plazo de tres años, contado desde que se encuentre ejecutoriada la resolución administrativa o la sentencia judicial, según sea el caso, que imponga la multa respectiva.

Párrafo Segundo.- De los procedimientos administrativos

Artículo 45.- Procedimiento administrativo de tutela de derechos. El titular de datos podrá reclamar ante la Agencia de Protección de Datos Personales cuando el responsable le haya denegado, en forma expresa o tácita, una solicitud en que ejerce cualquiera de los derechos que le reconoce esta ley.

La reclamación presentada se tramitará conforme a las siguientes reglas:

a) Deberá ser presentada por escrito, dentro del plazo de 10 días contado desde que reciba la respuesta negativa del responsable de datos o haya vencido el plazo que disponía el responsable para responder el requerimiento formulado por el titular. La reclamación deberá señalar la decisión impugnada, acompañar todos los antecedentes en que se funda e indicar una dirección de correo electrónico donde se practicarán las notificaciones.

b) Recibido el reclamo, la Agencia de Protección de Datos Personales, dentro de los 3 días siguientes, deberá determinar si éste cumple con los requisitos establecidos en la letra anterior para ser acogido a tramitación. La resolución de la Agencia de Protección de Datos Personales que no acoja a trámite la reclamación deberá ser fundada y se notificará al titular.

c) Acogido el reclamo a tramitación, la Agencia de Protección de Datos Personales notificará al responsable de datos, quien dispondrá de un plazo de 10 días para responder la reclamación, acompañando todos los antecedentes que estime pertinentes. Las notificaciones que se practiquen al responsable se realizarán a la dirección de correo electrónico a que alude la letra c) del artículo 14 ter.

d) Vencido este plazo, haya o no contestado el responsable de los datos, y sólo si existen hechos sustanciales, pertinentes y controvertidos, se abrirá un término probatorio de 7 días en el cual las partes pueden hacer valer todos los medios de prueba que estimen convenientes.

e) El responsable de datos en su respuesta podrá allanarse a la reclamación, en cuyo caso deberá acompañar los antecedentes o testimonios que acrediten esta circunstancia. Verificado lo anterior y notificado el titular de datos, la Agencia de Protección de Datos Personales procederá al archivo de los antecedentes, previa aplicación de la sanción, cuando correspondiere.

f) La Agencia de Protección de Datos Personales tendrá amplias facultades para solicitar antecedentes o informes que contribuyan a su resolución. Puede, asimismo, instar a las partes a alcanzar un acuerdo. Logrado un acuerdo, se archivarán los antecedentes.

g) La resolución del reclamo debe dictarse por la Agencia de Protección de Datos Personales dentro del plazo de 10 días desde recibida la respuesta del responsable de datos o desde el vencimiento de este plazo en caso que no haya respondido, o desde el término del período probatorio, según corresponda. La resolución que resuelva el reclamo deberá ser fundada.

h) En contra de esta resolución sólo procede el recurso de reposición, el que deberá ser interpuesto dentro del plazo de 5 días contado desde su notificación. La resolución que resuelva el recurso de reposición debe dictarse en el plazo de 5 días y será reclamable judicialmente dentro del plazo de 15 días, a través del procedimiento establecido en el artículo 47.

i) La interposición del reclamo administrativo suspende las operaciones de tratamiento o cesión de los datos personales que son objeto de la reclamación.

En todo lo no previsto en este artículo se aplicarán supletoriamente y en lo que corresponda las normas de la ley nº 19.880.

Artículo 46.- Procedimiento administrativo por infracción de ley. El procedimiento sancionatorio por las infracciones que cometan los responsables de datos por incumplimiento o vulneración de los principios y obligaciones establecidas en esta ley será instruido por la Agencia de Protección de Datos Personales conforme a las siguientes reglas:

a) La Agencia de Protección de Datos Personales podrá iniciar un procedimiento sancionatorio de oficio, a petición de parte, como resultado de un proceso de fiscalización o a consecuencia de una reclamación presentada por un titular de datos en virtud del procedimiento establecido en el artículo 45 de esta ley.

b) La Agencia de Protección de Datos Personales deberá presentar una formulación de cargos en contra del responsable de datos en que describa los hechos que configuran la infracción, los principios y obligaciones incumplidos o vulnerados por el responsable, las normas legales infringidas y cualquier otro antecedente que sirva para sustentar la formulación.

c) La formulación de cargos debe notificarse al responsable de datos a la dirección de correo electrónico señalada en la letra c) del artículo 14 ter.

d) El responsable de datos tiene un plazo de 10 días para presentar sus descargos. En esa oportunidad el responsable de datos puede acompañar todos los antecedentes que estime pertinente para desacreditar los hechos imputados. Junto con los descargos, el responsable podrá fijar una dirección de correo electrónico distinta a la señalada en la letra c) del artículo 14 para la realización de las demás comunicaciones y notificaciones.

e) Recibidos los descargos o transcurrido el plazo otorgado para ello, la Agencia de Protección de Datos Personales podrá abrir un término probatorio de 7 días, en el caso que existan hechos sustanciales, pertinentes y controvertidos.

f) La Agencia de Protección de Datos Personales dará lugar a las medidas o diligencias probatorias que solicite el responsable en sus descargos, siempre que sean pertinentes y necesarias. En caso de rechazo, deberá fundar su resolución.

g) Los hechos investigados y las responsabilidades de los presuntos infractores pueden acreditarse mediante cualquier medio de prueba admisible en derecho, los que se apreciarán de acuerdo a las reglas de la sana crítica.

h) La Agencia de Protección de Datos Personales tendrá amplias facultades para solicitar antecedentes o informes que contribuyan a su resolución.

i) La resolución que ponga fin al procedimiento sancionatorio debe ser fundada y resolver todas las cuestiones planteadas en el expediente, pronunciándose sobre cada una de las alegaciones y defensas formuladas por el responsable de datos, y contendrá la declaración de haberse configurado el incumplimiento o vulneración de los principios y obligaciones establecidos en la ley por el responsable o su absolución, según corresponda. En caso que la Agencia de Protección de Datos Personales considere que se ha verificado la infracción, en la misma resolución ponderará las circunstancias que agravan o atenúan la responsabilidad del infractor e impondrá la sanción, de acuerdo a la gravedad de la infracción cometida. Esta resolución debe dictarse dentro de los 20 días siguientes de recibidos los descargos, o desde el vencimiento de este plazo, en caso que el responsable no haya respondido, o desde el término del probatorio, según corresponda.

j) La resolución que establezca el incumplimiento o vulneración a los principios y obligaciones de esta ley y aplique la sanción correspondiente debe ser fundada. Esta resolución debe indicar también los recursos administrativos y judiciales que procedan contra ella en conformidad a esta ley, los órganos ante los que deben presentarse y el plazo para su interposición.

k) En contra de esta resolución sólo procede el recurso de reposición que debe ser interpuesto dentro del plazo de 5 días, contado desde la notificación respectiva. La resolución que resuelva el recurso de reposición debe dictarse en el plazo de 10 días y será reclamable judicialmente conforme al artículo siguiente.

En todo lo no previsto en este artículo se aplicarán supletoriamente y en lo que corresponda, las normas de la ley nº 19.880.

Párrafo Tercero.- Del procedimiento de reclamación judicial

Artículo 47.- Reclamación judicial. Las personas naturales o jurídicas que se vean afectadas por una resolución final o de término de la Agencia de Protección de Datos Personales podrán deducir un reclamo de ilegalidad ante la Corte de Apelaciones de Santiago o la del lugar donde se encuentre domiciliado el reclamante, a elección de este último. El reclamo deberá interponerse dentro de los 15 días siguientes a la notificación de la resolución impugnada, según las siguientes reglas:

a) El reclamante señalará en su escrito, con precisión, la resolución objeto del reclamo, la o las normas legales que se suponen infringidas, la forma en que se ha producido la infracción y, cuando procediere, las razones por las cuales el acto le perjudica. Si la reclamación no cumple con estos requisitos, la Corte podrá declararla inadmisible.

b) El titular de datos o el responsable de los mismos, según corresponda, podrá hacerse parte en el respectivo reclamo de conformidad a las normas generales.

c) La Corte podrá decretar orden de no innovar cuando la ejecución del acto impugnado produzca un daño irreparable al recurrente.

d) Recibida la reclamación, la Corte requerirá de informe a la Agencia de Protección de Datos Personales, concediéndole un plazo de diez días al efecto.

e) Evacuado el traslado o teniéndosele por evacuado en rebeldía, la Corte podrá abrir un término de prueba, si así lo estima necesario, el que se regirá por las reglas de los incidentes que contempla el Código de Procedimiento Civil.

f) Vencido el término de prueba, se ordenará traer los autos en relación. La vista de esta causa gozará de preferencia para su inclusión en la tabla.

g) Si la Corte da lugar al reclamo en su sentencia decidirá u ordenará, según sea procedente, la rectificación del acto impugnado y la dictación de la respectiva resolución, según corresponda.

h) Tratándose de reclamaciones en contra de una resolución que resuelve un procedimiento sancionatorio, la Corte podrá confirmar o revocar la resolución impugnada, establecer o desechar la comisión de la infracción, según corresponda y, mantener, dejar sin efecto o modificar la sanción impuesta al responsable.

i) En todo aquello no regulado por el presente artículo, regirán las normas establecidas en el Código Orgánico de Tribunales y en el Código de Procedimiento Civil, según corresponda.

Párrafo Cuarto.- De la responsabilidad de los órganos públicos, de la autoridad o jefe superior del órgano y de sus funcionarios

Artículo 48.- Responsabilidad administrativa de la autoridad o jefe superior del órgano público. La autoridad o jefe superior de un órgano público debe velar para que el órgano respectivo realice el tratamiento de los datos personales con arreglo a los principios y obligaciones establecidos en el título IV de esta ley.

Las infracciones a los principios y obligaciones establecidos en esta ley por parte del órgano público serán sancionadas con multa de 20% a 50% de la remuneración mensual de la autoridad o jefe superior del órgano público infractor. La cuantía de la multa se determinará considerando la gravedad de la infracción, la naturaleza de los datos tratados y el número de titulares afectados.

Si el órgano público persiste en la infracción, se le aplicará a la autoridad o jefe superior del órgano público el duplo de la sanción originalmente impuesta y la suspensión en el cargo por un lapso de cinco días.

Tratándose de datos personales sensibles, la multa será del 50% de la remuneración mensual de la autoridad o jefe superior del órgano público y procederá la suspensión en el cargo de hasta treinta días.

Las infracciones en que incurra un órgano público en el tratamiento de los datos personales serán determinadas por la Agencia de Protección de Datos Personales, en virtud de una fiscalización de oficio o como resultado de un reclamo o denuncia presentada por un particular.

Las sanciones administrativas señaladas en este artículo serán aplicadas por la Contraloría General de la República, previa instrucción de una investigación sumaria, de acuerdo a las normas de su ley orgánica. El procedimiento administrativo correspondiente podrá ser iniciado directamente por la Contraloría General de la República o a requerimiento de la Agencia de Protección de Datos Personales. En la investigación administrativa la Contraloría General de la República deberá tomar en consideración el informe emanado de la Agencia de Protección de Datos Personales.

En la determinación de la responsabilidad administrativa de la autoridad o jefe superior del órgano público se deben considerar las circunstancias que atenúan su responsabilidad, especialmente la establecida en el inciso final del artículo 41.

Las sanciones previstas en este artículo deberán ser publicadas en el sitio web de la Agencia de Protección de Datos Personales y del respectivo órgano o servicio, conforme al artículo 7 de la ley de Transparencia de la Función Pública y de Acceso a la Información de la Administración del Estado, contenida en el artículo primero de la ley n° 20.285, dentro del plazo de cinco días hábiles, contados desde que la respectiva resolución quede firme.

Artículo 49.- Responsabilidad del funcionario infractor. Sin perjuicio de lo dispuesto en el artículo anterior, si en el informe elaborado por la Agencia de Protección de Datos Personales o en el procedimiento de investigación sumaria o en el sumario administrativo que instruye la Contraloría General de la República, se determina que existen responsabilidades individuales de uno o más funcionarios del órgano público, la Contraloría General de la República iniciará una investigación sumaria para determinar las responsabilidades de dichos funcionarios o lo hará en el procedimiento administrativo ya iniciado. Las sanciones a los funcionarios infractores serán determinadas de conformidad a lo dispuesto en la ley n° 18.834.

En caso que el procedimiento administrativo correspondiente determine que cualquiera de los funcionarios involucrados es responsable de alguna de las infracciones graves o gravísimas señaladas en el artículo 38 de esta ley, esta conducta se considerará una falta grave a la probidad administrativa. En tales circunstancias, se podrá multar a estos funcionarios por hasta el doble del beneficio pecuniario obtenido mediante la infracción. En el evento de que no sea posible determinar el beneficio económico obtenido por los infractores, se podrá aplicar una multa de hasta el 50% de la remuneración mensual del funcionario.

Artículo 50.- Deberes de reserva y confidencialidad. Los funcionarios de los órganos públicos que traten datos personales, y especialmente cuando se refieran a datos personales sensibles o datos relativos a la comisión y sanción de infracciones penales, civiles, administrativas y disciplinarias, deben guardar secreto o confidencialidad respecto de la información que tomen conocimiento en el ejercicio de sus cargos y abstenerse de usar dicha información con una finalidad distinta de la que corresponda a las funciones legales del órgano público respectivo, o utilizarla en beneficio propio o de terceros. Para efectos de lo dispuesto en el inciso segundo del artículo 125 de la ley n° 18.834, se estimará que los hechos que configuran infracciones a esta disposición vulneran gravemente el principio de probidad administrativa, sin perjuicio de las demás sanciones y responsabilidades que procedan.

Párrafo Quinto.- De la responsabilidad civil

Artículo 51.- Norma general. El responsable de datos deberá indemnizar el daño patrimonial y moral que cause al o los titulares, cuando en sus operaciones de tratamiento de datos infrinja los principios y obligaciones establecidos en esta ley y les cause daño, sin perjuicio de los demás derechos que concede esta ley al o los titulares de datos.

La acción indemnizatoria señalada en el inciso anterior podrá interponerse una vez ejecutoriada la resolución que resolvió favorablemente el reclamo interpuesto ante la Agencia de Protección de Datos Personales o la sentencia se encuentre firme y ejecutoriada, en caso de haber presentado un reclamo judicial, y se tramitará de conformidad a las normas generales del Código de Procedimiento Civil.

Párrafo Sexto.- Del modelo de prevención de infracciones

Artículo 52.- Modelo de prevención de infracciones. Los responsables de datos, sean personas naturales o entidades o personas jurídicas, públicas o privadas, podrán adoptar modelos de prevención de infracciones que deben contener, a lo menos, los siguientes elementos:

a) Designación de un encargado de prevención o delegado de protección de datos personales.

b) Definición de medios y facultades del encargado de prevención.

El responsable de datos debe disponer que el encargado de prevención cuente con los medios y facultades suficientes para el desempeño de sus funciones, debiendo otorgarle los recursos materiales necesarios para realizar adecuadamente sus labores, en consideración al tamaño y capacidad económica de la entidad.

c) Establecimiento de un programa de cumplimiento que deberá contemplar, a lo menos, lo siguiente:

i) La identificación del tipo de información que trata, el ámbito jurisdiccional en que opera, la categoría, clase o tipos de datos o bases de datos que administra, la caracterización de los titulares de datos y el o los lugares donde residen estos últimos.

ii) La identificación de las actividades o procesos de la entidad, sean habituales o esporádicos, en cuyo contexto se genere o incremente el riesgo de comisión de las infracciones señaladas en el artículo 38.

iii) El establecimiento de protocolos, reglas y procedimientos específicos que permitan a las personas que intervengan en las actividades o procesos indicados en la letra anterior, programar y ejecutar sus tareas o labores de una manera que prevenga la comisión de las referidas infracciones.

iv) Mecanismos de reporte hacia las autoridades para el caso de contravenir lo dispuesto en la presente ley.

v) La existencia de sanciones administrativas internas, así como de procedimientos de denuncia o persecución de responsabilidades de las personas que incumplan el sistema de prevención de infracciones.

d) Supervisión y certificación del modelo de prevención de infracciones.
La regulación interna a que dé lugar la implementación del modelo y el programa, en su caso, deberán ser incorporados expresamente como una obligación en los contratos de trabajo o de prestación de servicios de todos los trabajadores, empleados y prestadores de servicios de las entidades que actúen como responsables de datos o los terceros que efectúen el tratamiento, incluidos los máximos ejecutivos de la misma, o bien, como una obligación del reglamento interno del que trata el artículo 153 y siguientes del Código del Trabajo. En este último caso, se deben realizar las medidas de publicidad establecidas en el artículo 156 del mismo Código.

Artículo 53.- Certificación, registro, supervisión del modelo de prevención de infracciones y reglamento. La Agencia de Protección de Datos Personales será la entidad encargada de certificar que el modelo de prevención de infracciones y el programa de cumplimiento reúna los requisitos y elementos establecidos en la ley y su reglamento, y supervisarlos.

La Agencia de Protección de Datos Personales creará un registro público en que consten las entidades que posean una certificación y aquellas cuya certificación sea revocada.

Un reglamento dictado por el Ministerio de Hacienda y suscrito por el Ministro o Ministra Secretario General de la Presidencia y por el Ministro o Ministra de Economía, Fomento y Turismo, establecerá los requisitos, modalidades y procedimientos para la implementación, certificación, registro y supervisión de los modelos de prevención de infracciones y los programas de cumplimiento.

Artículo 54.- Atenuante especial por prevención de infracciones. Los responsables de datos que incurran en alguna de las infracciones previstas en el artículo 38 podrán atenuar su responsabilidad si acreditan haber cumplido diligentemente sus deberes de dirección y supervisión para la protección de los datos personales bajo su responsabilidad o tratamiento.

Se considera que los deberes de dirección y supervisión se han cumplido cuando, con anterioridad a la comisión de la infracción, los responsables de datos hubieren adoptado e implementado un modelo de organización, administración y supervisión para prevenir infracciones, lo que deberá constar en un certificado emitido por la Agencia de Protección de Datos Personales.

Artículo 55.- Vigencia de los certificados. Los certificados expedidos por la Agencia de Protección de Datos Personales tendrán una vigencia de tres años. Sin perjuicio de lo anterior, quedarán sin efecto en los siguientes casos:

a) Por revocación efectuada por la Agencia de Protección de Datos Personales.

b) Por fallecimiento del responsable de datos en caso de tratarse de una persona natural o por disolución de la persona jurídica.

c) Por resolución judicial ejecutoriada.

d) Por cese voluntario de la actividad del responsable de datos.

El término de vigencia de un certificado por alguna de las causales señaladas precedentemente será inoponible a terceros mientras no sea eliminado del registro.

Artículo 56.- Revocación de la certificación. La Agencia de Protección de Datos Personales puede revocar la certificación indicada en los artículos precedentes si el responsable no da cumplimiento a lo establecido en este párrafo. Con este objeto la Agencia de Protección de Datos Personales podrá requerir toda aquella información que fuere necesaria para el ejercicio de sus funciones.

Los responsables pueden exceptuarse de entregar la información solicitada cuando ésta esté amparada por una obligación de secreto o confidencialidad, debiendo acreditar dicha circunstancia.

El incumplimiento en la entrega de la información requerida, así como la entrega de información falsa, incompleta o manifiestamente errónea será sancionado en conformidad con esta ley.

Cuando un certificado haya sido revocado por la Agencia de Protección de Datos Personales para volver a solicitarlo el responsable de datos debe acreditar fehacientemente que la causal que dio origen a su revocación ha sido subsanada.

Título VIII.- Del tratamiento de datos personales por el Congreso Nacional, el Poder Judicial y organismos públicos dotados de autonomía constitucional

Artículo 57.- Regla general del tratamiento de datos personales. Es lícito el tratamiento de los datos personales que efectúan el Congreso Nacional, el Poder Judicial, la Contraloría General de la República, el Ministerio Público, el Tribunal Constitucional, el Banco Central, el Servicio Electoral y la Justicia Electoral, y los demás tribunales especiales creados por ley, cuando se realiza para el cumplimiento de sus funciones legales, dentro del ámbito de sus competencias y de conformidad a las normas especiales que se establecen en sus respectivas leyes orgánicas y a las disposiciones del título IV de esta ley aplicables a los órganos públicos, con excepción de lo dispuesto en el artículo 14 quinquies. En esas condiciones, estas instituciones y organismos detentan la calidad de responsables de datos y no requieren el consentimiento del titular para efectuar el tratamiento de sus datos personales.

Corresponde a los órganos internos de las instituciones y organismos señalados en el inciso anterior ejercer las funciones y adoptar las decisiones que esta ley encomienda a la Agencia de Protección de Datos Personales.

Las autoridades superiores de los órganos internos de estas instituciones deberán dictar las políticas, normas e instrucciones necesarias para dar cumplimiento a los principios y obligaciones establecidos en esta ley, especialmente aquéllas que permitan el ejercicio de los derechos que se reconocen a los titulares de datos y las que fijan los estándares o condiciones mínimas de control, seguridad y resguardo que se deben observar en el tratamiento de los datos personales, pudiendo requerir para ello la asistencia técnica de la Agencia de Protección de Datos Personales. Asimismo, las autoridades de estos órganos ejercerán la potestad disciplinaria respecto de sus funcionarios, en relación a las infracciones que se produzcan en el tratamiento de los datos personales.

Las instituciones y órganos señalados en este artículo no estarán sujetos a la regulación, fiscalización o supervigilancia de la Agencia de Protección de Datos Personales.

Artículo 58.- Ejercicio de los derechos y reclamaciones. Los titulares de datos ejercerán los derechos que le reconoce esta ley ante el Congreso Nacional, el Poder Judicial, la Contraloría General de la República, el Ministerio Público, el Tribunal Constitucional, el Banco Central, el Servicio Electoral y la Justicia Electoral, y los demás tribunales especiales creados por ley, de acuerdo a los procedimientos que dispongan estas instituciones y organismos para estos efectos, de conformidad a lo señalado en el artículo anterior.

En caso que el Congreso Nacional, la Contraloría General de la República, el Ministerio Público, el Banco Central o el Servicio Electoral denieguen injustificada o arbitrariamente el ejercicio de un derecho reconocido por esta ley a un titular de datos, o bien infrinjan algún principio, deber u obligación establecida en ella, causándole perjuicio, el titular que se vea agraviado o afectado por la decisión del organismo, podrá reclamar ante la Corte de Apelaciones, de acuerdo al procedimiento dispuesto en el artículo 47 de esta ley.

Las autoridades superiores del Poder Judicial, del Tribunal Constitucional, de la Justicia Electoral y de los demás tribunales especiales creados por ley, deberán asegurarse que en el tratamiento de los datos personales que realizan estas instituciones se cumplen estrictamente con los principios y deberes, y se respeten los derechos de los titulares establecidos en esta ley, adoptando las medidas de fiscalización y control interno que resulten necesarias y adecuadas para esta finalidad.”.

11) Intercálase en el título final, antes del actual artículo 24, que pasó a ser 59, el siguiente artículo 59, nuevo, pasando el actual artículo 24 a ser artículo 60:

“Artículo 59.- Reglamentos. Sin perjuicio de los reglamentos específicos que se señalan en el texto de esta ley, a través de uno o más reglamentos del Ministerio de Hacienda y suscritos por el Ministro o Ministra Secretario General de la Presidencia, se establecerán las demás normas necesarias para la ejecución de la presente ley.”.

Artículo segundo.- Reemplázase el literal m) del artículo 33 de la ley de Transparencia de la Función Pública y de Acceso a la Información de la Administración del Estado, contenida en el artículo primero de la ley n° 20.285, por el siguiente:

“m) Velar por la protección de los datos de carácter personal con sujeción a lo dispuesto en la ley n° 19.628, en los ámbitos de la transparencia de la función pública y el acceso a la información.”.

ARTÍCULOS TRANSITORIOS

Artículo primero transitorio.– Las modificaciones a las leyes n° 19.628, sobre protección de la vida privada, y nº 20.285, sobre acceso a la información pública, contenidas en el artículo primero y segundo, respectivamente, de la presente ley, entrarán en vigencia el día primero del mes décimo tercero posterior a la publicación de la presente ley en el Diario Oficial.

Artículo segundo transitorio.– Las bases de datos constituidas con anterioridad a la entrada en vigencia de la presente ley deberán adecuarse a los términos previstos en ella dentro del plazo de cuarenta y ocho meses, contado desde su entrada en vigencia. Con todo, los titulares de datos podrán ejercer los derechos que les confiere esta ley ante el responsable de datos, a partir de la entrada en vigencia de la ley.

Artículo tercero transitorio.– Los reglamentos referidos en la presente ley deberán dictarse dentro de los seis meses siguientes a la fecha de su publicación en el Diario Oficial.

Artículo cuarto transitorio.– Dentro de los sesenta días anteriores a la entrada en vigencia de las modificaciones a la ley n° 19.628, sobre protección de la vida privada, contenida en el artículo primero de la presente ley, el Servicio de Registro Civil e Identificación deberá eliminar el registro de bases de datos personales contemplado en el actual artículo 22 de la ley N° 19.628.

Artículo quinto transitorio.- Facúltase al Presidente de la República para que, dentro del plazo de nueve meses contado de la fecha de publicación de esta ley, establezca mediante uno o más decretos con fuerza de ley, expedidos a través del Ministerio de Hacienda, las normas necesarias para regular las siguientes materias:

1) Fijar la planta de personal de la Agencia de Protección de Datos Personales y dictar todas las normas necesarias para la adecuada estructuración y operación de ésta. En especial, podrá determinar los grados y niveles de la Escala Única de Sueldos que se asignen a dichas plantas; el número de cargos para cada grado y planta; los requisitos específicos para el ingreso y promoción de dichos cargos; sus denominaciones y los niveles jerárquicos, para efectos de la aplicación de lo dispuesto en el título VI de la ley n° 19.882 y en el artículo 8 de la ley nº 18.834, cuyo texto refundido, coordinado y sistematizado fue fijado por el decreto con fuerza de ley nº 29, de 2004, del Ministerio de Hacienda. Asimismo, determinará las normas necesarias para la aplicación de la asignación de modernización de la ley n° 19.553 en su aplicación transitoria.

2) Determinar la dotación máxima del personal de la Agencia de Protección de Datos Personales, a cuyo respecto no regirá la limitación establecida en el inciso segundo del artículo 10 del decreto con fuerza de ley nº 29, de 2004, del Ministerio de Hacienda.

3) Determinar la fecha para la entrada en vigencia de las plantas que fije y la iniciación de actividades de la Agencia de Protección de Datos Personales.

Artículo sexto transitorio.– El Presidente de la República, por decreto expedido por intermedio del Ministerio de Hacienda, conformará el primer presupuesto de la Agencia de Protección de Datos Personales, y transferirá a ella los fondos necesarios para que se cumplan sus funciones, pudiendo al efecto crear, suprimir o modificar los capítulos, asignaciones, ítem y glosas presupuestarias que sean pertinentes.

Artículo séptimo transitorio.- Dentro de los sesenta días siguientes a la publicación de la presente ley, se deberá convocar al concurso público para el nombramiento del primer director o directora de la Agencia de Protección de Datos Personales, conforme al Sistema de Alta Dirección Pública regulado en la ley n° 19.882. El Presidente de la República podrá nombrar al Director o Directora de la Agencia de Protección de Datos Personales antes de la fecha en que ésta inicie sus actividades, para efectos de la instalación de la misma. En tanto no inicie sus actividades dicha Agencia, la remuneración del Director, grado 1C, de la Escala Única de Sueldos, se financiará con cargo a la Partida del Presupuesto del Ministerio de Hacienda, Capítulo 01, Programa 01.

Artículo octavo transitorio.- Los órganos públicos que establezcan un encargado de prevención o delegado de protección de datos personales deberán designar a un funcionario de la dotación vigente del respectivo organismo.

Artículo noveno transitorio.- El mayor gasto que irrogue la aplicación de esta ley en el transcurso del primer año presupuestario de vigencia será financiado con reasignaciones del presupuesto del Ministerio de Hacienda, y en lo que faltare con cargo a recursos del Tesoro Público. Para los años siguientes se estará a lo que indique la Ley de Presupuestos respectiva.

Dios guarde a V.E.,

26Abr/17

Resolución Conjunta 6-E/2016, de 20 de octubre de 2016

26 abril, 2017Argentina, Resoluciónde 26 de octubre de 2016, del Ministerio de Seguridad y el Ministerio de Comunicaciones. Registro de Identidad de Usuarios del Servicio de Comunicaciones Móviles., Normativa Argentina, Normativa Telecomunicaciones, Resolución Conjunta 6-E/2016José Cuervo

Resolución Conjunta 6-E/2016, de 26 de octubre de 2016, del Ministerio de Seguridad y el Ministerio de Comunicaciones. Registro de Identidad de Usuarios del Servicio de Comunicaciones Móviles.

Ciudad de Buenos Aires, 26/10/2016

VISTO las Leyes n° 22.520 y n° 27.078, los Decretos n° 267 del 29 de diciembre de 2015 y n° 228 del 21 de enero de 2016 y la Resolución n° 2459 del Ente Nacional de Comunicaciones del 16 de mayo de 2016, y

CONSIDERANDO:

Que el citado Decreto n° 228, a través de su artículo 1°, declaró la emergencia de seguridad pública en la totalidad del territorio nacional con el objeto de revertir la situación de peligro colectivo creada por el delito complejo y el crimen organizado, que afecta a la REPÚBLICA ARGENTINA, por el término de TRESCIENTOS SESENTA Y CINCO (365) días corridos a partir de su publicación.

Que, de este modo, busca garantizar la seguridad como derecho transversal a todos los derechos reconocidos explícita o implícitamente por la CONSTITUCION NACIONAL y los tratados sobre derechos humanos que poseen jerarquía constitucional.

Que, en función de ello, el PODER EJECUTIVO NACIONAL instruye en su artículo 16 a los MINISTERIOS DE SEGURIDAD y DE COMUNICACIONES a adoptar las medidas necesarias destinadas a coordinar dentro de sus respectivas competencias, los aspectos relacionados con las comunicaciones en orden a los objetivos planteados.

Que, por un lado, compete al MINISTERIO DE SEGURIDAD asistir al Presidente de la Nación y al Jefe de Gabinete de Ministros, en orden a sus competencias, en todo lo concerniente a la seguridad interior, a la preservación de la libertad, la vida y el patrimonio de los habitantes, sus derechos y garantías en un marco de plena vigencia de las instituciones del sistema democrático (Artículo 22 bis, Ley 22.520).

Que, por otro, compete al MINISTERIO DE COMUNICACIONES asistir al Presidente de la Nación y al Jefe de Gabinete de Ministros, en orden a sus competencias, en todo lo inherente a las tecnologías de la información, las telecomunicaciones, los servicios de comunicación audiovisual y los servicios postales (Artículo 23 decies, Ley 22.520).

Que la necesidad de aunar esfuerzos para el combate del delito complejo y el crimen organizado entre ambas carteras ministeriales resulta fundamental, desde que se advierte en los últimos años que, en forma creciente la delincuencia en general, y en especial las bandas delictivas, utilizan teléfonos móviles como herramientas indispensables para llevar a cabo sus fines.

Que, asimismo, el robo y hurto de Equipos Terminales como su extravío, alientan el mercado negro de teléfonos obtenidos cuanto menos en forma irregular.

Que, en ese sentido, el Ente Nacional de Comunicaciones (ENACOM) mediante Resolución n° 2459 del 16 de mayo de 2016, aprobó el “Procedimiento para el Bloqueo de Terminales con reporte de Robo, Hurto o Extravío y la identificación de IMEI irregulares”.

Que a través de la Resolución citada, el ENACOM dispuso que los Prestadores de Servicios de Comunicaciones Móviles (PSCM) deberán bloquear la línea telefónica y su último número de serie reconocido internacionalmente como Identidad Internacional de Equipo Móvil (IMEI) asociado sin excepción alguna, mediante la inclusión de este último en su Base de Datos Negativa (BDN) al momento de la denuncia de robo, hurto o extravío por parte de los usuarios.

Que, aun cuando la Resolución citada resulta de gran relevancia para facilitar la seguridad del Sistema de Comunicaciones Móviles, solo tiende a impedir el uso, la comercialización, la importación y exportación de Equipos Terminales, obtenidos a partir de maniobras delictivas o fraudulentas y, de esta manera, está enfocada a brindar de modo inmediato una mayor tutela al mercado de terminales móviles y solo mediatamente a la seguridad de la población en general.

Que a los efectos de complementar la Resolución aludida, resulta necesario disponer la NOMINATIVIDAD de todas las líneas y servicios prestados en el Servicio de Comunicaciones Móviles.

Que, en tal sentido, corresponde considerar las distintas modalidades de comercialización de servicios de comunicaciones móviles.

Que es necesario fijar los criterios de registración de usuarios y servicios, como así también la información asociada a cada línea y establecer el procedimiento, el carácter de los datos, y los plazos en que las personas humanas deberán registrarse.

Que asimismo las medidas que se tomen o las Resoluciones que se dicten deberán ratificar que los Prestadores de Servicios de Comunicaciones Móviles (PSCM) —incluidos los Operadores Móviles Virtuales (OMV)—, están obligados a proporcionar la información que requieran las Autoridades Judiciales.

Que atento lo dispuesto por Decreto n° 267/15, el ENACOM es la Autoridad de Aplicación de las leyes 26.522 y 27.078, por lo que le corresponde el dictado de las medidas y resoluciones que aquí se solicitan.

Que resulta procedente conformar una Comisión Conjunta de Seguimiento de la temática, fijando su integración.

Que han tomado la intervención que les compete los servicios permanentes de asesoramiento jurídico de los respectivos Ministerios.

Que la presente medida se dicta conforme lo dispuesto por el artículo 16 del Decreto n° 228 del 22 de enero de 2016.

Por ello,

LA MINISTRA DE SEGURIDAD

EL MINISTRO DE COMUNICACIONES

RESUELVEN:

Artículo 1°.- Instrúyase al ENTE NACIONAL DE COMUNICACIONES (ENACOM) para que en el plazo de QUINCE (15) días desde la publicación de la presente adopte las medidas necesarias destinadas a identificar a todos los usuarios del Servicio de Comunicaciones Móviles del país en un Registro de Identidad de Usuarios del Servicio de Comunicaciones Móviles.

Artículo 2°.- A los efectos del cumplimiento de lo dispuesto en el Artículo 1°, la obligación de nominar las líneas telefónicas estará en cabeza de los Prestadores de Servicios de Comunicaciones Móviles de todo el país, quienes deberán desarrollar, operar y administrar a su costo los sistemas a implementar.

Artículo 3°.- Los Prestadores de Servicios de Comunicaciones Móviles deberán albergar la información de manera segura, auditada y perdurable, debiendo la misma estar disponible para el eventual requerimiento del Poder Judicial y/o del Ministerio Público.

Artículo 4°.- Conformase una Comisión Conjunta de Seguimiento de Implementación de la presente Resolución, que estará integrada por SEIS (6) miembros, TRES (3) propuestos por cada Cartera firmante.

Artículo 5°.- Comuníquese, publíquese, dese a la DIRECCIÓN NACIONAL DEL REGISTRO OFICIAL y archívese.

PATRICIA BULLRICH, Ministra, Ministerio de Seguridad.

OSCAR RAÚL AGUAD, Ministro, Ministerio de Comunicaciones.

26Abr/17

Ley 27275 de 14 de septiembre de 2016

26 abril, 2017Argentina, LeyLey 27275, Ley Argentina, Ley de Acceso a la Información Pública, Ley de Derecho de Acceso a la Información Pública de ArgentinaJosé Cuervo

Ley 27275 de 14 de septiembre de 2016, Derecho de Acceso a la Información Pública (Diario Oficial 29 de septiembre de 2016)

El Senado y Cámara de Diputados de la Nación Argentina reunidos en Congreso, etc. sancionan con fuerza de Ley:
TÍTULO PRELIMINAR
Artículo 1°.- Objeto. La presente ley tiene por objeto garantizar el efectivo ejercicio del derecho de acceso a la información pública, promover la participación ciudadana y la transparencia de la gestión pública, y se funda en los siguientes principios:

Presunción de publicidad: toda la información en poder del Estado se presume pública, salvo las excepciones previstas por esta ley.

Transparencia y máxima divulgación: toda la información en poder, custodia o bajo control del sujeto obligado debe ser accesible para todas las personas.

El acceso a la información pública sólo puede ser limitado cuando concurra alguna de las excepciones previstas en esta ley, de acuerdo con las necesidades de la sociedad democrática y republicana, proporcionales al interés que las justifican.

Informalismo: las reglas de procedimiento para acceder a la información deben facilitar el ejercicio del derecho y su inobservancia no podrá constituir un obstáculo para ello. Los sujetos obligados no pueden fundar el rechazo de la solicitud de información en el incumplimiento de requisitos formales o de reglas de procedimiento.

Máximo acceso: la información debe publicarse de forma completa, con el mayor nivel de desagregación posible y por la mayor cantidad de medios disponibles.

Apertura: la información debe ser accesible en formatos electrónicos abiertos, que faciliten su procesamiento por medios automáticos que permitan su reutilización o su redistribución por parte de terceros.

Disociación: en aquel caso en el que parte de la información se encuadre dentro de las excepciones taxativamente establecidas por esta ley, la información no exceptuada debe ser publicada en una versión del documento que tache, oculte o disocie aquellas partes sujetas a la excepción.

No discriminación: se debe entregar información a todas las personas que lo soliciten, en condiciones de igualdad, excluyendo cualquier forma de discriminación y sin exigir expresión de causa o motivo para la solicitud.

Máxima premura: la información debe ser publicada con la máxima celeridad y en tiempos compatibles con la preservación de su valor.

Gratuidad: el acceso a la información debe ser gratuito, sin perjuicio de lo dispuesto en esta ley.

Control: el cumplimiento de las normas que regulan el derecho de acceso a la información será objeto de fiscalización permanente. Las resoluciones que denieguen solicitudes de acceso a la información, como el silencio del sujeto obligado requerido, la ambigüedad o la inexactitud de su repuesta, podrán ser recurridas ante el órgano competente.

Responsabilidad: el incumplimiento de las obligaciones que esta ley impone originará responsabilidades y dará lugar a las sanciones que correspondan.
Alcance limitado de las excepciones: los límites al derecho de acceso a la información pública deben ser excepcionales, establecidos previamente conforme a lo estipulado en esta ley, y formulados en términos claros y precisos, quedando la responsabilidad de demostrar la validez de cualquier restricción al acceso a la información a cargo del sujeto al que se le requiere la información.

In dubio pro petitor: la interpretación de las disposiciones de esta ley o de cualquier reglamentación del derecho de acceso a la información debe ser efectuada, en caso de duda, siempre en favor de la mayor vigencia y alcance del derecho a la información.

Facilitación: ninguna autoridad pública puede negarse a indicar si un documento obra, o no, en su poder o negar la divulgación de un documento de conformidad con las excepciones contenidas en la presente ley, salvo que el daño causado al interés protegido sea mayor al interés público de obtener la información.

Buena fe: para garantizar el efectivo ejercicio del acceso a la información, resulta esencial que los sujetos obligados actúen de buena fe, es decir, que interpreten la ley de manera tal que sirva para cumplir los fines perseguidos por el derecho de acceso, que aseguren la estricta aplicación del derecho, brinden los medios de asistencia necesarios a los solicitantes, promuevan la cultura de transparencia y actúen con diligencia, profesionalidad y lealtad institucional.
TÍTULO I.- Derecho de acceso a la información pública
Capítulo I.- Régimen general

Artículo 2°.- Derecho de acceso a la información pública. El derecho de acceso a la información pública comprende la posibilidad de buscar, acceder, solicitar, recibir, copiar, analizar, reprocesar, reutilizar y redistribuir libremente la información bajo custodia de los sujetos obligados enumerados en el artículo 7° de la presente ley, con las únicas limitaciones y excepciones que establece esta norma.

Se presume pública toda información que generen, obtengan, transformen, controlen o custodien los sujetos obligados alcanzados por esta ley.
Artículo 3°.- Definiciones. A los fines de la presente ley se entiende por:

a) Información pública: todo tipo de dato contenido en documentos de cualquier formato que los sujetos obligados enumerados en el artículo 7° de la presente ley generen, obtengan, transformen, controlen o custodien;

b) Documento: todo registro que haya sido generado, que sea controlado o que sea custodiado por los sujetos obligados enumerados en el artículo 7° de la presente ley, independientemente de su forma, soporte, origen, fecha de creación o carácter oficial.

Artículo 4°.- Legitimación activa. Toda persona humana o jurídica, pública o privada, tiene derecho a solicitar y recibir información pública, no pudiendo exigirse al solicitante que motive la solicitud, que acredite derecho subjetivo o interés legítimo o que cuente con patrocinio letrado.

Artículo 5°.- Entrega de información. La información debe ser brindada en el estado en el que se encuentre al momento de efectuarse la solicitud, no estando obligado el sujeto requerido a procesarla o clasificarla.

El Estado tiene la obligación de entregarla en formatos digitales abiertos, salvo casos excepcionales en que fuera de imposible cumplimiento o significara un esfuerzo estatal desmedido. Las excepciones las fijará la Agencia de Acceso a la Información Pública.

Artículo 6°.- Gratuidad. El acceso a la información pública es gratuito en tanto no se requiera su reproducción. Los costos de reproducción corren a cargo del solicitante.

Artículo 7°.- Ámbito de aplicación. Son sujetos obligados a brindar información pública:

a) La administración pública nacional, conformada por la administración central y los organismos descentralizados, comprendiendo en estos últimos a las instituciones de seguridad social;

b) El Poder Legislativo y los órganos que funcionan en su ámbito;

c) El Poder Judicial de la Nación;

d) El Ministerio Público Fiscal de la Nación;

e) El Ministerio Público de la Defensa;

f) El Consejo de la Magistratura;

g) Las empresas y sociedades del Estado que abarcan a las empresas del Estado, las sociedades del Estado, las sociedades anónimas con participación estatal mayoritaria, las sociedades de economía mixta y todas aquellas otras organizaciones empresariales donde el Estado nacional tenga participación mayoritaria en el capital o en la formación de las decisiones societarias;

h) Las empresas y sociedades en las cuales el Estado nacional tenga una participación minoritaria, pero sólo en lo referido a la participación estatal;

i) Concesionarios, permisionarios y licenciatarios de servicios públicos o concesionarios permisionarios de uso del dominio público, en la medida en que cumplan servicios públicos y en todo aquello que corresponda al ejercicio de la función administrativa delegada; y contratistas, prestadores y prestatarios bajo cualquier otra forma o modalidad contractual;

j) Organizaciones empresariales, partidos políticos, sindicatos, universidades y cualquier entidad privada a la que se le hayan otorgado fondos públicos, en lo que se refiera, únicamente, a la información producida total o parcialmente o relacionada con los fondos públicos recibidos;

k) Instituciones o fondos cuya administración, guarda o conservación esté a cargo del Estado nacional;

l) Personas jurídicas públicas no estatales en todo aquello que estuviese regulado por el derecho público, y en lo que se refiera a la información producida o relacionada con los fondos públicos recibidos;

m) Fideicomisos que se constituyeren total o parcialmente con recursos o bienes del Estado nacional;

n) Los entes cooperadores con los que la administración pública nacional hubiera celebrado o celebre convenios que tengan por objeto la cooperación técnica o financiera con organismos estatales;

o) El Banco Central de la República Argentina;

p) Los entes interjurisdiccionales en los que el Estado nacional tenga participación o representación;

q) Los concesionarios, explotadores, administradores y operadores de juegos de azar, destreza y apuesta, debidamente autorizados por autoridad competente.

El incumplimiento de la presente ley será considerado causal de mal desempeño.

Capítulo II.- Excepciones

Artículo 8°.- Excepciones. Los sujetos obligados sólo podrán exceptuarse de proveer la información cuando se configure alguno de los siguientes supuestos:

a) Información expresamente clasificada como reservada o confidencial o secreta, por razones de defensa o política exterior.
La reserva en ningún caso podrá alcanzar a la información necesaria para evaluar la definición de las políticas de seguridad, defensa y de relaciones exteriores de la Nación; ni aquella otra cuya divulgación no represente un riesgo real e identificable de perjuicio significativo para un interés legítimo vinculado a tales políticas;

b) Información que pudiera poner en peligro el correcto funcionamiento del sistema financiero o bancario;

c) Secretos industriales, comerciales, financieros, científicos, técnicos o tecnológicos cuya revelación pudiera perjudicar el nivel de competitividad o lesionar los intereses del sujeto obligado;

d) Información que comprometa los derechos o intereses legítimos de un tercero obtenida en carácter confidencial;

e) Información en poder de la Unidad de Información Financiera encargada del análisis, tratamiento y transmisión de información tendiente a la prevención e investigación de la legitimación de activos provenientes de ilícitos;

f) Información elaborada por los sujetos obligados dedicados a regular o supervisar instituciones financieras o preparada por terceros para ser utilizada por aquellos y que se refieran a exámenes de situación, evaluación de su sistema de operación o condición de su funcionamiento;

g) Información elaborada por asesores jurídicos o abogados de la administración pública nacional cuya publicidad pudiera revelar la estrategia a adaptarse en la defensa o tramitación de una causa judicial o divulgare las técnicas o procedimientos de investigación de algún delito u otra irregularidad o cuando la información privare a una persona del pleno ejercicio de la garantía del debido proceso;

h) Información protegida por el secreto profesional;

i) Información que contenga datos personales y no pueda brindarse aplicando procedimientos de disociación, salvo que se cumpla con las condiciones de licitud previstas en la ley 25.326 de protección de datos personales y sus modificatorias;

j) Información que pueda ocasionar un peligro a la vida o seguridad de una persona;

k) Información de carácter judicial cuya divulgación estuviera vedada por otras leyes o por compromisos contraídos por la República Argentina en tratados internacionales;

l) Información obtenida en investigaciones realizadas por los sujetos obligados que tuviera el carácter de reservada y cuya divulgación pudiera frustrar el éxito de una investigación;

m) Información correspondiente a una sociedad anónima sujeta al régimen de oferta pública.

Las excepciones contenidas en el presente artículo no serán aplicables en casos de graves violaciones de derechos humanos, genocidio, crímenes de guerra o delitos de lesa humanidad.

Capítulo III.- Solicitud de información y vías de reclamo

Artículo 9°.- Solicitud de información. La solicitud de información debe ser presentada ante el sujeto obligado que la posea o se presuma que la posee, quien la remitirá al responsable de acceso a la información pública, en los términos de lo previsto en el artículo 30 de la presente ley. Se podrá realizar por escrito o por medios electrónicos y sin ninguna formalidad a excepción de la identidad del solicitante, la identificación clara de la información que se solicita y los datos de contacto del solicitante, a los fines de enviarle la información solicitada o anunciarle que está disponible.

El sujeto que recibiere la solicitud de información le entregará o remitirá al solicitante una constancia del trámite.

Artículo 10.- Tramitación. Si la solicitud se refiere a información pública que no obre en poder del sujeto al que se dirige, éste la remitirá, dentro del plazo improrrogable de cinco (5) días, computado desde la presentación, a quien la posea, si lo conociera, o en caso contrario a la Agencia de Acceso a la Información Pública, e informará de esta circunstancia al solicitante.

Artículo 11.- Plazos. Toda solicitud de información pública requerida en los términos de la presente ley debe ser satisfecha en un plazo no mayor de quince (15) días hábiles. El plazo se podrá prorrogar en forma excepcional por otros quince (15) días hábiles de mediar circunstancias que hagan razonablemente difícil reunir la información solicitada.

En su caso, el sujeto requerido debe comunicar fehacientemente, por acto fundado y antes del vencimiento del plazo, las razones por las que hace uso de tal prórroga.

El peticionante podrá requerir, por razones fundadas, la reducción del plazo para responder y satisfacer su requerimiento.

Artículo 12.- Información parcial. Los sujetos obligados deben brindar la información solicitada en forma completa. Cuando exista un documento que contenga en forma parcial información cuyo acceso esté limitado en los términos del artículo 8° de la presente ley, deberá suministrarse el resto de la información solicitada, utilizando sistemas de tachas.

Artículo 13.- Denegatoria. El sujeto requerido sólo podrá negarse a brindar la información objeto de la solicitud, por acto fundado, si se verificara que la misma no existe y que no está obligado legalmente a producirla o que está incluida dentro de alguna de las excepciones previstas en el artículo 8° de la presente ley. La falta de fundamentación determinará la nulidad del acto denegatorio y obligará a la entrega de la información requerida.

La denegatoria de la información debe ser dispuesta por la máxima autoridad del organismo o entidad requerida.

El silencio del sujeto obligado, vencidos los plazos previstos en el artículo 11 de la presente ley, así como la ambigüedad, inexactitud o entrega incompleta, serán considerados como denegatoria injustificada a brindar la información.

La denegatoria en cualquiera de sus casos dejará habilitadas las vías de reclamo previstas en el artículo 14 de la presente ley.

Artículo 14.- Vías de reclamo. Las decisiones en materia de acceso a la información pública son recurribles directamente ante los tribunales de primera instancia en lo contencioso administrativo federal, sin perjuicio de la posibilidad de interponer el reclamo administrativo pertinente ante la Agencia de Acceso a la Información Pública o el órgano que corresponda según el legitimado pasivo. Será competente el juez del domicilio del requirente o el del domicilio del ente requerido, a opción del primero.

En ninguno de estos dos supuestos, podrá ser exigido el agotamiento de la vía administrativa.

El reclamo por incumplimiento previsto en el artículo 15 de la presente ley, será sustitutivo de los recursos previstos en la Ley Nacional de Procedimientos Administrativos, 19.549, y en el decreto 1.759 del 3 de abril de 1972 (t.o. 1991).

El reclamo promovido mediante acción judicial tramitará por la vía del amparo y deberá ser interpuesto dentro de los cuarenta (40) días hábiles desde que fuera notificada la resolución denegatoria de la solicitud o desde que venciera el plazo para responderla, o bien, a partir de la verificación de cualquier otro incumplimiento de las disposiciones de esta ley. No serán de aplicación los supuestos de inadmisibilidad formal previstos en el artículo 2° de la ley 16.986.

Artículo 15.- Reclamo por incumplimiento. Ante los supuestos de denegatoria de una solicitud de información establecidos en el artículo 13 de la presente ley o ante cualquier otro incumplimiento a lo dispuesto en la presente, el solicitante podrá, dentro de un plazo de cuarenta (40) días hábiles contados desde el vencimiento del plazo para la respuesta establecido en el artículo 11 de esta norma, interponer un reclamo ante la Agencia de Acceso a la Información Pública o, a su opción, ante el organismo originalmente requerido. Este último deberá elevarlo de inmediato y sin dilación a la Agencia de Acceso a la Información Pública para su resolución.

Artículo 16.- Requisitos formales. El reclamo por incumplimiento será presentado por escrito, indicando el nombre completo, apellido y domicilio del solicitante, el sujeto obligado ante el cual fue dirigida la solicitud de información y la fecha de la presentación. Asimismo, será necesario acompañar copia de la solicitud de información presentada y, en caso de existir, la respuesta que hubiese recibido del sujeto obligado.

Artículo 17.- Resolución del reclamo interpuesto. Dentro de los treinta (30) días hábiles contados desde la recepción del reclamo por incumplimiento, la Agencia de Acceso a la Información Pública, deberá decidir:

a) Rechazar fundadamente el reclamo, siendo motivos para dicha resolución:

I. Que se hubiese presentado fuera del plazo previsto;

II. Que con anterioridad hubiera resuelto la misma cuestión en relación al mismo requirente y a la misma información;

III. Que el sujeto requerido no sea un sujeto obligado por la presente ley;

IV. Que se trate de información contemplada en alguna o algunas de las excepciones establecidas en el artículo 8° de la presente ley.

V. Que la información proporcionada haya sido completa y suficiente.

Si la resolución no implicara la publicidad de la información, la notificación al sujeto requirente deberá informar sobre el derecho a recurrir a la Justicia y los plazos para interponer la acción;

b) Intimar al sujeto obligado que haya denegado la información requerida a cumplir con las obligaciones que le impone esta ley. La decisión de la Agencia de Acceso a la Información Pública deberá ser notificada en un plazo de tres (3) días hábiles al solicitante de la información y al sujeto obligado, al mismo tiempo que deberá ser publicada en su página oficial de la red informática.

Si la resolución de la Agencia de Acceso a la Información Pública fuera a favor del solicitante, el sujeto obligado que hubiere incumplido con las disposiciones de la presente ley, deberá entregar la información solicitada en un plazo no mayor a diez (10) días hábiles desde recibida la intimación.

Artículo 18.- Responsabilidades. El funcionario público o agente responsable que en forma arbitraria obstruya el acceso del solicitante a la información pública requerida, o la suministre en forma incompleta u obstaculice de cualquier modo el cumplimiento de esta ley, incurre en falta grave sin perjuicio de las responsabilidades administrativas, patrimoniales y penales que pudieran caberle conforme lo previsto en las normas vigentes.

Capítulo IV.- Agencia de Acceso a la Información Pública

Artículo 19.- Agencia de Acceso a la Información Pública. Créase la Agencia de Acceso a la Información Pública como ente autárquico que funcionará con autonomía funcional en el ámbito del Poder Ejecutivo nacional. La Agencia de Acceso a la Información Pública debe velar por el cumplimiento de los principios y procedimientos establecidos en la presente ley, garantizar el efectivo ejercicio del derecho de acceso a la información pública y promover medidas de transparencia activa.

Artículo 20.- Director de la Agencia de Acceso a la Información Pública. La Agencia de Acceso a la Información Pública estará a cargo de un director que durará cinco (5) años en el cargo con posibilidad de ser reelegido por una única vez. El director será designado por el Poder Ejecutivo nacional mediante un procedimiento de selección público, abierto y transparente que garantice la idoneidad del candidato.

Artículo 21.- Procedimiento de selección del director. El procedimiento de selección del director de la Agencia de Acceso a la Información Pública se llevará a cabo de conformidad con lo dispuesto a continuación:

a) El Poder Ejecutivo nacional propondrá una (1) persona y publicará el nombre, apellido y los antecedentes curriculares de la misma en el Boletín Oficial y en dos (2) diarios de circulación nacional, durante tres (3) días;

b) El candidato deberá presentar una declaración jurada conforme la normativa prevista en la Ley de Ética en el Ejercicio de la Función Pública, 25.188, y su reglamentación;

c) Se requerirá a la Administración Federal de Ingresos Públicos (AFIP) un informe relativo al cumplimiento de las obligaciones impositivas del candidato;

d) Se celebrará una audiencia pública a los efectos de evaluar las observaciones previstas de acuerdo con lo que establezca la reglamentación;

e) Los ciudadanos, las organizaciones no gubernamentales, los colegios, las asociaciones profesionales y las entidades académicas podrán, en el plazo de quince (15) días contados desde la última publicación en el Boletín Oficial prevista en el inciso a) del presente artículo, presentar al organismo a cargo de la organización de la audiencia pública, por escrito y de modo fundado y documentado, observaciones respecto de los candidatos. Sin perjuicio de las presentaciones que se realicen en el mismo plazo podrá requerirse opinión a organizaciones de relevancia en el ámbito profesional, judicial y académico a los fines de su valoración;

f) Dentro de los quince (15) días, contados desde el vencimiento del plazo establecido en el inciso e) del presente artículo, se deberá celebrar una audiencia pública para la evaluación de las observaciones presentadas. Con posterioridad y en un plazo de siete (7) días de celebrada la audiencia, el Poder Ejecutivo nacional tomará la decisión de confirmar o retirar la candidatura de la persona propuesta, debiendo en este último caso proponer a un nuevo candidato y reiniciar el procedimiento de selección.

Artículo 22.- Rango y jerarquía del director. El director a cargo de la Agencia de Acceso a la Información Pública tendrá rango y jerarquía de secretario.

Artículo 23.- Requisitos e incompatibilidades. Para ser designado director de la Agencia de Acceso a la Información Pública se requiere ser ciudadano argentino.

Asimismo, deberán presentarse antecedentes que acrediten idoneidad para el ejercicio de la función.

El ejercicio de la función requiere dedicación exclusiva y resulta incompatible con cualquier otra actividad pública o privada, excepto la docencia a tiempo parcial. Está vedada cualquier actividad partidaria mientras dure el ejercicio de la función.

Ningún funcionario a cargo de la Agencia de Acceso a la Información Pública podrá tener intereses o vínculos con los asuntos bajo su órbita en las condiciones establecidas por la Ley de Ética en el Ejercicio de la Función Pública, 25.188, sus modificaciones y su reglamentación.

El director propuesto no podrá haber desempeñado cargos electivos o partidarios en los últimos cinco (5) años previos a la designación.

Artículo 24.- Competencias y funciones. Son competencias y funciones de la Agencia de Acceso a la Información Pública:

a) Diseñar su estructura orgánica de funcionamiento y designar a su planta de agentes;

b) Preparar su presupuesto anual;

c) Redactar y aprobar el Reglamento de Acceso a la Información Pública aplicable a todos los sujetos obligados;

d) Implementar una plataforma tecnológica para la gestión de las solicitudes de información y sus correspondientes respuestas;

e) Requerir a los sujetos obligados que modifiquen o adecuen su organización, procedimientos, sistemas de atención al público y recepción de correspondencia a la normativa aplicable a los fines de cumplir con el objeto de la presente ley;

f) Proveer un canal de comunicación con la ciudadanía con el objeto de prestar asesoramiento sobre las solicitudes de información pública y, en particular, colaborando en el direccionamiento del pedido y refinamiento de la búsqueda;

g) Coordinar el trabajo de los responsables de acceso a la información pública designados por cada uno de los sujetos obligados, en los términos de lo previsto en el artículo 30 de la presente ley;

h) Elaborar y publicar estadísticas periódicas sobre requirentes, información pública solicitada, cantidad de denegatorias y cualquier otra cuestión que permita el control ciudadano a lo establecido por la presente ley;

i) Publicar periódicamente un índice y listado de la información pública frecuentemente requerida que permita atender consultas y solicitudes de información por vía de la página oficial de la red informática de la Agencia de Acceso a la Información Pública;

j) Publicar un informe anual de rendición de cuentas de gestión;

k) Elaborar criterios orientadores e indicadores de mejores prácticas destinados a los sujetos obligados;

l) Elaborar y presentar ante el Honorable Congreso de la Nación propuestas de reforma legislativa respecto de su área de competencia;

m) Solicitar a los sujetos obligados expedientes, informes, documentos, antecedentes y cualquier otro elemento necesario a los efectos de ejercer su labor;

n) Difundir las capacitaciones que se lleven a cabo con el objeto de conocer los alcances de la presente ley;

o) Recibir y resolver los reclamos administrativos que interpongan los solicitantes de información pública según lo establecido por la presente ley respecto de todos los obligados, con excepción de los previstos en los incisos b) al f) del artículo 7° de la presente, y publicar las resoluciones que se dicten en ese marco;

p) Promover las acciones judiciales que correspondan, para lo cual la Agencia de Acceso a la Información Pública tiene legitimación procesal activa en el marco de su competencia;

q) Impulsar las sanciones administrativas pertinentes ante las autoridades competentes correspondientes en los casos de incumplimiento a lo establecido en la presente ley;

r) Celebrar convenios de cooperación y contratos con organizaciones públicas o privadas, nacionales o extranjeras, en el ámbito de su competencia, para el cumplimiento de sus funciones;

s) Publicar los índices de información reservada elaborados por los sujetos obligados.

Artículo 25.- Personal de la Agencia de Acceso a la Información Pública. La Agencia de Acceso a la Información Pública contará con el personal técnico y administrativo que establezca la ley de presupuesto general de la administración nacional.

Artículo 26.- Cese del director de la Agencia de Acceso a la Información Pública. El funcionario a cargo de la Agencia de Acceso a la Información Pública cesará de pleno derecho en sus funciones de mediar alguna de las siguientes circunstancias:

a) Renuncia;

b) Vencimiento del mandato;

c) Fallecimiento;

d) Estar comprendido en alguna situación que le genere incompatibilidad o inhabilidad.

Artículo 27.- Remoción del director de la Agencia de Acceso a la Información Pública. El funcionario a cargo de la Agencia de Acceso a la Información Pública podrá ser removido por mal desempeño, por delito en el ejercicio de sus funciones o por crímenes comunes.

El Poder Ejecutivo nacional llevará adelante el procedimiento de remoción del director de la Agencia de Acceso a la Información Pública, dándole intervención a una comisión bicameral del Honorable Congreso de la Nación, que será presidida por el presidente del Senado y estará integrada por los presidentes de las comisiones de Asuntos Constitucionales y de Derechos y Garantías de la Honorable Cámara de Senadores de la Nación y las de Asuntos Constitucionales y de Libertad de Expresión de la Honorable Cámara de Diputados de la Nación, quien emitirá un dictamen vinculante.

Producida la vacante, deberá realizarse el procedimiento establecido en el artículo 21 de la presente ley en un plazo no mayor a treinta (30) días.

Artículo 28.- Organismos de acceso a la información pública en el Poder Legislativo, en el Poder Judicial y en los Ministerios Públicos. En un plazo máximo de noventa (90) días contado desde la publicación de la presente ley en el Boletín Oficial, el Poder Legislativo, el Poder Judicial de la Nación, el Ministerio Público Fiscal de la Nación, el Ministerio Público de la Defensa y el Consejo de la Magistratura crearán, cada uno de ellos, un organismo con autonomía funcional y con competencias y funciones idénticas a las de la Agencia de Acceso a la Información Pública previstas en el artículo 24 de la presente ley, que actuará en el ámbito del organismo en el que se crea.

La designación del director de cada uno de dichos organismos debe realizarse mediante un procedimiento de selección abierto, público y transparente que garantice la idoneidad del candidato.

Artículo 29.- Consejo Federal para la Transparencia. Créase el Consejo Federal para la Transparencia, como organismo interjurisdiccional de carácter permanente, que tendrá por objeto la cooperación técnica y la concertación de políticas en materia de transparencia y acceso a la información pública.
El Consejo Federal para la Transparencia tendrá su sede en la Agencia de Acceso a la Información Pública, de la cual recibirá apoyo administrativo y técnico para su funcionamiento.

El Consejo Federal para la Transparencia estará integrado por un (1) representante de cada una de las provincias y un (1) representante de la Ciudad Autónoma de Buenos Aires, que deberán ser los funcionarios de más alto rango en la materia de sus respectivas jurisdicciones. El Consejo Federal para la Transparencia será presidido por el director de la Agencia de Acceso a la Información Pública, quien convocará semestralmente a reuniones en donde se evaluará el grado de avance en materia de transparencia activa y acceso a la información en cada una de las jurisdicciones.

Capítulo V.- Responsables de acceso a la información pública

Artículo 30.- Responsables de acceso a la información pública. Cada uno de los sujetos obligados deberá nombrar a un responsable de acceso a la información pública que deberá tramitar las solicitudes de acceso a la información pública dentro de su jurisdicción.

Artículo 31.- Funciones de los responsables de acceso a la información pública. Serán funciones de los responsables de acceso a la información pública, en el ámbito de sus respectivas jurisdicciones:

a) Recibir y dar tramitación a las solicitudes de acceso a la información pública, remitiendo la misma al funcionario pertinente;

b) Realizar el seguimiento y control de la correcta tramitación de las solicitudes de acceso a la información pública;

c) Llevar un registro de las solicitudes de acceso a la información pública;

d) Promover la implementación de las resoluciones elaboradas por la Agencia de Acceso a la Información Pública;

e) Brindar asistencia a los solicitantes en la elaboración de los pedidos de acceso a la información pública y orientarlos sobre las dependencias o entidades que pudieran poseer la información requerida;

f) Promover prácticas de transparencia en la gestión pública y de publicación de la información;

g) Elaborar informes mensuales para ser remitidos a la Agencia de Acceso a la Información Pública o a los organismos detallados en el artículo 28 de la presente ley, según corresponda, sobre la cantidad de solicitudes recibidas, los plazos de respuesta y las solicitudes respondidas y rechazadas;

h) Publicar, en caso de corresponder, la información que hubiese sido desclasificada;

i) Informar y mantener actualizadas a las distintas áreas de la jurisdicción correspondiente sobre la normativa vigente en materia de guarda, conservación y archivo de la información y promover prácticas en relación con dichas materias, con la publicación de la información y con el sistema de procesamiento de la información;

j) Participar de las reuniones convocadas por la Agencia de Acceso a la Información Pública;

k) Todas aquellas que sean necesarias para asegurar una correcta implementación de las disposiciones de la presente ley.

TÍTULO II.- Transparencia Activa

Artículo 32.- Transparencia activa. Los sujetos obligados enumerados en el artículo 7° de la presente ley, con excepción de los indicados en sus incisos i) y q), deberán facilitar la búsqueda y el acceso a la información pública a través de su página oficial de la red informática, de una manera clara, estructurada y entendible para los interesados y procurando remover toda barrera que obstaculice o dificulte su reutilización por parte de terceros.
Asimismo, los sujetos obligados deberán publicar en forma completa, actualizada, por medios digitales y en formatos abiertos:

a) Un índice de la información pública que estuviese en su poder con el objeto de orientar a las personas en el ejercicio del derecho de acceso a la información pública, indicando, además, dónde y cómo deberá realizarse la solicitud;

b) Su estructura orgánica y funciones;

c) La nómina de autoridades y personal de la planta permanente y transitoria u otra modalidad de contratación, incluyendo consultores, pasantes y personal contratado en el marco de proyectos financiados por organismos multilaterales, detallando sus respectivas funciones y posición en el escalafón;

d) Las escalas salariales, incluyendo todos los componentes y subcomponentes del salario total, correspondientes a todas las categorías de empleados, funcionarios, consultores, pasantes y contratados;

e) El presupuesto asignado a cada área, programa o función, las modificaciones durante cada ejercicio anual y el estado de ejecución actualizado en forma trimestral hasta el último nivel de desagregación en que se procese;

f) Las transferencias de fondos provenientes o dirigidos a personas humanas o jurídicas, públicas o privadas y sus beneficiarios;

g) El listado de las contrataciones públicas, licitaciones, concursos, obras públicas y adquisiciones de bienes y servicios, especificando objetivos, características, montos y proveedores, así como los socios y accionistas principales, de las sociedades o empresas proveedoras;

h) Todo acto o resolución, de carácter general o particular, especialmente las normas que establecieran beneficios para el público en general o para un sector, las actas en las que constara la deliberación de un cuerpo colegiado, la versión taquigráfica y los dictámenes jurídicos y técnicos producidos antes de la decisión y que hubiesen servido de sustento o antecedente;

i) Los informes de auditorías o evaluaciones, internas o externas, realizadas previamente, durante o posteriormente, referidas al propio organismo, sus programas, proyectos y actividades;

j) Los permisos, concesiones y autorizaciones otorgados y sus titulares;

k) Los servicios que brinda el organismo directamente al público, incluyendo normas, cartas y protocolos de atención al cliente;

I) Todo mecanismo o procedimiento por medio del cual el público pueda presentar peticiones, acceder a la información o de alguna manera participar o incidir en la formulación de la política o el ejercicio de las facultades del sujeto obligado;

m) Información sobre la autoridad competente para recibir las solicitudes de información pública y los procedimientos dispuestos por esta ley para interponer los reclamos ante la denegatoria;

n) Un índice de trámites y procedimientos que se realicen ante el organismo, así como los requisitos y criterios de asignación para acceder a las prestaciones;

o) Mecanismos de presentación directa de solicitudes o denuncias a disposición del público en relación a acciones u omisiones del sujeto obligado;

p) Una guía que contenga información sobre sus sistemas de mantenimiento de documentos, los tipos y formas de información que obran en su poder y las categorías de información que publica;

q) Las acordadas, resoluciones y sentencias que estén obligados a publicar de acuerdo con lo establecido en la ley 26.856;

r) La información que responda a los requerimientos de información pública realizados con mayor frecuencia;

s) Las declaraciones juradas de aquellos sujetos obligados a presentarlas en sus ámbitos de acción;

t) Cualquier otra información que sea de utilidad o se considere relevante para el ejercicio del derecho de acceso a la información pública. El acceso a todas las secciones del Boletín Oficial será libre y gratuito a través de Internet.

Artículo 33.- Régimen más amplio de publicidad. Las obligaciones de transparencia activa contenidas en el artículo 32 de la presente ley, se entienden sin perjuicio de la aplicación de otras disposiciones específicas que prevean un régimen más amplio en materia de publicidad.

Artículo 34.- Excepciones a la transparencia activa. A los fines del cumplimiento de lo previsto en el artículo 32 de la presente ley, serán de aplicación, en su caso, las excepciones al derecho de acceso a la información pública previstas en el artículo 8° de esta norma y, especialmente, la referida a la información que contenga datos personales.

TÍTULO III.- Disposiciones de aplicación transitorias

Artículo 35.- Presupuesto. Autorízase al Poder Ejecutivo nacional a realizar las modificaciones e incorporaciones en la ley de presupuesto de gastos y recursos de la administración nacional para el ejercicio fiscal vigente en los aspectos que se consideren necesarios para la implementación de la presente ley.

Deberá preverse en el presupuesto del año inmediato subsiguiente la incorporación de los recursos necesarios para el correcto cumplimiento de las funciones de la Agencia de Acceso a la Información Pública.

Artículo 36.- Adhesión. Invítase a las provincias y a la Ciudad Autónoma de Buenos Aires a adherir a las disposiciones de la presente ley.

Artículo 37.- Reglamentación. El Poder Ejecutivo nacional reglamentará la presente ley dentro de los noventa (90) días desde su promulgación.

Artículo 38.- Cláusula transitoria 1. Las disposiciones de la presente ley entrarán en vigencia al año de su publicación en el Boletín Oficial.

Los sujetos obligados contarán con el plazo máximo de un (1) año desde la publicación de la presente ley en el Boletín Oficial, para adaptarse a las obligaciones contenidas en la misma. En dicho plazo, conservarán plena vigencia el decreto 1172, del 3 de diciembre de 2003, y el decreto 117, del 12 de enero de 2016, así como toda otra norma que regule la publicidad de los actos de gobierno y el derecho de acceso a la información pública.

Artículo 39.- Cláusula transitoria 2. Hasta tanto los sujetos pasivos enumerados en el artículo 7° de la presente creen los organismos previstos en el artículo 28, la Agencia de Acceso a la Información Pública creada por el artículo 19 cumplirá esas funciones respecto de los que carezcan de ese organismo.

Artículo 40.- Comuníquese al Poder Ejecutivo nacional.

DADA EN LA SALA DE SESIONES DEL CONGRESO ARGENTINO, EN BUENOS AIRES, A LOS CATORCE DÍAS DEL MES DE SEPTIEMBRE DEL AÑO DOS MIL DIECISÉIS.

Emilio Monzó

Federico Pinedo

Eugenio Inchausti

Juan P. Tunessi.

25Abr/17

DECRETO Nº 2613-MGJyC-2010 San Luis, 29 de Octubre de 2010

25 abril, 2017Argentina, DecretoDECRETO N. 2613-MGJyC-2010, Normativa Argentina, Normativa Provincia San LuisJosé Cuervo

DECRETO N. 2613-MGJyC-2010

San Luis, 29 de Octubre de 2010

VISTO:

La Sanción Legislativa Nº I-0733-2010; y,

CONSIDERANDO:

Que la presente Sanción Legislativa tiene por objeto garantizar los derechos fundamentales a la intimidad y privacidad de las personas;

Que el Artículo 2° de la Sanción Legislativa N° I-0733-2010 establece que ninguna persona podrá ser invadida arbitraria o ilegalmente en su intimidad, por toda resolución, acto u omisión de la Autoridad, persona o entidad que pretenda suprimir, restringir, conculcar o afectar la intimidad o la privacidad consagradas por la Constitución Provincial, excepto las limitaciones prescriptas por la Ley que sean necesarias para proteger la seguridad, el orden, la salud y la moral pública, o la identidad y todos los derechos y libertades fundamentales que emanen de la dignidad de las demás personas;

Que para la aplicación de la presente Sanción Legislativa se respetará el derecho a la información, la libertad expresiva, el secreto profesional, la fuente de información periodística y los bancos de datos periodísticos;

Por ello y en uso de sus atribuciones,

EL GOBERNADOR DE LA PROVINCIA DECRETA:

Artículo 1º

Cúmplase, promúlguese y téngase por Ley de la Provincia de San Luis la Sanción Legislativa N° I-0733-2010.

Artículo 2º

El presente Decreto será refrendado por la Señora Ministro Secretario de Estado de Inclusión y Desarrollo Humano, a cargo interinamente del Ministerio de Gobierno, Justicia y Culto y el Señor Ministro Jefe de Gabinete.

Artículo 3º

Comunicar, publicar, dar al Registro Oficial y archivar.

ALBERTO JOSE RODRIGUEZ SAA

Gladys Bailac de Follari

Claudio Javier Poggi

25Abr/17

Ley N. I-0733/2010 de 13 de octubre de 2010 Garantía a la Intimidad y Privacidad

25 abril, 2017Argentina, LeyNormativa Argentina, Normativa Provincia San LuisJosé Cuervo

LEY N. I-0733-2010

EL SENADO Y LA CAMARA DE DIPUTADOS DE LA PROVINCIA DE SAN LUIS, SANCIONAN CON FUERZA DE LEY:

GARANTÍA A LA INTIMIDAD Y PRIVACIDAD

Artículo 1°

El Estado Provincial garantiza los derechos fundamentales a la privacidad y a la intimidad, reconocidos en la Constitución de la provincia de San Luis.

Artículo 2°

Ninguna persona podrá ser invadida arbitraria o ilegalmente en su intimidad, por toda resolución, acto u omisión de la Autoridad, persona o entidad que pretenda suprimir, restringir, conculcar o afectar la intimidad o la privacidad consagradas por la Constitución Provincial, excepto las limitaciones prescriptas por la Ley que sean necesarias para proteger la seguridad, el orden, la salud y la moral pública, o la identidad y todos los derechos y libertades fundamentales que emanen de la dignidad de las demás personas.

Artículo 3°

La intimidad y privacidad garantizadas por la Constitución comprenden, con la consiguiente inmunidad de coacción, el derecho de toda persona a:

a) Ser dejado a solas;

b) La autonomía individual, constituida por los sentimientos, hábitos, costumbres, relaciones familiares, situación económica, creencias religiosas, salud mental o física;

c) La identidad; la imagen y la voz; el honor; la seguridad personal y patrimonial; la credibilidad comercial y financiera; la verdad;

d) La corrección y/o cancelación de sus datos personales asentados en archivos, registros, bancos de datos, u otros medios técnicos, electrónicos, digitales o informáticos de tratamiento de datos, sean éstos públicos o privados destinados a dar informes, así como también el acceso a la información y la correcta utilización que sobre las mismas se registre, incluso aquellas que surgen de los servicios de seguridad a través de localizadores por medios electrónicos, Sistema de Posicionamiento Global (GPS) o cualquier otro que permita establecer el posicionamiento geográfico, espacial y temporal de las personas. Son correctos los datos ciertos, adecuados, exactos, completos, pertinentes y no excesivos de acuerdo al ámbito y finalidad para el que se los obtuvo legalmente o consintió su utilización.

Artículo 4°

Cualquier persona que viese vulnerado, o corriese peligro inminente de ver vulnerado su derecho a la intimidad, a la privacidad o a ambos, puede intimar al responsable de la afectación y por medio fehaciente el cese, en el plazo de CINCO (5) días, de la acción u omisión lesivos de esos derechos. Vencido ese plazo el afectado que hubiera optado por usar la intimación previa podrá interponer acción de amparo, contra toda resolución, acto u omisión de la autoridad, persona o entidad que arbitraria e ilegalmente intente suprimir, restringir o afectar, o concrete tales menoscabos a dichos derechos, en cuyo caso deberá interponer la acción ante el Juez de Primera Instancia más inmediato de cualquier fuero, para exigir su rectificación, supresión, confidencialidad o actualización del dato o información lesivos. Si no hubiese optado por la intimación previa, el agraviado podrá interponer directamente la acción de amparo.

Artículo 5°

La acción de amparo podrá ser ejercida por el afectado, sus tutores o curadores y los herederos de las personas físicas, sean en línea directa o colateral hasta el segundo grado, por sí o por intermedio de apoderado.

Cuando la acción sea ejercida por personas de existencia ideal, deberá ser interpuesta por sus representantes legales o apoderados que éstas designen al efecto.

Artículo 6°

Cuando por la índole del derecho a la privacidad o a la intimidad vulnerados por actos u omisiones públicos o privados, las garantías del afectado requieran la expansión de los efectos de la sentencia, los Jueces podrán disponer el efecto general de la sentencia, lo que deberán consignar en su parte dispositiva publicando la misma en el Boletín Oficial y Judicial de la Provincia.

Artículo 7°

Será competente para entender en esta acción el Juez de Primera Instancia del domicilio del actor; el del domicilio del demandado; el del lugar en el que el hecho o acto se exteriorice o pudiera exteriorizarse o tener efecto, a elección del actor. En caso que la acción se interpusiere contra el Estado Provincial y/o sus Organismos Centralizados o Descentralizados deberá ser interpuesta ante el Juez de Primera Instancia de la Primera Circunscripción Judicial de la Provincia.

Artículo 8°

En la aplicación de esta Ley se respetará el derecho a la información, la libertad expresiva, el secreto profesional, la fuente de información periodística y los bancos de datos periodísticos.

Artículo 9°

En todo lo que no esté prescripto en esta Ley para el proceso de amparo, resulta de aplicación supletoria la Ley N°IV-0090-2004 (5474 *R) Acción de Amparo y Ley N°VI-0150-2004 (5606 *R) Código Procesal Civil y Comercial de la Provincia en lo que resulte pertinente.

Artículo 10°

Esta garantía se establece sin perjuicio de la acción de daños y perjuicios que pudiera corresponder al efecto por lesiones a su privacidad o intimidad.

Artículo 11°

Regístrese, comuníquese al Poder Ejecutivo y archívese.

RECINTO DE SESIONES de la Legislatura de la provincia de San Luis, a trece días de octubre de dos mil diez.

Hector Hugo Mugnaini.- Vicepresidente 1º -Hon.Cám.Sen.

Sergio Antonio Alvarez Sec. Leg. -Hon.Cám.Sen.

Graciela Concepción Mazzarino.- Pres. a/c -Hon.Cám.Dip.

Said Alume Sbodio Sec. Leg. -Hon.Cám.Dip.

25Abr/17

Ley 7.447 de 20 de noviembre de 2003, sobre inscripción registral de la actividad de almacenamiento de datos.

25 abril, 2017Argentina, LeyLey Protección Datos Argentina, Ley Protección Datos Provincia San JuanJosé Cuervo

Ley 7.447 de 20 de noviembre de 2003, sobre inscripción registral de la actividad de almacenamiento de datos.

LA CÁMARA DE DIPUTADOS DE LA PROVINCIA DE SAN JUAN SANCIONA CON FUERZA DE L E Y :

Artículo 1º

Las personas físicas o jurídicas, que como actividad principal o accesoria se dediquen a almacenar datos o elaborar informes para sí o para terceros sobre la situación comercial o financiera de los ciudadanos, deberán, previamente, estar debidamente inscriptas en el Registro Público de Comercio, reconocer estatutariamente esa finalidad y registrarse en tal carácter en la Dirección de Defensa al Consumidor.

Artículo 2º

Los datos bajo cualquier tipo de guarda o archivos concernientes a los ciudadanos, solamente podrán incorporarse a los registros e informes, de las personas que señala el Artículo 1º, sólo cuando provengan del propio deudor, del acreedor, o de otras fuentes públicas o privadas que estén debidamente autorizadas para emitirlos.

Artículo 3º

Para las personas físicas o jurídicas que señala el Artículo 1º, constituye obligación el conservar por el término de diez (10) años la documentación probatoria de los datos colectados y obtenidos por la información de la entidad pública o privada, del acreedor o del propio deudor, documentación esta que constituye condición indispensable para la registración.

Artículo 4º

Los responsables de la colecta y registro del dato, deberán notificar fehacientemente al interesado, en su domicilio real o legal, y en un término mínimo de diez (10) días anteriores a la fecha del posible uso del informe obtenido, consignando el dato registrado, nombre y domicilio del emisor del dato, la finalidad que se le dará a la información y toda otra circunstancia que se haya incorporado al registro o banco de datos. La información deberá ser veraz y auténtica, respetándosele al informado su más amplio derecho de defensa en preservación de esta especial garantía constitucional individual.

Artículo 5º

Sin perjuicio de las acciones que constitucional o legalmente le asistan al informado, éste podrá, dentro del plazo anterior ordenado, requerir a los responsables la supresión, corrección o modificación del dato consignado, acreditando fehacientemente los extremos que tornen pertinente su queja.

Artículo 6º

Recibida la petición de modificación, supresión o corrección del dato registrado, los responsables deberán proceder conforme a Ley y notificar al interesado, en el término de setenta y dos (72) horas de recibida la queja, sobre lo evaluado y resuelto.

Artículo 7º

Queda absolutamente prohibido a estos tipos de empresas incorporar datos colectados en mesa de entrada o registraciones del Poder Judicial que no constituyan pronunciamiento jurisdiccionales de los magistrados competentes, o de los registros de matriculados de las personas jurídicas de derecho público no dependiente de los poderes del Estado, ello sin perjuicio de lo establecido en el Artículo 2º.

Artículo 8º

Queda prohibido, asimismo, la incorporación de datos provenientes de oficinas de recaudación o cobro del Poder Ejecutivo Provincial o Municipal, que no provengan de un acto administrativo o certificación de deuda emitido legalmente sin perjuicio de lo establecido en el Artículo 2º.

Artículo 9º

La Corte de Justicia deberá reglamentar en el término de treinta (30) días, a partir de la publicación de la presente norma, lo concerniente al acceso y uso de la información que con carácter meramente administrativo o de información para las partes o letrados se emitan en la órbita de ese Poder del Estado.

Artículo 10º

Todo ciudadano que se crea afectado en su derecho a causa de la registración de datos o producción de informes por parte de las empresas dedicadas a ello, podrá reclamar judicialmente el cese de la situación por procedimientos expeditos o sumarísimos que se sustanciará en idéntica forma que la acción de amparo.

Igual derecho asistirá a aquél que estando correctamente incorporado a las listas de morosos, no fuera inmediatamente excluido, sin necesidad de requerimiento previo, de tal inhabilitación o interdicción en el ejercicio parcial o total de actos de la vida civil, una vez extinguida su condición de deudor.

Artículo 11º

Los responsables que no hubieren cumplido con las exigencias impuestas en los artículos precedentes, o que sin causa razonable acreditable, no hubieren suprimido, corregido o modificado datos erróneamente incorporados a pesar del procedimiento impuesto en los Artículos 5º y 6º, serán solidariamente responsables con el emisor del dato frente al perjuicio objetivo ocasionado.

Artículo 12º

Las empresas que, al momento de la vigencia de esta Ley, hubiesen incorporado a sus registros o base informática datos de ciudadanos para su ulterior uso comercial conforme a su giro, deberán informar fehacientemente a los interesados, sobre los derechos que consagra esta Ley, su extensión y finalidad a los fines previstos en los Artículos 4º; 5º; 6º y 10º, de la presente Ley.

Artículo 13º

El Poder Ejecutivo Provincial reglamentará la presente Ley dentro de los sesenta (60) días de publicada, en lo que sea pertinente, sin perjuicio de las partes operativas de aplicación inmediata.

Artículo 14º

Comuníquese al Poder Ejecutivo.-

Sala de Sesiones de la Cámara de Diputados, a los veinte días del mes de noviembre del año dos mil tres.

25Abr/17

Resolución SCBA 1.647 de 4 de agosto de 2016

25 abril, 2017Argentina, ResoluciónNormativa Argentina, Normativa Provincia de Buenos Aires, Resolución SCBA 1.647 de 4 de agosto de 2016, Sistema de Notificaciones y Presentaciones ElectrónicasJosé Cuervo

Resolución SCBA 1.647 de 4 de agosto de 2016, sobre coexistencia del Sistema de Notificaciones y Presentaciones Electrónicas con el de presentaciones en formato papel, hasta tanto el Tribunal evalúe el informe sobre el funcionamiento del Sistema

Suprema Corte de Justicia. Provincia de Buenos Aires

La Plata, 4 de agosto de 2016.

VISTO: las inquietudes puestas de manifiesto respecto a la implementación del Acuerdo n° 3733 y lo resuelto mediante Resolución del Tribunal n° 1407/16, y

CONSIDERANDO: Que sin perjuicio de poner de resalto que la Suprema Corte- desde ya hace varios años- ha adoptado diversas medidas para la gradual implementación del Sistema de Notificaciones y Presentaciones Electrónicas (v.gr. Acuerdos n° 3399, n° 3540 y n° 3733, Resoluciones n° 1827/12 y n° 3415/12, entre otras), y teniendo en cuenta la necesidad de brindar respuesta a las inquietudes puestas de manifiesto por diversos operadores jurídicos, a los fines de asegurar la plena vigencia de la garantía de la tutela judicial efectiva (art. 15, Const. provincial), y, consecuentemente, el servicio de justicia (art. 166, Const. provincial), corresponde disponer la coexistencia del sistema de Notificaciones y Presentaciones Electrónicas con el sistema de presentaciones en formato papel.

Que dicha medida subsistirá hasta tanto la Suprema Corte evalué el pertinente informe que deberá elaborar la Mesa de Trabajo creada por Resolución del Tribunal n° 3272/15, y luego ampliada por Resolución n° 1074/16, en el cual se plasmen las sugerencias y conclusiones de los diversos sectores allí representados.

Que, finalmente, corresponde intensificar la difusión y capacitación integral de los diversos operadores jurídicos que participarán del sistema, encomendado a la Subsecretaría de Tecnología Informática y al Instituto de Estudios Judiciales la realización de aquellas medidas pertinentes.

POR ELLO, la Suprema Corte de Justicia en ejercicio de sus atribuciones,

RESUELVE

Artículo 1º. Disponer la coexistencia del sistema de Notificaciones y Presentaciones Electrónicas con el sistema de presentaciones en formato papel, hasta tanto el Tribunal evalúe el informe citado en los considerandos y las demás circunstancias del caso, dejando sin efecto el artículo 1º de la Resolución del Tribunal n° 1407/16.

Artículo 2º . Encomendar a la Subsecretaría de Tecnología Informática y al Instituto de Estudios Judiciales la adopción de aquellas medidas pertinentes que permitan asegurar la difusión y capacitación integral de los diversos operadores que intervendrán en el sistema.

Artículo 3º . Regístrese, publíquese y comuniqúese a la totalidad de los órganos judiciales de los tueros Civil y Comercial, de Familia, Contencioso Administrativo, Laboral y de la Justicia de Paz, vía correo electrónico.

LUIS ESTABAN GENOUD

HILDA KOGAN

HECTOR NEGRI

EDUARDO JULIO PETTIAGANI

EDUARDO NESTOR DE LAZZARI

DANIEL FERNANDO SORIA

JUAN CARLOS HITTERS

NESTOR TRABUCCO (Secretario)

MATIAS JOSÉ ÁLVAREZ (Secretario. Secretaría de Servicios Jurisdiccionales. Suprema Corte de Justicia)

25Abr/17

Acuerdo 3845 de la Suprema Corte de Justicia, de fecha 22 de marzo de 2017

25 abril, 2017AcuerdoAcuerdo 3845 de la Suprema Corte de Justicia, de fecha 22 de marzo de 2017, Normativa Argentina, Normativa Provincia de Buenos Aires, Sistema de Notificaciones y Presentaciones ElectrónicasJosé Cuervo

Acuerdo 3845 de la Suprema Corte de Justicia, de fecha 22 de marzo de 2017, por el cual se aprueba el “Reglamento para la notificación por medios electrónicos”, que entrará en vigencia el 2 de mayo próximo.

ACUERDO Nº 003845

LA PLATA, 22 de MARZO de 2017.

VISTO: la propuesta formulada en el ámbito de la Mesa de Trabajo creada por Resolución n° 3272/15 (y ampliada por Resolución n° 1074/16) en orden a la actualización de la normativa dictada por esta Suprema Corte al implementar los medios electrónicos para los procesos judiciales, y

CONSIDERANDO: Que los integrantes de la aludida Mesa de Trabajo consignaron la necesidad de introducir modificaciones en el régimen de notificaciones electrónicas.

Que, en ese sentido, se ha reputado indispensable superar dificultades operativas suscitadas en supuestos puntuales y, en particular, cuando deben acompañarse copias con una cédula electrónica. Por ello se prevé que en el sistema de Notificaciones y Presentaciones Electrónicas se incluirá una funcionalidad a tales efectos.

Que también se ha considerado prudente incluir precisiones sobre el procedimiento para efectuar una notificación electrónica, tales como la carga que pesa sobre los interesados en practicar la comunicación de digitalizar los documentos a adjuntarse, así como la obligación de los funcionarios judiciales de ingresar en forma frecuente al sistema de Notificaciones y Presentaciones Electrónicas para permitir su ágil confronte.

Que, relacionado con ello, es útil oficializar un modelo estandarizado de cédula electrónica que contenga los recaudos formales que han de cumplirse para su exitoso libramiento.

Que, por otra parte, a fin de disminuir el uso de papel, se ha estimado apropiado consignar expresamente que no es necesario imprimir constancias luego de efectuada una notificación.

Que, asimismo, se advierte la conveniencia de extender ciertos aspectos del mecanismo de notificación electrónica tanto a la comunicación entre órganos como a los supuestos en que corresponda librar un mandamiento.

Que, a la par, es dable reafirmar que la notificación electrónica es obligatoria en los supuestos en los que, según la legislación ritual, es admisible realizar comunicaciones en este formato (conf. art. 1 del Acuerdo n° 3733).

Que, sin embargo, es conveniente consignar algunas previsiones relativas a las cédulas que -según la legislación vigente (art. 143 del C.P.C.C.) o por disposición de los magistrados- deban instrumentarse en formato papel, a fin de clarificar cómo han de utilizarse en estos casos las herramientas electrónicas.

Que, finalmente, cabe destacar que se ha obtenido consenso entre los diversos participantes de la Mesa de Trabajo en relación a dichas modificaciones, lo que permite avizorar tanto la adecuada implementación de las reformas.

POR ELLO, la Suprema Corte, en ejercicio de sus atribuciones (arts. 32 inc. “ll” y “s” de la ley 5827; 852 del C.P.C.C.; 8 de la ley 14.142).

ACUERDA

ARTÍCULO 1º :

Aprobar el nuevo “Reglamento para la notificación por medios electrónicos” que, como Anexo I, forma parte integrante del presente y que se aplicará en forma obligatoria a todos los procesos en los que rija el régimen de notificaciones previsto en el Libro I, Título III, Capítulo VI del Código Procesal Civil y Comercial de la Provincia.

ARTÍCULO 2º :

Encomendar a la Subsecretaría de Tecnología Informática que realice los ajustes técnicos necesarios a fin de implementar con antelación suficiente a la fecha determinada en el artículo 5º del presente, la funcionalidades de adjunción de copias, de remisión electrónica de cédulas a diligenciarse en formato papel, así como las medidas de seguridad adicionales para dichos instrumentos y la operatoria de comunicaciones entre órganos judiciales y de éstos con entidades públicas (arts. 4, 8 incisos “a” y “c”, 10 del Anexo I del presente Acuerdo).

ARTÍCULO 3º :

Aprobar el modelo único de cédula a utilizarse en todos los fueros e instancias en los supuestos en que deba practicarse una notificación electrónica, el cual, como Anexo II, es parte integrante de la presente.

ARTÍCULO 4º :

Encomendar al Instituto de Estudios Judiciales la organización de actividades de capacitación relativas a esta nueva reglamentación.

ARTÍCULO 5º :

El presente Acuerdo entrará en vigencia el día 2 de mayo de 2017, en cuyo momento quedarán derogados los arts. 1 a 5 y 8 del Anexo Único del Acuerdo n° 3540, acápite 3 (tercer párrafo) y 4 de la Resolución n° 3415/12, art. 4 de la Resolución n° 1407/16 y toda otra normativa que se oponga a lo aquí dispuesto.

ARTÍCULO 6º :

Regístrese y publíquese.

LUIS ESTEBAN GENOUD

HILDA KOGAN

HECTOR NEGRI

EDUARDO JULIO PETTIGIANI (En uso de licencia)

EDUARDO NESTOR DE LAZZARI

DANIEL FERNANDO SORIA

NESTOR TRABUCCO (Secretario)

ANEXO I.- REGLAMENTO PARA LA NOTIFICACIÓN POR MEDIOS ELECTRÓNICOS

Artículo 1º (Obligación de notificar electrónicamente)

La notificación de las resoluciones que de conformidad con las disposiciones adjetivas que rijan el proceso (Decreto Ley 7425/68, leyes 11.653, 12.008, 13.928, etc. con sus modificatorias y complementarias) tengan que ser diligenciadas a las partes, sus letrados y/o los auxiliares de justicia en su domicilio constituido, se concretarán a través de los mecanismos electrónicos previstos en este reglamento.

Exceptúase de lo recién dispuesto los casos en los que la normativa ritual prevé su diligenciamiento en soporte papel, y cuando los magistrados dispongan la comunicación en dicho formato si existen graves razones que así lo impongan, las cuales se detallarán en la providencia respectiva.

Los organismos encargados de practicar las notificaciones no diligenciarán cédulas en soporte papel libradas en contradicción a las pautas antes mencionadas, las que devolverán al tribunal de origen con la sola mención de lo aquí dispuesto.

Artículo 2º (Sitio web seguro)

La Subsecretaría de Tecnología Informática de la Suprema Corte de Justicia continuará implementando los recursos técnicos necesarios para organizar el sitio seguro web que sirve como soporte del sistema de Notificaciones y Presentaciones Electrónicas, manteniendo así una base de datos en la que se depositarán las comunicaciones, suscriptas con la tecnología de firma digital/electrónica.

Dicha dependencia deberá monitorear constantemente el estado del sistema e informar inmediatamente a la Presidencia de este Tribunal cualquier caída, ralentización o malfuncionamiento significativos del sistema de Notificaciones y Presentaciones Electrónicas.

La base de datos del sistema de Notificaciones y Presentaciones Electrónicas podrá ser auditada por orden judicial, dictada de oficio o a pedido de parte, en cuyo caso se requerirá a la mencionada Subsecretaría que produzca un informe circunstanciado de los antecedentes existentes en el servidor vinculados con determinada notificación.

Artículo 3º (Constitución de domicilio electrónico)

De conformidad a lo dispuesto por el art. 40 del C.P.C.C., toda persona que tenga que constituir domicilio en un proceso judicial deberá indicar su domicilio electrónico.

La Subsecretaría de Tecnología Informática continuará proveyendo a los letrados y a los auxiliares de justicia los certificados digitales a los fines indicados y de conformidad a las reglamentaciones vigentes.

Las partes tendrán que constituir su único domicilio electrónico en el de un letrado, aun cuando no sea el de quien las patrocina en el proceso. Sin embargo, si los litigantes tuvieran un certificado propio -emitido bajo legislación argentina- podrán requerir a la Subsecretaría de Tecnología Informática la asignación de un domicilio electrónico vinculado con aquél.

Artículo 4º (Confección de las cédulas)

A fin de efectuar una notificación, los interesados en su producción -en los términos del art. 137, primer párrafo, del C.P.C.C.- confeccionarán las cédulas de conformidad a los modelos aprobados por esta Suprema Corte, las signarán con tecnología de firma digital/electrónica y las ingresarán en el sistema de Notificaciones y Presentaciones Electrónicas.

Cuando la legislación imponga que la comunicación se curse con copias, esa carga sólo se tendrá por cumplida mediante su acompañamiento en soporte digital junto con la cédula electrónica. Dicha adjunción importará una declaración jurada sobre su autenticidad.

A los efectos recién indicados, la Subsecretaría de Tecnología Informática implementará una funcionalidad que habilite la agregación de copias determinando los recaudos técnicos para su realización.

Sin embargo, si la digitalización de los documentos fuera de difícil cumplimiento atento su número, extensión, formato u otra razón atendible, los magistrados podrán eximir esta carga de acuerdo a lo establecido en el art. 121 del C.P.C.C. y, como consecuencia, arbitrarán las medidas necesarias para posibilitar su cotejo por los destinatarios de la comunicación.

En los supuestos fijados en el art. 137, segundo párrafo, del C.P.C.C. -y, en general, cuando la notificación sea instada por Secretaría- los funcionarios sindicados en cada órgano por los magistrados tendrán que cumplir los recaudos previstos en este artículo.

Artículo 5º (Confronte de los instrumentos)

Los funcionarios indicados en el último párrafo del artículo 4º confrontarán las cédulas dentro del día hábil posterior de su ingreso al sistema de Notificaciones y Presentaciones Electrónicas por los interesados, remitiéndolas electrónicamente a sus destinatarios u observándolas cuando no cumplan los recaudos previstos en la normativa para su validez.

A tales efectos, deberán compulsar al menos dos veces por día -al comenzar y antes de finalizar cada jornada- el sistema, a fin de verificar la recepción de los instrumentos referidos en los artículos 4º y 8º , inciso “a”.

Artículo 6º (Constancia de notificación)

En el sistema se registrará, al menos:

a) fecha y hora en que la notificación quedó disponible para su destinatario, dato que se encontrará visible en todo momento;

b) fecha y hora en las que el destinatario compulsó la notificación;

c) fecha y hora en la que la cédula quedó a disposición del órgano jurisdiccional para su confronte.

En ningún supuesto se imprimirán comprobantes para ser agregados al expediente, pudiendo los interesados verificar en el sistema de Notificaciones y Presentaciones Electrónicas si la comunicación efectivamente se llevó a cabo.

Sin perjuicio de ello, la Subsecretaría de Tecnología Informática continuará implementando los mecanismos a fin de efectivizar el “Aviso de Cortesía”, servicio que enviará diariamente a los usuarios del sistema un correo electrónico recordándoles sobre el estado de su domicilio electrónico y que incluirá un informe sobre la cantidad de notificaciones recibidas y presentaciones electrónicas que cambiaron de estado desde su último ingreso al sistema. Dicha prestación no sustituye la forma en que operan las notificaciones en los procesos y procedimientos.

Artículo 7º (Momento en que se perfecciona la notificación)

La notificación se tendrá por cumplida el día martes o viernes inmediato posterior – o el siguiente día hábil si alguno de ellos no lo fuere- a aquél en que la cédula hubiere quedado disponible para su destinatario en el sistema de Notificaciones y Presentaciones Electrónicas.

En los casos de urgencia -que tendrán que ser debidamente justificados en la providencia respectiva- la notificación se producirá en el momento en que la cédula se encuentre disponible para su destinatario en el sistema de Notificaciones y Presentaciones Electrónicas.

Artículo 8º (Cédulas en formato papel)

En las cédulas que deban ser diligenciadas en soporte papel se aplicarán las siguientes reglas:

a) Si no deben acompañarse copias con el instrumento, su generación y remisión a los organismos encargados de practicar las notificaciones se hará por medios electrónicos, siguiéndose las pautas previstas en los arts. 4 -primer párrafo- y 5 de este reglamento.

Las Oficinas de Mandamientos y Notificaciones (o, en su caso, las Delegaciones de Mandamientos y Notificaciones o los Juzgados de Paz Letrados) se encargarán de imprimir los instrumentos para su diligenciamiento.

Sin perjuicio dé que para el órgano remitente constituye constancia de recepción suficiente del instrumento los datos que registra el sistema Augusta, las Oficinas de Mandamientos y Notificaciones (o, en su caso, las Delegaciones de Mandamientos y Notificaciones o los Juzgados de Paz Letrados) llevarán un registro separado en el que asentarán las cédulas recibidas en forma electrónica.

La devolución de estas cédulas luego de practicada la diligencia se regirá por los mecanismos usuales (arts. 153, 154, 157, 158, 159 y concs. del Acuerdo n° 3397);

b) Si tienen que adjuntarse copias a la cédula, no se permitirá su remisión por medios electrónicos a los organismos encargados de practicar las notificaciones.

En esta hipótesis el interesado en practicar la comunicación presentará el instrumento ya impreso -así como las copias pertinentes en formato papel- en el órgano judicial a fin de cumplir las disposiciones previstas en los arts. 137 y 138 del C.P.C.C. y 152 y 154 y concs. del Acuerdo n° 3397.

Del mismo modo, si la notificación se efectúa por Secretaría, será obligación de los funcionarios especialmente designados en cada órgano imprimir y rubricar ológrafamente el instrumento, adjuntar la documentación en soporte papel y, finalmente, enviarla físicamente a organismos encargados de practicar las notificaciones de conformidad a las pautas ordinarias (arts. 152, 154, 159 y concs. del Acuerdo n° 3397);

c) La Subsecretaría de Tecnología Informática implementará medidas de seguridad adicionales de fácil acceso en las cédulas que, aun cuando deban diligenciarse en formato papel, se hayan generado electrónicamente. Y ello a efectos de que el sujeto pasivo de la comunicación pueda cotejar su correspondencia con el documento electrónico con el cual se vinculan.

Artículo 9º (Mandamientos)

Las disposiciones del artículo precedente serán de aplicación a los Mandamientos, sin perjuicio de su rúbrica -digital/electrónica u ológrafa, según el caso- por los magistrados cuando ello fuere necesario de conformidad a la normativa vigente.

Artículo 10° (Comunicaciones entre órganos judiciales y con entidades públicas)

Las comunicaciones entre órganos judiciales en el marco de un proceso, y que no requieran la remisión del expediente, se realizarán por medios electrónicos.

Aquéllas se confeccionarán y confrontarán de acuerdo a las pautas de los artículos 4º y 5º de este Reglamento, adicionándose la firma electrónica/digital de los magistrados cuando fuera necesario.

En el caso de no ser observados, los instrumentos se diligenciarán electrónicamente en el único domicilio oficial de los órganos destinatarios. Sin embargo, cuando los requerimientos sean dirigidos a la Suprema Corte de Justicia, se enviarán a los domicilios electrónicos de las dependencias que integran su estructura orgánica, según las funciones atribuidas respectivamente en la reglamentación vigente (conf. Ac. 3536).

Los titulares de los juzgados, los presidentes de los tribunales colegiados, y de las Cámaras de Apelaciones, y los funcionarios a cargo de las dependencias de la Suprema Corte arbitrarán los medios para verificar diariamente si se han recibido comunicaciones de otros órganos.

Las reglas precedentemente dispuestas serán de aplicación supletoria para los requerimientos dirigidos a organismos públicos municipales, provinciales y nacionales cuando se encuentre disponible el uso de herramientas electrónicas y las disposiciones específicas que rijan el vínculo con tales entidades no establezcan una modalidad diferente.

ANEXO II.-

PODER JUDICIAL

PROVINCIA DE BUENOS AIRES

CÉDULA DE NOTIFICACIÓN ELECTRÓNICA

REMITENTE

NOMBRE DEL ÓRGANO :

SECRETARÍA :

DOMICILIO FÍSICO DEL ÓRGANO :

DESTINATARIO

NOMBRE / DESIGNACIÓN DEL REQUERIDO :

DOMICILIO ELECTRÓNICO :

CARÁCTER DEL TRÁMITE

NORMAL

URGENTE

EXPEDIENTE

CARÁTULA :

NÚMERO RECEPTORÍA :

NÚMERO INTERNO DEL ÓRGANO :

COPIAS

SÍ NO

INDIVIDUALIZACIÓN DE LOS ESCRITOS O DOCUMENTOS CUYA COPIA SE ACOMPAÑA :

EXIMICIÓN DE COPIAS:

SÍ NO

NOTIFICO a Ud. que en el expediente arriba indicado que tramita por ante este órgano con (fecha variable), se ha resuelto: (texto a notificar)

QUEDA UD. DEBIDAMENTE NOTIFICADO.

(Localidad), (dd/mm/aa)

Firmado electrónicamente por:

24Abr/17

Ley nº 2.801 de la Provincia del Neuquén

24 abril, 2017Argentina, Leyfirmas digitales, firmas electrónicas, Legislación Informática, Ley nº 2.801 de la Provincia del Neuquén, Notificaciones ElectrónicasJosé Cuervo

Ley nº 2.801 sobre utilización de expedientes electrónicos, documentos electrónicos, firmas electrónicas, firmas digitales, archivos electrónicos y digitales en todos los procesos y procedimientos judiciales y administrativos que se tramitan ante el Poder Judicial de la Provincia del Neuquén. (Publicada el 11 de mayo de 2012)

Artículo 1°:

Autorízase la utilización de expedientes electrónicos, documentos electrónicos, firmas electrónicas, firmas digitales, archivos electrónicos y digitales en todos los procesos y procedimientos judiciales y administrativos que se tramitan ante el Poder Judicial de la Provincia del Neuquén.

Artículo 2°:

Incorpórase la notificación por medios electrónicos dentro del sistema de notificaciones en los procesos, procedimientos y trámites referidos en el Artículo 1º de la presente Ley. Su contenido deberá ajustarse a lo establecido para las notificaciones por cédula. La notificación se tendrá por cumplida el día que la comunicación ingrese al sistema de notificaciones que el Poder Judicial dispondrá a esos fines.

Artículo 3°:

A los efectos establecidos en el artículo precedente, las personas que intervengan en los procesos, procedimientos y trámites referidos en el Artículo 1° de la presente Ley, deberán constituir un domicilio electrónico, o denunciar el que tuvieran si éste ya hubiera sido asignado por el Poder Judicial.

La constitución del domicilio electrónico se realizará a través del requerimiento por parte del profesional, de la asignación de una casilla de correo electrónico emitida por la Secretaría de Informática del Poder Judicial de la Provincia.

En caso de incumplimiento de lo dispuesto en el párrafo anterior, las notificaciones se tendrán por efectuadas en los estrados del órgano interviniente.

Artículo 4°:

No podrá invocarse la falta de previsión expresa de las herramientas previstas en esta Ley, para invalidar los actos realizados mediante su utilización.

Artículo 5°:

Facúltase al Tribunal Superior de Justicia para reglamentar e implementar el cumplimiento de la presente Ley.

Artículo 6°:

Comuníquese al Poder Ejecutivo.

24Abr/17

Ley General de Protección de Datos Personales en posesión de sujetos obligados

24 abril, 2017Ley, MéxicoEstados Unidos Mexicanos, Ley General de Protección de Datos Personales en posesión de sujetos obligados, Protección de datosJosé Cuervo

LEY GENERAL DE PROTECCIÓN DE DATOS PERSONALES EN POSESIÓN DE SUJETOS OBLIGADOS

TEXTO VIGENTE

Nueva Ley publicada en el Diario Oficial de la Federación el 26 de enero de 2017

ENRIQUE PEÑA NIETO, Presidente de los Estados Unidos Mexicanos, a sus habitantes sabed:

Que el Honorable Congreso de la Unión, se ha servido dirigirme el siguiente

DECRETO

EL CONGRESO GENERAL DE LOS ESTADOS UNIDOS MEXICANOS, D E C R E T A:

SE EXPIDE LA LEY GENERAL DE PROTECCIÓN DE DATOS PERSONALES EN POSESIÓN DE SUJETOS OBLIGADOS

Artículo Único.- Se expide la Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados.

Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados

TÍTULO PRIMERO.- DISPOSICIONES GENERALES

Capítulo I.- Del Objeto de la Ley

Artículo 1.- La presente Ley es de orden público y de observancia general en toda la República, reglamentaria de los artículos 6o., Base A y 16, segundo párrafo, de la Constitución Política de los Estados Unidos Mexicanos, en materia de protección de datos personales en posesión de sujetos obligados.

Todas las disposiciones de esta Ley General, según corresponda, y en el ámbito de su competencia, son de aplicación y observancia directa para los sujetos obligados pertenecientes al orden federal.

El Instituto ejercerá las atribuciones y facultades que le otorga esta Ley, independientemente de las otorgadas en las demás disposiciones aplicables.

Tiene por objeto establecer las bases, principios y procedimientos para garantizar el derecho que tiene toda persona a la protección de sus datos personales, en posesión de sujetos obligados.

Son sujetos obligados por esta Ley, en el ámbito federal, estatal y municipal, cualquier autoridad, entidad, órgano y organismo de los Poderes Ejecutivo, Legislativo y Judicial, órganos autónomos, partidos políticos, fideicomisos y fondos públicos.

Los sindicatos y cualquier otra persona física o moral que reciba y ejerza recursos públicos o realice actos de autoridad en el ámbito federal, estatal y municipal serán responsables de los datos personales, de conformidad con la normatividad aplicable para la protección de datos personales en posesión de los particulares.

En todos los demás supuestos diferentes a los mencionados en el párrafo anterior, las personas físicas y morales se sujetarán a lo previsto en la Ley Federal de Protección de Datos Personales en Posesión de los Particulares.

Artículo 2.- Son objetivos de la presente Ley:

I.- Distribuir competencias entre los Organismos garantes de la Federación y las Entidades Federativas, en materia de protección de datos personales en posesión de sujetos obligados;

II.- Establecer las bases mínimas y condiciones homogéneas que regirán el tratamiento de los datos personales y el ejercicio de los derechos de acceso, rectificación, cancelación y oposición, mediante procedimientos sencillos y expeditos;

III.- Regular la organización y operación del Sistema Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales a que se refieren esta Ley y la Ley General de Transparencia y Acceso a la Información Pública, en lo relativo a sus funciones para la protección de datos personales en posesión de sujetos obligados;

IV.- Garantizar la observancia de los principios de protección de datos personales previstos en la presente Ley y demás disposiciones que resulten aplicables en la materia;

V.- Proteger los datos personales en posesión de cualquier autoridad, entidad, órgano y organismo de los Poderes Ejecutivo, Legislativo y Judicial, órganos autónomos, partidos políticos, fideicomisos y fondos públicos, de la Federación, las Entidades Federativas y los municipios, con la finalidad de regular su debido tratamiento;

VI.- Garantizar que toda persona pueda ejercer el derecho a la protección de los datos personales;

VII.- Promover, fomentar y difundir una cultura de protección de datos personales;

VIII.- Establecer los mecanismos para garantizar el cumplimiento y la efectiva aplicación de las medidas de apremio que correspondan para aquellas conductas que contravengan las disposiciones previstas en esta Ley, y

IX.- Regular los medios de impugnación y procedimientos para la interposición de acciones de inconstitucionalidad y controversias constitucionales por parte de los Organismos garantes locales y de la Federación; de conformidad con sus facultades respectivas.

Artículo 3.- Para los efectos de la presente Ley se entenderá por:

I.- Áreas: Instancias de los sujetos obligados previstas en los respectivos reglamentos interiores, estatutos orgánicos o instrumentos equivalentes, que cuentan o puedan contar, dar tratamiento, y ser responsables o encargadas de los datos personales;

II.- Aviso de privacidad: Documento a disposición del titular de forma física, electrónica o en cualquier formato generado por el responsable, a partir del momento en el cual se recaben sus datos personales, con el objeto de informarle los propósitos del tratamiento de los mismos;

III.- Bases de datos: Conjunto ordenado de datos personales referentes a una persona física identificada o identificable, condicionados a criterios determinados, con independencia de la forma o modalidad de su creación, tipo de soporte, procesamiento, almacenamiento y organización;

IV.- Bloqueo: La identificación y conservación de datos personales una vez cumplida la finalidad para la cual fueron recabados, con el único propósito de determinar posibles responsabilidades en relación con su tratamiento, hasta el plazo de prescripción legal o contractual de éstas. Durante dicho periodo, los datos personales no podrán ser objeto de tratamiento y transcurrido éste, se procederá a su cancelación en la base de datos que corresponda;

V.- Comité de Transparencia: Instancia a la que hace referencia el artículo 43 de la Ley General de Transparencia y Acceso a la Información Pública;

VI.- Cómputo en la nube: Modelo de provisión externa de servicios de cómputo bajo demanda, que implica el suministro de infraestructura, plataforma o programa informático, distribuido de modo flexible, mediante procedimientos virtuales, en recursos compartidos dinámicamente;

VII.- Consejo Nacional: Consejo Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales a que se refiere el artículo 32 de la Ley General de Transparencia y Acceso a la Información Pública;

VIII.- Consentimiento: Manifestación de la voluntad libre, específica e informada del titular de los datos mediante la cual se efectúa el tratamiento de los mismos;

IX.- Datos personales: Cualquier información concerniente a una persona física identificada o identificable. Se considera que una persona es identificable cuando su identidad pueda determinarse directa o indirectamente a través de cualquier información;

X.- Datos personales sensibles: Aquellos que se refieran a la esfera más íntima de su titular, o cuya utilización indebida pueda dar origen a discriminación o conlleve un riesgo grave para éste. De manera enunciativa más no limitativa, se consideran sensibles los datos personales que puedan revelar aspectos como origen racial o étnico, estado de salud presente o futuro, información genética, creencias religiosas, filosóficas y morales, opiniones políticas y preferencia sexual;

XI.- Derechos ARCO: Los derechos de acceso, rectificación, cancelación y oposición al tratamiento de datos personales;

XII.- Días: Días hábiles;

XIII.- Disociación: El procedimiento mediante el cual los datos personales no pueden asociarse al titular ni permitir, por su estructura, contenido o grado de desagregación, la identificación del mismo;

XIV.- Documento de seguridad: Instrumento que describe y da cuenta de manera general sobre las medidas de seguridad técnicas, físicas y administrativas adoptadas por el responsable para garantizar la confidencialidad, integridad y disponibilidad de los datos personales que posee;

XV.- Encargado: La persona física o jurídica, pública o privada, ajena a la organización del responsable, que sola o conjuntamente con otras trate datos personales a nombre y por cuenta del responsable;

XVI.- Evaluación de impacto en la protección de datos personales: Documento mediante el cual los sujetos obligados que pretendan poner en operación o modificar políticas públicas, programas, sistemas o plataformas informáticas, aplicaciones electrónicas o cualquier otra tecnología que implique el tratamiento intensivo o relevante de datos personales, valoran los impactos reales respecto de determinado tratamiento de datos personales, a efecto de identificar y mitigar posibles riesgos relacionados con los principios, deberes y derechos de los titulares, así como los deberes de los responsables y encargados, previstos en la normativa aplicable;

XVII.- Fuentes de acceso público: Aquellas bases de datos, sistemas o archivos que por disposición de ley puedan ser consultadas públicamente cuando no exista impedimento por una norma limitativa y sin más exigencia que, en su caso, el pago de una contraprestación, tarifa o contribución. No se considerará fuente de acceso público cuando la información contenida en la misma sea obtenida o tenga una procedencia ilícita, conforme a las disposiciones establecidas por la presente Ley y demás normativa aplicable;

XVIII.- Instituto: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales, el cual es el organismo garante de la Federación en materia de protección de datos personales en posesión de los sujetos obligados;

XIX.- Medidas compensatorias: Mecanismos alternos para dar a conocer a los titulares el aviso de privacidad, a través de su difusión por medios masivos de comunicación u otros de amplio alcance;

XX.- Medidas de seguridad: Conjunto de acciones, actividades, controles o mecanismos administrativos, técnicos y físicos que permitan proteger los datos personales;

XXI.- Medidas de seguridad administrativas: Políticas y procedimientos para la gestión, soporte y revisión de la seguridad de la información a nivel organizacional, la identificación, clasificación y borrado seguro de la información, así como la sensibilización y capacitación del personal, en materia de protección de datos personales;

XXII.- Medidas de seguridad físicas: Conjunto de acciones y mecanismos para proteger el entorno físico de los datos personales y de los recursos involucrados en su tratamiento. De manera enunciativa más no limitativa, se deben considerar las siguientes actividades:

a) Prevenir el acceso no autorizado al perímetro de la organización, sus instalaciones físicas, áreas críticas, recursos e información;

b) Prevenir el daño o interferencia a las instalaciones físicas, áreas críticas de la organización, recursos e información;

c) Proteger los recursos móviles, portátiles y cualquier soporte físico o electrónico que pueda salir de la organización, y

d) Proveer a los equipos que contienen o almacenan datos personales de un mantenimiento eficaz, que asegure su disponibilidad e integridad;

XXIII.- Medidas de seguridad técnicas: Conjunto de acciones y mecanismos que se valen de la tecnología relacionada con hardware y software para proteger el entorno digital de los datos personales y los recursos involucrados en su tratamiento. De manera enunciativa más no limitativa, se deben considerar las siguientes actividades:

a) Prevenir que el acceso a las bases de datos o a la información, así como a los recursos, sea por usuarios identificados y autorizados;

b) Generar un esquema de privilegios para que el usuario lleve a cabo las actividades que requiere con motivo de sus funciones;

c) Revisar la configuración de seguridad en la adquisición, operación, desarrollo y mantenimiento del software y hardware, y

d) Gestionar las comunicaciones, operaciones y medios de almacenamiento de los recursos informáticos en el tratamiento de datos personales;

XXIV.- Organismos garantes: Aquellos con autonomía constitucional especializados en materia de acceso a la información y protección de datos personales, en términos de los artículos 6o. y 116, fracción VIII de la Constitución Política de los Estados Unidos Mexicanos;

XXV. – Plataforma Nacional: La Plataforma Nacional de Transparencia a que hace referencia el artículo 49 de la Ley General de Transparencia y Acceso a la Información Pública;

XXVI.- Programa Nacional de Protección de Datos Personales: Programa Nacional de Protección de Datos Personales;

XXVII.- Remisión: Toda comunicación de datos personales realizada exclusivamente entre el responsable y encargado, dentro o fuera del territorio mexicano;

XXVIII.- Responsable: Los sujetos obligados a que se refiere el artículo 1 de la presente Ley que deciden sobre el tratamiento de datos personales;

XXIX.- Sistema Nacional: El Sistema Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales;

XXX.- Supresión: La baja archivística de los datos personales conforme a la normativa archivística aplicable, que resulte en la eliminación, borrado o destrucción de los datos personales bajo las medidas de seguridad previamente establecidas por el responsable;

XXXI.- Titular: La persona física a quien corresponden los datos personales;

XXXII.- Transferencia: Toda comunicación de datos personales dentro o fuera del territorio mexicano, realizada a persona distinta del titular, del responsable o del encargado;

XXXIII.- Tratamiento: Cualquier operación o conjunto de operaciones efectuadas mediante procedimientos manuales o automatizados aplicados a los datos personales, relacionadas con la obtención, uso, registro, organización, conservación, elaboración, utilización, comunicación, difusión, almacenamiento, posesión, acceso, manejo, aprovechamiento, divulgación, transferencia o disposición de datos personales, y

XXXIV.- Unidad de Transparencia: Instancia a la que hace referencia el artículo 45 de la Ley General de Transparencia y Acceso a la Información Pública.

Artículo 4.- La presente Ley será aplicable a cualquier tratamiento de datos personales que obren en soportes físicos o electrónicos, con independencia de la forma o modalidad de su creación, tipo de soporte, procesamiento, almacenamiento y organización.

Artículo 5.- Para los efectos de la presente Ley, se considerarán como fuentes de acceso público:

I.- Las páginas de Internet o medios remotos o locales de comunicación electrónica, óptica y de otra tecnología, siempre que el sitio donde se encuentren los datos personales esté concebido para facilitar información al público y esté abierto a la consulta general;

II.- Los directorios telefónicos en términos de la normativa específica;

III.– Los diarios, gacetas o boletines oficiales, de acuerdo con su normativa;

IV.- Los medios de comunicación social, y

V.- Los registros públicos conforme a las disposiciones que les resulten aplicables.

Para que los supuestos enumerados en el presente artículo sean considerados fuentes de acceso público será necesario que su consulta pueda ser realizada por cualquier persona no impedida por una norma limitativa, o sin más exigencia que, en su caso, el pago de una contra prestación, derecho o tarifa. No se considerará una fuente de acceso público cuando la información contenida en la misma sea o tenga una procedencia ilícita.

Artículo 6.- El Estado garantizará la privacidad de los individuos y deberá velar porque terceras personas no incurran en conductas que puedan afectarla arbitrariamente.

El derecho a la protección de los datos personales solamente se limitará por razones de seguridad nacional, en términos de la ley en la materia, disposiciones de orden público, seguridad y salud públicas o para proteger los derechos de terceros.

Artículo 7.- Por regla general no podrán tratarse datos personales sensibles, salvo que se cuente con el consentimiento expreso de su titular o en su defecto, se trate de los casos establecidos en el artículo 22 de esta Ley.

En el tratamiento de datos personales de menores de edad se deberá privilegiar el interés superior de la niña, el niño y el adolescente, en términos de las disposiciones legales aplicables.

Artículo 8.- La aplicación e interpretación de la presente Ley se realizará conforme a lo dispuesto en la Constitución Política de los Estados Unidos Mexicanos, los Tratados Internacionales de los que el Estado mexicano sea parte, así como las resoluciones y sentencias vinculantes que emitan los órganos nacionales e internacionales especializados, favoreciendo en todo tiempo el derecho a la privacidad, la protección de datos personales y a las personas la protección más amplia.

Para el caso de la interpretación, se podrán tomar en cuenta los criterios, determinaciones y opiniones de los organismos nacionales e internacionales, en materia de protección de datos personales.

Artículo 9.- A falta de disposición expresa en la presente Ley, se aplicarán de manera supletoria las disposiciones del Código Federal de Procedimientos Civiles y de la Ley Federal de Procedimiento Administrativo.

Las leyes de las Entidades Federativas, en el ámbito de sus respectivas competencias, deberán determinar las disposiciones que les resulten aplicables en materia supletoria a los Organismos garantes en la aplicación e interpretación de esta Ley.

Capítulo II.- Del Sistema Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales

Artículo 10.- El Sistema Nacional se conformará de acuerdo con lo establecido en la Ley General de Transparencia y Acceso a la Información Pública. En materia de protección de datos personales, dicho Sistema tiene como función coordinar y evaluar las acciones relativas a la política pública transversal de protección de datos personales, así como establecer e implementar criterios y lineamientos en la materia, de conformidad con lo señalado en la presente Ley, la Ley General de Transparencia y Acceso a la Información Pública y demás normatividad aplicable.

Artículo 11.- El Sistema Nacional contribuirá a mantener la plena vigencia del derecho a la protección de datos personales a nivel nacional, en los tres órdenes de gobierno.

Este esfuerzo conjunto e integral, aportará a la implementación de políticas públicas con estricto apego a la normatividad aplicable en la materia; el ejercicio pleno y respeto del derecho a la protección de datos personales y la difusión de una cultura de este derecho y su accesibilidad.

Artículo 12.- Además de los objetivos previstos en la Ley General de Transparencia y Acceso a la Información Pública, el Sistema Nacional tendrá como objetivo diseñar, ejecutar y evaluar un Programa Nacional de Protección de Datos Personales que defina la política pública y establezca, como mínimo, objetivos, estrategias, acciones y metas para:

I.- Promover la educación y una cultura de protección de datos personales entre la sociedad mexicana;

II.- Fomentar el ejercicio de los derechos de acceso, rectificación, cancelación y oposición;

III.- Capacitar a los sujetos obligados en materia de protección de datos personales;

IV.- Impulsar la implementación y mantenimiento de un sistema de gestión de seguridad a que se refiere el artículo 34 de la presente Ley, así como promover la adopción de estándares nacionales e internacionales y buenas prácticas en la materia, y

V.- Prever los mecanismos que permitan medir, reportar y verificar las metas establecidas.

El Programa Nacional de Protección de Datos Personales, se constituirá como un instrumento rector para la integración y coordinación del Sistema Nacional, y deberá determinar y jerarquizar los objetivos y metas que éste debe cumplir, así como definir las líneas de acción generales que resulten necesarias.

El Programa Nacional de Protección de Datos Personales deberá evaluarse y actualizarse al final de cada ejercicio anual y definirá el conjunto de actividades y proyectos que deberán ser ejecutados durante el siguiente ejercicio.

Artículo 13.- El Sistema Nacional contará con un Consejo Nacional. En la integración, organización, funcionamiento y atribuciones del Consejo Nacional se estará a lo dispuesto por la Ley General de Transparencia y Acceso a la Información Pública y demás disposiciones aplicables.

Artículo 14.- El Sistema Nacional, además de lo previsto en la Ley General de Transparencia y Acceso a la Información Pública y demás normativa aplicable, tendrá las siguientes funciones en materia de protección de datos personales:

I.- Promover el ejercicio del derecho a la protección de datos personales en toda la República Mexicana;

II.- Fomentar entre la sociedad una cultura de protección de los datos personales;

III.- Analizar, opinar y proponer a las instancias facultadas para ello proyectos de reforma o modificación de la normativa en la materia;

IV.- Acordar y establecer los mecanismos de coordinación que permitan la formulación y ejecución de instrumentos y políticas públicas integrales, sistemáticas, continuas y evaluables, tendentes a cumplir con los objetivos y fines del Sistema Nacional, de la presente Ley y demás disposiciones que resulten aplicables en la materia;

V.- Emitir acuerdos y resoluciones generales para el funcionamiento del Sistema Nacional;

VI.- Formular, establecer y ejecutar políticas generales en materia de protección de datos personales;

VII.- Promover la coordinación efectiva de las instancias que integran el Sistema Nacional y dar seguimiento a las acciones que para tal efecto se establezcan;

VIII.- Promover la homologación y desarrollo de los procedimientos previstos en la presente Ley y evaluar sus avances;

IX.- Diseñar e implementar políticas en materia de protección de datos personales;

X.- Establecer mecanismos eficaces para que la sociedad participe en los procesos de evaluación de las políticas y las instituciones integrantes del Sistema Nacional;

XI.- Desarrollar proyectos comunes de alcance nacional para medir el cumplimiento y los avances de los responsables;

XII.- Suscribir convenios de colaboración que tengan por objeto coadyuvar al cumplimiento de los objetivos del Sistema Nacional y aquellos previstos en la presente Ley y demás disposiciones que resulten aplicables en la materia;

XIII.- Promover e implementar acciones para garantizar condiciones de accesibilidad para que los grupos vulnerables puedan ejercer, en igualdad de circunstancias, su derecho a la protección de datos personales;

XIV.- Proponer códigos de buenas prácticas o modelos en materia de protección de datos personales;

XV.- Promover la comunicación y coordinación con autoridades nacionales, federales, de los Estados, municipales, autoridades y organismos internacionales, con la finalidad de impulsar y fomentar los objetivos de la presente Ley;

XVI.- Proponer acciones para vincular el Sistema Nacional con otros sistemas y programas nacionales, regionales o locales;

XVII.- Promover e impulsar el ejercicio y tutela del derecho a la protección de datos personales, a través de la implementación, organización y operación de la Plataforma Nacional, a que se refiere la Ley General de Transparencia y Acceso a la Información Pública y demás normativa aplicable;

XVIII.- Aprobar el Programa Nacional de Protección de Datos Personales al que se refiere el artículo 12 de esta Ley;

XIX.- Expedir criterios adicionales para determinar los supuestos en los que se está ante un tratamiento intensivo o relevante de datos personales, de conformidad con lo dispuesto por los artículos 70 y 71 de esta Ley;

XX.- Expedir las disposiciones administrativas necesarias para la valoración del contenido presentado por los sujetos obligados en la Evaluación de impacto en la protección de datos personales, a efecto de emitir las recomendaciones no vinculantes que correspondan, y

XXI.- Las demás que se establezcan en otras disposiciones en la materia para el funcionamiento del Sistema Nacional.

Artículo 15.- El Consejo Nacional funcionará conforme a lo dispuesto en la Ley General de Transparencia y Acceso a la Información Pública y demás ordenamientos aplicables.

TÍTULO SEGUNDO.- PRINCIPIOS Y DEBERES

Capítulo I.- De los Principios

Artículo 16.- El responsable deberá observar los principios de licitud, finalidad, lealtad, consentimiento, calidad, proporcionalidad, información y responsabilidad en el tratamiento de datos personales.

Artículo 17.- El tratamiento de datos personales por parte del responsable deberá sujetarse a las facultades o atribuciones que la normatividad aplicable le confiera.

Artículo 18.- Todo tratamiento de datos personales que efectúe el responsable deberá estar justificado por finalidades concretas, lícitas, explícitas y legítimas, relacionadas con las atribuciones que la normatividad aplicable les confiera.

El responsable podrá tratar datos personales para finalidades distintas a aquéllas establecidas en el aviso de privacidad, siempre y cuando cuente con atribuciones conferidas en la ley y medie el consentimiento del titular, salvo que sea una persona reportada como desaparecida, en los términos previstos en la presente Ley y demás disposiciones que resulten aplicables en la materia.

Artículo 19.- El responsable no deberá obtener y tratar datos personales, a través de medios engañosos o fraudulentos, privilegiando la protección de los intereses del titular y la expectativa razonable de privacidad.

Artículo 20.- Cuando no se actualicen algunas de las causales de excepción previstas en el artículo 22 de la presente Ley, el responsable deberá contar con el consentimiento previo del titular para el tratamiento de los datos personales, el cual deberá otorgarse de forma:

I.- Libre: Sin que medie error, mala fe, violencia o dolo que puedan afectar la manifestación de voluntad del titular;

II.- Específica: Referida a finalidades concretas, lícitas, explícitas y legítimas que justifiquen el tratamiento, e

III.- Informada: Que el titular tenga conocimiento del aviso de privacidad previo al tratamiento a que serán sometidos sus datos personales.

En la obtención del consentimiento de menores de edad o de personas que se encuentren en estado de interdicción o incapacidad declarada conforme a la ley, se estará a lo dispuesto en las reglas de representación previstas en la legislación civil que resulte aplicable.

Artículo 21.- El consentimiento podrá manifestarse de forma expresa o tácita. Se deberá entender que el consentimiento es expreso cuando la voluntad del titular se manifieste verbalmente, por escrito, por medios electrónicos, ópticos, signos inequívocos o por cualquier otra tecnología.

El consentimiento será tácito cuando habiéndose puesto a disposición del titular el aviso de privacidad, éste no manifieste su voluntad en sentido contrario.

Por regla general será válido el consentimiento tácito, salvo que la ley o las disposiciones aplicables exijan que la voluntad del titular se manifieste expresamente.

Tratándose de datos personales sensibles el responsable deberá obtener el consentimiento expreso y por escrito del titular para su tratamiento, a través de su firma autógrafa, firma electrónica o cualquier mecanismo de autenticación que al efecto se establezca, salvo en los casos previstos en el artículo 22 de esta Ley.

Artículo 22.- El responsable no estará obligado a recabar el consentimiento del titular para el tratamiento de sus datos personales en los siguientes casos:

I.- Cuando una ley así lo disponga, debiendo dichos supuestos ser acordes con las bases, principios y disposiciones establecidos en esta Ley, en ningún caso, podrán contravenirla;

II.- Cuando las transferencias que se realicen entre responsables, sean sobre datos personales que se utilicen para el ejercicio de facultades propias, compatibles o análogas con la finalidad que motivó el tratamiento de los datos personales;

III.- Cuando exista una orden judicial, resolución o mandato fundado y motivado de autoridad competente;

IV.- Para el reconocimiento o defensa de derechos del titular ante autoridad competente;

V.- Cuando los datos personales se requieran para ejercer un derecho o cumplir obligaciones derivadas de una relación jurídica entre el titular y el responsable;

VI.- Cuando exista una situación de emergencia que potencialmente pueda dañar a un individuo en su persona o en sus bienes;

VII.- Cuando los datos personales sean necesarios para efectuar un tratamiento para la prevención, diagnóstico, la prestación de asistencia sanitaria;

VIII.- Cuando los datos personales figuren en fuentes de acceso público;

IX.- Cuando los datos personales se sometan a un procedimiento previo de disociación, o

X.- Cuando el titular de los datos personales sea una persona reportada como desaparecida en los términos de la ley en la materia.

Artículo 23.- El responsable deberá adoptar las medidas necesarias para mantener exactos, completos, correctos y actualizados los datos personales en su posesión, a fin de que no se altere la veracidad de éstos.

Se presume que se cumple con la calidad en los datos personales cuando éstos son proporcionados directamente por el titular y hasta que éste no manifieste y acredite lo contrario.

Cuando los datos personales hayan dejado de ser necesarios para el cumplimiento de las finalidades previstas en el aviso de privacidad y que motivaron su tratamiento conforme a las disposiciones que resulten aplicables, deberán ser suprimidos, previo bloqueo en su caso, y una vez que concluya el plazo de conservación de los mismos.

Los plazos de conservación de los datos personales no deberán exceder aquéllos que sean necesarios para el cumplimiento de las finalidades que justificaron su tratamiento, y deberán atender a las disposiciones aplicables en la materia de que se trate y considerar los aspectos administrativos, contables, fiscales, jurídicos e históricos de los datos personales.

Artículo 24.- El responsable deberá establecer y documentar los procedimientos para la conservación y, en su caso, bloqueo y supresión de los datos personales que lleve a cabo, en los cuales se incluyan los periodos de conservación de los mismos, de conformidad con lo dispuesto en el artículo anterior de la presente Ley.

En los procedimientos a que se refiere el párrafo anterior, el responsable deberá incluir mecanismos que le permitan cumplir con los plazos fijados para la supresión de los datos personales, así como para realizar una revisión periódica sobre la necesidad de conservar los datos personales.

Artículo 25.- El responsable sólo deberá tratar los datos personales que resulten adecuados, relevantes y estrictamente necesarios para la finalidad que justifica su tratamiento.

Artículo 26.- El responsable deberá informar al titular, a través del aviso de privacidad, la existencia y características principales del tratamiento al que serán sometidos sus datos personales, a fin de que pueda tomar decisiones informadas al respecto.

Por regla general, el aviso de privacidad deberá ser difundido por los medios electrónicos y físicos con que cuente el responsable.

Para que el aviso de privacidad cumpla de manera eficiente con su función de informar, deberá estar redactado y estructurado de manera clara y sencilla.

Cuando resulte imposible dar a conocer al titular el aviso de privacidad, de manera directa o ello exija esfuerzos desproporcionados, el responsable podrá instrumentar medidas compensatorias de comunicación masiva de acuerdo con los criterios que para tal efecto emita el Sistema Nacional de Transparencia, Acceso a la Información Pública y Protección de Datos Personales.

Artículo 27.- El aviso de privacidad a que se refiere el artículo 3, fracción II, se pondrá a disposición del titular en dos modalidades: simplificado e integral. El aviso simplificado deberá contener la siguiente información:

I.- La denominación del responsable;

II.- Las finalidades del tratamiento para las cuales se obtienen los datos personales, distinguiendo aquéllas que requieran el consentimiento del titular;

III.- Cuando se realicen transferencias de datos personales que requieran consentimiento, se deberá informar:

a) Las autoridades, poderes, entidades, órganos y organismos gubernamentales de los tres órdenes de gobierno y las personas físicas o morales a las que se transfieren los datos personales, y

b) Las finalidades de estas transferencias;

IV.- Los mecanismos y medios disponibles para que el titular, en su caso, pueda manifestar su negativa para el tratamiento de sus datos personales para finalidades y transferencias de datos personales que requieren el consentimiento del titular, y

V.- El sitio donde se podrá consultar el aviso de privacidad integral.

La puesta a disposición del aviso de privacidad al que refiere este artículo no exime al responsable de su obligación de proveer los mecanismos para que el titular pueda conocer el contenido del aviso de privacidad al que se refiere el artículo siguiente.

Los mecanismos y medios a los que se refiere la fracción IV de este artículo, deberán estar disponibles para que el titular pueda manifestar su negativa al tratamiento de sus datos personales para las finalidades o transferencias que requieran el consentimiento del titular, previo a que ocurra dicho tratamiento.

Artículo 28.- El aviso de privacidad integral, además de lo dispuesto en las fracciones del artículo anterior, al que refiere la fracción V del artículo anterior deberá contener, al menos, la siguiente información:

I.- El domicilio del responsable;

II.- Los datos personales que serán sometidos a tratamiento, identificando aquéllos que son sensibles;

III.- El fundamento legal que faculta al responsable para llevar a cabo el tratamiento;

IV.- Las finalidades del tratamiento para las cuales se obtienen los datos personales, distinguiendo aquéllas que requieren el consentimiento del titular;

V.- Los mecanismos, medios y procedimientos disponibles para ejercer los derechos ARCO;

VI.- El domicilio de la Unidad de Transparencia, y

VII.- Los medios a través de los cuales el responsable comunicará a los titulares los cambios al aviso de privacidad.

Artículo 29.- El responsable deberá implementar los mecanismos previstos en el artículo 30 de la presente Ley para acreditar el cumplimiento de los principios, deberes y obligaciones establecidos en la presente Ley y rendir cuentas sobre el tratamiento de datos personales en su posesión al titular e Instituto o a los Organismos garantes, según corresponda, caso en el cual deberá observar la Constitución y los Tratados Internacionales en los que el Estado mexicano sea parte; en lo que no se contraponga con la normativa mexicana podrá valerse de estándares o mejores prácticas nacionales o internacionales para tales fines.

Artículo 30.- Entre los mecanismos que deberá adoptar el responsable para cumplir con el principio de responsabilidad establecido en la presente Ley están, al menos, los siguientes:

I.- Destinar recursos autorizados para tal fin para la instrumentación de programas y políticas de protección de datos personales;

II.- Elaborar políticas y programas de protección de datos personales, obligatorios y exigibles al interior de la organización del responsable;

III.- Poner en práctica un programa de capacitación y actualización del personal sobre las obligaciones y demás deberes en materia de protección de datos personales;

IV.- Revisar periódicamente las políticas y programas de seguridad de datos personales para determinar las modificaciones que se requieran;

V.- Establecer un sistema de supervisión y vigilancia interna y/o externa, incluyendo auditorías, para comprobar el cumplimiento de las políticas de protección de datos personales;

VI.- Establecer procedimientos para recibir y responder dudas y quejas de los titulares;

VII.- Diseñar, desarrollar e implementar sus políticas públicas, programas, servicios, sistemas o plataformas informáticas, aplicaciones electrónicas o cualquier otra tecnología que implique el tratamiento de datos personales, de conformidad con las disposiciones previstas en la presente Ley y las demás que resulten aplicables en la materia, y

VIII.- Garantizar que sus políticas públicas, programas, servicios, sistemas o plataformas informáticas, aplicaciones electrónicas o cualquier otra tecnología que implique el tratamiento de datos personales, cumplan por defecto con las obligaciones previstas en la presente Ley y las demás que resulten aplicables en la materia.

Capítulo II.- De los Deberes

Artículo 31.- Con independencia del tipo de sistema en el que se encuentren los datos personales o el tipo de tratamiento que se efectúe, el responsable deberá establecer y mantener las medidas de seguridad de carácter administrativo, físico y técnico para la protección de los datos personales, que permitan protegerlos contra daño, pérdida, alteración, destrucción o su uso, acceso o tratamiento no autorizado, así como garantizar su confidencialidad, integridad y disponibilidad.

Artículo 32.- Las medidas de seguridad adoptadas por el responsable deberán considerar:

I.- El riesgo inherente a los datos personales tratados;

II.- La sensibilidad de los datos personales tratados;

III.- El desarrollo tecnológico;

IV.- Las posibles consecuencias de una vulneración para los titulares;

V.- Las transferencias de datos personales que se realicen;

VI.- El número de titulares;

VII.- Las vulneraciones previas ocurridas en los sistemas de tratamiento, y

VIII.- El riesgo por el valor potencial cuantitativo o cualitativo que pudieran tener los datos personales tratados para una tercera persona no autorizada para su posesión.

Artículo 33. Para establecer y mantener las medidas de seguridad para la protección de los datos personales, el responsable deberá realizar, al menos, las siguientes actividades interrelacionadas:

I.- Crear políticas internas para la gestión y tratamiento de los datos personales, que tomen en cuenta el contexto en el que ocurren los tratamientos y el ciclo de vida de los datos personales, es decir, su obtención, uso y posterior supresión;

II.- Definir las funciones y obligaciones del personal involucrado en el tratamiento de datos personales;

III.- Elaborar un inventario de datos personales y de los sistemas de tratamiento;

IV.- Realizar un análisis de riesgo de los datos personales, considerando las amenazas y vulnerabilidades existentes para los datos personales y los recursos involucrados en su tratamiento, como pueden ser, de manera enunciativa más no limitativa, hardware, software, personal del responsable, entre otros;

V.- Realizar un análisis de brecha, comparando las medidas de seguridad existentes contra las faltantes en la organización del responsable;

VI.- Elaborar un plan de trabajo para la implementación de las medidas de seguridad faltantes, así como las medidas para el cumplimiento cotidiano de las políticas de gestión y tratamiento de los datos personales;

VII.- Monitorear y revisar de manera periódica las medidas de seguridad implementadas, así como las amenazas y vulneraciones a las que están sujetos los datos personales, y

VIII.- Diseñar y aplicar diferentes niveles de capacitación del personal bajo su mando, dependiendo de sus roles y responsabilidades respecto del tratamiento de los datos personales.

Artículo 34.- Las acciones relacionadas con las medidas de seguridad para el tratamiento de los datos personales deberán estar documentadas y contenidas en un sistema de gestión.

Se entenderá por sistema de gestión al conjunto de elementos y actividades interrelacionadas para establecer, implementar, operar, monitorear, revisar, mantener y mejorar el tratamiento y seguridad de los datos personales, de conformidad con lo previsto en la presente Ley y las demás disposiciones que le resulten aplicables en la materia.

Artículo 35.- De manera particular, el responsable deberá elaborar un documento de seguridad que contenga, al menos, lo siguiente:

I.- El inventario de datos personales y de los sistemas de tratamiento;

II.- Las funciones y obligaciones de las personas que traten datos personales;

III.- El análisis de riesgos;

IV.- El análisis de brecha;

V.- El plan de trabajo;

VI.- Los mecanismos de monitoreo y revisión de las medidas de seguridad, y

VII.- El programa general de capacitación.

Artículo 36.- El responsable deberá actualizar el documento de seguridad cuando ocurran los siguientes eventos:

I.- Se produzcan modificaciones sustanciales al tratamiento de datos personales que deriven en un cambio en el nivel de riesgo;

II.- Como resultado de un proceso de mejora continua, derivado del monitoreo y revisión del sistema de gestión;

III.- Como resultado de un proceso de mejora para mitigar el impacto de una vulneración a la seguridad ocurrida, y

IV.- Implementación de acciones correctivas y preventivas ante una vulneración de seguridad.

Artículo 37.- En caso de que ocurra una vulneración a la seguridad, el responsable deberá analizar las causas por las cuales se presentó e implementar en su plan de trabajo las acciones preventivas y correctivas para adecuar las medidas de seguridad y el tratamiento de los datos personales si fuese el caso a efecto de evitar que la vulneración se repita.

Artículo 38.- Además de las que señalen las leyes respectivas y la normatividad aplicable, se considerarán como vulneraciones de seguridad, en cualquier fase del tratamiento de datos, al menos, las siguientes:

I.- La pérdida o destrucción no autorizada;

II.- El robo, extravío o copia no autorizada;

III.- El uso, acceso o tratamiento no autorizado, o

IV.- El daño, la alteración o modificación no autorizada.

Artículo 39.- El responsable deberá llevar una bitácora de las vulneraciones a la seguridad en la que se describa ésta, la fecha en la que ocurrió, el motivo de ésta y las acciones correctivas implementadas de forma inmediata y definitiva.

Artículo 40.- El responsable deberá informar sin dilación alguna al titular, y según corresponda, al Instituto y a los Organismos garantes de las Entidades Federativas, las vulneraciones que afecten de forma significativa los derechos patrimoniales o morales, en cuanto se confirme que ocurrió la vulneración y que el responsable haya empezado a tomar las acciones encaminadas a detonar un proceso de revisión exhaustiva de la magnitud de la afectación, a fin de que los titulares afectados puedan tomar las medidas correspondientes para la defensa de sus derechos.

Artículo 41.- El responsable deberá informar al titular al menos lo siguiente:

I.- La naturaleza del incidente;

II.- Los datos personales comprometidos;

III.- Las recomendaciones al titular acerca de las medidas que éste pueda adoptar para proteger sus intereses;

IV.- Las acciones correctivas realizadas de forma inmediata, y

V.- Los medios donde puede obtener más información al respecto.

Artículo 42.- El responsable deberá establecer controles o mecanismos que tengan por objeto que todas aquellas personas que intervengan en cualquier fase del tratamiento de los datos personales, guarden confidencialidad respecto de éstos, obligación que subsistirá aún después de finalizar sus relaciones con el mismo.

Lo anterior, sin menoscabo de lo establecido en las disposiciones de acceso a la información pública.

TÍTULO TERCERO.- DERECHOS DE LOS TITULARES Y SU EJERCICIO

Capítulo I.- De los Derechos de Acceso, Rectificación, Cancelación y Oposición

Artículo 43.- En todo momento el titular o su representante podrán solicitar al responsable, el acceso, rectificación, cancelación u oposición al tratamiento de los datos personales que le conciernen, de conformidad con lo establecido en el presente Título. El ejercicio de cualquiera de los derechos ARCO no es requisito previo, ni impide el ejercicio de otro.

Artículo 44.- El titular tendrá derecho de acceder a sus datos personales que obren en posesión del responsable, así como conocer la información relacionada con las condiciones y generalidades de su tratamiento.

Artículo 45.- El titular tendrá derecho a solicitar al responsable la rectificación o corrección de sus datos personales, cuando estos resulten ser inexactos, incompletos o no se encuentren actualizados.

Artículo 46.- El titular tendrá derecho a solicitar la cancelación de sus datos personales de los archivos, registros, expedientes y sistemas del responsable, a fin de que los mismos ya no estén en su posesión y dejen de ser tratados por este último.

Artículo 47.- El titular podrá oponerse al tratamiento de sus datos personales o exigir que se cese en el mismo, cuando:

I.- Aun siendo lícito el tratamiento, el mismo debe cesar para evitar que su persistencia cause un daño o perjuicio al titular, y

II.- Sus datos personales sean objeto de un tratamiento automatizado, el cual le produzca efectos jurídicos no deseados o afecte de manera significativa sus intereses, derechos o libertades, y estén destinados a evaluar, sin intervención humana, determinados aspectos personales del mismo o analizar o predecir, en particular, su rendimiento profesional, situación económica, estado de salud, preferencias sexuales, fiabilidad o comportamiento.

Capítulo II.- Del Ejercicio de los Derechos de Acceso, Rectificación, Cancelación y Oposición

Artículo 48.- La recepción y trámite de las solicitudes para el ejercicio de los derechos ARCO que se formulen a los responsables, se sujetará al procedimiento establecido en el presente Título y demás disposiciones que resulten aplicables en la materia.

Artículo 49.- Para el ejercicio de los derechos ARCO será necesario acreditar la identidad del titular y, en su caso, la identidad y personalidad con la que actúe el representante.

El ejercicio de los derechos ARCO por persona distinta a su titular o a su representante, será posible, excepcionalmente, en aquellos supuestos previstos por disposición legal, o en su caso, por mandato judicial.

En el ejercicio de los derechos ARCO de menores de edad o de personas que se encuentren en estado de interdicción o incapacidad, de conformidad con las leyes civiles, se estará a las reglas de representación dispuestas en la misma legislación.

Tratándose de datos personales concernientes a personas fallecidas, la persona que acredite tener un interés jurídico, de conformidad con las leyes aplicables, podrá ejercer los derechos que le confiere el presente Capítulo, siempre que el titular de los derechos hubiere expresado fehacientemente su voluntad en tal sentido o que exista un mandato judicial para dicho efecto.

Artículo 50.- El ejercicio de los derechos ARCO deberá ser gratuito. Sólo podrán realizarse cobros para recuperar los costos de reproducción, certificación o envío, conforme a la normatividad que resulte aplicable.

Para efectos de acceso a datos personales, las leyes que establezcan los costos de reproducción y certificación deberán considerar en su determinación que los montos permitan o faciliten el ejercicio de este derecho.

Cuando el titular proporcione el medio magnético, electrónico o el mecanismo necesario para reproducir los datos personales, los mismos deberán ser entregados sin costo a éste.

La información deberá ser entregada sin costo, cuando implique la entrega de no más de veinte hojas simples. Las unidades de transparencia podrán exceptuar el pago de reproducción y envío atendiendo a las circunstancias socioeconómicas del titular.

El responsable no podrá establecer para la presentación de las solicitudes del ejercicio de los derechos ARCO algún servicio o medio que implique un costo al titular.

Artículo 51.- El responsable deberá establecer procedimientos sencillos que permitan el ejercicio de los derechos ARCO, cuyo plazo de respuesta no deberá exceder de veinte días contados a partir del día siguiente a la recepción de la solicitud.

El plazo referido en el párrafo anterior podrá ser ampliado por una sola vez hasta por diez días cuando así lo justifiquen las circunstancias, y siempre y cuando se le notifique al titular dentro del plazo de respuesta.

En caso de resultar procedente el ejercicio de los derechos ARCO, el responsable deberá hacerlo efectivo en un plazo que no podrá exceder de quince días contados a partir del día siguiente en que se haya notificado la respuesta al titular.

Artículo 52.- En la solicitud para el ejercicio de los derechos ARCO no podrán imponerse mayores requisitos que los siguientes:

I.- El nombre del titular y su domicilio o cualquier otro medio para recibir notificaciones;

II.- Los documentos que acrediten la identidad del titular y, en su caso, la personalidad e identidad de su representante;

III.- De ser posible, el área responsable que trata los datos personales y ante el cual se presenta la solicitud;

IV.-La descripción clara y precisa de los datos personales respecto de los que se busca ejercer alguno de los derechos ARCO, salvo que se trate del derecho de acceso;

V.- La descripción del derecho ARCO que se pretende ejercer, o bien, lo que solicita el titular, y

VI.- Cualquier otro elemento o documento que facilite la localización de los datos personales, en su caso.

Tratándose de una solicitud de acceso a datos personales, el titular deberá señalar la modalidad en la que prefiere que éstos se reproduzcan. El responsable deberá atender la solicitud en la modalidad requerida por el titular, salvo que exista una imposibilidad física o jurídica que lo limite a reproducir los datos personales en dicha modalidad, en este caso deberá ofrecer otras modalidades de entrega de los datos personales fundando y motivando dicha actuación.

En caso de que la solicitud de protección de datos no satisfaga alguno de los requisitos a que se refiere este artículo, y el Instituto o los organismos garantes no cuenten con elementos para subsanarla, se prevendrá al titular de los datos dentro de los cinco días siguientes a la presentación de la solicitud de ejercicio de los derechos ARCO, por una sola ocasión, para que subsane las omisiones dentro de un plazo de diez días contados a partir del día siguiente al de la notificación.

Transcurrido el plazo sin desahogar la prevención se tendrá por no presentada la solicitud de ejercicio de los derechos ARCO.

La prevención tendrá el efecto de interrumpir el plazo que tiene el Instituto, o en su caso, los organismos garantes, para resolver la solicitud de ejercicio de los derechos ARCO.

Con relación a una solicitud de cancelación, el titular deberá señalar las causas que lo motiven a solicitar la supresión de sus datos personales en los archivos, registros o bases de datos del responsable.

En el caso de la solicitud de oposición, el titular deberá manifestar las causas legítimas o la situación específica que lo llevan a solicitar el cese en el tratamiento, así como el daño o perjuicio que le causaría la persistencia del tratamiento, o en su caso, las finalidades específicas respecto de las cuales requiere ejercer el derecho de oposición.

Las solicitudes para el ejercicio de los derechos ARCO deberán presentarse ante la Unidad de Transparencia del responsable, que el titular considere competente, a través de escrito libre, formatos, medios electrónicos o cualquier otro medio que al efecto establezca el Instituto y los Organismos garantes, en el ámbito de sus respectivas competencias.

El responsable deberá dar trámite a toda solicitud para el ejercicio de los derechos ARCO y entregar el acuse de recibo que corresponda.

El Instituto y los Organismos garantes, según corresponda, podrán establecer formularios, sistemas y otros métodos simplificados para facilitar a los titulares el ejercicio de los derechos ARCO.

Los medios y procedimientos habilitados por el responsable para atender las solicitudes para el ejercicio de los derechos ARCO deberán ser de fácil acceso y con la mayor cobertura posible considerando el perfil de los titulares y la forma en que mantienen contacto cotidiano o común con el responsable.

Artículo 53.- Cuando el responsable no sea competente para atender la solicitud para el ejercicio de los derechos ARCO, deberá hacer del conocimiento del titular dicha situación dentro de los tres días siguientes a la presentación de la solicitud, y en caso de poderlo determinar, orientarlo hacia el responsable competente.

En caso de que el responsable declare inexistencia de los datos personales en sus archivos, registros, sistemas o expediente, dicha declaración deberá constar en una resolución del Comité de Transparencia que confirme la inexistencia de los datos personales.

En caso de que el responsable advierta que la solicitud para el ejercicio de los derechos ARCO corresponda a un derecho diferente de los previstos en la presente Ley, deberá reconducir la vía haciéndolo del conocimiento al titular.

Artículo 54.- Cuando las disposiciones aplicables a determinados tratamientos de datos personales establezcan un trámite o procedimiento específico para solicitar el ejercicio de los derechos ARCO, el responsable deberá informar al titular sobre la existencia del mismo, en un plazo no mayor a cinco días siguientes a la presentación de la solicitud para el ejercicio de los derechos ARCO, a efecto de que este último decida si ejerce sus derechos a través del trámite específico, o bien, por medio del procedimiento que el responsable haya institucionalizado para la atención de solicitudes para el ejercicio de los derechos ARCO conforme a las disposiciones establecidas en este Capítulo.

Artículo 55.- Las únicas causas en las que el ejercicio de los derechos ARCO no será procedente son:

I.- Cuando el titular o su representante no estén debidamente acreditados para ello;

II.- Cuando los datos personales no se encuentren en posesión del responsable;

III.- Cuando exista un impedimento legal;

IV.- Cuando se lesionen los derechos de un tercero;

V.- Cuando se obstaculicen actuaciones judiciales o administrativas;

VI.- Cuando exista una resolución de autoridad competente que restrinja el acceso a los datos personales o no permita la rectificación, cancelación u oposición de los mismos;

VII.- Cuando la cancelación u oposición haya sido previamente realizada;

VIII.- Cuando el responsable no sea competente;

IX.- Cuando sean necesarios para proteger intereses jurídicamente tutelados del titular;

X.- Cuando sean necesarios para dar cumplimiento a obligaciones legalmente adquiridas por el titular;

XI.- Cuando en función de sus atribuciones legales el uso cotidiano, resguardo y manejo sean necesarios y proporcionales para mantener la integridad, estabilidad y permanencia del Estado mexicano, o

XII.- Cuando los datos personales sean parte de la información que las entidades sujetas a la regulación y supervisión financiera del sujeto obligado hayan proporcionado a éste, en cumplimiento a requerimientos de dicha información sobre sus operaciones, organización y actividades.

En todos los casos anteriores, el responsable deberá informar al titular el motivo de su determinación, en el plazo de hasta veinte días a los que se refiere el primer párrafo del artículo 51 de la presente Ley y demás disposiciones aplicables, y por el mismo medio en que se llevó a cabo la solicitud, acompañando en su caso, las pruebas que resulten pertinentes.

Artículo 56.- Contra la negativa de dar trámite a toda solicitud para el ejercicio de los derechos ARCO o por falta de respuesta del responsable, procederá la interposición del recurso de revisión a que se refiere el artículo 94 de la presente Ley.

Capítulo III.- De la Portabilidad de los Datos

Artículo 57.- Cuando se traten datos personales por vía electrónica en un formato estructurado y comúnmente utilizado, el titular tendrá derecho a obtener del responsable una copia de los datos objeto de tratamiento en un formato electrónico estructurado y comúnmente utilizado que le permita seguir utilizándolos.

Cuando el titular haya facilitado los datos personales y el tratamiento se base en el consentimiento o en un contrato, tendrá derecho a transmitir dichos datos personales y cualquier otra información que haya facilitado y que se conserve en un sistema de tratamiento automatizado a otro sistema en un formato electrónico comúnmente utilizado, sin impedimentos por parte del responsable del tratamiento de quien se retiren los datos personales.

El Sistema Nacional establecerá mediante lineamientos los parámetros a considerar para determinar los supuestos en los que se está en presencia de un formato estructurado y comúnmente utilizado, así como las normas técnicas, modalidades y procedimientos para la transferencia de datos personales.

TÍTULO CUARTO.- RELACIÓN DEL RESPONSABLE Y ENCARGADO

Capítulo Único.- Responsable y Encargado

Artículo 58.- El encargado deberá realizar las actividades de tratamiento de los datos personales sin ostentar poder alguno de decisión sobre el alcance y contenido del mismo, así como limitar sus actuaciones a los términos fijados por el responsable.

Artículo 59.- La relación entre el responsable y el encargado deberá estar formalizada mediante contrato o cualquier otro instrumento jurídico que decida el responsable, de conformidad con la normativa que le resulte aplicable, y que permita acreditar su existencia, alcance y contenido.

En el contrato o instrumento jurídico que decida el responsable se deberán prever, al menos, las siguientes cláusulas generales relacionadas con los servicios que preste el encargado:

I.- Realizar el tratamiento de los datos personales conforme a las instrucciones del responsable;

II.- Abstenerse de tratar los datos personales para finalidades distintas a las instruidas por el responsable;

III.- Implementar las medidas de seguridad conforme a los instrumentos jurídicos aplicables;

IV.- Informar al responsable cuando ocurra una vulneración a los datos personales que trata por sus instrucciones;

V.- Guardar confidencialidad respecto de los datos personales tratados;

VI.- Suprimir o devolver los datos personales objeto de tratamiento una vez cumplida la relación jurídica con el responsable, siempre y cuando no exista una previsión legal que exija la conservación de los datos personales, y

VII.- Abstenerse de transferir los datos personales salvo en el caso de que el responsable así lo determine, o la comunicación derive de una subcontratación, o por mandato expreso de la autoridad competente.

Los acuerdos entre el responsable y el encargado relacionados con el tratamiento de datos personales no deberán contravenir la presente Ley y demás disposiciones aplicables, así como lo establecido en el aviso de privacidad correspondiente.

Artículo 60.- Cuando el encargado incumpla las instrucciones del responsable y decida por sí mismo sobre el tratamiento de los datos personales, asumirá el carácter de responsable conforme a la legislación en la materia que le resulte aplicable.

Artículo 61.- El encargado podrá, a su vez, subcontratar servicios que impliquen el tratamiento de datos personales por cuenta del responsable, siempre y cuando medie la autorización expresa de este último. El subcontratado asumirá el carácter de encargado en los términos de la presente la Ley y demás disposiciones que resulten aplicables en la materia.

Cuando el contrato o el instrumento jurídico mediante el cual se haya formalizado la relación entre el responsable y el encargado, prevea que este último pueda llevar a cabo a su vez las subcontrataciones de servicios, la autorización a la que refiere el párrafo anterior se entenderá como otorgada a través de lo estipulado en éstos.

Artículo 62.- Una vez obtenida la autorización expresa del responsable, el encargado deberá formalizar la relación adquirida con el subcontratado a través de un contrato o cualquier otro instrumento jurídico que decida, de conformidad con la normatividad que le resulte aplicable, y permita acreditar la existencia, alcance y contenido de la prestación del servicio en términos de lo previsto en el presente Capítulo.

Artículo 63.- El responsable podrá contratar o adherirse a servicios, aplicaciones e infraestructura en el cómputo en la nube, y otras materias que impliquen el tratamiento de datos personales, siempre y cuando el proveedor externo garantice políticas de protección de datos personales equivalentes a los principios y deberes establecidos en la presente Ley y demás disposiciones que resulten aplicables en la materia.

En su caso, el responsable deberá delimitar el tratamiento de los datos personales por parte del proveedor externo a través de cláusulas contractuales u otros instrumentos jurídicos.

Artículo 64.- Para el tratamiento de datos personales en servicios, aplicaciones e infraestructura de cómputo en la nube y otras materias, en los que el responsable se adhiera a los mismos mediante condiciones o cláusulas generales de contratación, sólo podrá utilizar aquellos servicios en los que el proveedor:

I.- Cumpla, al menos, con lo siguiente:

a) Tener y aplicar políticas de protección de datos personales afines a los principios y deberes aplicables que establece la presente Ley y demás normativa aplicable;

b) Transparentar las subcontrataciones que involucren la información sobre la que se presta el servicio;

c) Abstenerse de incluir condiciones en la prestación del servicio que le autoricen o permitan asumir la titularidad o propiedad de la información sobre la que preste el servicio, y

d) Guardar confidencialidad respecto de los datos personales sobre los que se preste el servicio;

II.- Cuente con mecanismos, al menos, para:

a) Dar a conocer cambios en sus políticas de privacidad o condiciones del servicio que presta;

b) Permitir al responsable limitar el tipo de tratamiento de los datos personales sobre los que se presta el servicio;

c) Establecer y mantener medidas de seguridad para la protección de los datos personales sobre los que se preste el servicio;

d) Garantizar la supresión de los datos personales una vez que haya concluido el servicio prestado al responsable y que este último haya podido recuperarlos, y

e) Impedir el acceso a los datos personales a personas que no cuenten con privilegios de acceso, o bien, en caso de que sea a solicitud fundada y motivada de autoridad competente, informar de ese hecho al responsable.

En cualquier caso, el responsable no podrá adherirse a servicios que no garanticen la debida protección de los datos personales, conforme a la presente Ley y demás disposiciones que resulten aplicables en la materia.

TÍTULO QUINTO.- COMUNICACIONES DE DATOS PERSONALES

Capítulo Único.- De las Transferencias y Remisiones de Datos Personales

Artículo 65.- Toda transferencia de datos personales, sea ésta nacional o internacional, se encuentra sujeta al consentimiento de su titular, salvo las excepciones previstas en los artículos 22, 66 y 70 de esta Ley.

Artículo 66.- Toda transferencia deberá formalizarse mediante la suscripción de cláusulas contractuales, convenios de colaboración o cualquier otro instrumento jurídico, de conformidad con la normatividad que le resulte aplicable al responsable, que permita demostrar el alcance del tratamiento de los datos personales, así como las obligaciones y responsabilidades asumidas por las partes.

Lo dispuesto en el párrafo anterior, no será aplicable en los siguientes casos:

I.- Cuando la transferencia sea nacional y se realice entre responsables en virtud del cumplimiento de una disposición legal o en el ejercicio de atribuciones expresamente conferidas a éstos, o

II.- Cuando la transferencia sea internacional y se encuentre prevista en una ley o tratado suscrito y ratificado por México, o bien, se realice a petición de una autoridad extranjera u organismo internacional competente en su carácter de receptor, siempre y cuando las facultades entre el responsable transferente y receptor sean homólogas, o bien, las finalidades que motivan la transferencia sean análogas o compatibles respecto de aquéllas que dieron origen al tratamiento del responsable transferente.

Artículo 67.- Cuando la transferencia sea nacional, el receptor de los datos personales deberá tratar los datos personales, comprometiéndose a garantizar su confidencialidad y únicamente los utilizará para los fines que fueron transferidos atendiendo a lo convenido en el aviso de privacidad que le será comunicado por el responsable transferente.

Artículo 68.- El responsable sólo podrá transferir o hacer remisión de datos personales fuera del territorio nacional cuando el tercero receptor o el encargado se obligue a proteger los datos personales conforme a los principios y deberes que establece la presente Ley y las disposiciones que resulten aplicables en la materia.

Artículo 69.- En toda transferencia de datos personales, el responsable deberá comunicar al receptor de los datos personales el aviso de privacidad conforme al cual se tratan los datos personales frente al titular.

Artículo 70.- El responsable podrá realizar transferencias de datos personales sin necesidad de requerir el consentimiento del titular, en los siguientes supuestos:

I.- Cuando la transferencia esté prevista en esta Ley u otras leyes, convenios o Tratados Internacionales suscritos y ratificados por México;

II.- Cuando la transferencia se realice entre responsables, siempre y cuando los datos personales se utilicen para el ejercicio de facultades propias, compatibles o análogas con la finalidad que motivó el tratamiento de los datos personales;

III.- Cuando la transferencia sea legalmente exigida para la investigación y persecución de los delitos, así como la procuración o administración de justicia;

IV.- Cuando la transferencia sea precisa para el reconocimiento, ejercicio o defensa de un derecho ante autoridad competente, siempre y cuando medie el requerimiento de esta última;

V.- Cuando la transferencia sea necesaria para la prevención o el diagnóstico médico, la prestación de asistencia sanitaria, tratamiento médico o la gestión de servicios sanitarios, siempre y cuando dichos fines sean acreditados;

VI.- Cuando la transferencia sea precisa para el mantenimiento o cumplimiento de una relación jurídica entre el responsable y el titular;

VII.- Cuando la transferencia sea necesaria por virtud de un contrato celebrado o por celebrar en interés del titular, por el responsable y un tercero;

VIII.- Cuando se trate de los casos en los que el responsable no esté obligado a recabar el consentimiento del titular para el tratamiento y transmisión de sus datos personales, conforme a lo dispuesto en el artículo 22 de la presente Ley, o

IX.-Cuando la transferencia sea necesaria por razones de seguridad nacional.

La actualización de algunas de las excepciones previstas en este artículo, no exime al responsable de cumplir con las obligaciones previstas en el presente Capítulo que resulten aplicables.

Artículo 71.- Las remisiones nacionales e internacionales de datos personales que se realicen entre responsable y encargado no requerirán ser informadas al titular, ni contar con su consentimiento.

TÍTULO SEXTO.- ACCIONES PREVENTIVAS EN MATERIA DE PROTECCIÓN DE DATOS PERSONALES

Capítulo I.- De las Mejores Prácticas

Artículo 72.- Para el cumplimiento de las obligaciones previstas en la presente Ley, el responsable podrá desarrollar o adoptar, en lo individual o en acuerdo con otros responsables, encargados u organizaciones, esquemas de mejores prácticas que tengan por objeto:

I.- Elevar el nivel de protección de los datos personales;

II.- Armonizar el tratamiento de datos personales en un sector específico;

III.- Facilitar el ejercicio de los derechos ARCO por parte de los titulares;

IV.- Facilitar las transferencias de datos personales;

V.- Complementar las disposiciones previstas en la normatividad que resulte aplicable en materia de protección de datos personales, y

VI.- Demostrar ante el Instituto o, en su caso, los Organismos garantes, el cumplimiento de la normatividad que resulte aplicable en materia de protección de datos personales.

Artículo 73.- Todo esquema de mejores prácticas que busque la validación o reconocimiento por parte del Instituto o, en su caso, de los Organismos garantes deberá:

I.- Cumplir con los parámetros que para tal efecto emitan, según corresponda, el Instituto y los Organismos garantes conforme a los criterios que fije el primero, y

II.- Ser notificado ante el Instituto o, en su caso, los Organismos garantes de conformidad con el procedimiento establecido en los parámetros señalados en la fracción anterior, a fin de que sean evaluados y, en su caso, validados o reconocidos e inscritos en el registro al que refiere el último párrafo de este artículo.

El Instituto y los Organismos garantes, según corresponda, deberán emitir las reglas de operación de los registros en los que se inscribirán aquellos esquemas de mejores prácticas validados o reconocidos. Los Organismos garantes, podrán inscribir los esquemas de mejores prácticas que hayan reconocido o validado en el registro administrado por el Instituto, de acuerdo con las reglas que fije este último.

Artículo 74.- Cuando el responsable pretenda poner en operación o modificar políticas públicas, sistemas o plataformas informáticas, aplicaciones electrónicas o cualquier otra tecnología que a su juicio y de conformidad con esta Ley impliquen el tratamiento intensivo o relevante de datos personales, deberá realizar una Evaluación de impacto en la protección de datos personales, y presentarla ante el Instituto o los Organismos garantes, según corresponda, los cuales podrán emitir recomendaciones no vinculantes especializadas en la materia de protección de datos personales.

El contenido de la evaluación de impacto a la protección de datos personales deberá determinarse por el Sistema Nacional de Transparencia, Acceso a la Información Pública y Protección de Datos Personales.

Artículo 75.- Para efectos de esta Ley se considerará que se está en presencia de un tratamiento intensivo o relevante de datos personales cuando:

I.- Existan riesgos inherentes a los datos personales a tratar;

II.- Se traten datos personales sensibles, y

III.- Se efectúen o pretendan efectuar transferencias de datos personales.

Artículo 76.- El Sistema Nacional podrá emitir criterios adicionales con sustento en parámetros objetivos que determinen que se está en presencia de un tratamiento intensivo o relevante de datos personales, de conformidad con lo dispuesto en el artículo anterior, en función de:

I.- El número de titulares;

II.- El público objetivo;

III.- El desarrollo de la tecnología utilizada, y

IV.- La relevancia del tratamiento de datos personales en atención al impacto social o, económico del mismo, o bien, del interés público que se persigue.

Artículo 77.- Los sujetos obligados que realicen una Evaluación de impacto en la protección de datos personales, deberán presentarla ante el Instituto o los Organismos garantes, según corresponda, treinta días anteriores a la fecha en que se pretenda poner en operación o modificar políticas públicas, sistemas o plataformas informáticas, aplicaciones electrónicas o cualquier otra tecnología, ante el Instituto o los organismos garantes, según corresponda, a efecto de que emitan las recomendaciones no vinculantes correspondientes.

Artículo 78.- El Instituto y los Organismos garantes, según corresponda, deberán emitir, de ser el caso, recomendaciones no vinculantes sobre la Evaluación de impacto en la protección de datos personales presentado por el responsable.

El plazo para la emisión de las recomendaciones a que se refiere el párrafo anterior será dentro de los treinta días siguientes contados a partir del día siguiente a la presentación de la evaluación.

Artículo 79.- Cuando a juicio del sujeto obligado se puedan comprometer los efectos que se pretenden lograr con la posible puesta en operación o modificación de políticas públicas, sistemas o plataformas informáticas, aplicaciones electrónicas o cualquier otra tecnología que implique el tratamiento intensivo o relevante de datos personales o se trate de situaciones de emergencia o urgencia, no será necesario realizar la Evaluación de impacto en la protección de datos personales.

Capítulo II.- De las Bases de Datos en Posesión de Instancias de Seguridad, Procuración y Administración de Justicia

Artículo 80.- La obtención y tratamiento de datos personales, en términos de lo que dispone esta Ley, por parte de las sujetos obligados competentes en instancias de seguridad, procuración y administración de justicia, está limitada a aquellos supuestos y categorías de datos que resulten necesarios y proporcionales para el ejercicio de las funciones en materia de seguridad nacional, seguridad pública, o para la prevención o persecución de los delitos. Deberán ser almacenados en las bases de datos establecidas para tal efecto.

Las autoridades que accedan y almacenen los datos personales que se recaben por los particulares en cumplimiento de las disposiciones legales correspondientes, deberán cumplir con las disposiciones señaladas en el presente Capítulo.

Artículo 81.- En el tratamiento de datos personales así como en el uso de las bases de datos para su almacenamiento, que realicen los sujetos obligados competentes de las instancias de seguridad, procuración y administración de justicia deberá cumplir con los principios establecidos en el Título Segundo de la presente Ley.

Las comunicaciones privadas son inviolables. Exclusivamente la autoridad judicial federal, a petición de la autoridad federal que faculte la ley o del titular del Ministerio Público de la entidad federativa correspondiente, podrá autorizar la intervención de cualquier comunicación privada.

Artículo 82.- Los responsables de las bases de datos a que se refiere este Capítulo, deberán establecer medidas de seguridad de nivel alto, para garantizar la integridad, disponibilidad y confidencialidad de la información, que permitan proteger los datos personales contra daño, pérdida, alteración, destrucción o el uso, acceso o tratamiento no autorizado.

TÍTULO SÉPTIMO.- RESPONSABLES EN MATERIA DE PROTECCIÓN DE DATOS PERSONALES EN POSESIÓN DE LOS SUJETOS OBLIGADOS

Capítulo I.- Comité de Transparencia

Artículo 83.- Cada responsable contará con un Comité de Transparencia, el cual se integrará y funcionará conforme a lo dispuesto en la Ley General de Transparencia y Acceso a la Información Pública y demás normativa aplicable.

El Comité de Transparencia será la autoridad máxima en materia de protección de datos personales.

Artículo 84.- Para los efectos de la presente Ley y sin perjuicio de otras atribuciones que le sean conferidas en la normatividad que le resulte aplicable, el Comité de Transparencia tendrá las siguientes funciones:

I.- Coordinar, supervisar y realizar las acciones necesarias para garantizar el derecho a la protección de los datos personales en la organización del responsable, de conformidad con las disposiciones previstas en la presente Ley y en aquellas disposiciones que resulten aplicables en la materia;

II.- Instituir, en su caso, procedimientos internos para asegurar la mayor eficiencia en la gestión de las solicitudes para el ejercicio de los derechos ARCO;

III.- Confirmar, modificar o revocar las determinaciones en las que se declare la inexistencia de los datos personales, o se niegue por cualquier causa el ejercicio de alguno de los derechos ARCO;

IV.- Establecer y supervisar la aplicación de criterios específicos que resulten necesarios para una mejor observancia de la presente Ley y en aquellas disposiciones que resulten aplicables en la materia;

V.- Supervisar, en coordinación con las áreas o unidades administrativas competentes, el cumplimiento de las medidas, controles y acciones previstas en el documento de seguridad;

VI.- Dar seguimiento y cumplimiento a las resoluciones emitidas por el Instituto y los organismos garantes, según corresponda;

VII.- Establecer programas de capacitación y actualización para los servidores públicos en materia de protección de datos personales, y

VIII.- Dar vista al órgano interno de control o instancia equivalente en aquellos casos en que tenga conocimiento, en el ejercicio de sus atribuciones, de una presunta irregularidad respecto de determinado tratamiento de datos personales; particularmente en casos relacionados con la declaración de inexistencia que realicen los responsables.

Capítulo II.- De la Unidad de Transparencia

Artículo 85.- Cada responsable contará con una Unidad de Transparencia, se integrará y funcionará conforme a lo dispuesto en la Ley General de Transparencia y Acceso a la Información Pública, esta Ley y demás normativa aplicable, que tendrá las siguientes funciones:

I.- Auxiliar y orientar al titular que lo requiera con relación al ejercicio del derecho a la protección de datos personales;

II.- Gestionar las solicitudes para el ejercicio de los derechos ARCO;

III.- Establecer mecanismos para asegurar que los datos personales solo se entreguen a su titular o su representante debidamente acreditados;

IV.- Informar al titular o su representante el monto de los costos a cubrir por la reproducción y envío de los datos personales, con base en lo establecido en las disposiciones normativas aplicables;

V.- Proponer al Comité de Transparencia los procedimientos internos que aseguren y fortalezcan mayor eficiencia en la gestión de las solicitudes para el ejercicio de los derechos ARCO;

VI.- Aplicar instrumentos de evaluación de calidad sobre la gestión de las solicitudes para el ejercicio de los derechos ARCO, y

VII.- Asesorar a las áreas adscritas al responsable en materia de protección de datos personales.

Los responsables que en el ejercicio de sus funciones sustantivas lleven a cabo tratamientos de datos personales relevantes o intensivos, podrán designar a un oficial de protección de datos personales, especializado en la materia, quien realizará las atribuciones mencionadas en este artículo y formará parte de la Unidad de Transparencia.

Los sujetos obligados promoverán acuerdos con instituciones públicas especializadas que pudieran auxiliarles a la recepción, trámite y entrega de las respuestas a solicitudes de información, en la lengua indígena, braille o cualquier formato accesible correspondiente, en forma más eficiente.

Artículo 86.- El responsable procurará que las personas con algún tipo de discapacidad o grupos vulnerables, puedan ejercer, en igualdad de circunstancias, su derecho a la protección de datos personales.

Artículo 87.- En la designación del titular de la Unidad de Transparencia, el responsable estará a lo dispuesto en la Ley General de Transparencia y Acceso a la Información Pública y demás normativa aplicable.

TÍTULO OCTAVO.- ORGANISMOS GARANTES

Capítulo I.- Del Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales

Artículo 88.- En la integración, procedimiento de designación y funcionamiento del Instituto y del Consejo Consultivo se estará a lo dispuesto por la Ley General de Transparencia y Acceso a la Información Pública, la Ley Federal de Transparencia y Acceso a la Información Pública y demás normativa aplicable.

Artículo 89.– Además de las facultades que le son conferidas en la Ley General de Transparencia y Acceso a la Información Pública, la Ley Federal de Transparencia y Acceso a la Información Pública y demás normatividad que le resulte aplicable, el Instituto tendrá las siguientes atribuciones:

I.- Garantizar el ejercicio del derecho a la protección de datos personales en posesión de sujetos obligados;

II.- Interpretar la presente Ley en el ámbito administrativo;

III.- Conocer y resolver los recursos de revisión que interpongan los titulares, en términos de lo dispuesto en la presente Ley y demás disposiciones que resulten aplicables en la materia;

IV.- Conocer y resolver, de oficio o a petición fundada por los organismos garantes, los recursos de revisión que por su interés y trascendencia así lo ameriten, en términos de lo dispuesto en la presente Ley y demás disposiciones que resulten aplicables en la materia;

V.- Conocer y resolver los recursos de inconformidad que interpongan los titulares, en contra de las resoluciones emitidas por los organismos garantes, de conformidad con lo dispuesto en la presente Ley y demás disposiciones que resulten aplicables en la materia;

VI.- Conocer, sustanciar y resolver los procedimientos de verificación;

VII.- Establecer y ejecutar las medidas de apremio previstas en términos de lo dispuesto por la presente Ley y demás disposiciones que resulten aplicables en la materia;

VIII.- Denunciar ante las autoridades competentes las presuntas infracciones a la presente Ley y, en su caso, aportar las pruebas con las que cuente;

IX.- Coordinarse con las autoridades competentes para que las solicitudes para el ejercicio de los derechos ARCO y los recursos de revisión que se presenten en lengua indígena, sean atendidos en la misma lengua;

X.- Garantizar, en el ámbito de su respectiva competencia, condiciones de accesibilidad para que los titulares que pertenecen a grupos vulnerables puedan ejercer, en igualdad de circunstancias, su derecho a la protección de datos personales;

XI.- Elaborar y publicar estudios e investigaciones para difundir y ampliar el conocimiento sobre la materia de la presente Ley;

XII.- Proporcionar apoyo técnico a los responsables para el cumplimiento de las obligaciones establecidas en la presente Ley;

XIII.- Divulgar y emitir recomendaciones, estándares y mejores prácticas en las materias reguladas por la presente Ley;

XIV.- Vigilar y verificar el cumplimiento de las disposiciones contenidas en la presente Ley;

XV.- Administrar el registro de esquemas de mejores prácticas a que se refiere la presente Ley y emitir sus reglas de operación;

XVI.- Emitir, en su caso, las recomendaciones no vinculantes correspondientes a la Evaluación de impacto en la protección de datos personales que le sean presentadas;

XVII.- Emitir disposiciones generales para el desarrollo del procedimiento de verificación;

XVIII.- Realizar las evaluaciones correspondientes a los esquemas de mejores prácticas que les sean notificados, a fin de resolver sobre la procedencia de su reconocimiento o validación e inscripción en el registro de esquemas de mejores prácticas, así como promover la adopción de los mismos;

XIX.- Emitir, en el ámbito de su competencia, las disposiciones administrativas de carácter general para el debido cumplimiento de los principios, deberes y obligaciones que establece la presente Ley, así como para el ejercicio de los derechos de los titulares;

XX.- Celebrar convenios con los responsables para desarrollar programas que tengan por objeto homologar tratamientos de datos personales en sectores específicos, elevar la protección de los datos personales y realizar cualquier mejora a las prácticas en la materia;

XXI.- Definir y desarrollar el sistema de certificación en materia de protección de datos personales, de conformidad con lo que se establezca en los parámetros a que se refiere la presente Ley;

XXII.- Presidir el Sistema Nacional a que se refiere el artículo 10 de la presente Ley;

XXIII.- Celebrar convenios con los organismos garantes que coadyuven al cumplimiento de los objetivos previstos en la presente Ley y demás disposiciones que resulten aplicables en la materia;

XXIV.- Llevar a cabo acciones y actividades que promuevan el conocimiento del derecho a la protección de datos personales, así como de sus prerrogativas;

XXV.- Diseñar y aplicar indicadores y criterios para evaluar el desempeño de los responsables respecto al cumplimiento de la presente Ley y demás disposiciones que resulten aplicables en la materia;

XXVI.- Promover la capacitación y actualización en materia de protección de datos personales entre los responsables;

XXVII.- Emitir lineamientos generales para el debido tratamiento de los datos personales;

XXVIII.- Emitir lineamientos para homologar el ejercicio de los derechos ARCO;

XXIX.- Emitir criterios generales de interpretación para garantizar el derecho a la protección de datos personales;

XXX.- Cooperar con otras autoridades de supervisión y organismos nacionales e internacionales, a efecto de coadyuvar en materia de protección de datos personales, de conformidad con las disposiciones previstas en la presente Ley y demás normativa aplicable;

XXXI.- Promover e impulsar el ejercicio y tutela del derecho a la protección de datos personales a través de la implementación y administración de la Plataforma Nacional, a que se refiere la Ley General de Transparencia y Acceso a la Información Pública y demás normativa aplicable;

XXXII.- Interponer, cuando así lo aprueben la mayoría de sus Comisionados, acciones de inconstitucionalidad en contra de leyes de carácter federal o estatal, así como de los Tratados Internacionales celebrados por el Ejecutivo Federal y aprobados por el Senado de la República, que vulneren el derecho a la protección de datos personales;

XXXIII.- Promover, cuando así lo aprueben la mayoría de sus Comisionados, las controversias constitucionales en términos del artículo 105, fracción I, inciso l), de la Constitución Política de los Estados Unidos Mexicanos;

XXXIV.- Cooperar con otras autoridades nacionales o internacionales para combatir conductas relacionadas con el indebido tratamiento de datos personales;

XXXV.- Diseñar, vigilar y, en su caso, operar el sistema de buenas prácticas en materia de protección de datos personales, así como el sistema de certificación en la materia, a través de normativa que el Instituto emita para tales fines;

XXXVI.- Celebrar convenios con los organismos garantes y responsables que coadyuven al cumplimiento de los objetivos previstos en la presente Ley y demás disposiciones que resulten aplicables en la materia, y

XXXVII.- Las demás que le confiera la presente Ley y demás ordenamientos aplicables.

Capítulo II.- De los Organismos Garantes

Artículo 90.- En la integración, procedimiento de designación y funcionamiento de los organismos garantes se estará a lo dispuesto por la Ley General de Transparencia y Acceso a la Información Pública y demás normativa aplicable.

Artículo 91.- Para los efectos de la presente Ley y sin perjuicio de otras atribuciones que les sean conferidas en la normatividad que les resulte aplicable, los organismos garantes tendrán las siguientes atribuciones:

I.- Conocer, sustanciar y resolver, en el ámbito de sus respectivas competencias, de los recursos de revisión interpuestos por los titulares, en términos de lo dispuesto en la presente Ley y demás disposiciones que resulten aplicables en la materia;

II.- Presentar petición fundada al Instituto, para que conozca de los recursos de revisión que por su interés y trascendencia así lo ameriten, en términos de lo previsto en la presente Ley y demás disposiciones que resulten aplicables en la materia;

III.- Imponer las medidas de apremio para asegurar el cumplimiento de sus resoluciones;

IV.- Promover y difundir el ejercicio del derecho a la protección de datos personales;

V.- Coordinarse con las autoridades competentes para que las solicitudes para el ejercicio de los derechos ARCO y los recursos de revisión que se presenten en lenguas indígenas, sean atendidos en la misma lengua;

VI.- Garantizar, en el ámbito de sus respectivas competencias, condiciones de accesibilidad para que los titulares que pertenecen a grupos vulnerables puedan ejercer, en igualdad de circunstancias, su derecho a la protección de datos personales;

VII.- Elaborar y publicar estudios e investigaciones para difundir y ampliar el conocimiento sobre la materia de la presente Ley;

VIII.- Hacer del conocimiento de las autoridades competentes, la probable responsabilidad derivada del incumplimiento de las obligaciones previstas en la presente Ley y en las demás disposiciones que resulten aplicables;

IX.- Proporcionar al Instituto los elementos que requiera para resolver los recursos de inconformidad que le sean presentados, en términos de lo previsto en el Título Noveno, Capítulo II de la presente Ley y demás disposiciones que resulten aplicables en la materia;

X.- Suscribir convenios de colaboración con el Instituto para el cumplimiento de los objetivos previstos en la presente Ley y demás disposiciones aplicables;

XI.- Vigilar, en el ámbito de sus respectivas competencias, el cumplimiento de la presente Ley y demás disposiciones que resulten aplicables en la materia;

XII.- Llevar a cabo acciones y actividades que promuevan el conocimiento del derecho a la protección de datos personales, así como de sus prerrogativas;

XIII.- Aplicar indicadores y criterios para evaluar el desempeño de los responsables respecto del cumplimiento de la presente Ley y demás disposiciones que resulten aplicables;

XIV.- Promover la capacitación y actualización en materia de protección de datos personales entre los responsables;

XV.- Solicitar la cooperación del Instituto en los términos del artículo 89, fracción XXX de la presente Ley;

XVI.- Administrar, en el ámbito de sus competencias, la Plataforma Nacional de Transparencia;

XVII.- Según corresponda, interponer acciones de inconstitucionalidad en contra de leyes expedidas por las legislaturas de las Entidades Federativas, que vulneren el derecho a la protección de datos personales, y

XVIII.- Emitir, en su caso, las recomendaciones no vinculantes correspondientes a la Evaluación de impacto en protección de datos personales que le sean presentadas.

Capítulo III.- De la Coordinación y Promoción del Derecho a la Protección de Datos Personales

Artículo 92.- Los responsables deberán colaborar con el Instituto y los organismos garantes, según corresponda, para capacitar y actualizar de forma permanente a todos sus servidores públicos en materia de protección de datos personales, a través de la impartición de cursos, seminarios, talleres y cualquier otra forma de enseñanza y entrenamiento que se considere pertinente.

Artículo 93.- El Instituto y los Organismos garantes, en el ámbito de sus respectivas competencias, deberán:

I.- Promover que en los programas y planes de estudio, libros y materiales que se utilicen en las instituciones educativas de todos los niveles y modalidades del Estado, se incluyan contenidos sobre el derecho a la protección de datos personales, así como una cultura sobre el ejercicio y respeto de éste;

II.- Impulsar en conjunto con instituciones de educación superior, la integración de centros de investigación, difusión y docencia sobre el derecho a la protección de datos personales que promuevan el conocimiento sobre este tema y coadyuven con el Instituto y los Organismos garantes en sus tareas sustantivas, y

III.- Fomentar la creación de espacios de participación social y ciudadana que estimulen el intercambio de ideas entre la sociedad, los órganos de representación ciudadana y los responsables.

TÍTULO NOVENO.- DE LOS PROCEDIMIENTOS DE IMPUGNACIÓN EN MATERIA DE PROTECCIÓN DE DATOS PERSONALES EN POSESIÓN DE SUJETOS OBLIGADOS

Capítulo I.- Disposiciones Comunes a los Recursos de Revisión y Recursos de Inconformidad

Artículo 94.- El titular o su representante podrá interponer un recurso de revisión o un recurso de inconformidad ante el Instituto o los Organismos garantes, según corresponda, o bien, ante la Unidad de Transparencia, a través de los siguientes medios:

I.- Por escrito libre en el domicilio del Instituto o los Organismos garantes, según corresponda, o en las oficinas habilitadas que al efecto establezcan;

II.- Por correo certificado con acuse de recibo;

III.- Por formatos que al efecto emita el Instituto o los Organismos garantes, según corresponda;

IV.- Por los medios electrónicos que para tal fin se autoricen, o

V.- Cualquier otro medio que al efecto establezca el Instituto o los Organismos garantes, según corresponda.

Se presumirá que el titular acepta que las notificaciones le sean efectuadas por el mismo conducto que presentó su escrito, salvo que acredite haber señalado uno distinto para recibir notificaciones.

Artículo 95.- El titular podrá acreditar su identidad a través de cualquiera de los siguientes medios:

I.- Identificación oficial;

II.- Firma electrónica avanzada o del instrumento electrónico que lo sustituya, o

III.- Mecanismos de autenticación autorizados por el Instituto y los Organismos garantes, según corresponda, publicados mediante acuerdo general en el Diario Oficial de la Federación o en los diarios y gacetas oficiales de las Entidades Federativas.

La utilización de la firma electrónica avanzada o del instrumento electrónico que lo sustituya eximirá de la presentación de la copia del documento de identificación.

Artículo 96. Cuando el titular actúe mediante un representante, éste deberá acreditar su personalidad en los siguientes términos:

I.- Si se trata de una persona física, a través de carta poder simple suscrita ante dos testigos anexando copia de las identificaciones de los suscriptores, o instrumento público, o declaración en comparecencia personal del titular y del representante ante el Instituto.

II.- Si se trata de una persona moral, mediante instrumento público.

Artículo 97.- La interposición de un recurso de revisión o de inconformidad de datos personales concernientes a personas fallecidas, podrá realizarla la persona que acredite tener un interés jurídico o legítimo.

Artículo 98.- En la sustanciación de los recursos de revisión y recursos de inconformidad, las notificaciones que emitan el Instituto y los Organismos garantes, según corresponda, surtirán efectos el mismo día en que se practiquen.

Las notificaciones podrán efectuarse:

I.- Personalmente en los siguientes casos:

a) Se trate de la primera notificación;

b) Se trate del requerimiento de un acto a la parte que deba cumplirlo;

c) Se trate de la solicitud de informes o documentos;

d) Se trate de la resolución que ponga fin al procedimiento de que se trate, y

e) En los demás casos que disponga la ley;

II.- Por correo certificado con acuse de recibo o medios digitales o sistemas autorizados por el Instituto o los Organismos garantes, según corresponda, y publicados mediante acuerdo general en el Diario Oficial de la Federación o diarios o gacetas oficiales de las Entidades Federativas, cuando se trate de requerimientos, emplazamientos, solicitudes de informes o documentos y resoluciones que puedan ser impugnadas;

III.- Por correo postal ordinario o por correo electrónico ordinario cuando se trate de actos distintos de los señalados en las fracciones anteriores, o

IV.- Por estrados, cuando la persona a quien deba notificarse no sea localizable en su domicilio, se ignore éste o el de su representante.

Artículo 99.- El cómputo de los plazos señalados en el presente Título comenzará a correr a partir del día siguiente a aquél en que haya surtido efectos la notificación correspondiente.

Concluidos los plazos fijados a las partes, se tendrá por perdido el derecho que dentro de ellos debió ejercitarse, sin necesidad de acuse de rebeldía por parte del Instituto.

Artículo 100.- El titular, el responsable y los Organismos garantes o cualquier autoridad deberán atender los requerimientos de información en los plazos y términos que el Instituto y los Organismos garantes, según corresponda, establezcan.

Artículo 101.- Cuando el titular, el responsable, los Organismos garantes o cualquier autoridad se nieguen a atender o cumplimentar los requerimientos, solicitudes de información y documentación, emplazamientos, citaciones o diligencias notificadas por el Instituto o los Organismos garantes, según corresponda, o facilitar la práctica de las diligencias que hayan sido ordenadas, o entorpezca las actuaciones del Instituto o los Organismos garantes, según corresponda, tendrán por perdido su derecho para hacerlo valer en algún otro momento del procedimiento y el Instituto y los Organismos garantes, según corresponda, tendrán por ciertos los hechos materia del procedimiento y resolverá con los elementos que disponga.

Artículo 102.- En la sustanciación de los recursos de revisión o recursos de inconformidad, las partes podrán ofrecer las siguientes pruebas:

I.- La documental pública;

II.- La documental privada;

III.- La inspección;

IV.- La pericial;

V.- La testimonial;

VI.- La confesional, excepto tratándose de autoridades;

VII.- Las imágenes fotográficas, páginas electrónicas, escritos y demás elementos aportados por la ciencia y tecnología, y

VIII.- La presuncional legal y humana.

El Instituto y los Organismos garantes, según corresponda, podrán allegarse de los medios de prueba que consideren necesarios, sin más limitación que las establecidas en la ley.

Capítulo II.- Del Recurso de Revisión ante el Instituto y los Organismos Garantes

Artículo 103.- El titular, por sí mismo o a través de su representante, podrán interponer un recurso de revisión ante el Instituto o, en su caso, ante los Organismos garantes o la Unidad de Transparencia del responsable que haya conocido de la solicitud para el ejercicio de los derechos ARCO, dentro de un plazo que no podrá exceder de quince días contados a partir del siguiente a la fecha de la notificación de la respuesta.

Transcurrido el plazo previsto para dar respuesta a una solicitud para el ejercicio de los derechos ARCO sin que se haya emitido ésta, el titular o, en su caso, su representante podrán interponer el recurso de revisión dentro de los quince días siguientes al que haya vencido el plazo para dar respuesta.

Artículo 104.- El recurso de revisión procederá en los siguientes supuestos:

I.- Se clasifiquen como confidenciales los datos personales sin que se cumplan las características señaladas en las leyes que resulten aplicables;

II.- Se declare la inexistencia de los datos personales;

III.- Se declare la incompetencia por el responsable;

IV.- Se entreguen datos personales incompletos;

V.- Se entreguen datos personales que no correspondan con lo solicitado;

VI.- Se niegue el acceso, rectificación, cancelación u oposición de datos personales;

VII.- No se dé respuesta a una solicitud para el ejercicio de los derechos ARCO dentro de los plazos establecidos en la presente Ley y demás disposiciones que resulten aplicables en la materia;

VIII.- Se entregue o ponga a disposición datos personales en una modalidad o formato distinto al solicitado, o en un formato incomprensible;

IX.- El titular se inconforme con los costos de reproducción, envío o tiempos de entrega de los datos personales;

X.- Se obstaculice el ejercicio de los derechos ARCO, a pesar de que fue notificada la procedencia de los mismos;

XI.- No se dé trámite a una solicitud para el ejercicio de los derechos ARCO, y

XII.- En los demás casos que dispongan las leyes.

Artículo 105.- Los únicos requisitos exigibles en el escrito de interposición del recurso de revisión serán los siguientes:

I.- El área responsable ante quien se presentó la solicitud para el ejercicio de los derechos ARCO;

II.- El nombre del titular que recurre o su representante y, en su caso, del tercero interesado, así como el domicilio o medio que señale para recibir notificaciones;

III.- La fecha en que fue notificada la respuesta al titular, o bien, en caso de falta de respuesta la fecha de la presentación de la solicitud para el ejercicio de los derechos ARCO;

IV.- El acto que se recurre y los puntos petitorios, así como las razones o motivos de inconformidad;

V.- En su caso, copia de la respuesta que se impugna y de la notificación correspondiente, y

VI.- Los documentos que acrediten la identidad del titular y, en su caso, la personalidad e identidad de su representante.

Al recurso de revisión se podrán acompañar las pruebas y demás elementos que considere el titular procedentes someter a juicio del Instituto o, en su caso, de los Organismos garantes.

En ningún caso será necesario que el titular ratifique el recurso de revisión interpuesto.

Artículo 106.- Una vez admitido el recurso de revisión, el Instituto o, en su caso, los Organismos garantes podrán buscar una conciliación entre el titular y el responsable.

De llegar a un acuerdo, éste se hará constar por escrito y tendrá efectos vinculantes. El recurso de revisión quedará sin materia y el Instituto, o en su caso, los Organismos garantes, deberán verificar el cumplimiento del acuerdo respectivo.

Artículo 107.- Admitido el recurso de revisión y sin perjuicio de lo dispuesto por el artículo 65 de la presente Ley, el Instituto promoverá la conciliación entre las partes, de conformidad con el siguiente procedimiento:

I.- El Instituto y los Organismos garantes, según corresponda, requerirán a las partes que manifiesten, por cualquier medio, su voluntad de conciliar, en un plazo no mayor a siete días, contados a partir de la notificación de dicho acuerdo, mismo que contendrá un resumen del recurso de revisión y de la respuesta del responsable si la hubiere, señalando los elementos comunes y los puntos de controversia.

La conciliación podrá celebrarse presencialmente, por medios remotos o locales de comunicación electrónica o por cualquier otro medio que determine el Instituto o los Organismos garantes, según corresponda. En cualquier caso, la conciliación habrá de hacerse constar por el medio que permita acreditar su existencia.

Queda exceptuado de la etapa de conciliación, cuando el titular sea menor de edad y se haya vulnerado alguno de los derechos contemplados en la Ley para la Protección de los Derechos de Niñas, Niños y Adolescentes, vinculados con la Ley y el Reglamento, salvo que cuente con representación legal debidamente acreditada;

II.- Aceptada la posibilidad de conciliar por ambas partes, el Instituto y los Organismos garantes, según correspondan, señalarán el lugar o medio, día y hora para la celebración de una audiencia de conciliación, la cual deberá realizarse dentro de los diez días siguientes en que el Instituto o los Organismos garantes, según corresponda, hayan recibido la manifestación de la voluntad de conciliar de ambas partes, en la que se procurará avenir los intereses entre el titular y el responsable.

El conciliador podrá, en todo momento en la etapa de conciliación, requerir a las partes que presenten en un plazo máximo de cinco días, los elementos de convicción que estime necesarios para la conciliación.

El conciliador podrá suspender cuando lo estime pertinente o a instancia de ambas partes la audiencia por una ocasión. En caso de que se suspenda la audiencia, el conciliador señalará día y hora para su reanudación dentro de los cinco días siguientes.

De toda audiencia de conciliación se levantará el acta respectiva, en la que conste el resultado de la misma. En caso de que el responsable o el titular o sus respectivos representantes no firmen el acta, ello no afectará su validez, debiéndose hacer constar dicha negativa;

III.- Si alguna de las partes no acude a la audiencia de conciliación y justifica su ausencia en un plazo de tres días, será convocado a una segunda audiencia de conciliación, en el plazo de cinco días; en caso de que no acuda a esta última, se continuará con el recurso de revisión. Cuando alguna de las partes no acuda a la audiencia de conciliación sin justificación alguna, se continuará con el procedimiento;

IV.- De no existir acuerdo en la audiencia de conciliación, se continuará con el recurso de revisión;

V.- De llegar a un acuerdo, éste se hará constar por escrito y tendrá efectos vinculantes. El recurso de revisión quedará sin materia y el Instituto, o en su caso, los Organismos garantes, deberán verificar el cumplimiento del acuerdo respectivo, y

VI.- El cumplimiento del acuerdo dará por concluido la sustanciación del recurso de revisión, en caso contrario, el Instituto reanudará el procedimiento.

El plazo al que se refiere el artículo siguiente de la presente Ley será suspendido durante el periodo de cumplimiento del acuerdo de conciliación.

Artículo 108.- El Instituto y los Organismos garantes resolverán el recurso de revisión en un plazo que no podrá exceder de cuarenta días, el cual podrá ampliarse hasta por veinte días por una sola vez.

Artículo 109.- Durante el procedimiento a que se refiere el presente Capítulo, el Instituto y los Organismos garantes, según corresponda, deberán aplicar la suplencia de la queja a favor del titular, siempre y cuando no altere el contenido original del recurso de revisión, ni modifique los hechos o peticiones expuestas en el mismo, así como garantizar que las partes puedan presentar los argumentos y constancias que funden y motiven sus pretensiones.

Artículo 110.- Si en el escrito de interposición del recurso de revisión el titular no cumple con alguno de los requisitos previstos en el artículo 105 de la presente Ley y el Instituto y los Organismos garantes, según corresponda, no cuenten con elementos para subsanarlos, éstos deberán requerir al titular, por una sola ocasión, la información que subsane las omisiones en un plazo que no podrá exceder de cinco días, contados a partir del día siguiente de la presentación del escrito.

El titular contará con un plazo que no podrá exceder de cinco días, contados a partir del día siguiente al de la notificación de la prevención, para subsanar las omisiones, con el apercibimiento de que en caso de no cumplir con el requerimiento, se desechará el recurso de revisión.

La prevención tendrá el efecto de interrumpir el plazo que tienen el Instituto y los Organismos garantes para resolver el recurso, por lo que comenzará a computarse a partir del día siguiente a su desahogo.

Artículo 111.- Las resoluciones del Instituto o, en su caso, de los Organismos garantes podrán:

I.- Sobreseer o desechar el recurso de revisión por improcedente;

II.- Confirmar la respuesta del responsable;

III.- Revocar o modificar la respuesta del responsable, o

IV.- Ordenar la entrega de los datos personales, en caso de omisión del responsable.

Las resoluciones establecerán, en su caso, los plazos y términos para su cumplimiento y los procedimientos para asegurar su ejecución. Los responsables deberán informar al Instituto o, en su caso, a los Organismos garantes el cumplimiento de sus resoluciones.

Ante la falta de resolución por parte del Instituto, o en su caso, de los Organismos garantes, se entenderá confirmada la respuesta del responsable.

Cuando el Instituto, o en su caso, los Organismos garantes, determinen durante la sustanciación del recurso de revisión que se pudo haber incurrido en una probable responsabilidad por el incumplimiento a las obligaciones previstas en la presente Ley y demás disposiciones que resulten aplicables en la materia, deberán hacerlo del conocimiento del órgano interno de control o de la instancia competente para que ésta inicie, en su caso, el procedimiento de responsabilidad respectivo.

Artículo 112.- El recurso de revisión podrá ser desechado por improcedente cuando:

I.- Sea extemporáneo por haber transcurrido el plazo establecido en el artículo 103 de la presente Ley;

II.- El titular o su representante no acrediten debidamente su identidad y personalidad de este último;

III.- El Instituto o, en su caso, los Organismos garantes hayan resuelto anteriormente en definitiva sobre la materia del mismo;

IV.- No se actualice alguna de las causales del recurso de revisión previstas en el artículo 104 de la presente Ley;

V.- Se esté tramitando ante los tribunales competentes algún recurso o medio de defensa interpuesto por el recurrente, o en su caso, por el tercero interesado, en contra del acto recurrido ante el Instituto o los Organismos garantes, según corresponda;

VI.- El recurrente modifique o amplíe su petición en el recurso de revisión, únicamente respecto de los nuevos contenidos, o

VII.- El recurrente no acredite interés jurídico.

El desechamiento no implica la preclusión del derecho del titular para interponer ante el Instituto o los Organismos garantes, según corresponda, un nuevo recurso de revisión.

Artículo 113.- El recurso de revisión solo podrá ser sobreseído cuando:

I.- El recurrente se desista expresamente;

II.- El recurrente fallezca;

III.- Admitido el recurso de revisión, se actualice alguna causal de improcedencia en los términos de la presente Ley;

IV.- El responsable modifique o revoque su respuesta de tal manera que el recurso de revisión quede sin materia, o

V.- Quede sin materia el recurso de revisión.

Artículo 114.- El Instituto y los Organismos garantes deberán notificar a las partes y publicar las resoluciones, en versión pública, a más tardar, al tercer día siguiente de su aprobación.

Artículo 115.- Las resoluciones del Instituto y de los Organismos garantes serán vinculantes, definitivas e inatacables para los responsables.

Los titulares podrán impugnar dichas resoluciones ante el Poder Judicial de la Federación mediante el Juicio de Amparo.

Artículo 116.- Tratándose de las resoluciones a los recursos de revisión de los Organismos garantes de las Entidades Federativas, los particulares podrán optar por acudir ante el Instituto interponiendo el recurso de inconformidad previsto en esta Ley o ante el Poder Judicial de la Federación mediante el Juicio de Amparo.

Capítulo III.- Del Recurso de Inconformidad ante el Instituto

Artículo 117.- El titular, por sí mismo o a través de su representante, podrá impugnar la resolución del recurso de revisión emitido por el organismo garante ante el Instituto, mediante el recurso de inconformidad.

El recurso de inconformidad se podrá presentar ante el organismo garante que haya emitido la resolución o ante el Instituto, dentro de un plazo de quince días contados a partir del siguiente a la fecha de la notificación de la resolución impugnada.

Los Organismos garantes deberán remitir el recurso de inconformidad al Instituto al día siguiente de haberlo recibido; así como las constancias que integren el procedimiento que haya dado origen a la resolución impugnada, el cual resolverá allegándose de los elementos que estime convenientes.

Artículo 118.- El recurso de inconformidad procederá contra las resoluciones emitidas por los Organismos garantes de las Entidades Federativas que:

I.- Clasifiquen los datos personales sin que se cumplan las características señaladas en las leyes que resulten aplicables;

II.- Determinen la inexistencia de datos personales, o

III.- Declaren la negativa de datos personales, es decir:

a) Se entreguen datos personales incompletos;

b) Se entreguen datos personales que no correspondan con los solicitados;

c) Se niegue el acceso, rectificación, cancelación u oposición de datos personales;

d) Se entregue o ponga a disposición datos personales en un formato incomprensible;

e) El titular se inconforme con los costos de reproducción, envío, o tiempos de entrega de los datos personales, o

f) Se oriente a un trámite específico que contravenga lo dispuesto por el artículo 54 de la presente Ley.

Artículo 119.- Los únicos requisitos exigibles e indispensables en el escrito de interposición del recurso de inconformidad son:

I.- El área responsable ante la cual se presentó la solicitud para el ejercicio de los derechos ARCO;

II.- El organismo garante que emitió la resolución impugnada;

III.- El nombre del titular que recurre o de su representante y, en su caso, del tercero interesado, así como su domicilio o el medio que señale para recibir notificaciones;

IV.- La fecha en que fue notificada la resolución al titular;

V.- El acto que se recurre y los puntos petitorios, así como las razones o motivos de inconformidad;

VI.- En su caso, copia de la resolución que se impugna y de la notificación correspondiente, y

VII.- Los documentos que acrediten la identidad del titular y, en su caso, la personalidad e identidad de su representante.

El promovente podrá acompañar su escrito con las pruebas y demás elementos que considere procedentes someter a juicio del Instituto.

Artículo 120.- El Instituto resolverá el recurso de inconformidad en un plazo que no podrá exceder de treinta días contados a partir del día siguiente de la interposición del recurso de inconformidad, plazo que podrá ampliarse por una sola vez y hasta por un periodo igual.

Artículo 121.- Durante el procedimiento a que se refiere el presente Capítulo, el Instituto deberá aplicar la suplencia de la queja a favor del titular, siempre y cuando no altere el contenido original del recurso de inconformidad, ni modifique los hechos o peticiones expuestas en el mismo, así como garantizar que las partes puedan presentar los argumentos y constancias que funden y motiven sus pretensiones.

Artículo 122.- Si en el escrito de interposición del recurso de inconformidad el titular no cumple con alguno de los requisitos previstos en el artículo 119 de la presente Ley y el Instituto no cuente con elementos para subsanarlos, éste deberá requerir al titular, por una sola ocasión, la información que subsane las omisiones en un plazo que no podrá exceder de cinco días, contados a partir del día siguiente de la presentación del escrito.

El titular contará con un plazo que no podrá exceder de quince días, contados a partir del día siguiente al de la notificación de la prevención, para subsanar las omisiones, con el apercibimiento de que en caso de no cumplir con el requerimiento, se desechará el recurso de inconformidad.

La prevención tendrá el efecto de interrumpir el plazo que tiene el Instituto para resolver el recurso, por lo que comenzará a computarse a partir del día siguiente a su desahogo.

Artículo 123.- Una vez concluida la etapa probatoria, el Instituto pondrá a disposición de las partes las actuaciones del procedimiento y les otorgará un plazo de cinco días para que formulen alegatos contados a partir de la notificación del acuerdo a que se refiere este artículo.

Artículo 124.- Las resoluciones del Instituto podrán:

I.- Sobreseer o desechar el recurso de inconformidad;

II.- Confirmar la resolución del organismo garante;

III.- Revocar o modificar la resolución del organismo garante, o

IV.- Ordenar la entrega de los datos personales, en caso de omisión del responsable.

Las resoluciones establecerán, en su caso, los plazos y términos para su cumplimiento y los procedimientos para asegurar su ejecución. Los Organismos garantes deberán informar al Instituto sobre el cumplimiento de sus resoluciones.

Si el Instituto no resuelve dentro del plazo establecido en este Capítulo, la resolución que se recurrió se entenderá confirmada.

Cuando el Instituto determine durante la sustanciación del recurso de inconformidad, que se pudo haber incurrido en una probable responsabilidad por el incumplimiento a las obligaciones previstas en la presente Ley y a las demás disposiciones aplicables en la materia, deberá hacerlo del conocimiento del órgano interno de control o de la instancia competente para que ésta inicie, en su caso, el procedimiento de responsabilidad respectivo.

Las medidas de apremio previstas en la presente Ley, resultarán aplicables para efectos del cumplimiento de las resoluciones que recaigan a los recursos de inconformidad. Estas medidas de apremio deberán establecerse en la propia resolución.

Artículo 125.- El recurso de inconformidad podrá ser desechado por improcedente cuando:

I.- Sea extemporáneo por haber transcurrido el plazo establecido en el artículo 117 de la presente Ley;

II.- El Instituto anteriormente haya resuelto en definitiva sobre la materia del mismo;

III.- No se actualicen las causales de procedencia del recurso de inconformidad, previstas en el artículo 118 de la presente Ley;

IV.- Se esté tramitando ante el Poder Judicial algún recurso o medio de defensa interpuesto por el titular, o en su caso, por el tercero interesado, en contra del acto recurrido, o

V.- El inconforme amplíe su solicitud en el recurso de inconformidad, únicamente respecto de los nuevos contenidos.

Artículo 126.- El recurso de inconformidad solo podrá ser sobreseído cuando:

I.- El recurrente se desista expresamente;

II.- El recurrente fallezca;

III.- El organismo garante modifique o revoque su respuesta de tal manera que el recurso de inconformidad quede sin materia, o

IV.- Admitido el recurso, se actualice alguna causal de improcedencia en los términos de la presente Ley.

Artículo 127.- En los casos en que a través del recurso de inconformidad se modifique o revoque la resolución del organismo garante, éste deberá emitir un nuevo fallo atendiendo los lineamientos que se fijaron al resolver la inconformidad, dentro del plazo de quince días, contados a partir del día siguiente al en que se hubiere notificado o se tenga conocimiento de la resolución dictada en la inconformidad.

Artículo 128.- Corresponderá a los Organismos garantes, en el ámbito de su competencia, realizar el seguimiento y vigilancia del debido cumplimiento por parte del responsable de la nueva resolución emitida como consecuencia de la inconformidad en términos de la presente Ley.

Artículo 129.- Las resoluciones del Instituto serán vinculantes, definitivas e inatacables para los responsables y los Organismos garantes.

Los titulares podrán impugnar dichas resoluciones ante el Poder Judicial de la Federación mediante el Juicio de Amparo.

Capítulo IV.- De la Atracción de los Recursos de Revisión

Artículo 130.- Para efectos de la presente Ley, el Pleno del Instituto, cuando así lo apruebe la mayoría de sus Comisionados, de oficio o a petición fundada de los Organismos garantes, podrá ejercer la facultad de atracción para conocer de aquellos recursos de revisión pendientes de resolución en materia de protección de datos personales, que por su interés y trascendencia así lo ameriten y cuya competencia original corresponde a los Organismos garantes, conforme a lo dispuesto en esta Ley y demás normativa aplicable.

Los recurrentes podrán hacer del conocimiento del Instituto la existencia de recursos de revisión que de oficio podría conocer.

Por lo que hace a los lineamientos y criterios generales de observancia obligatoria que el Instituto deberá emitir para determinar los recursos de revisión de interés y trascendencia que está obligado a conocer, conforme a la Ley General de Transparencia y Acceso a la Información Pública, adicionalmente en la atracción de recursos de revisión en materia de protección de datos personales se deberán considerar los siguientes factores:

I.- La finalidad del tratamiento de los datos personales;

II.- El número y tipo de titulares involucrados en el tratamiento de datos personales llevado a cabo por el responsable;

III.- La sensibilidad de los datos personales tratados;

IV.- Las posibles consecuencias que se derivarían de un tratamiento indebido o indiscriminado de datos personales, y

V.- La relevancia del tratamiento de datos personales, en atención al impacto social o económico del mismo y del interés público para conocer del recurso de revisión atraído.

Artículo 131.- Para efectos del ejercicio de la facultad de atracción a que se refiere este Capítulo, el Instituto motivará y fundamentará que el caso es de tal relevancia, novedad o complejidad, que su resolución podrá repercutir de manera sustancial en la solución de casos futuros para garantizar la tutela efectiva del derecho de protección de datos personales en posesión de sujetos obligados.

En los casos en los que el organismo garante de la Entidad Federativa sea el sujeto obligado recurrido, deberá notificar al Instituto, en un plazo que no excederá de tres días, a partir de que sea interpuesto el recurso. El Instituto atraerá y resolverá dichos recursos de revisión, conforme a lo establecido en el presente Capítulo.

Artículo 132.- Las razones emitidas por el Instituto para ejercer la facultad de atracción de un caso, únicamente constituirán un estudio preliminar para determinar si el asunto reúne los requisitos constitucionales y legales de interés y trascendencia, conforme al precepto anterior, por lo que no será necesario que formen parte del análisis de fondo del asunto.

Artículo 133.- El Instituto emitirá lineamientos y criterios generales de observancia obligatoria que permitan determinar los recursos de revisión de interés y trascendencia que estará obligado a conocer, así como los procedimientos internos para su tramitación, atendiendo a los plazos máximos señalados para el recurso de revisión.

Artículo 134.- La facultad de atracción conferida al Instituto se deberá ejercer conforme a las siguientes reglas:

I.- Cuando se efectúe de oficio, el Pleno del Instituto, cuando así lo aprueben la mayoría de sus Comisionados, podrá ejercer la atracción en cualquier momento, en tanto no haya sido resuelto el recurso de revisión por el organismo garante competente, para lo cual notificará a las partes y requerirá el Expediente al organismo garante correspondiente, o

II.- Cuando la petición de atracción sea formulada por el organismo garante de la Entidad Federativa, éste contará con un plazo no mayor a cinco días, salvo lo dispuesto en el último párrafo del artículo 105 de esta Ley, para solicitar al Instituto que analice y, en su caso, ejerza la facultad de atracción sobre el asunto puesto a su consideración.

Transcurrido dicho plazo se tendrá por precluido el derecho del organismo garante respectivo para hacer la solicitud de atracción.

El Instituto contará con un plazo no mayor a diez días para determinar si ejerce la facultad de atracción, en cuyo caso, notificará a las partes y solicitará el Expediente del recurso de revisión respectivo.

Artículo 135.- La solicitud de atracción del recurso de revisión interrumpirá el plazo que tienen los Organismos garantes para resolverlo. El cómputo continuará a partir del día siguiente al día en que el Instituto haya notificado la determinación de no atraer el recurso de revisión.

Artículo 136.- Previo a la decisión del Instituto sobre el ejercicio de la facultad de atracción a que se refiere el artículo anterior, el organismo garante de la Entidad Federativa a quien corresponda el conocimiento originario del asunto, deberá agotar el análisis de todos los aspectos cuyo estudio sea previo al fondo del asunto, hecha excepción del caso en que los aspectos de importancia y trascendencia deriven de la procedencia del recurso.

Si el Pleno del Instituto, cuando así lo apruebe la mayoría de sus Comisionados, decide ejercer la facultad de atracción se avocará al conocimiento o estudio de fondo del asunto materia del recurso de revisión atraído.

El o los Comisionados que en su momento hubiesen votado en contra de ejercer la facultad de atracción, no estarán impedidos para pronunciarse respecto del fondo del asunto.

Artículo 137.- La resolución del Instituto será definitiva e inatacable para el organismo garante y para el sujeto obligado de que se trate.

En todo momento, los particulares podrán impugnar las resoluciones del Instituto ante el Poder Judicial de la Federación.

Artículo 138.- Únicamente el Consejero Jurídico del Gobierno podrá interponer recurso de revisión en materia de seguridad nacional ante la Suprema Corte de Justicia de la Nación, en el caso que las resoluciones del Instituto a los recursos descritos en este Título, puedan poner en peligro la seguridad nacional.

Dicho recurso de revisión en materia de seguridad nacional se tramitará en los términos que se establecen en el siguiente Capítulo V denominado “Del Recurso de Revisión en materia de Seguridad Nacional”, del presente Título.

Capítulo V.- Del Recurso de Revisión en Materia de Seguridad Nacional

Artículo 139.- El Consejero Jurídico del Gobierno Federal podrá interponer recurso de revisión en materia de seguridad nacional directamente ante la Suprema Corte de Justicia de la Nación, cuando considere que las resoluciones emitidas por el Instituto ponen en peligro la seguridad nacional.

El recurso deberá interponerse durante los siete días siguientes a aquél en el que el organismo garante notifique la resolución al sujeto obligado. La Suprema Corte de Justicia de la Nación determinará, de inmediato, en su caso, la suspensión de la ejecución de la resolución y dentro de los cinco días siguientes a la interposición del recurso resolverá sobre su admisión o improcedencia.

Artículo 140.- En el escrito del recurso, el Consejero Jurídico del Gobierno Federal deberá señalar la resolución que se impugna, los fundamentos y motivos por los cuales considera que se pone en peligro la seguridad nacional, así como los elementos de prueba necesarios.

Artículo 141.- La información reservada o confidencial que, en su caso, sea solicitada por la Suprema Corte de Justicia de la Nación por resultar indispensable para resolver el asunto, deberá ser mantenida con ese carácter y no estará disponible en el Expediente, salvo en las excepciones previstas en el artículo 120 de la Ley General de Transparencia y Acceso a la Información Pública.

En todo momento, los Ministros deberán tener acceso a la información clasificada para determinar su naturaleza, según se requiera. El acceso se dará de conformidad con la normatividad previamente establecida para el resguardo o salvaguarda de la información por parte de los sujetos obligados.

Artículo 142.- La Suprema Corte de Justicia de la Nación resolverá con plenitud de jurisdicción, y en ningún caso, procederá el reenvío.

Artículo 143.- Si la Suprema Corte de Justicia de la Nación confirma el sentido de la resolución recurrida, el sujeto obligado deberá dar cumplimiento en los términos que establece la disposición correspondiente de esta Ley.

En caso de que se revoque la resolución, el Instituto deberá actuar en los términos que ordene la Suprema Corte de Justicia de la Nación.

Capítulo VI.- De los Criterios de Interpretación

Artículo 144.- Una vez que hayan causado ejecutoria las resoluciones dictadas con motivo de los recursos que se sometan a su competencia, el Instituto podrá emitir los criterios de interpretación que estime pertinentes y que deriven de lo resuelto en los mismos, conforme a lo dispuesto en la Ley General de Transparencia y Acceso a la Información Pública y demás normativa aplicable.

El Instituto podrá emitir criterios de carácter orientador para los Organismos garantes, que se establecerán por reiteración al resolver tres casos análogos de manera consecutiva en el mismo sentido, por al menos dos terceras partes del Pleno del Instituto, derivados de resoluciones que hayan causado estado.

Artículo 145.- Los criterios se compondrán de un rubro, un texto y el precedente o precedentes que, en su caso, hayan originado su emisión.

Todo criterio que emita el Instituto deberá contener una clave de control para su debida identificación.

TÍTULO DÉCIMO.- FACULTAD DE VERIFICACIÓN DEL INSTITUTO Y LOS ORGANISMOS GARANTES

Capítulo Único.- Del Procedimiento de Verificación

Artículo 146.- El Instituto y los Organismos garantes, en el ámbito de sus respectivas competencias, tendrán la atribución de vigilar y verificar el cumplimiento de las disposiciones contenidas en la presente Ley y demás ordenamientos que se deriven de ésta.

En el ejercicio de las funciones de vigilancia y verificación, el personal del Instituto o, en su caso, de los Organismos garantes estarán obligados a guardar confidencialidad sobre la información a la que tengan acceso en virtud de la verificación correspondiente.

El responsable no podrá negar el acceso a la documentación solicitada con motivo de una verificación, o a sus bases de datos personales, ni podrá invocar la reserva o la confidencialidad de la información.

Artículo 147.- La verificación podrá iniciarse:

I.- De oficio cuando el Instituto o los Organismos garantes cuenten con indicios que hagan presumir fundada y motivada la existencia de violaciones a las leyes correspondientes, o

II.- Por denuncia del titular cuando considere que ha sido afectado por actos del responsable que puedan ser contrarios a lo dispuesto por la presente Ley y demás normativa aplicable, o en su caso, por cualquier persona cuando tenga conocimiento de presuntos incumplimientos a las obligaciones previstas en la presente Ley y demás disposiciones que resulten aplicables en la materia.

El derecho a presentar una denuncia precluye en el término de un año contado a partir del día siguiente en que se realicen los hechos u omisiones materia de la misma. Cuando los hechos u omisiones sean de tracto sucesivo, el término empezará a contar a partir del día hábil siguiente al último hecho realizado.

La verificación no procederá en los supuestos de procedencia del recurso de revisión o inconformidad previstos en la presente Ley.

La verificación no se admitirá en los supuestos de procedencia del recurso de revisión o inconformidad, previstos en la presente Ley.

Previo a la verificación respectiva, el Instituto o los Organismos garantes podrán desarrollar investigaciones previas, con el fin de contar con elementos para fundar y motivar el acuerdo de inicio respectivo.

Artículo 148.- Para la presentación de una denuncia no podrán solicitarse mayores requisitos que los que a continuación se describen:

I.- El nombre de la persona que denuncia, o en su caso, de su representante;

II.- El domicilio o medio para recibir notificaciones de la persona que denuncia;

III.- La relación de hechos en que se basa la denuncia y los elementos con los que cuente para probar su dicho;

IV.- El responsable denunciado y su domicilio, o en su caso, los datos para su identificación y/o ubicación;

V.- La firma del denunciante, o en su caso, de su representante. En caso de no saber firmar, bastará la huella digital.

La denuncia podrá presentarse por escrito libre, o a través de los formatos, medios electrónicos o cualquier otro medio que al efecto establezca el Instituto o los Organismos garantes, según corresponda.

Una vez recibida la denuncia, el Instituto y los Organismos garantes, según corresponda, deberán acusar recibo de la misma. El acuerdo correspondiente se notificará al denunciante.

Artículo 149.- La verificación iniciará mediante una orden escrita que funde y motive la procedencia de la actuación por parte del Instituto o de los Organismos garantes, la cual tiene por objeto requerir al responsable la documentación e información necesaria vinculada con la presunta violación y/o realizar visitas a las oficinas o instalaciones del responsable, o en su caso, en el lugar donde estén ubicadas las bases de datos personales respectivas.

Para la verificación en instancias de seguridad nacional y seguridad pública, se requerirá en la resolución, la aprobación del Pleno del Instituto, por mayoría calificada de sus Comisionados, o de los integrantes de los Organismos garantes de las Entidades Federativas, según corresponda; así como de una fundamentación y motivación reforzada de la causa del procedimiento, debiéndose asegurar la información sólo para uso exclusivo de la autoridad y para los fines establecidos en el artículo 150.

El procedimiento de verificación deberá tener una duración máxima de cincuenta días.

El Instituto o los organismos garantes podrán ordenar medidas cautelares, si del desahogo de la verificación advierten un daño inminente o irreparable en materia de protección de datos personales, siempre y cuando no impidan el cumplimiento de las funciones ni el aseguramiento de bases de datos de los sujetos obligados.

Estas medidas sólo podrán tener una finalidad correctiva y será temporal hasta entonces los sujetos obligados lleven a cabo las recomendaciones hechas por el Instituto o los Organismos garantes según corresponda.

Artículo 150.- El procedimiento de verificación concluirá con la resolución que emita el Instituto o los Organismos garantes, en la cual, se establecerán las medidas que deberá adoptar el responsable en el plazo que la misma determine.

Artículo 151.- Los responsables podrán voluntariamente someterse a la realización de auditorías por parte del Instituto o los Organismos garantes, según corresponda, que tengan por objeto verificar la adaptación, adecuación y eficacia de los controles, medidas y mecanismos implementados para el cumplimiento de las disposiciones previstas en la presente Ley y demás normativa que resulte aplicable.

El informe de auditoría deberá dictaminar sobre la adecuación de las medidas y controles implementados por el responsable, identificar sus deficiencias, así como proponer acciones correctivas complementarias, o bien, recomendaciones que en su caso correspondan.

TÍTULO DÉCIMO PRIMERO.- MEDIDAS DE APREMIO Y RESPONSABILIDADES

Capítulo I.- De las Medidas de Apremio

Artículo 152.- Para el cumplimiento de las resoluciones emitidas por el Instituto o los Organismos garantes, según corresponda, éstos organismos y el responsable, en su caso, deberán observar lo dispuesto en el Capítulo VI del Título Octavo de la Ley General de Transparencia y Acceso a la Información Pública.

Artículo 153.- El Instituto y los Organismos garantes podrán imponer las siguientes medidas de apremio para asegurar el cumplimiento de sus determinaciones:

I.- La amonestación pública, o

II.- La multa, equivalente a la cantidad de ciento cincuenta hasta mil quinientas veces el valor diario de la Unidad de Medida y Actualización.

El incumplimiento de los sujetos obligados será difundido en los portales de obligaciones de transparencia del Instituto y los Organismos garantes y considerados en las evaluaciones que realicen éstos.

En caso de que el incumplimiento de las determinaciones del Instituto y los Organismos garantes implique la presunta comisión de un delito o una de las conductas señaladas en el artículo 163 de la presente Ley, deberán denunciar los hechos ante la autoridad competente. Las medidas de apremio de carácter económico no podrán ser cubiertas con recursos públicos.

Artículo 154.- Si a pesar de la ejecución de las medidas de apremio previstas en el artículo anterior no se cumpliere con la resolución, se requerirá el cumplimiento al superior jerárquico para que en el plazo de cinco días lo obligue a cumplir sin demora.

De persistir el incumplimiento, se aplicarán sobre aquéllas medidas de apremio establecidas en el artículo anterior. Transcurrido el plazo, sin que se haya dado cumplimiento, se dará vista la autoridad competente en materia de responsabilidades.

Artículo 155.- Las medidas de apremio a que se refiere el presente Capítulo, deberán ser aplicadas por el Instituto y los Organismos garantes, por sí mismos o con el apoyo de la autoridad competente, de conformidad con los procedimientos que establezcan las leyes respectivas.

Artículo 156.- Las multas que fijen el Instituto y los Organismos garantes se harán efectivas por el Servicio de Administración Tributaria o las Secretarías de Finanzas de las Entidades Federativas, según corresponda, a través de los procedimientos que las leyes establezcan.

Artículo 157.- Para calificar las medidas de apremio establecidas en el presente Capítulo, el Instituto y los Organismos garantes deberán considerar:

I.-La gravedad de la falta del responsable, determinada por elementos tales como el daño causado; los indicios de intencionalidad; la duración del incumplimiento de las determinaciones del Instituto o los Organismos garantes y la afectación al ejercicio de sus atribuciones;

II.- La condición económica del infractor, y

III.- La reincidencia.

El Instituto y los Organismos garantes establecerán mediante lineamientos de carácter general, las atribuciones de las áreas encargadas de calificar la gravedad de la falta de observancia a sus determinaciones y de la notificación y ejecución de las medidas de apremio que apliquen e implementen, conforme a los elementos desarrollados en este Capítulo.

Artículo 158.- En caso de reincidencia, el Instituto o los Organismos garantes podrán imponer una multa equivalente hasta el doble de la que se hubiera determinado por el Instituto o los Organismos garantes.

Se considerará reincidente al que habiendo incurrido en una infracción que haya sido sancionada, cometa otra del mismo tipo o naturaleza.

Artículo 159.- Las medidas de apremio deberán aplicarse e implementarse en un plazo máximo de quince días, contados a partir de que sea notificada la medida de apremio al infractor.

Artículo 160.- La amonestación pública será impuesta por el Instituto o los Organismos garantes y será ejecutada por el superior jerárquico inmediato del infractor con el que se relacione.

Artículo 161.- El Instituto o los Organismos garantes podrán requerir al infractor la información necesaria para determinar su condición económica, apercibido de que en caso de no proporcionar la misma, las multas se cuantificarán con base a los elementos que se tengan a disposición, entendidos como los que se encuentren en los registros públicos, los que contengan medios de información o sus propias páginas de Internet y, en general, cualquiera que evidencie su condición, quedando facultado el Instituto o los Organismos garantes para requerir aquella documentación que se considere indispensable para tal efecto a las autoridades competentes.

Artículo 162.- En contra de la imposición de medidas de apremio, procede el recurso correspondiente ante el Poder Judicial de la Federación, o en su caso ante el Poder Judicial correspondiente en las Entidades Federativas.

Capítulo II.- De las Sanciones

Artículo 163.- Serán causas de sanción por incumplimiento de las obligaciones establecidas en la materia de la presente Ley, las siguientes:

I.- Actuar con negligencia, dolo o mala fe durante la sustanciación de las solicitudes para el ejercicio de los derechos ARCO;

II.- Incumplir los plazos de atención previstos en la presente Ley para responder las solicitudes para el ejercicio de los derechos ARCO o para hacer efectivo el derecho de que se trate;

III.- Usar, sustraer, divulgar, ocultar, alterar, mutilar, destruir o inutilizar, total o parcialmente y de manera indebida datos personales, que se encuentren bajo su custodia o a los cuales tengan acceso o conocimiento con motivo de su empleo, cargo o comisión;

IV.- Dar tratamiento, de manera intencional, a los datos personales en contravención a los principios y deberes establecidos en la presente Ley;

V.- No contar con el aviso de privacidad, o bien, omitir en el mismo alguno de los elementos a que refiere el artículo 27 de la presente Ley, según sea el caso, y demás disposiciones que resulten aplicables en la materia;

VI.- Clasificar como confidencial, con dolo o negligencia, datos personales sin que se cumplan las características señaladas en las leyes que resulten aplicables. La sanción sólo procederá cuando exista una resolución previa, que haya quedado firme, respecto del criterio de clasificación de los datos personales;

VII.- Incumplir el deber de confidencialidad establecido en el artículo 42 de la presente Ley;

VIII.- No establecer las medidas de seguridad en los términos que establecen los artículos 31, 32 y 33 de la presente Ley;

IX.- Presentar vulneraciones a los datos personales por la falta de implementación de medidas de seguridad según los artículos 31, 32 y 33 de la presente Ley;

X.- Llevar a cabo la transferencia de datos personales, en contravención a lo previsto en la presente Ley;

XI.- Obstruir los actos de verificación de la autoridad;

XII.- Crear bases de datos personales en contravención a lo dispuesto por el artículo 5 de la presente Ley;

XIII.- No acatar las resoluciones emitidas por el Instituto y los Organismos garantes, y

XIV.- Omitir la entrega del informe anual y demás informes a que se refiere el artículo 44, fracción VII de la Ley General de Transparencia y Acceso a la Información Pública, o bien, entregar el mismo de manera extemporánea.

Las causas de responsabilidad previstas en las fracciones I, II, IV, VI, X, XII, y XIV, así como la reincidencia en las conductas previstas en el resto de las fracciones de este artículo, serán consideradas como graves para efectos de su sanción administrativa.

En caso de que la presunta infracción hubiere sido cometida por algún integrante de un partido político, la investigación y, en su caso, sanción, corresponderán a la autoridad electoral competente.

Las sanciones de carácter económico no podrán ser cubiertas con recursos públicos.

Artículo 164.- Para las conductas a que se refiere el artículo anterior se dará vista a la autoridad competente para que imponga o ejecute la sanción.

Artículo 165.- Las responsabilidades que resulten de los procedimientos administrativos correspondientes, derivados de la violación a lo dispuesto por el artículo 163 de esta Ley, son independientes de las del orden civil, penal o de cualquier otro tipo que se puedan derivar de los mismos hechos.

Dichas responsabilidades se determinarán, en forma autónoma, a través de los procedimientos previstos en las leyes aplicables y las sanciones que, en su caso, se impongan por las autoridades competentes, también se ejecutarán de manera independiente.

Para tales efectos, el Instituto o los organismos garantes podrán denunciar ante las autoridades competentes cualquier acto u omisión violatoria de esta Ley y aportar las pruebas que consideren pertinentes, en los términos de las leyes aplicables.

Artículo 166.- Ante incumplimientos por parte de los partidos políticos, el Instituto u organismo garante competente, dará vista, según corresponda, al Instituto Nacional Electoral o a los organismos públicos locales electorales de las Entidades Federativas competentes, para que resuelvan lo conducente, sin perjuicio de las sanciones establecidas para los partidos políticos en las leyes aplicables.

En el caso de probables infracciones relacionadas con fideicomisos o fondos públicos, el Instituto u organismo garante competente deberá dar vista al órgano interno de control del sujeto obligado relacionado con éstos, cuando sean servidores públicos, con el fin de que instrumenten los procedimientos administrativos a que haya lugar.

Artículo 167.- En aquellos casos en que el presunto infractor tenga la calidad de servidor público, el Instituto o el organismo garante, deberá remitir a la autoridad competente, junto con la denuncia correspondiente, un Expediente en que se contengan todos los elementos que sustenten la presunta responsabilidad administrativa.

La autoridad que conozca del asunto, deberá informar de la conclusión del procedimiento y, en su caso, de la ejecución de la sanción al Instituto o al organismo garante, según corresponda.

A efecto de sustanciar el procedimiento citado en este artículo, el Instituto, o el organismo garante que corresponda, deberá elaborar una denuncia dirigida a la contraloría, órgano interno de control o equivalente, con la descripción precisa de los actos u omisiones que, a su consideración, repercuten en la adecuada aplicación de la presente Ley y que pudieran constituir una posible responsabilidad.

Asimismo, deberá elaborar un expediente que contenga todos aquellos elementos de prueba que considere pertinentes para sustentar la existencia de la posible responsabilidad. Para tal efecto, se deberá acreditar el nexo causal existente entre los hechos controvertidos y las pruebas presentadas.

La denuncia y el Expediente deberán remitirse a la contraloría, órgano interno de control o equivalente dentro de los quince días siguientes a partir de que el Instituto o el organismo garante correspondiente tenga conocimiento de los hechos.

Artículo 168.- En caso de que el incumplimiento de las determinaciones de los Organismos garantes implique la presunta comisión de un delito, el organismo garante respectivo deberá denunciar los hechos ante la autoridad competente.

TRANSITORIOS

Primero.- La presente Ley entrará en vigor al día siguiente de su publicación en el Diario Oficial de la Federación.

Segundo.- La Ley Federal de Transparencia y Acceso a la Información Pública, las demás leyes federales y las leyes vigentes de las Entidades Federativas en materia de protección de datos personales, deberán ajustarse a las disposiciones previstas en esta norma en un plazo de seis meses siguientes contado a partir de la entrada en vigor de la presente Ley.

En caso de que el Congreso de la Unión o las Legislaturas de las Entidades Federativas omitan total o parcialmente realizar las adecuaciones legislativas a que haya lugar, en el plazo establecido en el párrafo anterior, resultará aplicable de manera directa la presente Ley, con la posibilidad de seguir aplicando de manera supletoria las leyes preexistentes en todo aquello que no se oponga a la misma, hasta en tanto no se cumpla la condición impuesta en el presente artículo.

Tercero.- La Cámara de Diputados, las Legislaturas de las Entidades Federativas, en el ámbito de sus respectivas competencias, deberán hacer las previsiones presupuestales necesarias para la operación de la presente Ley y establecer las partidas presupuestales específicas en el Presupuesto de Egresos de la Federación y en los Presupuestos de Egresos de las Entidades Federativas, según corresponda, para el siguiente ejercicio fiscal a su entrada en vigor.

Cuarto.- Se derogan todas aquellas disposiciones en materia de protección de datos personales, de carácter federal, estatal y municipal, que contravengan lo dispuesto por la presente Ley.

Quinto.- El Instituto y los Organismos garantes deberán emitir los lineamientos a que se refiere esta Ley y publicarlos en el Diario Oficial de la Federación, o en sus Gacetas o Periódicos Oficiales locales, respectivamente, a más tardar en un año a partir de la entrada en vigor del presente Decreto.

Sexto.- El Sistema Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales deberá emitir el Programa Nacional de Protección de Datos Personales a que se refiere esta Ley y publicarlo en el Diario Oficial de la Federación, a más tardar en un año a partir de la entrada en vigor del presente Decreto, independientemente del ejercicio de otras atribuciones que se desprenden de la Ley General de Transparencia y Acceso a la Información Pública.

Séptimo.- Los sujetos obligados correspondientes deberán tramitar, expedir o modificar su normatividad interna a más tardar dentro de los dieciocho meses siguientes a la entrada en vigor de esta Ley.

Octavo.- No se podrán reducir o ampliar en la normatividad de las Entidades Federativas, los procedimientos y plazos vigentes aplicables en la materia, en perjuicio de los titulares de datos personales.

Ciudad de México, a 13 de diciembre de 2016

Sen. Pablo Escudero Morales,

Presidente.- Dip. Edmundo Javier Bolaños Aguilar,

Presidente.- Sen. Lorena Cuellar Cisneros,

Secretaria.- Dip. María Eugenia Ocampo Bedolla

En cumplimiento de lo dispuesto por la fracción I del Artículo 89 de la Constitución Política de los Estados Unidos Mexicanos, y para su debida publicación y observancia, expido el presente Decreto en la Residencia del Poder Ejecutivo Federal, en la Ciudad de México, a veinticuatro de enero de dos mil diecisiete.-

Enrique Peña Nieto.-

El Secretario de Gobernación, Miguel Ángel Osorio Chong

02Abr/17

Código Orgánico Integral Penal

2 abril, 2017Código, EcuadorCódigo Ecuador, Código Orgánico Integral Penal, Código PenalJosé Cuervo

CÓDIGO ORGÁNICO INTEGRAL PENAL

REPÚBLICA DEL ECUADOR ASAMBLEA NACIONAL

Registro Oficial

Órgano del Gobierno del Ecuador

Suplemento

AÑO I. nº 180

Quito, lunes 10 de febrero de 2014

Oficio nº SAN-2014-0138

Quito, 03 de febrero de 2014

Ingeniero Hugo Del Pozo Barrezueta

DIRECTOR DEL REGISTRO OFICIAL

Presente.-

De mis consideraciones:

La Asamblea Nacional, de conformidad con las atribuciones que le confiere la Constitución de la República del Ecuador y la Ley Orgánica de la Función Legislativa, discutió y aprobó el CODIGO ORGANICO INTEGRAL PENAL.

En sesión del 28 de enero del 2014, el Pleno de la Asamblea Nacional conoció y se pronunció sobre la objeción parcial del Código Orgánico Integral Penal enviada por el señor Presidente Constitucional de la República.

Por lo expuesto, y de acuerdo al Artículo 407 de la Constitución de la República del Ecuador y al Artículo 49 de la Ley Orgánica de la Función Legislativa, acompaño el texto del CÓDIGO ORGÁNICO INTEGRAL PENAL, para que se sirva publicarlo en el Registro Oficial.

Atentamente,

f.) DRA. LIBIA RIVAS ORDÓÑEZ, Secretaria General.

REPÚBLICA DEL ECUADOR

ASAMBLEA NACIONAL

CERTIFICACIÓN

En mi calidad de Secretaria General de la Asamblea Nacional, me permito CERTIFICAR que el Pleno de la Asamblea Nacional discutió y aprobó el “CÓDIGO ORGÁNICO INTEGRAL PENAL”, en las siguientes fechas:

PRIMER DEBATE:

28 de junio del 2012

03 de julio del 2012

04 de julio del 2012

05 de julio del 2012

10 de julio del 2012

11 de julio del 2012

12 de julio del 2012

17 de julio del 2012

SEGUNDO DEBATE:

09 de octubre del 2013

10 de octubre del 2013

11 de octubre del 2013

13 de octubre del 2013

05 de noviembre del 2013

11 de noviembre del 2013

17 de noviembre del 2013

OBJECIÓN PARCIAL:

28 de enero del 2014

Quito, 3 de febrero de 2014

f.) DRA. LIBIA RIVAS ORDÓÑEZ, Secretaria General.

REPÚBLICA DEL ECUADOR

ASAMBLEA NACIONAL

EXPOSICIÓN DE MOTIVOS

En las últimas décadas, el Ecuador ha sufrido profundas transformaciones económicas, sociales y políticas. La Constitución del 2008, aprobada en las urnas, impone obligaciones inaplazables y urgentes como la revisión del sistema jurídico para cumplir con el imperativo de justicia y certidumbre.

La heterogeneidad de los componentes del sistema penal ecuatoriano, incluida la coexistencia de varios cuerpos legales difíciles de acoplar en la práctica, ha generado una percepción de impunidad y desconfianza. Para configurar un verdadero cuerpo legal integral se han considerado los siguientes aspectos:

1.- Dimensión histórica

En el Ecuador -desde su época republicana- se han promulgado cinco Códigos Penales (1837, 1872, 1889, 1906 y 1938). La legislación penal vigente es una codificación más y tiene una fuerte influencia del Código italiano de 1930 (conocido como “Código Rocco”), argentino de 1922, belga de 1867 y -este a su vez- del francés de 1810 (“Código Napoleónico”). En suma, tenemos un Código de hace dos siglos con la influencia” trágica del siglo XX, que es la Ley penal del fascismo italiano.

El Código Penal vigente, antiguo, incompleto, disperso y retocado, ha sido permanentemente modificado. La codificación de 1971 ha soportado, en casi cuarenta años -desde octubre de 1971 hasta la producida en mayo del 2010- cuarenta y seis reformas. A esto hay que sumar más de doscientas normas no penales que tipifican infracciones.

En materia de procedimiento penal Ecuador ha tenido más de cinco leyes. El Código de Procedimiento Penal vigente desde el año 2000, introdujo un cambio fundamental en relación con el procedimiento de 1983: el sistema acusatorio. Sin embargo, no fue de fácil aplicación y sufrió múltiples modificaciones. En total, el Código se ha reformado catorce veces. Estas reformas no tomaron en cuenta las normas penales sustantivas y pretendieron cambiar el sistema penal, modificando solamente una parte aislada.

En relación con el Código de Ejecución de Penas, este cuerpo legal se publicó por primera vez en 1982 y se ha reformado diez veces. Las normas penales de ejecución vigentes, elaboradas sin considerar las normas sustantivas y procesales, son inaplicables por su inconsistencia. Técnicamente no se puede rehabilitar a una persona que nunca ha sido “habilitada”, ni reinsertarla en una sociedad que tampoco es ideal para la reinserción. Además, el sistema funciona solo si cuenta con la voluntad de las personas condenadas. Esto ha generado, en definitiva, espacios propicios para la violencia y la corrupción.

Es evidente que las normas sustantivas, procesales y ejecutivas penales vigentes no responden a una sola línea de pensamiento. Sus contextos históricos son muy diversos. Las finalidades y estructuras son distintas, sin coordinación alguna, inclusive contienen normas contradictorias. Esto se traduce en un sistema penal incoherente, poco práctico y disperso.

2.- Imperativo constitucional

La Constitución al declarar al Estado como constitucional de derechos y justicia, define un nuevo orden de funcionamiento jurídico, político y administrativo. La fuerza normativa directa, los principios y normas incluidos en su texto y en el Bloque de Constitucionalidad confieren mayor legitimidad al Código Orgánico Integral Penal, porque las disposiciones constitucionales no requieren la intermediación de la ley para que sean aplicables directamente por los jueces.

Toda autoridad pública que posee competencia para normar tiene la obligación de adecuar, formal y materialmente, las leyes y demás normas jurídicas a los derechos previstos en la Constitución y a los tratados internacionales que sean necesarios para garantizar la dignidad del ser humano o de las comunidades, pueblos y nacionalidades. En ningún caso, las leyes, otras normas jurídicas, ni los actos del poder público atentarán contra los derechos que reconoce la Constitución (artículo 84).

Según el artículo 424 de la Constitución de la República del Ecuador, las normas y los actos del poder público deben mantener conformidad con las disposiciones constitucionales; caso contrario carecerán de eficacia jurídica. Desde este mandato, surge la necesidad de adecuar y actualizar el derecho penal, con todos sus componentes (sustantivo, adjetivo y ejecutivo), al nuevo estándar constitucional.

En consecuencia es indispensable determinar la correspondencia constitucional de los bienes jurídicos protegidos y las garantías de quienes se someten a un proceso penal en calidad de víctimas o procesados para que estén adecuadamente regulados y protegidos.

3.- Constitucionalización del derecho penal

El derecho penal tiene, aparentemente, una doble función contradictoria frente a los derechos de las personas. Por un lado, protege derechos y, por otro, los restringe. Desde la perspectiva de las víctimas, los protege cuando alguno ha sido gravemente lesionado. Desde la persona que se encuentra en conflicto con la ley penal, puede restringir excepcionalmente sus derechos, cuando una persona vulnera los derechos de otras y justifica la aplicación de una sanción. Por ello, el derecho penal debe determinar los límites para no caer en la venganza privada, ni en la impunidad.

El artículo 76 de la Constitución ordena que las penas estén acorde con el principio de proporcionalidad, es decir, debe existir cierta relación coherente entre el grado de vulneración de un derecho y la gravedad de la pena.

Además, la Constitución en su artículo 78 incorpora la figura de la reparación integral. Para ello se integran algunas instituciones, con el fin de evitar la severidad del derecho penal y procurar que las soluciones sean más eficaces.

4.- Actualización doctrinaria de la legislación penal

El auge del constitucionalismo en las democracias contemporáneas ha sido precedido de una renovación teórica y conceptual. Parte del nuevo instrumental jurídico, producido no solo por la doctrina sino también por la jurisprudencia de tribunales constitucionales y penales, nacionales e internacionales, son: la imprescriptibilidad de ciertos delitos que tienen particular gravedad en el mundo entero; el estado de necesidad en sociedades en las que hay extrema pobreza y exclusión, como es la nuestra; las penas prohibidas, para evitar arbitrariedades; la revisión extraordinaria de la condena; la suspensión condicional de la pena; supresión de delitos que pueden merecer mejor respuesta desde el ámbito civil o administrativo; la proscripción de un derecho penal de autor; la supresión de la presunción de derecho del conocimiento de la ley, entre otros.

En este contexto, se adecua la legislación ecuatoriana a los nuevos desarrollos conceptuales que se han producido en el mundo y en la región, como mecanismo para asegurar un correcto funcionamiento de la justicia penal. Si bien es cierto, en otros países se ha dejado en manos de la doctrina y la jurisprudencia este desarrollo conceptual, en el caso ecuatoriano, este proceso ha resultado fallido.

Las y los jueces penales han estado sometidos a una concepción excesivamente legalista. A esto hay que sumar la crisis del sistema de educación superior y la carencia de investigaciones en todas las áreas del derecho penal y criminología. Todo esto ha dado como resultado un limitado desarrollo conceptual, teórico y técnico.

Por esta razón se incorporan los desarrollos normativos, doctrinales y jurisprudenciales modernos y se los adapta a la realidad ecuatoriana, como mecanismos estratégicos para promover una nueva cultura penal y el fortalecimiento de la justicia penal existente

5.- Adecuación de la normativa nacional a los compromisos internacionales

Se tipifican nuevas conductas penalmente relevantes adaptadas a las normas internacionales. Se introducen nuevos capítulos como por ejemplo, el que se refiere a los delitos contra la humanidad y las graves violaciones a los derechos humanos. En otros casos, cuando en instrumentos internacionales suscritos por el Ecuador se establecen tipos penales abiertos y poco precisos, se han diseñado los tipos penales considerando las garantías constitucionales, la efectividad del combate del delito y la precisión en elementos de la tipicidad.

Por primera vez se tipifican infracciones como la omisión de denuncia de tortura, la desaparición forzada y la violencia sexual en conflicto armado.

Desde esta perspectiva, se honran compromisos internacionales y además se cumple con el postulado que, en materia de derechos humanos, la Constitución y los instrumentos internacionales de derechos humanos tienen vigencia en el sistema jurídico infraconstitucional.

6.- Balance entre garantías y eficiencia de la justicia penal

Todo sistema penal se encuentra en el dilema entre combatir la impunidad y garantizar los derechos de las personas sospechosas de haber cometido una infracción penal. Si las garantías se extreman, se crearía un sistema que nunca sanciona; si las garantías se flexibilizan, se acabaría condenando a la persona inocente.

El sistema penal tiene que llegar al término medio para evitar que en la sociedad se toleren injusticias y procurar que exista algo parecido a la paz social en el combate a la delincuencia.

Se limita la actuación del aparato punitivo del Estado. La o el juez es garante de los derechos de las partes en conflicto. El proceso se adecua a los grados de complejidad de los casos. Las personas sometidas al poder penal –como víctimas o procesados- tienen, en todas sus etapas, derechos y garantías.

7.- La ejecución de las penas

El derecho de ejecución de penas ha estado doctrinaria y jurídicamente divorciado del derecho procesal y del derecho penal sustantivo, en todas sus dimensiones. Una vez dictada la sentencia, sin que se debata la prolongación de la pena, las y los jueces no tienen relación alguna con el efectivo cumplimiento de la sentencia. No existe control judicial sobre las condiciones carcelarias, las sentencias no se cumplen efectivamente y la administración ha estado a cargo de un órgano poco técnico y con inmensas facultades discrecionales. Si a esto se suman las condiciones carcelarias, que son deplorables, la falta de estadísticas confiables, la ausencia de registros y la forma arbitraria de establecer sanciones al interior de los centros, se concluye que es urgente realizar una reforma creativa, integral y coherente en el resto del sistema penal.

El trabajo, la educación, la cultura, el deporte, la atención a la salud y el fortalecimiento de las relaciones familiares de las personas privadas de la libertad, deben ser los puntales que orienten el desarrollo de las capacidades de las personas privadas de libertad y viabilicen su reinserción progresiva en la sociedad.

En aplicación de la norma constitucional, especial énfasis merece el trabajo de la persona privada de libertad que, además de constituir un elemento fundamental del tratamiento, es considerado un derecho y un deber social de la persona privada de libertad.

También se regula el régimen disciplinario para evitar la discrecionalidad de la autoridad competente o personal de seguridad penitenciaria.

Es prioritario partir de una reforma integral destinada a que los mandatos constitucionales se hagan realmente efectivos, que implique una construcción normativa conjunta, con una misma perspectiva y un mismo eje articulador: garantizar los derechos de las personas.

REPÚBLICA DEL ECUADOR

ASAMBLEA NACIONAL

EL PLENO

CONSIDERANDO:

Que el artículo 1 de la Constitución de la República del Ecuador enmarca al ordenamiento jurídico nacional dentro de los lineamientos de un Estado constitucional de derechos y justicia y que es necesario realizar cambios normativos que respondan coherentemente al espíritu de la Constitución;

Que en el inciso primero del artículo 424, se ordena que la Constitución es la Norma Suprema del Estado y prevalece sobre cualquier otra del ordenamiento jurídico y, por lo tanto, las normas y los actos del poder público deben mantener conformidad con las disposiciones constitucionales;

Que el literal b), numeral 3, del artículo 66 de la Constitución de la República del Ecuador reconoce y garantiza a las personas una vida libre de violencia en el ámbito público y privado y ordena la adopción de medidas para prevenir, eliminar y sancionar toda forma de violencia; en especial la ejercida contra las mujeres, niñas, niños y adolescentes, personas adultas mayores, personas con discapacidad y contra toda persona en situación de desventaja o vulnerabilidad; idénticas medidas se tomarán contra la violencia, la esclavitud y la explotación sexual;

Que la Constitución, de conformidad con el artículo 75, reconoce a las personas el derecho al acceso gratuito a la justicia y a la tutela efectiva, imparcial y expedita de sus derechos e intereses, con sujeción a los principios de inmediación y celeridad, y que en ningún caso quedarán en indefensión;

Que el artículo 76 de la Constitución ordena que en todo proceso en el que se determinen derechos y obligaciones de cualquier orden, como en el caso de los penales, se asegurará las garantías que integran el debido proceso, garantías de la defensa para la persona procesada y garantías para las víctimas, que deben ser canalizadas a través de la ley penal;

Que la Constitución reconoce a las personas privadas de libertad, de conformidad con el artículo 51, el derecho a no ser aisladas, a comunicarse, a recibir visitas, a declarar sobre el trato recibido, a contar con recursos humanos y necesarios para gozar de salud integral, a la atención de sus necesidades educativas, laborales, productivas, culturales, alimenticias y recreativas, y a recibir atención preferente y especializada en el caso de personas adultas mayores, mujeres embarazadas o en período de lactancia, con capacidades especiales, enfermas o adolescentes;

Que la Constitución prescribe en el artículo 78 que las víctimas de infracciones penales tendrán derecho a protección especial, a no ser revictimizadas y a que se adopten mecanismos para una reparación integral que incluya el conocimiento de la verdad, restitución, indemnizaciones, rehabilitación, garantía de no repetición y satisfacción del derecho violado;

Que de acuerdo con el artículo 80 de la Constitución las acciones por infracciones de genocidio, lesa humanidad, crímenes de guerra, desaparición forzada de personas y agresión a un Estado serán imprescriptibles; Que de acuerdo con el artículo 233 de la Constitución, las acciones y las penas por las infracciones de peculado, cohecho, concusión y enriquecimiento ilícito son imprescriptibles;

Que de acuerdo con el inciso cuarto del artículo 396 de la Constitución, las acciones legales para perseguir y sancionar los daños ambientales son imprescriptibles; Que de conformidad con el artículo 76 de la Constitución se debe establecer la debida proporcionalidad entre las infracciones y las sanciones penales, deben existir sanciones no privativas de la libertad, las que tienen que respetar los derechos de las personas y ser impuestas mediante procedimientos adversariales, transparentes y justos;

Que el Código Penal, Código de Procedimiento Penal y Código de Ejecución de Penas y Rehabilitación Social fueron promulgados antes de la entrada en vigencia de la actual Constitución y que sus normas, deben ser actualizadas y adecuadas a las nuevas exigencias del Estado constitucional de derechos y de justicia;

Que el derecho penal adjetivo debe garantizar la existencia de un sistema adversarial, que cuente con fiscales que promuevan el ejercicio de la acción penal dentro de los principios y fundamentos del sistema acusatorio, con defensoras y defensores públicos que patrocinen técnicamente a las personas acusadas de cometer una infracción y a las personas que, por su estado de indefensión o condición económica, social o cultural, no puedan contratar los servicios de defensa legal para la protección de sus derechos ,y con juezas y jueces que dirijan el proceso y sean garantes de los derechos de los participantes procesales;

Que para cumplir lo dispuesto en el artículo 201 de la Constitución, es impostergable sustituir el actual sistema de ejecución de penas por otro que tenga como prioridad el desarrollo de las capacidades de las personas sentenciadas penalmente para ejercer sus derechos y cumplir sus responsabilidades al recuperar su libertad, rehabilitándose y reinsertándose en la sociedad;

Que el sistema penal en su componente sustantivo mantiene tipos obsoletos, pues no responde a las necesidades actuales de la población; en su componente adjetivo es ineficiente y no ha logrado afianzar procesos justos, rápidos, sencillos, ni tampoco ha coordinado adecuadamente las acciones entre todos sus actores; y, en su componente ejecutivo no ha cumplido con sus objetivos y se ha convertido en un sistema burocrático y poco eficaz, lo que justifica una reforma integral y urgente al Sistema Penal en su conjunto;

Que en la consulta popular de 7 de mayo de 2011, el pueblo se pronunció sobre temas relativos al procedimiento penal: la caducidad de la prisión preventiva y medidas sustitutivas a la privación de libertad; y, a la necesidad de tipificar el enriquecimiento privado no justificado y la no afiliación al IESS de los trabajadores en relación de dependencia;

Que la Asamblea Nacional de acuerdo con el artículo 84 de la Constitución, tiene la obligación de adecuar, formal y materialmente, las leyes y demás normas jurídicas a los derechos previstos en la Constitución e instrumentos internacionales;

En ejercicio de sus atribuciones constitucionales y legales expide el siguiente:

CÓDIGO ORGÁNICO INTEGRAL PENAL

LIBRO PRELIMINAR.- NORMAS RECTORAS

TÍTULO I.- FINALIDAD

TÍTULO II.- GARANTÍAS Y PRINCIPIOS GENERALES

CAPÍTULO PRIMERO.- PRINCIPIOS GENERALES

CAPÍTULO SEGUNDO.- GARANTÍAS Y PRINCIPIOS RECTORES DEL PROCESO PENAL

CAPÍTULO TERCERO.- PRINCIPIOS RECTORES DE LA EJECUCIÓN DE LAS PENAS Y LAS MEDIDAS CAUTELARES PERSONALES

TÍTULO III.- DERECHOS

CAPÍTULO PRIMERO.- DERECHOS DE LA VÍCTIMA

CAPÍTULO SEGUNDO- DERECHOS Y GARANTÍAS DE LAS PERSONAS PRIVADAS DE LIBERTAD

TÍTULO IV.- INTERPRETACIÓN

TÍTULO V.- ÁMBITOS DE APLICACIÓN

LIBRO PRIMERO .-LA INFRACCIÓN PENAL

TÍTULO I.- LA INFRACCIÓN PENAL EN GENERAL

CAPÍTULO PRIMERO.- CONDUCTA PENALMENTE RELEVANTE

SECCIÓN PRIMERA.- TIPICIDAD

SECCIÓN SEGUNDA.- ANTIJURIDICIDAD

SECCIÓN TERCERA.- CULPABILIDAD

CAPÍTULO SEGUNDO.- EJECUCIÓN DE LA INFRACCIÓN

CAPÍTULO TERCERO.- PARTICIPACIÓN

CAPÍTULO CUARTO.- CIRCUNSTANCIAS DE LA INFRACCIÓN

CAPÍTULO QUINTO.- RESPONSABILIDAD PENAL DE LA PERSONA JURÍDICA

TÍTULO II.- PENAS Y MEDIDAS DE SEGURIDAD

CAPÍTULO PRIMERO- LA PENA EN GENERAL

CAPÍTULO SEGUNDO- CLASIFICACIÓN DE LA PENA

CAPÍTULO TERCERO.- EXTINCIÓN DE LA PENA

CAPÍTULO CUARTO.- MEDIDA DE SEGURIDAD

TÍTULO III REPARACIÓN INTEGRAL CAPÍTULO ÚNICO REPARACIÓN INTEGRAL

TÍTULO IV.- INFRACCIONES EN PARTICULAR

CAPÍTULO PRIMERO.- GRAVES VIOLACIONES A LOS DERECHOS HUMANOS Y DELITOS CONTRA EL DERECHO INTERNACIONAL HUMANITARIO

SECCIÓN PRIMERA.-Delitos contra la humanidad

SECCIÓN SEGUNDA.- Trata de Persona

SECCIÓN TERCERA.- Diversas formas de explotación

SECCIÓN CUARTA.- Delitos contra personas y bienes protegidos por el Derecho Internacional Humanitario

CAPÍTULO SEGUNDO.- DELITOS CONTRA LOS DERECHOS DE LIBERTAD

SECCIÓN PRIMERA.- Delitos contra la inviolabilidad de la vida

SECCIÓN SEGUNDA.- Delitos contra la integridad personal

SECCIÓN TERCERA.- Delitos contra la libertad personal

SECCIÓN CUARTA .- Delitos contra la integridad sexual y reproductiva

Artículo 173.- Contacto con finalidad sexual con menores de dieciocho años por medios electrónicos.-

La persona que a través de un medio electrónico o telemático proponga concertar un encuentro con una persona menor de dieciocho años, siempre que tal propuesta se acompañe de actos materiales encaminados al acercamiento con finalidad sexual o erótica, será sancionada con pena privativa de libertad de uno a tres años.

Cuando el acercamiento se obtenga mediante coacción o intimidación, será sancionada con pena privativa de libertad de tres a cinco años.

La persona que suplantando la identidad de un tercero o mediante el uso de una identidad falsa por medios electrónicos o telemáticos, establezca comunicaciones de contenido sexual o erótico con una persona menor de dieciocho años o con discapacidad, será sancionada con pena privativa de libertad de tres a cinco años.

Artículo 174.- Oferta de servicios sexuales con menores de dieciocho años por medios electrónicos.-

La persona, que utilice o facilite el correo electrónico, chat, mensajería instantánea, redes sociales, blogs, fotoblogs, juegos en red o cualquier otro medio electrónico o telemático para ofrecer servicios sexuales con menores de dieciocho años de edad, será sancionada con pena privativa de libertad de siete a diez años.

SECCIÓN QUINTA.- Delitos contra el derecho a la igualdad

SECCIÓN SEXTA.- Delitos contra el derecho a la intimidad personal y familiar

Artículo 178.- Violación a la intimidad.-

La persona que, sin contar con el consentimiento o la autorización legal, acceda, intercepte, examine, retenga, grabe, reproduzca, difunda o publique datos personales, mensajes de datos, voz, audio y vídeo, objetos postales, información contenida en soportes informáticos, comunicaciones privadas o reservadas de otra persona por cualquier medio, será sancionada con pena privativa de libertad de uno a tres años.

No son aplicables estas normas para la persona que divulgue grabaciones de audio y vídeo en las que interviene personalmente, ni cuando se trata de información pública de acuerdo con lo previsto en la ley.

Artículo 179.- Revelación de secreto.-

La persona que teniendo conocimiento por razón de su estado u oficio, empleo, profesión o arte, de un secreto cuya divulgación pueda causar daño a otra persona y lo revele, será sancionada con pena privativa de libertad de seis meses a un año.

Artículo 180.- Difusión de información de circulación restringida.-

La persona que difunda información de circulación restringida será sancionada con pena privativa de libertad de uno a tres años.

Es información de circulación restringida:

La información que está protegida expresamente con una cláusula de reserva previamente prevista en la ley.
La información producida por la Fiscalía en el marco de una investigación previa.
La información acerca de las niñas, niños y adolescentes que viole sus derechos según lo previsto en el Código Orgánico de la Niñez y Adolescencia.

Artículo 181.- Violación de propiedad privada.-

La persona que, con engaños o de manera clandestina, ingrese o se mantenga en morada, casa, negocio, dependencia o recinto habitado por otra, en contra de la voluntad expresa o presunta de quien tenga derecho a excluirla, será sancionada con pena privativa de libertad de seis meses a un año.

Si el hecho se ejecuta con violencia o intimidación, será sancionada con pena privativa de libertad de uno a tres años.

La persona que, en ejercicio de un servicio público, sin la debida autorización o fuera de los casos contemplados legalmente; o que con una orden falsa de la autoridad pública; o que con el traje o bajo el nombre de uno de sus agentes, viole un domicilio o lugar de trabajo, será sancionada con pena privativa de libertad de tres a cinco años.

En la violación de domicilio se presume que no hay consentimiento del dueño o de la dueña o su encargado cuando no están presentes en el acto que constituya la infracción.

SECCIÓN SÉPTIMA.- Delito contra el derecho al honor y buen nombre

SECCIÓN OCTAVA- Delitos contra la libertad de expresión y de culto

SECCIÓN NOVENA.- Delitos contra el derecho a la propiedad

Artículo 190.- Apropiación fraudulenta por medios electrónicos.-

La persona que utilice fraudulentamente un sistema informático o redes electrónicas y de telecomunicaciones para facilitar la apropiación de un bien ajeno o que procure la transferencia no consentida de bienes, valores o derechos en perjuicio de esta o de una tercera, en beneficio suyo o de otra persona alterando, manipulando o modificando el funcionamiento de redes electrónicas, programas, sistemas informáticos, telemáticos y equipos terminales de telecomunicaciones, será sancionada con pena privativa de libertad de uno a tres años.

La misma sanción se impondrá si la infracción se comete con inutilización de sistemas de alarma o guarda, descubrimiento o descifrado de claves secretas o encriptadas, utilización de tarjetas magnéticas o perforadas, utilización de controles o instrumentos de apertura a distancia, o violación de seguridades electrónicas, informáticas u otras semejantes.

Artículo 191.- Reprogramación o modificación de información de equipos terminales móviles.-

La persona que reprograme o modifique la información de identificación de los equipos terminales móviles, será sancionada con pena privativa de libertad de uno a tres años.

Artículo 192.- Intercambio, comercialización o compra de información de equipos terminales móviles.-

La persona que intercambie, comercialice o compre bases de datos que contengan información de identificación de equipos terminales móviles, será sancionada con pena privativa de libertad de uno a tres años.

Artículo 193.- Reemplazo de identificación de terminales móviles.-

La persona que reemplace las etiquetas de fabricación de los terminales móviles que contienen información de identificación de dichos equipos y coloque en su lugar otras etiquetas con información de identificación falsa o diferente a la original, será sancionada con pena privativa de libertad de uno a tres años.

Artículo 194.- Comercialización ilícita de terminales móviles.-

La persona que comercialice terminales móviles con violación de las disposiciones y procedimientos previstos en la normativa emitida por la autoridad competente de telecomunicaciones, será sancionada con pena privativa de libertad de uno a tres años.

Artículo 195.- Infraestructura ilícita.-

La persona que posea infraestructura, programas, equipos, bases de datos o etiquetas que permitan reprogramar, modificar o alterar la información de identificación de un equipo terminal móvil, será sancionada con pena privativa de libertad de uno a tres años.

No constituye delito, la apertura de bandas para operación de los equipos terminales móviles.

SECCIÓN UNDÉCIMA.- Delitos contra la migración

CAPÍTULO TERCERO.- DELITOS CONTRA LOS DERECHOS DEL BUEN VIVIR

SECCIÓN PRIMERA.- Delitos contra el derecho a la salud

SECCIÓN SEGUNDA.- Delitos por la producción o tráfico ilícito de sustancias catalogadas sujetas a fiscalización

SECCIÓN TERCERA.- Delitos contra la seguridad de los activos de los sistemas de información y comunicación

Artículo 229.- Revelación ilegal de base de datos.-

La persona que, en provecho propio o de un tercero, revele información registrada, contenida en ficheros, archivos, bases de datos o medios semejantes, a través o dirigidas a un sistema electrónico, informático, telemático o de telecomunicaciones; materializando voluntaria e intencionalmente la violación del secreto, la intimidad y la privacidad de las personas, será sancionada con pena privativa de libertad de uno a tres años.

Si esta conducta se comete por una o un servidor público, empleadas o empleados bancarios internos o de instituciones de la economía popular y solidaria que realicen intermediación financiera o contratistas, será sancionada con pena privativa de libertad de tres a cinco años.

Artículo 230.- Interceptación ilegal de datos.-

Será sancionada con pena privativa de libertad de tres a cinco años:

La persona que sin orden judicial previa, en provecho propio o de un tercero, intercepte, escuche, desvíe, grabe u observe, en cualquier forma un dato informático en su origen, destino o en el interior de un sistema informático, una señal o una transmisión de datos o señales con la finalidad de obtener información registrada o disponible.

La persona que diseñe, desarrolle, venda, ejecute, programe o envíe mensajes, certificados de seguridad o páginas electrónicas, enlaces o ventanas emergentes o modifique el sistema de resolución de nombres de dominio de un servicio financiero o pago electrónico u otro sitio personal o de confianza, de tal manera que induzca a una persona a ingresar a una dirección o sitio de internet diferente a la que quiere acceder.

La persona que a través de cualquier medio copie, clone o comercialice información contenida en las bandas magnéticas, chips u otro dispositivo electrónico que esté soportada en las tarjetas de crédito, débito, pago o similares.

La persona que produzca, fabrique, distribuya, posea o facilite materiales, dispositivos electrónicos o sistemas informáticos destinados a la comisión del delito descrito en el inciso anterior.

Artículo 231.- Transferencia electrónica de activo patrimonial.-

La persona que, con ánimo de lucro, altere, manipule o modifique el funcionamiento de programa o sistema informático o telemático o mensaje de datos, para procurarse la transferencia o apropiación no consentida de un activo patrimonial de otra persona en perjuicio de esta o de un tercero, será sancionada con pena privativa de libertad de tres a cinco años.

Con igual pena, será sancionada la persona que facilite o proporcione datos de su cuenta bancaria con la intención de obtener, recibir o captar de forma ilegítima un activo patrimonial a través de una transferencia electrónica producto de este delito para sí mismo o para otra persona.

Artículo 232.- Ataque a la integridad de sistemas informáticos.-

La persona que destruya, dañe, borre, deteriore, altere, suspenda, trabe, cause mal funcionamiento, comportamiento no deseado o suprima datos informáticos, mensajes de correo electrónico, de sistemas de tratamiento de información, telemático o de telecomunicaciones a todo o partes de sus componentes lógicos que lo rigen, será sancionada con pena privativa de libertad de tres a cinco años.

Con igual pena será sancionada la persona que:

Diseñe, desarrolle, programe, adquiera, envíe, introduzca, ejecute, venda o distribuya de cualquier manera, dispositivos o programas informáticos maliciosos o programas destinados a causar los efectos señalados en el primer inciso de este artículo.

Destruya o altere sin la autorización de su titular, la infraestructura tecnológica necesaria para la transmisión, recepción o procesamiento de información en general.

Si la infracción se comete sobre bienes informáticos destinados a la prestación de un servicio público o vinculado con la seguridad ciudadana, la pena será de cinco a siete años de privación de libertad.

Artículo 233.- Delitos contra la información pública reservada legalmente.-

La persona que destruya o inutilice información clasificada de conformidad con la Ley, será sancionada con pena privativa de libertad de cinco a siete años.

La o el servidor público que, utilizando cualquier medio electrónico o informático, obtenga este tipo de información, será sancionado con pena privativa de libertad de tres a cinco años.

Cuando se trate de información reservada, cuya revelación pueda comprometer gravemente la seguridad del Estado, la o el servidor público encargado de la custodia o utilización legítima de la información que sin la autorización correspondiente revele dicha información, será sancionado con pena privativa de libertad de siete a diez años y la inhabilitación para ejercer un cargo o función pública por seis meses, siempre que no se configure otra infracción de mayor gravedad.

Artículo 234.- Acceso no consentido a un sistema informático, telemático o de telecomunicaciones.-

La persona que sin autorización acceda en todo o en parte a un sistema informático o sistema telemático o de telecomunicaciones o se mantenga dentro del mismo en contra de la voluntad de quien tenga el legítimo derecho, para explotar ilegítimamente el acceso logrado, modificar un portal web, desviar o redireccionar de tráfico de datos o voz u ofrecer servicios que estos sistemas proveen a terceros, sin pagarlos a los proveedores de servicios legítimos, será sancionada con la pena privativa de la libertad de tres a cinco años.

SECCIÓN CUARTA.- Delitos contra los derechos de los consumidores, usuarios y otros agentes del mercado

…

26Feb/17

Decreto 2573 de 12 de diciembre de 2014

26 febrero, 2017Colombia, DecretoDecreto 2573 de 12 de diciembre de 2014, lineamientos generales de la Estrategia de Gobierno en línea, Reglamenta parcialmente la Ley 1341 de 2009José Cuervo

Decreto 2573 de 12 de diciembre de 2014, por el cual se establecen los lineamientos generales de la Estrategia de Gobierno en línea, se reglamenta parcialmente la Ley 1341 de 2009 y se dictan otras disposiciones (Publicado en el Diario Oficial 49363 de diciembre 12 de 2014).

EL PRESIDENTE DE LA REPÚBLICA DE COLOMBIA,

en ejercicio de sus facultades constitucionales y legales, en especial las que le confiere el numeral 11 del artículo 189 de la Constitución Política, el artículo 14 de la Ley 790 del 2002, el numeral 4 del artículo 1 de la Ley 962 de 2005 y los numerales 4 y 8 del artículo 2 y el parágrafo 1 del artículo 5 de la Ley 1341 de 2009, y,

CONSIDERANDO:

Que la Constitución Política, en su artículo 113 señala que los diferentes órganos del Estado tienen funciones separadas pero colaboran armónicamente para la realización de sus funciones;

Que el documento CONPES 3650 del 15 de marzo de 2010 declara de importancia estructural la implementación de la Estrategia de Gobierno en línea en Colombia y exhorta al Ministerio de Tecnologías de la Información y las Comunicaciones, con el apoyo del Departamento Nacional de Planeación, a formular los lineamientos de política que contribuyan a la sostenibilidad de la Estrategia de Gobierno en línea;

Que el documento CONPES 3785 del 9 de diciembre de 2013 enmarca los lineamientos de la Política Nacional de Eficiencia Administrativa al Servicio del Ciudadano y adopta el modelo de Gestión Pública Eficiente, dirigido a mejorar la calidad de la gestión, como la prestación de los servicios provistos por las entidades de la Administración Pública.

Que la Ley 1341 de 2009 estableció el marco general del sector de las Tecnologías de la Información y las Comunicaciones, incorporando principios, conceptos y competencias sobre su organización y desarrollo e igualmente señaló que las Tecnologías de la Información y las Comunicaciones deben servir al interés general y, por tanto, es deber del Estado promover su acceso eficiente y en igualdad de oportunidades a todos los habitantes del territorio nacional;

Que así mismo, la anotada Ley determinó que es función del Estado intervenir en el sector de las TIC con el fin de promover condiciones de seguridad del servicio al usuario final, incentivar acciones preventivas y de seguridad informática y de redes para el desarrollo de dicho sector;

Que el Decreto-ley 019 de 2012, por el cual se dictan normas para suprimir o reformar regulaciones, procedimientos y trámites innecesarios existentes en la Administración Pública, hace referencia al uso de medios electrónicos como elemento necesario en la optimización de los trámites ante la Administración Pública y establece en el artículo 4° que las autoridades deben incentivar el uso de las tecnologías de la información y las comunicaciones a efectos de que los procesos administrativos se adelanten con diligencia, dentro de los términos legales y sin dilaciones injustificadas;

Que de igual manera, el artículo 38 del Decreto-ley 019 de 2012 establece que la formulación de la política de racionalización de trámites estará a cargo del Departamento Administrativo de la Función Pública con el apoyo del Departamento Administrativo de la Presidencia de la República y del Ministerio de Tecnologías de la Información y las Comunicaciones;

Que el Decreto número 2482 de 2012, en su artículo 3°, establece los lineamientos generales para la integración de la planeación y la gestión e indica que para el desarrollo de las políticas de Desarrollo Administrativo se deberá tener en cuenta la Estrategia de Gobierno en Línea que formula el Ministerio de Tecnologías de Información y Comunicaciones;

Que en el mismo decreto se contempla la Gestión de tecnologías de información y Comunicaciones, dentro de la política de eficiencia administrativa;

Que el Decreto número 2618 de 2012 modificó la estructura del Ministerio de Tecnologías de la Información y las Comunicaciones creando el Viceministerio de Tecnologías y Sistemas de la Información, como dinamizador en el país de las Tecnologías de la Información y las Comunicaciones (TIC), contemplando dentro de sus funciones la de formular, coordinar y hacer seguimiento a la implementación de políticas públicas para el uso, acceso y administración de la infraestructura tecnológica que soporta la información del Estado; definir la arquitectura tecnológica de los sistemas de información del Estado, incluyendo estándares de interoperabilidad, de privacidad, de seguridad y de construcción o parametrización de aplicaciones; y liderar el diseño y la adopción de políticas, planes y proyectos para promover y masificar el Gobierno en Línea coordinando acciones con las instancias pertinentes;

Que el Ministerio de Tecnologías de la Información y las Comunicaciones, con base en la evaluación de los avances en la implementación de la estrategia por parte de las entidades del orden nacional y territorial, concluyó que se hace necesario que las entidades fortalezcan el modelo para la gestión de las tecnologías de la información y la interoperabilidad;

Que Colombia aceptó las recomendaciones de la Organización para la Cooperación y el Desarrollo Económico (OCDE) en Estrategias de Gobierno Digital, que insta a los gobiernos a adoptar enfoques más estratégicos para un uso de la tecnología que los impulse a ser más abiertos, participativos e innovadores, a través de acciones tales como el diseño de lineamientos para permitir, orientar y fomentar el uso y re-uso de la información pública, aumentar la apertura y la transparencia, incentivar la participación del público en la elaboración de políticas, proporcionar datos oficiales oportunos y confiables, y gestionar los riesgos de uso indebido de datos, así como aumentar la disponibilidad de los datos en formatos abiertos;

Que Colombia suscribió la Alianza para el Gobierno Abierto declarando su compromiso de realizar acciones para el aprovechamiento de las tecnologías, facilitando mayor apertura en el gobierno, mejorando la prestación de los servicios y la participación ciudadana en los asuntos públicos, y promoviendo la innovación y la creación de comunidades más seguras con el propósito de que el gobierno sea más transparente, sensible, responsable y eficaz;

Que de acuerdo con lo anterior es necesario complementar los lineamientos de la estrategia de Gobierno en Línea, especialmente en temas de seguridad, privacidad, gestión de tecnologías de información e interoperabilidad, de tal manera que se avance integralmente en la provisión de servicios electrónicos de alta calidad para los ciudadanos;

Que para facilitar y fomentar el avance, seguimiento y la calidad en la implementación de la estrategia de gobierno en línea se hace necesario incorporar nuevos instrumentos;

Que en virtud de lo expuesto,

DECRETA:

TÍTULO I.- OBJETO, ÁMBITO DE APLICACIÓN, DEFINICIONES, PRINCIPIOS Y FUNDAMENTOS

Artículo 1°.- Objeto. Definir los lineamientos, instrumentos y plazos de la estrategia de Gobierno en Línea para garantizar el máximo aprovechamiento de las Tecnologías de la Información y las Comunicaciones, con el fin de contribuir con la construcción de un Estado abierto, más eficiente, más transparente y más participativo y que preste mejores servicios con la colaboración de toda la sociedad.

Artículo 2°.- Ámbito de aplicación. Serán sujetos obligados de las disposiciones contenidas en el presente Decreto las entidades que conforman la Administración Pública en los términos del artículo 39 de la Ley 489 de 1998 y los particulares que cumplen funciones administrativas.

Parágrafo. La implementación de la estrategia de Gobierno en Línea en las Ramas Legislativa y Judicial, en los órganos de control, en los autónomos e independientes y demás organismos del Estado, se realizará bajo un esquema de coordinación y colaboración armónica en aplicación de los principios señalados en el artículo 209 de la Constitución Política.

Artículo 3°.- Definiciones. Para la interpretación del presente decreto, las expresiones aquí utilizadas deben ser entendidas con el significado que a continuación se indica:

Arquitectura Empresarial: Es una práctica estratégica que consiste en analizar integralmente las entidades desde diferentes perspectivas o dimensiones, con el propósito de obtener, evaluar y diagnosticar su estado actual y establecer la transformación necesaria. El objetivo es generar valor a través de las Tecnologías de la Información para que se ayude a materializar la visión de la entidad.

Marco de Referencia de Arquitectura Empresarial para la gestión de Tecnologías de la Información: Es un modelo de referencia puesto a disposición de las instituciones del Estado colombiano para ser utilizado como orientador estratégico de las arquitecturas empresariales, tanto sectoriales como institucionales. El marco establece la estructura conceptual, define lineamientos, incorpora mejores prácticas y orienta la implementación para lograr una administración pública más eficiente, coordinada y transparente, a través del fortalecimiento de la gestión de las Tecnologías de la Información.

Artículo 4°.- Principios y fundamentos de la Estrategia de Gobierno en Línea. La Estrategia de Gobierno en Línea se desarrollará conforme a los principios del debido proceso, igualdad, imparcialidad, buena fe, moralidad, participación, responsabilidad, transparencia, publicidad, coordinación, eficacia, economía y celeridad consagrados en los artículos 209 de la Constitución Política, 3° de la Ley 489 de 1998 y 3° de la Ley 1437 de 2011.

Así mismo, serán fundamentos de la Estrategia los siguientes:

Excelencia en el servicio al ciudadano: Propender por el fin superior de fortalecer la relación de los ciudadanos con el Estado a partir de la adecuada atención y provisión de los servicios, buscando la optimización en el uso de los recursos, teniendo en cuenta el modelo de Gestión Pública Eficiente al Servicio del Ciudadano y los principios orientadores de la Política Nacional de Eficiencia Administrativa al Servicio del Ciudadano.

Apertura y reutilización de datos públicos: Abrir los datos públicos para impulsar la participación, el control social y la generación de valor agregado.

Estandarización: Facilitar la evolución de la gestión de TI del Estado colombiano hacia un modelo estandarizado que aplica el marco de referencia de arquitectura empresarial para la gestión de TI.

Interoperabilidad: Fortalecer el intercambio de información entre entidades y sectores.

Neutralidad tecnológica: Garantizar la libre adopción de tecnologías, teniendo en cuenta recomendaciones, conceptos y normativas de los organismos internacionales competentes e idóneos en la materia, que permitan fomentar la eficiente prestación de servicios, emplear contenidos y aplicaciones que usen Tecnologías de la Información y las Comunicaciones, así como garantizar la libre y leal competencia, y que su adopción sea armónica con el desarrollo ambiental sostenible.

Innovación: Desarrollar nuevas formas de usar las Tecnologías de la Información y las Comunicaciones para producir cambios que generen nuevo y mayor valor público.

Colaboración: Implementar soluciones específicas para problemas públicos, mediante el estímulo y aprovechamiento del interés y conocimiento de la sociedad, al igual que un esfuerzo conjunto dentro de las propias entidades públicas y sus servidores.

TÍTULO II.- COMPONENTES, INSTRUMENTOS Y RESPONSABLES

Artículo 5°.- Componentes. Los fundamentos de la Estrategia serán desarrollados a través de 4 componentes que facilitarán la masificación de la oferta y la demanda del Gobierno en Línea.

1. TIC para Servicios. Comprende la provisión de trámites y servicios a través de medios electrónicos, enfocados a dar solución a las principales necesidades y demandas de los ciudadanos y empresas, en condiciones de calidad, facilidad de uso y mejoramiento continuo.

2. TIC para el Gobierno abierto. Comprende las actividades encaminadas a fomentar la construcción de un Estado más transparente, participativo y colaborativo involucrando a los diferentes actores en los asuntos públicos mediante el uso de las Tecnologías de la Información y las Comunicaciones.

3. TIC para la Gestión. Comprende la planeación y gestión tecnológica, la mejora de procesos internos y el intercambio de información. Igualmente, la gestión y aprovechamiento de la información para el análisis, toma de decisiones y el mejoramiento permanente, con un enfoque integral para una respuesta articulada de gobierno y para hacer más eficaz la gestión administrativa entre instituciones de Gobierno.

4. Seguridad y privacidad de la Información. Comprende las acciones transversales a los demás componentes enunciados, tendientes a proteger la información y los sistemas de información, del acceso, uso, divulgación, interrupción o destrucción no autorizada.

Parágrafo 1°.- TIC para el gobierno abierto comprende algunos de los aspectos que hacen parte de Alianza para el Gobierno Abierto pero no los cobija en su totalidad.

Artículo 6°.- Instrumentos. Los instrumentos para la implementación de la estrategia de Gobierno en Línea serán los siguientes:

Manual de Gobierno en Línea. Define las acciones que corresponde ejecutar a las entidades del orden nacional y territorial respectivamente.

Marco de referencia de arquitectura empresarial para la gestión de Tecnologías de la Información. Establece los aspectos que los sujetos obligados deberán adoptar para dar cumplimiento a las acciones definidas en el Manual de Gobierno en Línea.

Parágrafo 1°.- Los instrumentos podrán ser actualizados periódicamente cuando así lo determine el Ministerio de las Tecnologías de la Información y Comunicaciones.

Parágrafo 2°.- La estrategia de Gobierno en Línea será liderada por el Ministerio de Tecnologías de la Información y Comunicaciones y articulada con las demás entidades cuando se relacionen con las funciones misionales que tengan a su cargo.

Artículo 7°.- Responsable de coordinar la implementación de la Estrategia de Gobierno en Línea en los sujetos obligados. El representante legal de cada sujeto obligado, será el responsable de coordinar, hacer seguimiento y verificación de la implementación y desarrollo de la Estrategia de Gobierno en Línea.

Artículo 8°.- Responsable de orientar la implementación de la Estrategia de Gobierno en Línea. En las entidades del orden nacional, el Comité Institucional de Desarrollo Administrativo de que trata el artículo 6° del Decreto número 2482 de 2012 será la instancia orientadora de la implementación de la Estrategia de Gobierno en Línea al interior de cada entidad. Los sujetos obligados deberán incluir la estrategia de Gobierno en Línea de forma transversal dentro de sus planes estratégicos sectoriales e institucionales, y anualmente dentro de los planes de acción de acuerdo con el Modelo Integrado de Planeación y Gestión de que trata el Decreto número 2482 de 2012 o las normas que lo modifiquen, adicionen o sustituyan. En estos documentos se deben definir las actividades, responsables, metas y recursos presupuestales que les permitan dar cumplimiento a los lineamientos que se establecen.

En las entidades del orden territorial y demás sujetos obligados, la instancia orientadora de la implementación de la Estrategia de Gobierno en Línea será el Consejo de Gobierno o en su defecto el Comité Directivo o la instancia que haga sus veces. En caso que no existan estas instancias en el sujeto obligado, será la instancia o dependencia de mayor nivel jerárquico de la entidad.

En las materias relacionadas con trámites adelantados por medios electrónicos, la instancia orientadora deberá articularse con el Comité Antitrámites o con el responsable de esta materia al interior de los sujetos obligados.

TÍTULO III.- MEDICIÓN, MONITOREO Y PLAZOS

Artículo 9°.- Medición y monitoreo. El Ministerio de Tecnologías de la Información y las Comunicaciones, a través de la Dirección de Gobierno en Línea y de la Dirección de Estándares y Arquitectura de Tecnologías de la Información, diseñará el modelo de monitoreo que permita medir el avance en las acciones definidas en el Manual de Gobierno en Línea que corresponda cumplir a los sujetos obligados, los cuales deberán suministrar la información que les sea requerida.

En el caso de las entidades y organismos de la Rama Ejecutiva del Poder Público del Orden Nacional, la información será suministrada en el Formulario Único de Reporte de Avance en la Gestión (FURAG) o el que haga sus veces, de acuerdo con lo señalado en el Decreto número 2482 de 2012.

Artículo 10.- Plazos. Los sujetos obligados deberán implementar las actividades establecidas en el Manual de Gobierno en Línea dentro de los siguientes plazos:

1. Sujetos obligados del Orden Nacional

COMPONENTE/AÑO	2015	2016	2017	2018	2019	2020
TIC para servicios	90%	100%	Mantener 100%	Mantener 100%	Mantener 100%	Mantener 100%
TIC para el Gobierno Abierto	90%	100%	Mantener 100%	Mantener 100%	Mantener 100%	Mantener 100%
TIC para la Gestión	25%	50%	80%	100%	Mantener 100%	Mantener 100%
Seguridad y privacidad de la Información	40%	60%	80%	100%	Mantener 100%	Mantener 100%

2. Sujetos obligados del Orden Territorial

A. Gobernaciones de categoría Especial y Primera; alcaldías de categoría Especial, y demás sujetos obligados de la Administración Pública en el mismo nivel.

B. Gobernaciones de categoría segunda, tercera y cuarta; alcaldías de categoría primera, segunda y tercera y demás sujetos obligados de la Administración Pública en el mismo nivel.

C. Alcaldías de categoría cuarta, quinta y sexta, y demás sujetos obligados la Administración Pública en el mismo nivel.

Para las entidades agrupadas en A, B y C los plazos serán los siguientes:

Parágrafo.- Las obligaciones a cargo de los sujetos obligados indicadas en la Ley 1712 de 2014 que sean incorporadas en los componentes, contarán con los plazos de cumplimiento señalados en dicha ley.

TÍTULO IV.- MAPA DE RUTA, SELLO DE EXCELENCIA GOBIERNO EN LÍNEA EN COLOMBIA Y PLAZOS

Artículo 11.- Mapa de ruta de Gobierno en Línea. El Ministerio de Tecnologías de la Información y las Comunicaciones, definirá un mapa de ruta que contendrá:

1.- Servicios y trámites priorizados para ser dispuestos en línea.

2.- Proyectos de mejoramiento para la gestión institucional e interinstitucional con el uso de medios electrónicos, que los sujetos obligados deberán implementar.

3.- Las demás acciones que requieran priorizarse para masificar la oferta y la demanda de Gobierno en Línea con base en lo señalado en los componentes de que trata el presente decreto.

Dicho mapa se publicará dentro de los seis (6) meses siguientes a la expedición del presente decreto y podrá ser actualizado periódicamente.

Parágrafo. La priorización de trámites y servicios que se incluyan en el mapa de ruta se hará en coordinación con el Departamento Administrativo de la Función Pública y el Departamento Nacional de Planeación, de acuerdo a sus competencias.

Artículo 12.- Sello de excelencia Gobierno en Línea en Colombia. Los sujetos obligados deberán adoptar la marca o sello de excelencia Gobierno en Línea en Colombia en los niveles y plazos señalados en el artículo 13, de conformidad con el modelo de certificación y el mapa de ruta que defina el Ministerio de las Tecnologías de la Información y las Comunicaciones a través de la Estrategia de Gobierno en Línea.

Dicho modelo permitirá acreditar la alta calidad de los productos y servicios de los sujetos obligados, de manera que su cumplimiento les otorgue el derecho al uso de la marca correspondiente.

Artículo 13.- Plazos para adoptar la marca o sello de excelencia Gobierno en Línea en Colombia. Los sujetos obligados deberán adoptar la marca correspondiente en los siguientes plazos:

1. Sujetos obligados del Orden Nacional

CERTIFICACIONES/AÑO	2015	2016	2017	2018	2019	2020
TIC para Servicios		Nivel 1 según mapa de ruta	Nivel 2 según mapa de ruta	Nivel 3 según mapa de ruta	Mantener según mapa de ruta.	Mantener según mapa de ruta
TIC para el Gobierno abierto		Nivel 1 según mapa de ruta	Nivel 2 según mapa de ruta	Nivel 3 según mapa de ruta	Mantener según mapa de ruta.	Mantener según mapa de ruta
TIC para la Gestión			Nivel 1 según mapa de ruta	Nivel 2 según mapa de ruta	Nivel 3 según mapa de ruta	Mantener según mapa de ruta.

2.- Sujetos obligados en el orden territorial

A. Para Gobernaciones de categoría Especial y Primera; alcaldías de categoría Especial y demás sujetos obligados de la Administración Pública en el mismo nivel.

B. Para Gobernaciones de categoría segunda, tercera y cuarta; alcaldías de categoría primera, segunda y tercera, demás sujetos obligados de la Administración Pública en el mismo nivel.

C. Para Alcaldías de categoría cuarta, quinta y sexta y demás sujetos obligados de la Administración Pública en el mismo nivel.

Para las entidades agrupadas en A, B y C los plazos serán los siguientes:

Artículo 14.- Vigencia y derogatorias. El presente decreto rige a partir del 1° de enero de 2015 y deroga el Decreto número 2693 de 2012.

Publíquese y cúmplase.

Dado en Bogotá, D. C., a 12 de diciembre de 2014.

JUAN MANUEL SANTOS CALDERÓN

El Ministro del Interior,

Juan Fernando Cristo Bustos.

El Ministro de Tecnologías de la Información y las Comunicaciones,

Diego Molano Vega.

El Director General del Departamento Nacional de Planeación,

Simón Gaviria Muñoz.

La Directora del Departamento Administrativo de la Función Pública,

Liliana Caballero Durán.

02Ene/17

Municipalidad de Cartago, 3 de agosto de 2016

2 enero, 2017Municipalidad de Cartago, Reglamento3 agosto 2016., Municipalidad Cartago, Reglamento Privacidad Protección de Datos, Sitio Web Oficina Intermediación Empleo Municipalidad CartagoJosé Cuervo

Municipalidad de Cartago, 3 de agosto de 2016. Reglamento de Privacidad y Protección de Datos del Sitio Web Oficina de Intermediación de Empleo de la Municipalidad de Cartago.

La Municipalidad de Cartago avisa que el Concejo Municipal de Cartago en su sesión del 3 de agosto del 2016, en el artículo XIV del acta n° 21-2016, se acordó por unanimidad la aprobación definitiva del “Reglamento de Privacidad y Protección de Datos del Sitio Web Oficina de Intermediación de Empleo de la Municipalidad de Cartago”, el cual dice:

“REGLAMENTO DE PRIVACIDAD Y PROTECCIÓN DE

DATOS DEL SITIO WEB OFICINA DE

INTERMEDIACIÓN DE EMPLEO

DE LA MUNICIPALIDAD

DE CARTAGO”

Artículo 1°.- Privacidad y protección de datos.

El presente reglamento regula el tratamiento que se dará a la información recibida en el acceso y el uso de los servicios del sitio web www. muni-carta-go.cr, Oficina de Intermediación de Empleo, que la Municipalidad de Cartago (en adelante “la Municipalidad”) pone de forma gratuita a disposición de los usuarios interesados en los servicios y contenidos del sitio web (en adelante el sitio).
Artículo 2°.- Sitio web de la Oficina de Intermediación Laboral.

El Sitio Web es una herramienta que será utilizada para relacionar la oferta y demanda de trabajo, brindando información, orientación para el empleo.

Por este medio los interesados en obtener trabajo, trabajadores activos que necesiten un cambio de empleo podrán registrarse completando el formulario y cuando el Contratante solicite a esta oficina postulantes que cumplan con el perfil solicitado se enviaran sus datos (nombre, cédula de identidad, números telefónicos) para que sean contactados.

Artículo 3°.- Oficina de intermediación laboral.

Es la oficina responsable de la Administración de este Sitio Web y es la oficina encargada de relacionar la oferta y demanda de trabajo, brindando información, orientación para el empleo y capacitación de forma gratuita.

A la vez es una vía de información y acceso a diversos programas sociales que ejecuta el Estado, tendientes a aumentar el empleo en el cantón.

Artículo 4°.- Usuario del Sitio Web.

Será Usuario del Sitio Web aquella persona interesada en forma voluntaria en participar en el mismo como oferente y siempre y cuando sea habitante del Cantón Central de Cartago. A estos efectos la municipalidad verificará esa condición mediante la Base de Datos Pública del Tribunal Supremo de Elecciones o Registro Civil. Si el usuario del Sitio considera que la información que se encuentra en la Base del Tribunal Supremo de Elecciones o Registro Civil está desactualizada, deberá realizar la actualización de residencia en el Registro o en su defecto, apersonarse a la Oficina de Intermediación Laboral y demostrar el traslado para su actualización de datos.

Artículo 5°-Datos recogidos.

Si el Usuario se registra en el Sitio Web se le solicitarán datos de carácter personal mediante el registro en un formulario, el cual expresamente requerirá su consentimiento para los fines detallados en el punto 5 y 6. Los datos solicitados son los estrictamente necesarios para la consecución de la finalidad del Sitio Web, y serán guardados y procesados exclusivamente con dicho objeto y siempre dentro del marco normativo establecido.

Los datos personales del particular incluyen nombre, dirección, dirección de correo electrónico, historial de formación y trabajos. Los campos marcados con un asterisco (*) en el formulario de registro deben completarse de forma obligatoria ya que son imprescindibles para atender a su petición.

Adicionalmente recogemos las respuestas del Usuario y los resultados de evaluaciones y valoraciones de empleabilidad realizados en distintos puntos del Sitio, además de información agregada (no identificable individualmente) que nos da un mejor conocimiento de los usuarios de nuestra web en su conjunto y nos ayuda a ofrecerles un mejor servicio. Los datos ingresados por el usuario se encontrarán en nuestra Base de Datos por el periodo de un año.

Artículo 6°-Finalidad.

La municipalidad recoge datos personales de los Usuarios con la finalidad de facilitar el contacto entre demandantes de trabajo y empleadores, y de ofrecer herramientas y servicios que apoyan los procesos de búsqueda, incluyendo el envío a través del email de ofertas y promociones de servicios de formación u otros productos relacionados que, atendiendo al perfil del Usuario, el Sitio considere pueden ser de su interés.

También se recogen datos agregados de los Usuarios con el fin de realizar análisis estadísticos de uso interno de la municipalidad, que permiten analizar y mejorar el funcionamiento de los servicios y del sitio.

Artículo 7°-Consentimiento del usuario.

Con el consentimiento expreso del usuario, se dará tratamiento automatizado de los datos personales facilitados, así como al envío de comunicaciones vía electrónica con información relacionada con la Municipalidad y sus iniciativas. Durante el proceso de registro, el Usuario determina su configuración del nivel de privacidad. El Usuario consiente que sus datos sean cedidos terceros en cumplimiento de las funcionalidades del Sitio, a menos que haya optado por otra configuración de privacidad. A estos efectos se entiende por terceros “aquellos usuarios o entidades que deseen contactar con el usuario” en relación a los procesos de reclutamiento a través de la Oficina de Intermediación Laboral de la Municipalidad, donde solamente se les remitirá, nombre, cédula y número de teléfono o celular.

El usuario que se registra (tanto particular como profesional) manifiesta su conocimiento y por tanto, consiente expresamente, que sus datos y el contenido que facilite a la Municipalidad serán accesibles a terceros. A estos efectos dicha información no será visible en los buscadores de Internet ni publicados en la Web, sino que únicamente se facilitará la información necesaria a terceros.

Artículo 8°-Seguridad.

La municipalidad ha adoptado las medidas de índole técnica y organizativas legalmente establecidas para garantizar la seguridad de los datos de carácter personal y evitar su alteración, pérdida, tratamiento o acceso no autorizado, habida cuenta del estado de la tecnología, la naturaleza de los datos almacenados y los riesgos a que estén expuestos.

Artículo 9°-Configuración de cookies.

El sitio utiliza cookies para mejorar la experiencia de navegación del usuario.

Cookies estrictamente necesarias: estas cookies son esenciales para el correcto funcionamiento de los servicios esperados por el usuario, y para evitar mostrar ciertas páginas informativas que el usuario ha decidido obviar. Sin estas cookies, el usuario percibiría que el servicio solicitado no funciona correctamente.

Artículo 10.-Derecho de Acceso, Rectificación, Oposición y Cancelación de Datos.

El usuario solamente podrá tener acceso a su información de forma presencial en la Oficina de Intermediación de Empleo ya sea para el fin de actualizar, agregar o eliminar datos y si así lo requiere de solicitar la exclusión de la base de datos por medio de una solicitud escrita.

Artículo 11.-Modificación de la Política de Privacidad y Protección de Datos.

La municipalidad se reserva el derecho a modificar la presente política para adaptarla a futuras novedades legislativas, jurisprudenciales o exigidas por la Agencia de Protección de Datos. Cualquier cambio que no se derive de la adaptación a los cambios legislativos, jurisprudenciales o de la Agencia de Protección de Datos será publicitada en el propio Sitio o, si es significativo, comunicado por email a los Usuarios y en el Diario Oficial La Gaceta.

Artículo 12.-

El presente Reglamento institucional está sometido en un todo a la Ley n° 8968 “Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales” y su Reglamento.

Rige a partir de su publicación.

Author: José Cuervo

Preamble

Title I.- Basic Principles

Chapter I.- Political Principles

Chapter II.- Economic Principles

Chapter III.- Social Principles

Chapter IV.- Educational and Cultural Principles

Title II.- Rights, Freedoms and the Rule of Law

Chapter I.- Rights and Freedoms

Chapter II.- The Rule of Law

Title III.- State Authorities

Chapter I.- Legislative Authority

Chapter Two.- The Executive Authority

Chapter III.- The Judicial Authority

Title Four.- The Supreme Constitutional Court

Title Five.- Amending the Constitution

Title Six.- General and Transitional Provisions

ISSN 1989-5852 Título clave: Revista informática jurídica Tít. abreviado: Rev. inform. jurid.

Introducción

Albizu Ortiz, Rayda L.

Almodóvar Pérez, Evelyn Judith

Avilés, Jeanevy

Barbosa Garriga, Teremari

Calbetó Vaillant, María

Casí Ladrón de Guevara, Yosvanys

Corchado López, Iliana

Correa Colón, Danishia

Cruz Cobián, Lorraine de la

De la Cruz Leyva, Viana

De la Cruz Moreno, César Miguel

Díaz-Cáceres, Vivian E.

Estrada Jiménez, Pedro Manuel

Fonseca Hernández, Juan Antonio

Gil, Anabelle

Hechavarria Derronselet, Yoendrís

Hernández Zamora, Cecilia Rosa

Jiménez, Yoileana

León Fonseca, Marcos Antonio

Leyva Regalon, José A.

López Álvarez, Lesbia

Mayoral Céspedes, Irisleydis

Morales Delgado, Irma

Muñiz Maldonado, Noralys

Negrón, Carlos M.

Ocasio Otero, María M.

Ortiz Mussenden, Rubén

Pompa Rodríguez, Lisandra

Rodríguez Cabrera, Julio

Rosales Arévalo, Evelio

Sánchez, Ramón

Santiago Gómez, Hector L.

Santisteban García, Rolando Bairon

Sasso Borges, Cedrid P.

Silva Del Rosario, Yamila

Sosa Gierbolini, Raquel

Torres Báez, Josúe

Torres Huertas, Gianina

Torres Manso, Wilma

Vázquez Guerrero, Iluminado Agustín

Velázquez Ballester, Rodolfo Villar

Velázquez Lominchar, Arlin

ISSN 1989-5852
Título clave: Revista informática jurídica
Tít. abreviado: Rev. inform. jurid.