Data Advocacy for Portugal
Portuguese Data Protection Law – Law nº. 67/98, of October 26th – was enacted pursuant to Directive 95/46/EC.
Law Applicable
Law 67/98 of October 26, 1998 on the Protection of Personal Data (Data Protection Law – “DPL”), which enacted Directive 95/46/EC, is available in English at http://www.cnpd.pt/english/bin/legislation/Law6798EN.HTM).
Data protection rules may also be found in the following laws:
Constitution of the Portuguese Republic (available in English at http://www.cnpd.pt/english/bin/legislation/article_35.HTM);
Law 12/2005 of January 26, 2005 on Genetic and Health Information (available at http://www.cnpd.pt/bin/legis/nacional/Lei12-2005.pdf) regulated by Decree-Law 131/2014 of August 29, 2014;
Law 41/2004 of August 18, 2004 on the processing of Personal Data and the protection of privacy in the electronic communications sector, as modified by the Law 46/2014 of August 29, 2014 (available in English at http://www.anacom.pt/render.jsp?contentId=976164#.V7W7IVQrKUk);
Law 32/2008 of July 17, 2008, which enacted Directive 2006/24/EC (Data Retention Directive –available in English at http://www.anacom.pt/render.jsp?contentId=976199#.V7W7clQrKUk);
Portuguese Labour Code, in particular Articles 16 to 22 (only available in Portuguese at http://www.pgdlisboa.pt/leis/lei_mostra_articulado.php?nid=1047&tabela= leis);
Law 109/2009 of September 15, 2009 on Cybercrime (available in English at http://www.anacom.pt/render.jsp?contentId=985560#.V8cbxFQrKUk);
Law 34/2013 of May 16, 2013, regulated by Administrative Rule 273/2013 of August 20, 2013 (only available in Portuguese at http://www.cnpd.pt/bin/legis/nacional/Lei_34_2013_Seguranca_privada.p df) regarding surveillance cameras;
Law 1/2005 of January 10, 2005, as modified by the Law 9/2012 of February 23, 2012, and regulated by Decree-Law 207/2005 of November 29, 2005 (only available in Portuguese at http://www.cnpd.pt/bin/legis/nacional/LEI_9_2012.pdf) regarding surveillance cameras;
Law 51/2006 of August 29, 2006 (only available in Portuguese at http://www.cnpd.pt/bin/legis/nacional/LEI51-2006-VVG- AUTOESTRADAS.pdf) regarding surveillance cameras; and
Law 33/2007 of August 13, 2007 (only available in Portuguese at http://www.cnpd.pt/bin/legis/nacional/Lei33-2007-vvg-taxis.pdf) regarding surveillance cameras.
Comissäo Nacional de Protecçäo de Dados
(‘National Commission for the Protection of Data’ also known as ‘CNPD’).
Rua de São Bento n°. 148, 3°
1200-821 Lisbon
T +351 21 392 84 00
F +351 21 397 68 32
www.cnpd.pt
Law 41/2004, of 18 August on the protection and processing of personal data in e-communications as amended by Law no. 46/2012, of 29 August, which transposed Directive 2009/136/EC, establishes that companies that make electronic communications services accessible to the public shall, without undue delay, notify the CNPD of a personal data breach. When the personal data breach may affect negatively the subscriber’s or user’s personal data, companies providing electronic communications services to the public should also, without undue delay, notify the breach to the subscriber or user so that they can take the necessary precautions.
For these purposes, a negative effect to the personal data of privacy exists when the breach may result namely in theft or identity fraud, physical harm, significant humiliation or damage to reputation.
Regardless, if a person/entity is affected by the breach of the Data Protection Law, he/she is entitled to file a claim to the CNPD and/or file a civil lawsuit to seek compensation for damages.
In Portugal, the only data breach notifications that are legally required concern electronic communication providers.
As per Article 3-A of the Law 41/2004 of August 18, 2004 on the processing of Personal Data and the protection of privacy in the electronic communications sector, as modified by the Law 46/2014 of August 29, 2014, if there is a risk that the breach will negatively affect the Personal Data, the subscriber or individual whose data could be affected must be notified by the electronic communications service provider.
This notification obligation will not apply if the companies offering publicly available electronic communications services are able to prove to the CNPD that they have taken the necessary technological protection measures and that these measures were applied to the compromised data.
This legal disposition also requires companies that offer electronic communication services to notify the CNPD whenever there is a Personal Data breach.
Whenever the CNPD verifies the infringement of any duty or obligation, it shall notify the offender of such fact and give him/her the opportunity to respond within a minimum period of 10 days and, if appropriate, to end the non- compliance.
Infringement of the notification duty amounts to an administrative offense punishable with a fine ranging from a minimum of EUR 1,500.00 and a maximum of EUR 25,000.00 when the offender is an individual, and from a minimum of EUR 5,000.00 and a maximum of EUR 5,000,000.00 when it is the legal entity that breaches the duty.
Non-compliance with the notification requirements is punishable with a fine ranging from a minimum of EUR 500.00 and a maximum of EUR 20,000.00 when the offender is an individual, and from a minimum of EUR 2,500.00 and a maximum of EUR 2,250,000.00 when it is the legal entity that breaches the duty.
Opt-in regime: no direct marketing electronic mail can be legally sent without the express consent of the receiver, unless a pre-existing business or commercial relationship exists. (Consent is however not mandated for marketing to legal persons.)
Also, a specific opt out must be offered with each message. Disguised sender identities are prohibited, and a valid return address must be provided.
The term “Opt-Out Rule” means that the sending of e-marketing to the recipient is permitted on an opt-out basis if:
- the recipient’s details were originally collected “in the context of a sale”.
- the entity sending the marketing is the same legal entity that collected the recipient’s details initially.
- the marketing relates to “similar” products and/or services for which the recipient’s details were originally obtained.
- the recipient is given the opportunity free of charge to object to the e-marketing, both at the time their details were collected and in each subsequent communication.
Applicable Legislation:
Law 41/2004 of August 18 on processing of personal data and the protection of privacy in the electronic communications sector (amended by Law 46/2012 of August 29) that implemented Directive 2002/58 subsequently
First party e-marketing
(entity that collects the data will send the e-marketing itself)
B2C: Opt-in. Opt-out permitted where Opt-Out Rule applies.
B2B: Opt-out
Third party e-marketing
(entity that collects the data will share with third party partner for e-marketing)
B2C: Opt-in
B2B: Opt-out
sapo.pt 271220
live.com.pt 249549
iol.pt 78853
netcabo.pt 49240
clix.pt 42778
portugalmail.pt 24915
mail.telepac.pt 14647
netvisao.pt 14243
mail.pt 10596
aeiou.pt 7676
netc.pt 4941
junior.te.pt 4781
megamail.pt 3943
net.sapo.pt 3916
vodafone.pt 3522
msn.com.pt 3486
oninet.pt 3246
hotmail.pt 2978
telecom.pt 2623
ua.pt 2475
outlook.pt 2379
oniduo.pt 2208
hotmail.com.pt 2187
kanguru.pt 2109
tvtel.pt 1819
fe.up.pt 1606
remax.pt 1486
adv.oa.pt 1484
cgd.pt 1384
millenniumbcp.pt 1241
zmail.pt 1172
edp.pt 1056
net.novis.pt 1033
gmail.pt 959
seg-social.pt 899
ist.utl.pt 887
live.pt 805
bes.pt 799
bancobpi.pt 762
tap.pt 737
ualg.pt 729
cm-lisboa.pt 713
meo.pt 697
rtp.pt 685
ive.com.pt 683
bragatel.pt 662
vizzavi.pt 624
simplesnet.pt 610
oninetspeed.pt 609
creditoagricola.pt 584
isep.ipp.pt 537
deloitte.pt 520
iefp.pt 496
utad.pt 479
tmn.pt 466
ctt.pt 465
optimus.pt 464
novabase.pt 456
santander.pt 453
teleweb.pt 444
fct.unl.pt 434
unicer.pt 425
fc.ul.pt 423
uevora.pt 420
net.vodafone.pt 406
refer.pt 402
armail.pt 364
ip.pt 361
ana.pt 360
mail.exercito.pt 348
apo.pt 339
azores.gov.pt 332
ufp.edu.pt 329
ubi.pt 329
zonmail.pt 326
dgci.min-financas.pt 322
esec.pt 306
itqb.unl.pt 303
ipb.pt 298
sonae.pt 297
mail.tmn.pt 296
bportugal.pt 294
montepio.pt 285
ci.uc.pt 285
caixaseguros.pt 280
iscte.pt 273
mota-engil.pt 269
sic.pt 268
oni.pt 262
cm-porto.pt 261
esoterica.pt 250
sonaedistribuicao.pt 249
psp.pt 246
isq.pt 245
centrum.sk.pt 239
zon.pt 237
efacec.pt 236
yahoo.pt 233
tele2.pt 232
student.dei.uc.pt 232
gmail.com.pt 232
fc.up.pt 232
autoeuropa.pt 232
axa-seguros.pt 227
cp.pt 225
vianw.pt 223
cm-cascais.pt 223
ptinovacao.pt 220
somague.pt 210
soaresdacosta.pt 210
auchan.pt 209
lnec.pt 208
tranquilidade.pt 205
era.pt 205
marinha.pt 204
estradasdeportugal.pt 199
uma.pt 198
isa.utl.pt 198
igc.gulbenkian.pt 197
modelocontinente.pt 196
campus.ul.pt 189
cm-oeiras.pt 188
med.up.pt 187
yandex.pt 186
corp.vodafone.pt 186
zagope.pt 182
ine.pt 182
uac.pt 181
finibanco.pt 181
fep.up.pt 180
edifer.pt 179
santogal.pt 176
metrolisboa.pt 175
brisa.pt 173
porto.ucp.pt 172
ineti.pt 168
advogados.oa.pt 167
mega.ist.utl.pt 166
zapp.pt 165
iseg.utl.pt 163
ibmc.up.pt 161
ol.pt 158
ipleiria.pt 157
bbva.pt 157
msn.pt 156
turismodeportugal.pt 155
yahoo.com.pt 152
cme.pt 152
abreu.pt 151
tvi.pt 150
gmx.pt 150
fe.unl.pt 149
anacom.pt 149
fm.ul.pt 147
banif.pt 146
chip7.pt 145
gnr.pt 144
tribunais.org.pt 142
publico.pt 142
aip.pt 141
bpi.pt 140
eu.ipp.pt 138
century21.pt 138
jeronimo-martins.pt 136
cabovisao.pt 136
ar.parlamento.pt 135
eda.pt 134
ipt.pt 133
banco.bpn.pt 133
secil.pt 132
mail.cp.pt 132
gov-madeira.pt 131
nav.pt 130
escolas.min-edu.pt 130
portugalglobal.pt 128
plmj.pt 128
gulbenkian.pt 127
scml.pt 124
centralcervejas.pt 124
ufp.pt 122
alunos.ipca.pt 122
ipg.pt 121
ren.pt 119
cm-odivelas.pt 118
besinv.pt 117
ulusofona.pt 116
sef.pt 116
martifer.pt 116
lusa.pt 116
interacesso.pt 116
sinfic.pt 115
fnac.pt 115
ogma.pt 114
tduarte.pt 113
ana-aeroportos.pt 113
livecom.pt 112
fcsh.unl.pt 111
isec.pt 110
cm-seixal.pt 109
paginasamarelas.pt 108
link.pt 108
jmellosaude.pt 107
az.netcabo.pt 107
dei.uc.pt 106
axa.pt 106
univ-ab.pt 105
tvcabo.pt 105
netzero.pt 105
iscap.ipp.pt 105
huc.min-saude.pt 105
montepiogeral.pt 104
ff.ul.pt 103
tagus.ist.utl.pt 102
estg.ipleiria.pt 102
alunos.uminho.pt 102
dgaiec.min-financas.pt 101
rr.pt 100
edimpresa.pt 100
com.pt 100
alunos.det.ua.pt 100
live.co.pt 99
fmh.utl.pt 99
entreposto.pt 99
dq.fct.unl.pt 99
ispa.pt 98
engenheiros.pt 98
caetanoauto.pt 97
ipam.pt 96
webmail.ipv.pt 95
ipcb.pt 95
monteadriano.pt 94
inescporto.pt 94
iapmei.pt 94
esi.pt 93
cm-coimbra.pt 93
bcp.pt 93
incm.pt 92
adp.pt 92
mcoutinho.pt 91
allianz.pt 91
roff.pt 90
letras.up.pt 90
insa.min-saude.pt 90
universia.pt 89
tcontas.pt 89
libertyseguros.pt 89
sogrape.pt 88
my.ipleiria.pt 88
ispgaya.pt 88
ecsaude.uminho.pt 88
dei.isep.ipp.pt 88
ptprime.pt 87
esce.ips.pt 87
defesa.pt 87
acp.pt 87
emfa.pt 86
mail.cesae.pt 85
madeira-edu.pt 85
ipca.pt 85
ihmt.unl.pt 85
cimpor.pt 85
dep.uminho.pt 84
civil.ist.utl.pt 84
itn.pt 83
infarmed.pt 83
xekmail.pt 82
telepac.pt 82
pj.pt 82
dcc.online.pt 82
comcast.net.pt 82
rangel.pt 81
hsm.min-saude.pt 81
bancobest.pt 81
sumolcompal.pt 80
inatel.pt 80
estgf.ipp.pt 80
cpcis.pt 80
isegi.unl.pt 79
epb.pt 79
co.sapo.pt 79
angola.bes.pt 79
opway.pt 78
fam.ulusiada.pt 78
fmv.utl.pt 77
est.ipcb.pt 77
tecnidata.pt 76
novis.pt 76
impresa.pt 76
ccdr-n.pt 76
mapfre.pt 75
impala.pt 75
fade.up.pt 75
esenf.pt 75
ascoimbra.pt 75
prof2000.pt 74
mediacapital.pt 74
mail.teleweb.pt 74
fcm.unl.pt 74
est.ips.pt 74
estg.ipvc.pt 74
tugamail.pt 73
student.estg.ipleiria.pt 73
fpce.up.pt 73
dps.uminho.pt 73
dec.uc.pt 73
vda.pt 72
life.com.pt 72
hsjoao.min-saude.pt 72
delta-cafes.pt 72
autosueco.pt 72
mlgts.pt 71
iestradas.pt 71
generali.pt 71
parqueexpo.pt 70
ntasa.pt 70
ipbeja.pt 70
icnb.pt 70
holmesplace.pt 70
gruposantander.pt 70
act.gov.pt 70
siva.pt 69
lis.ulusiada.pt 69
icbas.up.pt 69
cm-loures.pt 69
stcp.pt 68
phonehouse.pt 68
ipatimup.pt 68
ifap.pt 68
i2s.pt 68
fe.uc.pt 68
epal.pt 68
optimus.clix.pt 67
fl.ul.pt 67
eurorscg.pt 67
deb.uminho.pt 67
convex.pt 67
casais.pt 67
caixabi.pt 67
teotonio.ipv.pt 66
renova.pt 66
reit.up.pt 66
perfinox.pt 66
lix.pt 66
ipolisboa.min-saude.pt 66
alunos.isel.ipl.pt 66
unicre.pt 65
petrogal.pt 65
msf.pt 65
lactogal.pt 65
ipj.pt 65
uninova.pt 64
slbenfica.pt 64
estgp.pt 64
world.net.pt 63
iscsp.utl.pt 63
iscac.pt 63
gpcb.pt 63
esje.edu.pt 63
anf.pt 63
ulsm.min-saude.pt 62
toyotacaetano.pt 62
ff.up.pt 62
badoo.com.pt 62
sapo.com.pt 61
makro.pt 61
inst-informatica.pt 61
cetelem.pt 61
agvv.edu.pt 61
sata.pt 60
rede.renault.pt 60
portodelisboa.pt 60
lisnave.pt 60
lenaconstrucoes.pt 60
inesc-id.pt 60
grupo-holon.pt 60
esac.pt 60
cm-aveiro.pt 60
aefv.edu.pt 60
jn.pt 59
esb.ucp.pt 59
cin.pt 59
chc.min-saude.pt 59
refrige.pt 58
pol.pt 58
lneg.pt 58
etcabo.pt 58
esinnovation.pt 58
esenfc.pt 58
csanet.pt 58
citeve.pt 58
campus.fct.unl.pt 58
mcr.iol.pt 57
liv.com.pt 57
civil.uminho.pt 57
suma.pt 56
select.pt 56
rnl.ist.utl.pt 56
reditus.pt 56
portoeditora.pt 56
mail.prof2000.pt 56
leaseplan.pt 56
inov.pt 56
ifap.min-agricultura.pt 56
fd.uc.pt 56
esegur.pt 56
dem.ist.utl.pt 56
compta.pt 56
ci-media.pt 56
badoo.pt 56
av.it.pt 56
artelecom.pt 56
hppsaude.pt 55
di.fc.ul.pt 55
consulgal.pt 55
victoria-seguros.pt 54
tsf.pt 54
tecnovia.pt 54
salesianos.pt 54
nbp.pt 54
mail.cm-gaia.pt 54
leirianet.pt 54
ina.pt 54
eshte.pt 54
sap.pt 53
por.ulusiada.pt 53
live.cm.pt 53
kellyservices.pt 53
ipvc.pt 53
ibersol.pt 53
fdo.pt 53
fcsaude.ubi.pt 53
estradas.pt 53
dsi.uminho.pt 53
bdo.pt 53
alcatel.pt 53
volkswagen.pt 52
upt.pt 52
santanderconsumer.pt 52
prologica.pt 52
prociv.pt 52
junior.pt 52
itaueuropa.pt 52
ilch.uminho.pt 52
fdti.pt 52
eeg.uminho.pt 52
edia.pt 52
abrantina.pt 52
sibs.pt 51
refertelecom.pt 51
net.pt 51
mun-setubal.pt 51
isban.pt 51
.iol.pt 51
idt.min-saude.pt 51
garvetur.pt 51
ferconsult.pt 51
executivetraining.pt 51
di.uminho.pt 51
baviera.pt 51
bancopopular.pt 51
bancobig.pt 51
apambiente.pt 51
vaa.pt 50
tecnasol-fge.pt 50
portodesines.pt 50
pintocruz.pt 50
medinfar.pt 50
math.ist.utl.pt 50
mail.optimus.pt 50
laive.com.pt 50
kqnet.pt 50
isr.ist.utl.pt 50
imtt.pt 50
fidelidademundial.pt 50
cofina.pt 50
cm-guimaraes.pt 50
cm-amadora.pt 50
caetanoretail.pt 50
motorpress.pt 49
mail.refer.pt 49
isr.uc.pt 49
isp.pt 49
inag.pt 49
dem.uc.pt 49
cm-funchal.pt 49
te.pt 48
renault.pt 48
myspace.pt 48
mat.uc.pt 48
iep.uminho.pt 48
hagen.pt 48
dem.uminho.pt 48
riopele.pt 47
rar.pt 47
lx.it.pt 47
lusitania.pt 47
inpi.pt 47
estesl.ipl.pt 47
dgsp.mj.pt 47
bensaude.pt 47