Archivos de la etiqueta: Legislación Derecho Informático

28Feb/21

Resolución SBS nº 504-2021 de 19 de febrero de 2021

Resolución SBS nº 504-2021 de 19 de febrero de 2021, que aprueba el Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad, modifican el Reglamento de Auditoría Interna, el Reglamento de Auditoría Externa, el TUPA de la SBS, el Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos, el Reglamento de Riesgo Operacional, el Reglamento de Tarjetas de Crédito y Débito y el Reglamento de Operaciones con Dinero Electrónico. (El Peruano, martes 23 de febrero de 2021).

SUPERINTENDENCIA DE BANCA, SEGUROS Y ADMINISTRADORAS PRIVADAS DE FONDOS DE PENSIONES

Aprueban el Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad, modifican el Reglamento de Auditoría Interna, el Reglamento de Auditoría Externa, el TUPA de la SBS, el Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos, el Reglamento de Riesgo Operacional, el Reglamento de Tarjetas de Crédito y Débito y el Reglamento de Operaciones con Dinero Electrónico

Resolución SBS nº 504-2021

Lima, 19 de febrero de 2021

LA SUPERINTENDENTA DE BANCA, SEGUROS Y ADMINISTRADORAS PRIVADAS DE FONDOS DE PENSIONES

CONSIDERANDO:

Que, el Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos, aprobado mediante la Resolución SBS nº 272-2017, incorpora disposiciones que tienen por finalidad que las empresas supervisadas cuenten con una gestión de riesgos y gobierno corporativo adecuados;

Que, mediante el Reglamento para la Gestión del Riesgo Operacional, aprobado mediante la Resolución SBS nº 2116-2009, se incluyen disposiciones que las empresas deben cumplir en la gestión efectiva del riesgo operacional;

Que, esta Superintendencia emitió la Circular G-140-2009 con la finalidad de establecer criterios mínimos para una adecuada gestión de la seguridad de la información;

Que, resulta necesario actualizar la normativa sobre gestión de seguridad de la información vía la aprobación de un reglamento, complementario al Reglamento para la Gestión del Riesgo Operacional, tomando en cuenta los estándares y buenas prácticas internacionales sobre seguridad de la información, entre los que se encuentran los publicados por el National Institute of Standards and Technology y la familia de estándares ISO/IEC;

Que, la creciente interconectividad y mayor adopción de canales digitales para la provisión de los servicios, así como la virtualización de algunos productos, del sistema financiero, de seguros y privado de pensiones, hace necesario que las empresas de dichos sistemas supervisados fortalezcan sus capacidades de ciberseguridad y procesos de autenticación;

Que, asimismo, es necesario modificar el Reglamento de Tarjetas de Crédito y Débito, aprobado por la Resolución SBS nº 6523-2013 y normas sus modificatorias; el Reglamento de Operaciones con Dinero Electrónico aprobado por Resolución SBS nº 6283-2013 y sus normas modificatorias; el Reglamento de Auditoría Interna, aprobado por la Resolución SBS nº 11699-2008 y sus normas modificatorias; así como el Reglamento de Auditoría Externa, aprobado por la Resolución SBS nº 17026-2010 y sus normas modificatorias;

Que, para recoger las opiniones del público, se dispuso la prepublicación del proyecto de resolución sobre la materia en el portal electrónico de la Superintendencia, al amparo de lo dispuesto en el Decreto Supremo nº 001-2009-JUS;

Con el visto bueno de las Superintendencias Adjuntas de Banca y Microfinanzas, de Administradoras Privadas de Fondos de Pensiones, de Seguros, de Riesgos, de Conducta de Mercado e Inclusión Financiera y de Asesoría Jurídica; y,

En uso de las atribuciones conferidas por los numerales 7 y 9 del artículo 349 de la Ley General del Sistema Financiero y del Sistema de Seguros y Orgánica de la Superintendencia de Banca y Seguros, Ley nº 26702 y sus modificatorias, y el inciso d) del artículo 57 de la Ley del Sistema Privado de Administración de Fondos de Pensiones, cuyo Texto Único Ordenado es aprobado por Decreto Supremo nº 054-97-EF;

RESUELVE:

Artículo Primero

Aprobar el Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad, según se indica a continuación:

Reglamento Para la Gestión de la Seguridad de la Información y la Ciberseguridad

Capítulo I.- Disposiciones Generales

Artículo 1.- Alcance

1.1. El presente Reglamento es de aplicación a las empresas señaladas en los artículos 16 y 17 de la Ley General, así como a las Administradoras Privadas de Fondos de Pensiones (AFP), en adelante empresas, al igual que las referidas en los párrafos 1.2 y 1.3.

1.2. También es de aplicación al Banco de la Nación, al Banco Agropecuario, a la Corporación Financiera de Desarrollo (COFIDE), al Fondo MIVIVIENDA S.A., y a las Derramas y Cajas de Beneficios bajo control de la Superintendencia, en tanto no se contrapongan con las normativas específicas que regulen el accionar de dichas instituciones.

1.3. Es de aplicación a las empresas corredoras de seguros de acuerdo con lo dispuesto en la Cuarta Disposición Complementaria Final del presente Reglamento.

Artículo 2. Definiciones

Para efectos de la aplicación del presente Reglamento deben considerarse las siguientes definiciones:

a) activo de información: Información o soporte en que ella reside, que es gestionado de acuerdo con las necesidades de negocios y los requerimientos legales, de manera que puede ser entendida, compartida y usada. Es de valor para la empresa y tiene un ciclo de vida.

b) amenaza: Evento que puede afectar adversamente la operación de las empresas y sus activos de información, mediante el aprovechamiento de una vulnerabilidad.

c) autenticación: Para fines de esta norma, es el proceso que permite verificar que una entidad es quien dice ser, para lo cual hace uso de las credenciales que se le asignan. La autenticación puede usar uno, dos o más factores de autenticación independientes, de modo que el uso sin autorización de uno de ellos no compromete la fiabilidad o el acceso a los otros factores.

d) canal digital: Medio empleado por las empresas para proveer servicios cuyo almacenamiento, procesamiento y transmisión se realiza mediante la representación de datos en bits.

e) Ciberseguridad: Protección de los activos de información mediante la prevención, detección, respuesta y recuperación ante incidentes que afecten su disponibilidad, confidencialidad o integridad en el ciberespacio; el que consiste a su vez en un sistema complejo que no tiene existencia física, en el que interactúan personas, dispositivos y sistemas informáticos.

f) credencial: Conjunto de datos que es generado y asignado a una entidad o un usuario para fines de autenticación.

g) directorio: Directorio u órgano equivalente.

h) entidad: Usuario, dispositivo o sistema informático que tiene una identidad en un sistema, lo cual la hace separada y distinta de cualquier otra en dicho sistema.

i) evento: Un suceso o serie de sucesos que puede ser interno o externo a la empresa, originado por la misma causa, que ocurre durante el mismo periodo de tiempo, según lo definido en el Reglamento de Gobierno Corporativo y Gestión Integral de Riesgos.

j) Factores de autenticación de usuario: Aquellos factores empleados para verificar la identidad de un usuario, que pueden corresponder a las siguientes categorías:

– Algo que solo el usuario conoce.

– Algo que solo el usuario posee.

– Algo que el usuario es, que incluye las características biométricas.

k) identidad: Una colección de atributos que definen de forma exclusiva a una entidad.

l) incidente: Evento que se ha determinado que tiene un impacto adverso sobre la organización y que requiere de acciones de respuesta y recuperación.

m) información: Datos que pueden ser procesados, distribuidos, almacenados y representados en cualquier medio electrónico, digital, óptico, magnético, impreso u otros, que son el elemento fundamental de los activos de información.

n) Interfaz de programación de aplicaciones:

Colección de métodos de invocación y parámetros asociados que puede utilizar un software para solicitar acciones de otro software, lo que define los términos en que estos intercambian datos. También conocido como API, por sus siglas en inglés.

o) Servicios en nube: Servicio de procesamiento de datos provisto mediante una infraestructura tecnológica que permite el acceso de red a conveniencia y bajo demanda, a un conjunto compartido de recursos informáticos configurables que se pueden habilitar y suministrar rápidamente, con mínimo esfuerzo de gestión o interacción con los proveedores de servicios.

p) reglamento: Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad.

q) reglamento de Gobierno corporativo y de la Gestión Integral de Riesgos: Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos, aprobado por la Resolución SBS nº 272-2017 y sus normas modificatorias.

r) Reglamento para la Gestión de Riesgo operacional: Reglamento para la Gestión de Riesgo Operacional, aprobado por la Resolución SBS nº 2116-2009 y sus normas modificatorias.

s) superintendencia: Superintendencia de Banca, Seguros y Administradoras Privadas de Fondos de Pensiones.

t) Procesamiento de datos: El conjunto de procesos que consiste en la recolección, registro, organización, estructuración, almacenamiento, adaptación, recuperación, consulta, uso, transferencia, difusión, borrado o destrucción de datos.

u) Usuario: persona natural o jurídica que utiliza o puede utilizar los productos ofrecidos por las empresas.

v) Vulnerabilidad: Debilidad que expone a los activos de información ante amenazas que pueden originar incidentes con afectación a los mismos activos de información, y a otros de los que forma parte o con los que interactúa.

Artículo 3. Sistema de gestión de seguridad de la información y Ciberseguridad (SGSI-C)

3.1. El sistema de gestión de seguridad de la información y ciberseguridad (SGSI-C) es el conjunto de políticas, procesos, procedimientos, roles y responsabilidades, diseñados para identificar y proteger los activos de información, detectar eventos de seguridad, así como prever la respuesta y recuperación ante incidentes de ciberseguridad.

3.2. El sistema de gestión de seguridad de la información y ciberseguridad (SGSI-C) implica, cuando menos, los siguientes objetivos:

a) Confidencialidad: La información sólo es disponible para entidades o procesos autorizados, incluyendo las medidas para proteger la información personal y la información propietaria;

b) Disponibilidad: Asegurar acceso y uso oportuno a la información; e,

c) Integridad: Asegurar el no repudio de la información y su autenticidad, y evitar su modificación o destrucción indebida.

Artículo 4. Proporcionalidad del sistema de gestión de seguridad de la información y ciberseguridad (SGSI-C)

4.1. El sistema de gestión de seguridad de la información y ciberseguridad (SGSI-C) de la empresa debe ser proporcional al tamaño, la naturaleza y la complejidad de sus operaciones.

4.2. Las disposiciones descritas en el Capítulo II, Subcapítulos I, II, III y IV del presente Reglamento son de aplicación obligatoria a las siguientes empresas (Régimen General):

a) Empresa Bancaria;

b) Empresa Financiera;

c) Caja Municipal de Ahorro y Crédito – CMAC;

d) Caja Municipal de Crédito Popular – CMCP;

e) Caja Rural de Ahorro y Crédito – CRAC;

f) Empresa de Seguros y/o Reaseguros, conforme a lo dispuesto en el párrafo 4.4;

g) Empresa de Transporte, Custodia y Administración de Numerario;

h) Administradora Privada de Fondos de Pensiones;

i) Empresa Emisora de Tarjetas de Crédito y/o de Débito;

j) Empresa Emisora de Dinero Electrónico; y

k) El Banco de la Nación.

4.3. Las disposiciones descritas en el Capítulo II, Subcapítulo V del presente Reglamento son de aplicación obligatoria a las siguientes empresas (Régimen Simplificado):

a) Banco de Inversión;

b) Empresa de Seguros y/o Reaseguros, no contempladas en el párrafo 4.4;

c) Entidad de Desarrollo a la Pequeña y Micro Empresa – EDPYME;

d) Empresa de Transferencia de Fondos;

e) Derrama y Caja de Beneficios bajo control de la Superintendencia;

f) La Corporación Financiera de Desarrollo –COFIDE;

g) El Fondo MIVIVIENDA S.A.;

h) El Fondo de Garantía para Préstamos a la Pequeña Industria –FOGAPI;

i) El Banco Agropecuario; y,

j) Almacenes Generales.

4.4. Las empresas de Seguros y/o Reaseguros cuyo volumen promedio de activos de los últimos tres (3) años sea mayor o igual a 450 millones de soles están comprendidas en el Régimen General del presente Reglamento.

4.5. Las empresas señaladas en el Artículo 1, no listadas en los párrafos 4.2 o 4.3 anteriores del presente Reglamento, podrán establecer un sistema de gestión de seguridad de la información y ciberseguridad (SGSI-C) conforme a las disposiciones de este Reglamento.

4.6. En caso las empresas del Sistema Financiero listadas en el párrafo 4.2 encuentren limitaciones materiales para cumplir con el Régimen General pueden solicitar autorización para la aplicación del Régimen Simplificado del presente Reglamento, para lo cual deben presentar un informe que sustente la razonabilidad de la solicitud, en términos del tamaño, la naturaleza y la complejidad de sus operaciones, la cual será respondida por la Superintendencia en el plazo de sesenta (60) días hábiles.

4.7. Las disposiciones descritas en el Capítulo II, Subcapítulo VI (Régimen Reforzado) del presente Reglamento son de aplicación obligatoria a las empresas sujetas a un requerimiento de patrimonio efectivo por riesgo de concentración de mercado, de acuerdo con lo señalado en el Reglamento para el requerimiento de patrimonio efectivo adicional, aprobado por la Resolución SBS nº 8425-2011 y sus normas modificatorias.

Artículo 5. Responsabilidades del directorio

El directorio es responsable de aprobar y facilitar las acciones requeridas para contar con un SGSI-C apropiado a las necesidades de la empresa y su perfil de riesgo, entre ellas:

a) Aprobar políticas y lineamientos para la implementación del SGSI-C y su mejora continua.

b) Asignar los recursos técnicos, de personal, financieros requeridos para su implementación y adecuado funcionamiento.

c) Aprobar la organización, roles y responsabilidades para el SGSI-C, incluyendo los lineamientos de difusión y capacitación que contribuyan a un mejor conocimiento de los riesgos involucrados.

Artículo 6. Responsabilidades de la gerencia

6.1 La gerencia general es responsable de tomar las medidas necesarias para implementar el SGSI-C de acuerdo a las disposiciones del directorio y lo dispuesto en este Reglamento.

6.2 Los gerentes de las unidades de negocios y de apoyo son responsables de apoyar el buen funcionamiento del SGSI-C y gestionar los riesgos asociados a la seguridad de la información y Ciberseguridad en el marco de sus funciones.

Artículo 7. Funciones del comité de riesgos

7.1 Adicionalmente a las funciones que se han dispuesto que el Comité de Riesgos de las empresas asuman por parte de la normativa de la Superintendencia, se encuentran las siguientes vinculadas a la seguridad de la información y ciberseguridad:

a) Aprobar el plan estratégico del SGSI-C y recomendar acciones a seguir.

b) Aprobar el plan de capacitación a fin de garantizar que el personal, la plana gerencial y el directorio cuenten con competencias necesarias en seguridad de la información y Ciberseguridad.

c) Fomentar la cultura de riesgo y conciencia de la necesidad de medidas apropiadas para su prevención.

7.2. Para el cumplimiento de las funciones indicadas en el párrafo 7.1, la empresa puede constituir un Comité Especializado en Seguridad de la Información y Ciberseguridad (CSIC). Para las empresas comprendidas en el régimen simplificado, que no cuenten con un Comité de Riesgos o un CSIC, las funciones antes indicadas son asignadas a la Gerencia General.

Artículo 8. función de seguridad de información y Ciberseguridad

8.1. Son responsabilidades de la función de seguridad de la información y ciberseguridad:

a) Proponer el Plan estratégico del SGSI-C y desarrollar los planes operativos.

b) Implementar y manejar las operaciones diarias necesarias para el funcionamiento efectivo del SGSI-C.

c) Implementar procesos de autenticación para controlar el acceso a la información y sistema que utilice la empresa, y a los servicios que provea.

d) Informar al Comité de Riesgos periódicamente sobre los riesgos que enfrenta la empresa en materia de seguridad de información y ciberseguridad.

e) Informar sobre los incidentes de seguridad de la información al Comité de Riesgos o CSIC, según los lineamientos que este establezca, y a las entidades gubernamentales que lo requieran de acuerdo con la normativa vigente.

f) Evaluar las amenazas de seguridad en las estrategias de continuidad del negocio que la empresa defina y proponer medidas de mitigación de riesgos, así como informar al Comité de Riesgos o CSIC.

g) En general realizar lo necesario para dar debido cumplimiento a lo dispuesto en el presente Reglamento.

8.2. Las empresas deben implementar la función de seguridad de la información y ciberseguridad. Además deben contar con un equipo de trabajo multidisciplinario de manejo de incidentes de ciberseguridad, el cual debe estar capacitado para implementar el plan y los procedimientos para gestionarlos, conformado por representantes de las áreas que permitan prever en ellos los aspectos legales, técnicos y organizacionales, de forma consistente con los requerimientos del programa de ciberseguridad establecidos en este Reglamento.

8.3. Las empresas comprendidas en el régimen simplificado, deben contar con una función de seguridad de la información y ciberseguridad, que cumpla por lo menos con los literales a), e), f) y g) del párrafo 8.1 del presente artículo.

Artículo 9. información a la superintendencia

Como parte de los informes periódicos sobre gestión del riesgo operacional requeridos por el Reglamento para la Gestión del Riesgo Operacional, las empresas deben incluir información sobre la gestión de la seguridad de la información y ciberseguridad.

Capítulo II.- Sistema de Gestión de Seguridad de la Información y Ciberseguridad  (SGSI-C)

Subcapítulo I.- Régimen General del Sistema de Gestión de Seguridad de la Información y Ciberseguridad. (SGSI-C)

Artículo 10. Objetivos y requerimientos del SGSI-C

Son objetivos del SGSI-C los siguientes:

1. Identificar los activos de información, analizar las amenazas y vulnerabilidades asociadas a estos, y formular programas y medidas que busquen reducir la posibilidad de incidentes en los siguientes aspectos:

a) El diseño e implementación de nuevos productos y procesos, proyectos y cambios operativos.

b) Las obligaciones de seguridad de la información que se derivan de disposiciones normativas, normas internas y de acuerdos contractuales.

c) Las relaciones con terceros, en el sentido más amplio, incluyendo proveedores de servicios y empresas con las que se tiene relaciones de subcontratación.

d) Cualquier otra actividad que, a criterio de la empresa, exponga sus activos de información por causa interna o externa.

2. Revisar periódicamente el alcance y la efectividad de los controles mínimos indicados en el artículo 12 de este Reglamento y contar con capacidades de detección, respuesta y recuperación ante incidentes de seguridad de la información.

3. Establecer la relación existente con los planes de emergencia, crisis y de continuidad establecidos según lo previsto en la normativa correspondiente.

Artículo 11. alcance del SGSI-C

El alcance del SGSI-C debe incluir las funciones y unidades organizacionales, las ubicaciones físicas existentes, la infraestructura tecnológica y de comunicaciones, así como el perímetro de control asociado a las relaciones con terceros, que estén bajo responsabilidad de la empresa, conforme a las disposiciones establecidas sobre subcontratación en el Reglamento de Gobierno Corporativo y Gestión Integral de Riesgos.

Artículo 12. Medidas mínimas de seguridad de la información a adoptar por las empresas

Las empresas deben adoptar las siguientes medidas mínimas de seguridad de información:

1. Seguridad de los recursos humanos:

a) Implementar protocolos de seguridad de la información aplicables en el reclutamiento e incorporación del personal, ante cambio de puesto y terminación del vínculo laboral.

b) Procesos disciplinarios en caso de incumplimiento de las políticas de seguridad de la información.

2. Controles de acceso físico y lógico:

a) Prevenir el acceso no autorizado a la información, así como a los sistemas, equipos e instalaciones mediante los cuales es procesada, transmitida o almacenada, sea de manera presencial o remota.

b) Implementar procedimientos de administración de accesos, lo que debe incluir a las cuentas de accesos con privilegios administrativos; asegurando una segregación de funciones para reducir el riesgo de error o fraude, siguiendo los principios de mínimo privilegio y necesidad de conocer.

c) Implementar procesos de autenticación para controlar el acceso a los activos de información; en particular, para el acceso a los servicios provistos a usuarios por canales digitales, los procesos de autenticación deben cumplir los requisitos establecidos en el Subcapítulo III del Capítulo II del presente Reglamento.

3. Seguridad en las operaciones:

a) Asegurar y prever el funcionamiento continuo de las instalaciones de procesamiento, almacenamiento y transmisión de información.

b) Mantener la operación de los sistemas informáticos acorde a procedimientos previamente establecidos.

c) Controlar los cambios en el ambiente operativo de sistemas, y mantener segregados los ambientes de desarrollo, pruebas y producción.

d) Implementar controles que aseguren la integridad de las transacciones que son ejecutadas en los servicios y sistemas informáticos.

e) Restringir la instalación de software en los sistemas operativos y prevenir la explotación de las vulnerabilidades de seguridad de la información.

f) Contar con protocolos de respuesta y recuperación ante incidentes de malware; generar y probar copias de respaldo de información, software y elementos que faciliten su restablecimiento.

g) Definir, implementar y mantener líneas base de configuración segura para el uso de dispositivos e implementación de sistemas informáticos.

h) Contar con una estrategia de copias de respaldo y procedimientos de restauración de información ante posibles incidentes, de origen interno o externo, que comprometa la disponibilidad de la información para las operaciones y del ambiente productivo del centro de procesamiento de datos.

4. Seguridad en las comunicaciones:

a) Implementar y mantener la seguridad de redes de comunicaciones acorde a la información que por ella se trasmite y las amenazas a las que se encuentra expuesta.

b) Asegurar que las redes de comunicaciones y servicios de red son gestionados y controlados para proteger la información.

c) Segregar los servicios de información disponibles, usuarios y sistemas en las redes de la empresa.

d) Implementar protocolos seguros y controles de seguridad para la transferencia de información, dentro de la organización y con partes externas.

e) Asegurar que el acceso remoto, el uso de equipos personales en la red de la empresa, dispositivos móviles y la interconexión entre redes propias y de terceros cuente con controles acorde a las amenazas de seguridad existentes.

5. Adquisición, desarrollo y mantenimiento de sistemas:

a) Implementar y mantener la seguridad en los servicios y sistemas informáticos acorde a la información que se procese y amenazas a las que se encuentren expuestos.

b) Asegurar que se incluyan prácticas de seguridad de la información en la planificación, desarrollo, implementación, operación, soporte y desactivación en las aplicaciones y sistemas informáticos.

c) Limitar el acceso a la modificación de librerías de programas fuente y mantener un estricto control de cambios.

d) Cuando la plataforma operativa sea cambiada, las aplicaciones críticas deben ser revisadas y probadas para evitar efectos adversos en la seguridad de estas.

e) Asegurar que se efectúen pruebas técnicas, funcionales y de seguridad de la información en los sistemas informáticos antes del pase a producción.

f) Implementar y verificar el cumplimiento de procedimientos que incluyan prácticas de desarrollo seguro de servicios y sistemas informáticos.

6. Gestión de incidentes de ciberseguridad:

a) Implementar procedimientos para la gestión de incidentes de ciberseguridad, de acuerdo a lo señalado en el párrafo 8.2 del artículo 8 del presente Reglamento; así también, intercambiar información cuando corresponda, conforme al artículo 16 del presente Reglamento.

b) Implementar una metodología para clasificar los incidentes de ciberseguridad y prever protocolos de respuesta y recuperación.

c) Contar con un servicio de operaciones de seguridad de la información, que incluya capacidades para la detección y respuesta, el monitoreo de comunicaciones en la red interna y el grado de funcionamiento de la infraestructura tecnológica.

d) Contar con acceso a la información de inteligencia de amenazas, vulnerabilidades e incidentes, así como también a bases de conocimiento de técnicas y tácticas utilizadas por los agentes de amenazas.

e) Implementar mecanismos de reporte interno de incidentes de ciberseguridad, de acuerdo con lo señalado en el artículo 8 del presente Reglamento, y a la Superintendencia conforme al artículo 15 del presente Reglamento.

f) Identificar las posibles mejoras para su incorporación a la gestión de incidentes de ciberseguridad, luego de la ocurrencia de estos.

g) Preservar las evidencias que faciliten las investigaciones forenses luego de la ocurrencia de incidentes de seguridad de la información.

7. Seguridad física y ambiental

a) Implementar controles para evitar el acceso físico no autorizado, daños o interferencias a la información o instalaciones de procesamiento de la empresa.

b) Adoptar medidas para evitar pérdida, daño, robo o compromiso de los activos de información y la interrupción de las operaciones, mediante la protección del equipamiento y dispositivos tomando en cuenta el entorno donde son utilizados.

8. Criptografía

a) Utilizar criptografía para asegurar la confidencialidad, autenticidad e integridad de la información, tanto cuando los datos asociados están en almacenamiento y en transmisión.

b) Implementar los procedimientos necesarios para administrar el ciclo de vida de las llaves criptográficas a utilizar.

9. Gestión de activos de información

a) Identificar los activos de información mediante un inventario, asignar su custodia, establecer lineamientos de uso aceptable de ellos y la devolución al término del acuerdo por el que se proporcionó.

b) Asegurar que el nivel de protección y tratamiento de la información se realice acorde a su clasificación en términos de los requisitos legales, valor, criticidad y sensibilidad a la divulgación o modificación no autorizada.

c) Establecer medidas para evitar la divulgación, modificación, eliminación o destrucción no autorizadas de información, en el uso de dispositivos removibles.

Artículo 13. Actividades planificadas

En el marco del Plan estratégico del SGSI-C, la empresa debe mantener planes operativos, por lo menos para los siguientes fines:

a) Identificar los activos de información, clasificarlos, analizar las amenazas y vulnerabilidades asociadas a estos, y tomar medidas de tratamiento correspondientes.

b) Someter el SGSI-C a evaluaciones, revisiones y pruebas periódicas para determinar su efectividad, mediante servicios internos y externos, y en función al nivel de complejidad y amenazas sobre los activos de información asociados. En función a los resultados que obtenga, debe incorporar las mejoras o adoptar los correctivos.

c) Atender las necesidades de capacitación y difusión, según corresponda a los roles y funciones en la organización, en materia de seguridad de la información y ciberseguridad para asegurar la efectividad del SGSI-C.

d) Desarrollar el programa de ciberseguridad, conforme al Subcapítulo II del Capítulo II del presente Reglamento.

e) Revisar periódicamente, y actualizar cuando corresponda, las políticas de seguridad de la información que se establezcan para implementar los requerimientos establecidos en el artículo 12 del presente Reglamento.

Subcapítulo II.- Ciberseguridad

Artículo 14. Programa de ciberseguridad

14.1 Toda empresa que cuente con presencia en el ciberespacio debe mantener, con carácter permanente, un programa de ciberseguridad (PG-C) aplicable a las operaciones, procesos y otros activos de información asociados.

14.2 El PG-C debe prever un diagnóstico y un plan de mejora sobre sus capacidades de ciberseguridad, para lo cual debe seleccionar un marco de referencia internacional sobre la materia, que le permita cuando menos lo siguiente:

a) Identificación de los activos de información.

b) Protección frente a las amenazas a los activos de información.

c) Detección de incidentes de ciberseguridad.

d) Respuesta con medidas que reduzcan el impacto de los incidentes.

e) Recuperación de las capacidades o servicios tecnológicos que pudieran ser afectados.

Artículo 15. Reporte de incidentes de ciberseguridad significativos

15.1 La empresa debe reportar a la Superintendencia, en cuanto advierta la ocurrencia de un incidente de ciberseguridad que presente un impacto adverso significativo verificado o presumible de:

a) Pérdida o hurto de información de la empresa o de clientes.

b) Fraude interno o externo.

c) Impacto negativo en la imagen y reputación de la empresa.

d) Interrupción de operaciones.

15.2 La empresa debe efectuar un análisis forense para determinar las causas del incidente y tomar las medidas para su gestión. El informe resultante de dicho análisis debe estar a disposición de la Superintendencia, el que debe tener un contenido ejecutivo y también con el detalle técnico correspondiente.

15.3 La Superintendencia, mediante norma de carácter general, establece el contenido mínimo, formato y protocolos adicionales a utilizar en dicho reporte.

Artículo 16. intercambio de información de ciberseguridad

16.1 La empresa debe hacer los arreglos necesarios para contar con información que le permita tomar acción oportuna frente a las amenazas de ciberseguridad y para el tratamiento de las vulnerabilidades.

16.2 Al intercambiar información relativa a ciberseguridad, la empresa puede suscribir acuerdos con otras empresas del sector o con terceros que resulten relevantes, de forma bipartita, colectiva o gremial, para lo cual definirán los criterios pertinentes.

16.3 Mediante norma de carácter general, la Superintendencia puede establecer requerimientos específicos para que se incorporen en el intercambio de información de ciberseguridad.

Subcapítulo III.- Autenticación

Artículo 17. Implementación de los procesos autenticación

17.1 La empresa debe implementar procesos de autenticación, conforme a la definición establecida en este Reglamento, para controlar el acceso a los servicios que provea a sus usuarios por canales digitales, previo a lo cual debe evaluar formalmente y tomar medidas sobre:

a) El o los factores de autenticación que serán requeridos.

b) Estándares criptográficos vigentes, basados en software o en hardware, y sus prestaciones de confidencialidad o integridad esperadas.

c) Plazos y condiciones en las que será obligatorio requerir al usuario volver a autenticarse, lo que incluye y no se limita a casos por periodo de inactividad o sesiones de uso prolongado de sistemas.

d) Línea base de controles de seguridad de la información requerida para prevenir las amenazas a que esté expuesto el proceso de autenticación, lo que incluye, y no se restringe, al número límite de intentos fallidos de autenticación, la prevención de ataques de interceptación y manipulación de mensajes.

e) Lineamientos para la retención de registros de auditoría para la detección de amenazas conocidas y eventos de seguridad de la información.

17.2 Los procesos de autenticación deben ser reevaluados siempre que la tecnología utilizada para su implementación deje de contar con el soporte del fabricante, o tras el descubrimiento de nuevas vulnerabilidades que pueden exponerlos.

17.3 La empresa debe mantener y proteger los registros detallados de lo actuado en cada enrolamiento de usuario, intento de autenticación y cada operación que requiera de autenticación previa.

17.4 La empresa debe contar con herramientas y procedimientos para implementar el monitoreo de transacciones que permita tomar medidas de reducción de la posibilidad de operaciones fraudulentas, que incorpore los escenarios de fraude ya conocidos, y el robo o compromiso de los elementos utilizados para la autenticación.

Artículo 18. Enrolamiento del usuario en servicios provistos por canal digital

18.1 El enrolamiento de un usuario en un canal digital requiere por lo menos:

a) Verificar la identidad del usuario y tomar las medidas necesarias para reducir la posibilidad de suplantación de identidad, lo que incluye el uso de dos factores independientes de categorías diferentes, según el literal j) del artículo 2 de este Reglamento.

b) Generar las credenciales y asignarlas al usuario.

18.2 La empresa debe gestionar el ciclo de vida de las credenciales que genere y asigne a sus usuarios, para lo cual debe prever los procedimientos para su activación, suspensión, reemplazo, renovación y revocación; así también, cuando corresponda, asegurar su confidencialidad e integridad.

Artículo 19. autenticación reforzada para operaciones por canal digital

Se requiere de autenticación reforzada para aquellas acciones que puedan originar operaciones fraudulentas u otro abuso del servicio en perjuicio del cliente, como las operaciones a través de un canal digital que impliquen pagos o transferencia de fondos a terceros, registro de un beneficiario de confianza, modificación en los productos de seguro ahorro/inversión contratados, la contratación de un producto o servicio, modificación de límites y condiciones, para lo cual se requiere:

a) Utilizar una combinación de factores de autenticación, según el literal j) del artículo 2 del presente Reglamento que, por lo menos, correspondan a dos categorías distintas y que sean independientes uno del otro.

b) Generar un código de autenticación mediante métodos criptográficos, a partir de los datos específicos de cada operación, el cual debe utilizarse por única vez.

c) Cuando la operación sea exitosa, notificar los datos de la operación al usuario.

Artículo 20. Exenciones de autenticación reforzada para operaciones por canal digital

20.1 Están exentas del requisito de autenticación reforzada indicado en el artículo 19 del presente Reglamento, las siguientes operaciones realizadas por canal digital:

a) Las operaciones de pago, pagos periódicos o transferencia hacia un beneficiario registrado previamente por el usuario como beneficiario de confianza, como destinatario usual de dichas operaciones.

b) Las operaciones de pago, pagos periódicos o transferencias a cuentas en las que el cliente y el beneficiario sean la misma persona, sea natural o jurídica, y siempre que dichas cuentas se mantengan en la empresa.

20.2 Las operaciones de pago que presenten un nivel de riesgo de fraude bajo, como resultado de un análisis del riesgo en línea por operación, están exentas de la autenticación reforzada, siempre que la empresa cumpla con:

i. Implementar alguno de los estándares de la industria de pagos, EMV 3DS y tokenización de pagos EMV, en sus versiones más recientes.

ii. Definir el monto de umbral por operación por debajo del cual aplicará la exención por el citado análisis de riesgos.

iii. Medir periódicamente el ratio de fraude de las operaciones de pago por canal y tipo de operación.

iv. Actualizar periódicamente las reglas aplicables en el análisis de riesgo en función al indicador de riesgo de fraude.

v. Utilizar los datos que estén disponibles por cada tipo de operación, que incluye, pero no se limita a, los asociados al comportamiento del usuario, al medio utilizado y los que de este se pueda obtener para fines del análisis de riesgo.

20.3 Las operaciones no reconocidas por los clientes que hayan sido efectuadas en aplicación de la exención señalada en el párrafo 20.2 del presente artículo, o que fueron realizadas luego de que el usuario reportara el robo o pérdida de sus credenciales, son responsabilidad de la empresa, para lo cual deben implementar mecanismos que ante el repudio de la operación por parte del usuario garanticen su aplicación inmediata.

Artículo 21. Uso de API para la provisión de servicios en línea

21.1 El uso de interfaces de programación de aplicaciones, para proveer servicios para realizar operaciones, a través de servicios de terceros, requiere que se implementen las siguientes medidas:

a) Análisis de riesgos asociados e implementar las medidas de mitigación.

b) La autenticación mutua de los sistemas y la de los usuarios.

c) La autorización de las operaciones por parte de los usuarios.

d) El cifrado de datos en almacenamiento o transmisión.

e) Prácticas de desarrollo seguro de API y revisión de prácticas de codificación segura.

f) Análisis de vulnerabilidades y pruebas de penetración.

g) La seguridad de la infraestructura tecnológica que lo soporta.

h) Los mecanismos de tolerancia ante fallos y de contingencia.

i) Control de accesos en el entorno de datos, sistemas e infraestructura.

j) Monitoreo de eventos de seguridad de la información y gestión de estos cuando se constituyan en incidentes.

21.2 La empresa debe tomar como referencia estándares y marcos de referencia internacionales, y cuando sea factible adoptarlos en el marco de acuerdos gremiales o sectoriales, para la implementación del intercambio y encriptación de datos, así como la autenticación y la autorización de operaciones, sin que ello sea una lista restrictiva.

21.3 Las especificaciones técnicas de las API utilizadas deben encontrarse documentadas de forma que facilite su auditoría y la implementación necesaria para su uso.

21.4 Las empresas deben implementar las medidas necesarias para garantizar que el tercero autorizado por el usuario, acceda únicamente a la información indicada por este último.

Subcapítulo IV.- Provisión de Servicios por terceros

Artículo 22. Servicios provistos por terceros

En el caso de servicios provistos por terceros en aspectos referidos a gestión de tecnología de la información, a gestión de seguridad de la información o a procesamiento de datos, la empresa, además de cumplir con los requerimientos establecidos en el Reglamento de Gobierno Corporativo y Gestión Integral de Riesgos y el Reglamento para la Gestión de Riesgo Operacional debe:

a) Evaluar las amenazas y vulnerabilidades de seguridad de la información en la provisión de bienes y servicios e implementar medidas de tratamiento.

b) Asegurar que el arreglo contractual con el proveedor y su implementación le permiten cumplir con las obligaciones establecidas en el presente Reglamento.

c) Establecer los roles y responsabilidades que el proveedor asume contractualmente sobre la seguridad de la información y asegurar que la empresa efectúe las implementaciones complementarias correspondientes para la atención de los requerimientos del presente Reglamento.

Artículo 23. Uso de servicios en nube Para hacer uso de los servicios en nube, la empresa debe implementar políticas y procedimientos de seguridad de la información que sean de aplicación específica, que tome en cuenta un marco de buenas prácticas internacionales para el uso de estos servicios, y que además de los requerimientos del artículo 22 del Reglamento, incluya los siguientes aspectos:

a) Requerimientos de seguridad de la información que los servicios de nube deben cumplir y procedimientos para asegurar la implementación antes de su uso.

b) Lineamientos para segregación de redes que permita el aislamiento de la información de la empresa respecto a la de terceros en el entorno compartido del servicio en nube.

c) Evaluación de la disponibilidad de registro de eventos (log) que el proveedor de servicio en nube ofrece y atención de la necesidad de registros adicionales para el monitoreo de seguridad de la información.

d) Previsión de plan de capacitación para los niveles gerenciales, administradores de estos servicios, personal a cargo de su implementación y quienes hacen uso de ellos, sobre aquello necesario para el manejo de la seguridad de la información en estos.

Artículo 24. Servicios significativos de procesamiento de datos

24.1 La contratación de un servicio significativo provisto por terceros para el procesamiento de datos, incluido los servicios en nube, debe ser considerado como un cambio importante en el ambiente informático, siendo aplicable la definición de servicio significativo establecida en el Reglamento de Gobierno Corporativo y Gestión Integral de Riesgos y la normativa vigente asociada a nuevos productos y cambios importantes.

24.2 La empresa debe cumplir los siguientes aspectos referidos a la contratación de un servicio significativo provisto por terceros para el procesamiento de datos, que incluye servicios en nube, de manera complementaria a lo establecido en los artículos 22 y 23 del presente Reglamento, según corresponda:

a) Asegurar el acceso adecuado a la información, en tiempos razonables y a solo requerimiento, por parte de la Superintendencia, Auditoría Interna y la Sociedad de Auditoría Externa, en condiciones normales de operación y en regímenes especiales.

b) Gestionar los incidentes de seguridad de la información, conforme al numeral 6 del artículo 12 y de desarrollar las actividades planificadas previstas en el artículo 13 del presente Reglamento, en lo aplicable al servicio significativo de procesamiento de datos del que se trate.

c) Contar con una estrategia de salida de los servicios a cargo del proveedor que permita retomar operaciones por cuenta propia o mediante otro proveedor, de acuerdo a los tiempos objetivos de recuperación definidos por la empresa para dichos servicios. Dicha estrategia debe prever, entre otros aspectos, las acciones necesarias para la migración de la información a los recursos de la empresa o de otro proveedor.

d) Mantener un inventario de los servicios que el proveedor, a su vez, contrata con terceros (contratación en cadena) y que se encuentren relacionados a los servicios contratados por la empresa.

e) Asegurar que la información de carácter confidencial en custodia del proveedor sea eliminada definitivamente ante la resolución del acuerdo contractual.

f) Verificar anualmente que el proveedor de servicios de procesamiento de datos cuenta con controles de seguridad de la información, conforme a la normativa vigente sobre seguridad de la información, en lo aplicable al servicio provisto. Ello puede ser sustentado mediante informes independientes y reportes de auditoría que incluyen en su alcance la verificación de

dichos controles.

g) Cuando se trate de servicios en nube, para cumplir con lo requerido en el literal previo, la empresa debe evidenciar anualmente que el proveedor mantiene vigente las certificaciones ISO/IEC 27001, ISO/IEC 27017 e ISO/IEC 27018, y que cuenta con un reporte SOC 2 tipo 2 u otros equivalentes, relevantes al servicio provisto y a la zona o región desde donde se provee el servicio.

24.3 La empresa debe informar a esta Superintendencia sobre el servicio contratado, el proveedor involucrado, los niveles de servicio acordados, infraestructura tecnológica utilizada, así como los procedimientos y responsables para dar cumplimiento a los literales del a) al f), y según corresponda g) o h), del párrafo anterior; por lo menos treinta (30) días calendario antes de iniciar la provisión del procesamiento de datos.

Artículo 25. autorización para la contratación de servicio significativo de procesamiento de datos provisto por terceros desde el exterior

25.1 La empresa debe solicitar autorización de la Superintendencia, previo a la contratación de un servicio significativo de procesamiento de datos provisto por terceros desde el exterior, en caso dicho servicio presente limitaciones para cumplir con los requerimientos establecidos en el párrafo 24.2 del artículo 24 del presente Reglamento, la cual será respondida por la Superintendencia en el plazo de sesenta (60) días hábiles. Para solicitar dicha autorización las empresas deben presentar junto con su solicitud, un informe con los sustentos legales de las limitaciones identificadas y una propuesta de plan de implementación de las medidas compensatorias.

25.2 La autorización que conceda esta Superintendencia es específica al proveedor del servicio y, al país y ciudad desde el que se recibe, así como a las condiciones generales que fueron objeto de la autorización, por lo que de existir modificaciones en ellas y, de mantenerse la limitación citada en el párrafo previo, se requiere de un nuevo procedimiento de autorización ante la Superintendencia.

Subcapítulo V.- Régimen Simplificado del SGSI-C

Artículo 26. Sistema simplificado de gestión de seguridad de la información

26.1 El régimen simplificado de gestión de seguridad de la información requiere la planificación y ejecución de las siguientes actividades mínimas, cuya periodicidad por lo menos debe ser anual:

a) Identificar con las unidades de negocio y de apoyo, cuál es la información de mayor importancia, por las obligaciones normativas o contractuales existentes, y por la necesidad de operar.

b) Identificar los dispositivos que se conectan a la red interna y todo software que se encuentre instalado en la infraestructura tecnológica, y asegurar que se encuentren acorde a una configuración segura previamente establecida.

c) Identificar las cuentas de usuario con permisos de acceso habilitados y en particular las que poseen privilegios administrativos con posibilidad de adicionar software a la infraestructura, y mantener el principio de mínimos privilegios otorgados.

d) Implementar y mantener una línea base de seguridad en sistemas operativos y aplicaciones utilizadas, incluidos los correspondientes a dispositivos móviles, estaciones de trabajo, servidores y dispositivos de comunicaciones. Identificar y evaluar la habilitación de las funciones de seguridad integradas en los sistemas operativos.

e) Priorizar y gestionar las vulnerabilidades de seguridad identificadas, para cuya identificación oportuna debe contar con los servicios de información necesarios.

f) Desarrollar una campaña de orientación para la adopción de prácticas seguras dirigida a los empleados, plana gerencial y de dirección.

26.2 En caso la empresa provea alguna de las operaciones indicadas en el artículo 19 del presente Reglamento por canal digital, en lo que corresponda a su implementación, debe cumplir con las disposiciones establecidas en el Subcapítulo III del Capítulo II del presente Reglamento.

26.3 En caso utilice servicios significativos provistos por terceros, en lo que corresponda a su implementación, la empresa debe cumplir con las disposiciones establecidas en el Subcapítulo IV del Capítulo II del presente Reglamento.

26.4 La empresa debe mantener un programa de ciberseguridad, conforme al Subcapítulo II del Capítulo II del presente Reglamento, con un alcance que por lo menos incluya los servicios indicados en los párrafos 26.2 y 26.3 del artículo 26 del presente Reglamento.

Subcapítulo VI.- Régimen reforzado del SGSI-C

Artículo 27. Requerimientos adicionales para empresa con concentración de mercado

27.1 El directorio debe designar a un director como responsable de velar por la efectividad del sistema de gestión de seguridad de la información, lo que incluye el desarrollo del plan estratégico del SGSI-C.

27.2 La empresa debe someter periódicamente a una evaluación independiente del alcance y la efectividad del SGSI-C; dicha evaluación podrá ser realizada por la unidad de auditoría interna u otro equipo que cumpla el requisito de independencia, siempre que posea experiencia previa y certificaciones internacionales que demuestren la preparación técnica necesaria.

Disposiciones Complementarias finales

Primera

La empresa puede contar con un marco para la gestión de los riesgos asociados a la seguridad de la información, que debe ser integrado en lo que corresponda en la gestión del riesgo operacional, conforme a los lineamientos establecidos en el artículo 22° del Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos.

Segunda

Los informes a los que se refieren los literales g) y h) del artículo 12°, y el artículo 27° del Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos deben incluir la evaluación de los riesgos asociados a la seguridad de la información.

Tercera

En caso de eventos que afecten la continuidad operativa y que tengan como causa probable un incidente de seguridad de la información, es aplicable lo señalado en el artículo 15 del Reglamento para la Gestión de la Continuidad del Negocio, aprobado por la Resolución SBS nº 877-2020, sobre reporte de eventos de interrupción significativa.

Cuarta

La aplicación del presente Reglamento se extiende a las empresas corredoras de seguros del segmento 1, según segmentación establecida en el artículo 36 del Reglamento para la Supervisión y Control de los Corredores y Auxiliares de Seguros aprobado por la Resolución SBS nº 809-2019, a dichas empresas les es exigible el párrafo 26.1 del artículo 26, Subcapítulo V, Capítulo II, del presente Reglamento.

Artículo segundo

Modificar el Reglamento de Auditoría Interna, aprobado por la Resolución SBS nº 11699-2008 y sus modificatorias, conforme a lo siguiente:

En el Anexo “Actividades Programadas”, sustituir el numeral 3 de la Sección I, el numeral 1 de la Sección II, el numeral 1 de la Sección III, el numeral 2 de la Sección IV, el numeral 3 de la Sección V y el numeral 1 de la Sección VI, conforme a los siguientes textos:

“I. Empresas señaladas en los literales A, B y C del artículo 16º de la Ley General (Excepto las empresas afianzadoras y de garantías), Banco de la Nación, Banco Agropecuario, Fondo Mivivienda y Corporación financiera de desarrollo (COFIDE).

(….)

3) Evaluación de la gestión del riesgo operacional y del cumplimiento de los procedimientos utilizados para la administración de los riesgos de operación; así como, de las disposiciones de la normativa vigente sobre gestión de continuidad del negocio y de seguridad de la información y ciberseguridad;

(….)”

“II. Empresas de seguros y/o de reaseguros

1) Evaluación de la gestión de los riesgos distintos a los riegos técnicos de seguros, que incluyen riesgo operacional, de mercado, de crédito, entre otros, y de las disposiciones de la normativa vigente sobre gestión de continuidad del negocio y de seguridad de la información y ciberseguridad;

(…)”

“III. Empresas de servicios complementarios y conexos

1) Evaluación de la gestión del riesgo operacional y del cumplimiento de los procedimientos utilizados para la administración de los riesgos de operación; así como, de las disposiciones de la normativa vigente sobre gestión de continuidad del negocio y de seguridad de la información y ciberseguridad.

(…)”

“IV. Empresas Afianzadoras y de Garantías

(…)

2) Evaluación de la gestión del riesgo operacional y del cumplimiento de los procedimientos utilizados para la administración de los riesgos de operación; así como, de las disposiciones de la normativa vigente sobre seguridad de la información y Ciberseguridad.

(…)”

“V. Derramas y Cajas de Pensiones

3) Evaluación de la gestión del riesgo operacional y del cumplimiento de los procedimientos utilizados para la administración de los riesgos de operación; así como, de las disposiciones de la normativa vigente sobre gestión de continuidad del negocio y de seguridad de la información y Ciberseguridad;

(…)”

“VI. Administradoras privadas de Fondos de Pensiones (AFP)

1) Evaluación de la gestión del riesgo operacional y de las disposiciones de la normativa vigente sobre gestión de continuidad del negocio yd e seguridad de la información;

(…)”

Artículo Tercero

Modificar el literal b) del segundo párrafo del artículo 20° Informe sobre el sistema de control interno del Reglamento de Auditoría Externa, aprobado por Resolución SBS nº 17026-2010 y sus modificatorias, de acuerdo a lo siguiente al siguiente texto:

“Artículo 20°.- Informe sobre el sistema de control interno

(…)

b) Evaluación de los sistemas de información de la empresa en el ámbito de la auditoría externa, que incluye, entre otros, el flujo de información en los niveles internos de la empresa para su adecuada gestión, y la revisión selectiva de la validez de los datos contenidos en la información complementaria a los estados financieros (anexos y reportes) que presentan las empresas a esta Superintendencia, según las normas vigentes sobre la materia; donde deben precisarse los sistemas que fueron parte del alcance de dicha evaluación; ,y

(…)”

Artículo cuarto

Modificar el procedimiento nº 123 relativo a la “Autorización del Procesamiento Principal en el Exterior” por “Autorización para la contratación del servicio significativo de Procesamiento de Datos provisto por terceros desde el Exterior” e incorporar el procedimiento nº198 relativo a “Autorización para aplicar el Régimen Simplificado del Sistema de Gestión de la Seguridad de la Información y la Ciberseguridad” en el Texto Único de Procedimientos Administrativos de la Superintendencia de Banca, Seguros y Administradoras Privadas de Fondos de Pensiones, aprobado mediante Resolución nº 1678-2018, cuyo texto se anexa a la presente la presente resolución y se publica en el Portal Web institucional (www.sbs.gob.pe).

Artículo Quinto

Modificar el Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos, aprobado mediante Resolución SBS nº 272-2017 y sus modificatorias, de acuerdo a lo siguiente:

1. Incorporar en el Artículo 2 del Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos, aprobado mediante Resolución SBS nº 272-2017 el siguiente texto:

“rr) Proveedor: tercero contratado para brindar bienes y/o servicios a una empresa, incluso bajo la modalidad de subcontratación. Las empresas que forman parte del mismo grupo económico que la empresa contratante también son consideradas como terceros.”

2. Modificar en el Artículo 2 Definiciones y/o referencias, el literal jj) Subcontratación, de acuerdo a lo siguiente:

“jj) Subcontratación: Modalidad mediante la cual una empresa contrata a un proveedor para que este entregue bienes y/o servicios que podrían ser desarrollados por ella.”

3. Sustituir el Capítulo IV, así como su referencia en el Índice de dicho Reglamento por “Bienes y/o Servicios Provistos por Terceros”, con el siguiente texto:

“Capítulo IV.- Bienes y/o Servicios Provistos por Terceros

Artículo 35.- Aspectos generales

35.1. Los bienes y/o servicios provistos por terceros son aquellos entregados a la empresa por parte de un proveedor.

35.2. En caso se trate de un bien y/o servicio que pudiera ser desarrollado por la empresa pero decide solicitarlo a través de un tercero, se configura la modalidad de subcontratación.

35.3. Los bienes y/o servicios significativos provistos por terceros son aquellos que, en caso de falla o suspensión, pueden poner en riesgo importante a la empresa al afectar sus ingresos, solvencia, continuidad operativa o reputación. En caso de que algún bien y/o servicio significativo sea provisto por un tercero bajo la modalidad de subcontratación, la subcontratación se considera significativa.

35.4. Un proveedor es considerado significativo cuando provee servicios significativos, se encuentre o no, bajo la modalidad de subcontratación.

Artículo 36.- Bienes y/o servicios provistos por terceros

36.1 Los riesgos asociados a la entrega de bien y/o servicios provistos por terceros deben ser gestionados como parte del marco de gestión integral de riesgos de la empresa.

36.2 La empresa es responsable de los resultados de los bienes y/o servicios provistos por terceros bajo la modalidad de subcontratación.

36.3 La empresa debe realizar una evaluación de los riesgos asociados a los servicios significativos provistos por terceros, ya sea que se encuentren o no bajo la modalidad de subcontratación. Dicha evaluación debe ser presentada al directorio para su aprobación.

36.4 En el caso de subcontratación significativa se debe contar con cláusulas que faciliten una adecuada revisión de la respectiva prestación por parte de las empresas, de la unidad de auditoría interna, de la sociedad de auditoría externa, así como por parte de la Superintendencia o las personas que esta designe, en los contratos suscritos con los proveedores.

36.5 La subcontratación de las funciones de la gestión de riesgos es considerada como significativa para fines de este Reglamento.

36.6 Esta Superintendencia puede definir requisitos adicionales para algunos bienes y/o servicios específicos provistos por terceros.

artículo 37°.- Autorización para la contratación de bienes y/o servicios significativos provistos por terceros

La contratación de los siguientes bienes y/o servicios significativos requiere autorización previa de esta Superintendencia y debe sujetarse a lo establecido en las normas reglamentarias específicas:

a) La subcontratación significativa de auditoría interna, de acuerdo con lo establecido en el Reglamento de Auditoría Interna o norma que lo sustituya;

b) Otros que indique la Superintendencia mediante norma general.”

Artículo sexto

Modificar el Reglamento de Riesgo Operacional, aprobado por Resolución SBS nº 2116-2009, según se indica a continuación:

1. Sustituir el literal i del artículo 2 y el artículo 14, de acuerdo con el siguiente texto:

“Artículo 2.- Definiciones

(…)

i. Subcontratación: Modalidad mediante la cual una empresa contrata a un proveedor para que este entregue bienes y/o servicios que podrían ser desarrollados por ella.

(…)

2. Sustituir el artículo 14 de acuerdo con el siguiente texto:

“Artículo 14.- Bienes y/o servicios provistos por terceros

La empresa debe contar con políticas y procedimientos apropiados para gestionar los riesgos asociados a los servicios provistos por terceros, y contar con un registro de estos.

La empresa debe implementar un procedimiento para la identificación de aquellos proveedores significativos precisando los casos en los que se encuentren bajo la modalidad de subcontratación.

En los casos de servicios significativos, se encuentren o no bajo la modalidad de subcontratación, y de servicios subcontratados la empresa debe considerar los siguientes aspectos:

a) Implementar un proceso de selección del proveedor del servicio.

b) Contar con un contrato, el cual debe incluir acuerdos de niveles de servicio; establecer claramente las responsabilidades del proveedor y de la empresa; establecer la jurisdicción que prevalecerá en caso de conflicto entre las partes; e incorporar los niveles de seguridad de información requeridos.

c) Gestionar y monitorear los riesgos asociados a estos servicios.

d) Mantener un registro que debe contener como mínimo:

i) Nombre del proveedor

ii) Giro o actividad principal de negocio del proveedor

iii) Descripción o listado de los servicios provistos

iv) Países, regiones y/o zonas geográficas desde donde se provee el servicio a contratar

v) Niveles de servicio acordados para su provisión

vi) Si la subcontratación es o no considerada significativa por la empresa

vii) Fecha de inicio del servicio

viii) Fecha de última renovación, si corresponde

ix) Fecha de vencimiento del servicio o la próxima fecha de renovación del contrato, según corresponda”

Artículo Séptimo

Modificar el Reglamento de Tarjetas de Crédito y Débito, aprobado por Resolución SBS nº 6523-2013 y sus normas modificatorias, según se indica a continuación:

1. Sustituir los artículos 6 y 12, de acuerdo con el siguiente texto:

“Artículo 6.- Información mínima, condiciones y vigencia aplicable a la tarjeta de crédito

Las tarjetas de crédito con soporte físico o digital se expiden con carácter de intransferible y deben incluir como mínimo la siguiente información:

1. Denominación social de la empresa que emite la tarjeta de crédito.

2. Nombre comercial que la empresa asigne al producto.

3. Identificación del sistema de tarjeta de crédito (marca) al que pertenece, de ser el caso.

En el caso de las tarjetas con soporte físico se debe incluir el nombre del usuario de la tarjeta de crédito; información de la que se puede prescindir siempre que la empresa cumpla con el Subcapítulo III del Capítulo II del Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad, aprobado por Resolución SBS nº 504-2021.

El plazo de vigencia de las tarjetas de crédito no puede exceder de cinco (5) años, pudiéndose acordar plazos de vencimiento menores.

Artículo 12.- Información mínima, condiciones y vigencia aplicable a las tarjetas de débito

Las tarjetas de débito con soporte físico o digital se expiden con carácter de intransferible y deben incluir como mínimo la siguiente información:

1. Denominación social de la empresa que emite la tarjeta de débito.

2. Nombre comercial que la empresa asigne al producto.

3. Identificación del sistema de tarjeta de débito (marca) al que pertenece, de ser el caso.

Para su uso, requieren adicionalmente la presencia de una clave secreta, firma, firma electrónica u otros mecanismos que permitan identificar al usuario, de acuerdo con lo pactado.

El plazo de vigencia de las tarjetas de débito no puede exceder de cinco (5) años, pudiéndose acordar plazos de vencimiento menores.”

Artículo octavo

Modificar el Reglamento de Operaciones con Dinero Electrónico aprobado por Resolución SBS nº 6283-2013 y sus normas modificatorias, según se indica a continuación:

1. Sustituir el artículo 4, de acuerdo con el siguiente texto:

“Artículo 4.- Soportes para uso de dinero electrónico

Los soportes mediante los cuales se puede hacer uso del dinero electrónico pueden ser los siguientes:

a) Teléfonos móviles.

b) Tarjetas prepago.

c) Cualquier otro equipo o dispositivo electrónico, que cumpla los fines establecidos en la Ley

Estos dispositivos deben incluir como mínimo la siguiente información:

1. Denominación social de la empresa que emite el soporte mediante el cual se hace uso del dinero electrónico.

2. Nombre comercial que la empresa asigne al producto.

3. Identificación del sistema de tarjeta (marca) al que pertenece, de ser el caso.

Dicha información debe ser mostrada en un espacio visible y de fácil acceso para el usuario.

Un mismo soporte puede ser utilizado y/o asociado para realizar transacciones con más de una cuenta de dinero electrónico.”

Artículo Noveno.- Plazos y Plan de adecuación

1. En un plazo que no debe exceder de sesenta (60) días calendario contados a partir del día siguiente de la publicación de la presente Resolución, las empresas deben presentar a la Superintendencia, un plan de adecuación al Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad aprobado en el Artículo Primero de la presente Resolución, previamente aprobado por el directorio, en el cual incluya:

a) un diagnóstico preliminar de la situación existente en la empresa;

b) las acciones previstas para la total adecuación al Reglamento;

c) los funcionarios responsables del cumplimiento de dicho plan; y

d) un cronograma de adecuación.

2. Las disposiciones señaladas en el Subcapítulo III del Capítulo II y la Tercera Disposición Complementaria Final del Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad aprobado en el Artículo Primero de la presente Resolución tienen un plazo de adecuación hasta el 1 de julio de 2022.

3. En un plazo no mayor a treinta (30) días calendario contados a partir del día siguiente de la publicación de la presente Resolución, las empresas que cuenten con un servicio significativo de procesamiento de datos provisto por terceros desde el exterior, cuyo marco legal aplicable impida o limite el cumplimiento de las medidas definidas en el párrafo 24.2 del artículo 24 del Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad, aprobado en el Artículo Primero de la presente Resolución, deben remitir un informe que contenga:

i) las limitaciones presentadas, dicho informe debe contar con el sustento legal del impedimento de su aplicación y

ii) las medidas compensatorias.

Artículo Décimo.- Vigencia

La presente Resolución entra en vigencia el 1 de julio de 2021, fecha en la que se deroga la Circular G 140-2009, con excepción de lo siguiente:

a. Los párrafos 25.1 y 25.2 del artículo 25 del Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad, aprobado por el Artículo Primero, que entran en vigencia al día siguiente de publicada la presente Resolución, fecha en la cual se deroga el artículo 7A de la Circular G 140-2009.

b. El Artículo Segundo de la presente Resolución entra en vigencia a partir de la auditoría correspondiente al ejercicio 2022.

c. Los Artículos Séptimo, Octavo y Noveno de la presente Resolución, entran en vigencia al día siguiente de la publicación de la presente Resolución, con excepción de lo indicado en el inciso d. del presente Artículo.

d. El requerimiento asociado a la inclusión conjunta de la información sobre la denominación social de la empresa emisora y el nombre comercial que la empresa asigne al producto de tarjeta de crédito y/o débito, señalado en el Artículo Séptimo de la presente Resolución, así como el requerimiento asociado a la inclusión de la dicha información en los dispositivos de soporte al dinero electrónico, señalado en el artículo Octavo de la presente Resolución; entran en vigencia el 1 de enero de 2022.

Regístrese, comuníquese y publíquese.

SOCORRO HEYSEN ZEGARRA, Superintendenta de Banca, Seguros y Administradoras Privadas de Fondos de Pensiones

26Feb/21

Acuerdo Ministerial nº 030-2019, de 31 de octubre de 2019

Acuerdo Ministerial nº 030-2019, de 31 de octubre de 2019, Expídese el Plan de Migración de los Sistemas de Información de la Administración Pública
Central, Institucional y que dependen de la Función Ejecutiva a un Centro de Datos Seguro. (Registro Oficial nº 151 del 28 de febrero de 2020). 

MINISTERIO DE TELECOMUNICACIONES Y DE LA SOCIEDAD DE LA INFORMACIÓN:

Considerando:

Que, el numeral 1 del artículo 154 de la Constitución de la República del Ecuador confiere a las Ministras y Ministros de Estado, además de las atribuciones establecidas en la ley, la rectoría de las políticas del área a su cargo, así como la facultad de expedir acuerdos y resoluciones administrativas;

Que, el artículo 226 de la Constitución de la República indica que: “Las instituciones del Estado, sus organismos, dependencias, las servidoras o servidores públicos y las personas que actúen en virtud de una potestad estatal ejercerán solamente las competencias y facultades que les sean atribuidas en la Constitución y la ley. Tendrán el deber de coordinar acciones para el cumplimiento de sus fines y hacer efectivo el goce y ejercicio de los derechos reconocidos en la Constitución”;

Que, el artículo 227 ibídem dispone: “La administración pública constituye un servicio a la colectividad que se rige por los principios de eficacia, eficiencia, calidad, jerarquía, desconcentración, descentralización, coordinación, participación, planificación, transparencia y evaluación”;

Que, de conformidad a lo establecido en el artículo 313 de la Constitución de la República “El Estado se reserva el derecho de administrar, regular, controlar y gestionar los sectores estratégicos, de conformidad con los principios de sostenibilidad ambiental, precaución, prevención y eficiencia (…) Se consideran sectores estratégicos la energía en todas sus formas, las telecomunicaciones, los recursos naturales no renovables, el transporte y la refinación de hidrocarburos, la biodiversidad y el patrimonio genético, el espectro radioeléctrico, el agua, y los demás que determine la ley”;

Que, el inciso segundo del artículo 314 de la Constitución de la República, dispone que el Estado garantizará que los servicios públicos, prestados bajo su control y regulación, respondan a principios de obligatoriedad, generalidad, uniformidad, eficiencia, responsabilidad, universalidad, accesibilidad, regularidad, continuidad y calidad;

Que, el artículo 140 de la Ley Orgánica de Telecomunicaciones, dispone: “Rectoría del sector. El Ministerio encargado del sector de las Telecomunicaciones y de la Sociedad de la Información es el órgano rector de las telecomunicaciones y de la sociedad de la información, informática, tecnologías de la información y las comunicaciones y de la seguridad de la información.

A dicho órgano le corresponde el establecimiento de políticas, directrices y planes aplicables en tales áreas para el desarrollo de la sociedad de la información, de conformidad con lo dispuesto en la presente Ley, su Reglamento General y los planes de desarrollo que se establezcan a nivel nacional. Los planes y políticas que dicte dicho Ministerio deberán enmarcarse dentro de los objetivos del Plan Nacional de Desarrollo y serán de cumplimiento obligatorio tanto para el sector público como privado”;

Que, el numeral 2 del artículo 141 de la Ley ibídem, señala: “Competencias del Órgano Rector. Corresponde al órgano rector del sector de las Telecomunicaciones y de la Sociedad de la Información: (…) 2. Formular, dirigir, orientar y coordinar las políticas, planes y proyectos para la promoción de las tecnologías de la información y la comunicación y el desarrollo de las telecomunicaciones, así como supervisar y evaluar su cumplimiento”;

Que, el artículo 10 de la Ley Orgánica de Acceso a la Información Pública, establece: “Custodia de la Información.- Es responsabilidad de las instituciones públicas, personas jurídicas de derecho público y demás entes señalados en el artículo 1 de la presente Ley, crear y mantener registros públicos de manera profesional, para que el derecho a la información se pueda ejercer a plenitud, por lo que, en ningún caso se justificará la ausencia de normas técnicas en el manejo y archivo de la información y documentación para impedir u obstaculizar el ejercicio de acceso a la información pública, peor aún su destrucción.

Quienes administren, manejen, archiven o conserven información pública, serán personalmente responsables, solidariamente con la autoridad de la dependencia a la que pertenece dicha información y/o documentación, por las consecuencias civiles, administrativas o penales a que pudiera haber lugar, por sus acciones u omisiones, en la ocultación, alteración, pérdida y/o desmembración de documentación e información pública. Los documentos originales deberán permanecer en las dependencias a las que pertenezcan, hasta que sean transferidas a los archivos generales o Archivo Nacional.

El tiempo de conservación de los documentos públicos, lo determinará la Ley del Sistema de Archivo Nacional y las disposiciones que regulen la conservación de la información pública confidencial.

Los documentos de una institución que desapareciere, pasarán bajo inventario al Archivo Nacional y en caso de fusión interinstitucional, será responsable de aquello la nueva entidad.”

Que, mediante Decreto Ejecutivo nº 8 de 13 de agosto de 2009, publicado en el Registro Ofi cial nº 10, de 24 de agosto de 2009, el Presidente de la República resolvió crear el Ministerio de Telecomunicaciones y de la Sociedad de la Información, como órgano rector del desarrollo de las Tecnologías de la Información y Comunicación, que incluye las telecomunicaciones y el espectro radioeléctrico;

Que, con Decreto Ejecutivo nº 5 de 24 de mayo de 2017, se suprime la Secretaría Nacional de la Administración Pública y se transfieren al Ministerio de Telecomunicaciones y de la Sociedad de la Información entre otras la atribución: “b. Desarrollar y coordinar planes, programas o proyectos sobre gobierno electrónico que sean necesarios para su implementación”;

Que, conforme lo establece la Disposición General Segunda del referido Decreto Ejecutivo, “El Ministerio de Telecomunicaciones y Sociedad de la Información gestionará y coordinará la implementación de políticas, planes, programas y proyectos de gobierno electrónico en las instituciones de la administración pública a través de las coordinaciones generales de gestión estratégica y las direcciones de tecnologías de la información, dependientes de estas o de quien haga sus veces”;

Que, mediante Decreto Ejecutivo nº 784 de 4 de junio de 2019, el Presidente de la República nombró al licenciado Andrés Michelena Ayala, como Ministro de Telecomunicaciones y de la Sociedad de la Información;

Que, con Acuerdo Ministerial nº 011-2018 de 8 de agosto de 2018, se expidió el Plan Nacional de Gobierno Electrónico 2018-2021, el cual tiene como objetivo promover la participación ciudadana, la democratización de los servicios públicos, la simplificación de trámites y la gestión estatal eficiente, por medio del aprovechamiento de los recursos que actualmente posee el Estado;

Que, mediante Acuerdo Ministerial nº 020-2019, de 2 de septiembre de 2019, se expidió la Política de Seguridad de la Información, la cual establece:

“Artículo 5.- El Ministerio de Telecomunicaciones y de la Sociedad de la Información desarrollará en un plazo de 60 días, un Plan de Migración que permita el alojamiento de los sistemas de información de las Instituciones de la Administración Pública Central y Dependiente de la Función Ejecutiva en un centro de datos que garantice seguridad, disponibilidad y sostenibilidad (…)”

“Artículo 6.- Las Instituciones de la Administración Pública Central y Dependiente de la Función Ejecutiva cumplirán de manera obligatoria lo planteado en el Plan de Migración, con el objetivo de promover que las instituciones públicas reduzcan los riesgos de seguridad física y lógica de sus sistemas de información principal.”;

Que, en el Informe Técnico de 28 de octubre de 2019, suscrito por el Subsecretario de Estado – Gobierno Electrónico, indica: “7. CONCLUSIONES. El Plan de Migración a un centro de datos seguro, es el resultado de la necesidad de proteger la información de las instituciones públicas en un espacio seguro que cuente con las certificaciones técnicas que avalen y garanticen la confiabilidad, integridad, disponibilidad y seguridad de los sistemas de información” (…)

RECOMENDACIONES.

Expedir el Plan de Migración, debido a la necesidad de gestionar la seguridad de la información acorde a la evolución normativa y tecnológica, ya que actualmente los riegos en seguridad muestran continuos cambios, se desarrollan nuevas amenazas y se revelan vulnerabilidades e incidentes de seguridad que tienen efectos considerables en la sociedad”;

En ejercicio de las atribuciones que le confiere el numeral 1 del artículo 154 de la Constitución de la República, artículo 17 del Estatuto del Régimen Administrativo de la Función Ejecutiva;

Acuerda:

Artículo 1

Expedir el Plan de Migración de los Sistemas de Información de la Administración Pública Central, Institucional y que dependen de la Función Ejecutiva a un Centro de Datos Seguro, que se encuentra Anexo y que forma parte integrante del presente Acuerdo Ministerial.

Artículo 2

El Plan de Migración tiene como objetivo definir el modelo de planificación que permita a las Instituciones de la Administración Pública Central, Institucional y que dependen de la Función Ejecutiva, migrar los sistemas de información a un Centro de Datos Seguro que garantice la disponibilidad, integridad, confidencialidad y sostenibilidad de los mismos.

El presente Acuerdo Ministerial es de cumplimiento obligatorio para las Instituciones de la Administración Pública Central, Institucional y que dependen de la Función Ejecutiva

DISPOSICIÓN GENERAL

De la ejecución e implementación del presente Acuerdo Ministerial encárguese a la Subsecretaría de Estado – Gobierno Electrónico del Ministerio de Telecomunicaciones y de Sociedad de la Información.

El presente Acuerdo Ministerial entrará en vigencia a partir de la publicación en el Registro Oficial.

Dado en el Distrito Metropolitano de Quito, a 31 de octubre de 2019.

f.) Lcdo. Andrés Michelena Ayala, Ministro de Telecomunicaciones y de la Sociedad de la Información.

04Oct/20

Decreto nº 59.767, de 15 de setembro de 2020

Decreto nº 59.767, de 15 de setembro de 2020, Regulamenta a aplicação da Lei Federal nº 13.709, de 14 de agosto de 2018 – Lei de Proteção de Dados Pessoais (LGPD) – no âmbito da Administração Municipal direta e indireta.

BRUNO COVAS, Prefeito do Município de São Paulo, no uso das atribuições que lhe são conferidas por lei, DECRETA:

CAPÍTULO I.- DAS DISPOSIÇÕES PRELIMINARES

Artigo 1º

Este decreto regulamenta a Lei Federal nº 13.709, de 14 de agosto de 2018, Lei de Proteção de Dados Pessoais (LGPD), no âmbito do Poder Executivo Municipal, estabelecendo competências, procedimentos e providências correlatas a serem observados por seus órgãos e entidades, visando garantir a proteção de dados pessoais.

Artigo 2º

Para os fins deste decreto, considera-se:

I – dado pessoal: informação relacionada a pessoa natural identificada ou identificável;

II – dado pessoal sensível: dado pessoal sobre origem racial ou étnica, convicção religiosa, opinião política, filiação a sindicato ou a organização de caráter religioso, filosófico ou político, dado referente à saúde ou à vida sexual, dado genético ou biométrico, quando vinculado a uma pessoa natural;

III – dado anonimizado: dado relativo a titular que não possa ser identificado, considerando a utilização de meios técnicos razoáveis e disponíveis na ocasião de seu tratamento;

IV – banco de dados: conjunto estruturado de dados pessoais, estabelecido em um ou em vários locais em suporte eletrônico ou físico;

V – titular: pessoa natural a quem se referem os dados pessoais que são objeto de tratamento;

VI – controlador: pessoal natural ou jurídica, de direito público ou privado, a quem competem as decisões referentes ao tratamento de dados pessoais;

VII – operador: pessoa natural ou jurídica, de direito público ou privado, que realiza o tratamento de dados pessoais em nome do controlador;

VIII – encarregado: pessoa indicada pelo controlador e operador como canal de comunicação entre o controlador, os titulares dos dados e a Autoridade Nacional de Proteção de Dados (ANPD);

IX – agentes de tratamento: o controlador e o operador;

X – tratamento: toda operação realizada com dados pessoais, como as que se referem a coleta, produção, recepção, classificação, utilização, acesso, reprodução, transmissão, distribuição, processamento, arquivamento, armazenamento, eliminação, avaliação ou controle da informação, modificação, comunicação, transferência, difusão ou extração;

XI – anonimização: utilização de meios técnicos razoáveis e disponíveis no momento do tratamento, por meio dos quais um dado perde a possibilidade de associação, direta ou indireta, a um indivíduo;

XII – consentimento: manifestação livre, informada e inequívoca pela qual o titular dos dados concorda com o tratamento de seus dados pessoais para uma finalidade determinada;

XIII – plano de adequação: conjunto das regras de boas práticas e de governança de dados pessoais que estabeleçam as condições de organização, o regime de funcionamento, os procedimentos, as normas de segurança, os padrões técnicos, as obrigações específicas para os diversos agentes envolvidos no tratamento, as ações educativas, os mecanismos internos de supervisão e de mitigação de riscos, o plano de respostas a incidentes de segurança e outros aspectos relacionados ao tratamento de dados pessoais.

Artigo 3º

As atividades de tratamento de dados pessoais pelos órgãos e entidades municipais deverão observar a boa-fé e os seguintes princípios:

I – finalidade: realização do tratamento para propósitos legítimos, específicos, explícitos e informados ao titular, sem possibilidade de tratamento posterior de forma incompatível com essas finalidades;

II – adequação: compatibilidade do tratamento com as finalidades informadas ao titular, de acordo com o contexto do tratamento;

III – necessidade: limitação do tratamento ao mínimo necessário para a realização de suas finalidades, com abrangência dos dados pertinentes, proporcionais e não excessivos em relação às finalidades do tratamento de dados;

IV – livre acesso: garantia, aos titulares, de consulta facilitada e gratuita sobre a forma e a duração do tratamento, bem como sobre a integralidade de seus dados pessoais;

V – qualidade dos dados: garantia, aos titulares, de exatidão, clareza, relevância e atualização dos dados, de acordo com a necessidade e para o cumprimento da finalidade de seu tratamento;

VI – transparência: garantia aos titulares, de informações claras, precisas e facilmente acessíveis sobre a realização do tratamento e os respectivos agentes de tratamento, observados os segredos comercial e industrial;

VII – segurança: utilização de medidas técnicas e administrativas aptas a proteger os dados pessoais de acessos não autorizados e de situações acidentais ou ilícitas de destruição, perda, alteração, comunicação ou difusão;

VIII – prevenção: adoção de medidas para prevenir a ocorrência de dados em virtude do tratamento de dados pessoais;

IX – não discriminação: impossibilidade de realização do tratamento para fins discriminatórios ilícitos ou abusivos;

X – responsabilização e prestação de contas: demonstração, pelo agente, da adoção de medidas eficazes e capazes de comprovar a observância e o cumprimento das normas de proteção de dados pessoais e, inclusive, da eficácia dessas medidas.

CAPÍTULO II.- DAS RESPONSABILIDADES

SEÇÃO I.- DAS RESPONSABILIDADES NA ADMINISTRAÇÃO PÚBLICA MUNICIPAL DIRETA

Artigo 4º

O Poder Executivo Municipal, por meio de suas Secretarias e Subprefeituras, nos termos da Lei Federal nº 13.709, de 2018, deve realizar e manter continuamente atualizados:

I – o mapeamento dos dados pessoais existentes e dos fluxos de dados pessoais em suas unidades;

II – a análise de risco;

III – o plano de adequação, observadas as exigências do Artigo 15 deste decreto;

IV – o relatório de impacto à proteção de dados pessoais, quando solicitado.

Parágrafo único. Para fins do inciso III do “caput” deste artigo, as Secretarias e Subprefeituras devem observar as diretrizes editadas pelo Controlador Geral do Município, após deliberação favorável da Comissão Municipal de Acesso à Informação (CMAI).

Artigo 5º

Fica designado o Controlador Geral do Município como o encarregado da proteção de dados pessoais, para os fins do Artigo 41 da Lei Federal nº 13.709, de 2018.

Parágrafo único. A identidade e as informações de contato do encarregado devem ser divulgadas publicamente, de forma clara e objetiva, no Portal da Transparência, em seção específica sobre tratamento de dados pessoais.

Artigo 6º

São atribuições do encarregado da proteção de dados pessoais:

I – aceitar reclamações e comunicações dos titulares, prestar esclarecimentos e adotar providências;

II – receber comunicações da autoridade nacional e adotar providências;

III – orientar os funcionários e os contratados da Administração Pública Direta a respeito das práticas a serem tomadas em relação à proteção de dados pessoais;

IV – editar diretrizes para a elaboração dos planos de adequação, conforme Artigo 4º, inciso III deste decreto;

V – determinar a órgãos da Prefeitura a realização de estudos técnicos para elaboração das diretrizes previstas no inciso IV deste artigo;

VI – submeter à Comissão Municipal de Acesso à Informação (CMAI), sempre que julgar necessário, matérias atinentes a este decreto;

VII – decidir sobre as sugestões formuladas pela autoridade nacional a respeito da adoção de padrões e de boas práticas para o tratamento de dados pessoais, nos termos do Artigo 32 da Lei Federal nº 13.709, de 2018;

VIII – providenciar a publicação dos relatórios de impacto à proteção de dados pessoais previstos pelo Artigo 32 da Lei Federal nº 13.709, de 2018;

IX – recomendar a elaboração de planos de adequação relativos à proteção de dados pessoais ao encarregado das entidades integrantes da Administração indireta, informando eventual ausência à Secretaria responsável pelo controle da entidade, para as providências pertinentes;

X – providenciar, em caso de recebimento de informe da autoridade nacional com medidas cabíveis para fazer cessar uma afirmada violação à Lei Federal nº 13.709, de 2018, nos termos do Artigo 31 daquela lei, o encaminhamento ao órgão municipal responsável pelo tratamento de dados pessoais, fixando prazo para atendimento à solicitação ou apresentação das justificativas pertinentes;

XI – avaliar as justificativas apresentadas nos termos do inciso X deste artigo, para o fim de:

a) caso avalie ter havido a violação, determinar a adoção das medidas solicitadas pela autoridade nacional;

b) caso avalie não ter havido a violação, apresentar as justificativas pertinentes à autoridade nacional, segundo o procedimento cabível;

XII – requisitar das Secretarias e Subprefeituras responsáveis as informações pertinentes, para sua compilação em um único relatório, caso solicitada pela autoridade nacional a publicação de relatórios de impacto à proteção de dados pessoais, nos termos do artigo 32 da Lei Federal nº 13.709, de 2018;

XII – executar as demais atribuições estabelecidas em normas complementares.

§ 1º O Controlador Geral do Município terá os recursos operacionais e financeiros necessários ao desempenho dessas funções e à manutenção dos seus conhecimentos, bem como acesso motivado a todas as operações de tratamento.

§ 2º Na qualidade de encarregado da proteção de dados, o Controlador Geral do Município está vinculado à obrigação de sigilo ou de confidencialidade no exercício das suas funções, em conformidade com a Lei Federal nº 13.709, de 2018, com a Lei Federal nº 12.527, de 18 de novembro de 2011, e com o Decreto nº 53.623, de 12 de dezembro de 2012.

Artigo 7º

Cabe aos Chefes de Gabinete das Secretarias e Subprefeituras:

I – dar cumprimento, no âmbito dos respectivos órgãos, às ordens e recomendações do Controlador Geral do Município na qualidade de encarregado de proteção de dados pessoais;

II – atender às solicitações encaminhadas pelo Controlador Geral do Município no sentido de fazer cessar uma afirmada violação à Lei Federal nº 13.709, de 2018, ou apresentar as justificativas pertinentes;

III – encaminhar ao encarregado, no prazo por este fixado:

a) informações sobre o tratamento de dados pessoais que venham a ser solicitadas pela autoridade nacional, nos termos do Artigo 29 da Lei Federal nº 13.709, de 2018;

b) relatórios de impacto à proteção de dados pessoais, ou informações necessárias à elaboração de tais relatórios, nos termos do Artigo 32 da Lei Federal nº 13.709, de 2018.

IV – assegurar que o Controlador Geral do Município seja informado, de forma adequada e em tempo útil, de todas as questões relacionadas com a proteção de dados pessoais no âmbito do Poder Executivo municipal.

Artigo 8º

Cabe à Secretaria Municipal de Inovação e Tecnologia (SMIT):

I – oferecer os subsídios técnicos necessários à edição das diretrizes pelo Controlador Geral do Município para a elaboração dos planos de adequação;

II – orientar, sob o ponto de vista tecnológico, as Secretarias e as Subprefeituras na implantação dos respectivos planos de adequação.

Artigo 9º

Cabe à Comissão Municipal de Acesso à Informação (CMAI), por solicitação do Controlador Geral do Município:

I – deliberar sobre proposta de diretrizes para elaboração dos planos de adequação, nos termos do Artigo 4º, parágrafo único deste decreto;

II – deliberar sobre qualquer assunto relacionado à aplicação da Lei Federal nº 13.709, de 2018, e do presente decreto pelos órgãos do Poder Executivo.

SEÇÃO II.- DAS RESPONSABILIDADES NA ADMINISTRAÇÃO PÚBLICA MUNICIPAL INDIRETA

Artigo 10.

Cabe às entidades da Administração indireta observar, no âmbito da sua respectiva autonomia, as exigências da Lei Federal nº 13.709, de 2018, observada, no mínimo:

I – a designação de um encarregado de proteção de dados pessoais, nos termos do Artigo 41 da Lei Federal nº 13.709, de 2018, cuja identidade e informações de contato devem ser divulgadas publicamente, de forma clara e objetiva;

II – a elaboração e manutenção de um plano de adequação, nos termos do Artigo 4º, inc. III, e parágrafo único deste decreto.

CAPÍTULO III.- DO TRATAMENTO DE DADOS PESSOAIS PELA ADMINISTRAÇÃO PÚBLICA MUNICIPAL

Artigo 11.

O tratamento de dados pessoais pelos órgãos e entidades da Administração Pública Municipal deve:

I – objetivar o exercício de suas competências legais ou o cumprimento das atribuições legais do serviço público, para o atendimento de sua finalidade pública e a persecução do interesse público;

II – observar o dever de conferir publicidade às hipóteses de sua realização, com o fornecimento de informações claras e atualizadas sobre a previsão legal, finalidade, os procedimentos e as práticas utilizadas para a sua execução.

Artigo 12.

Os órgãos e as entidades da Administração Pública Municipal podem efetuar o uso compartilhado de dados pessoais com outros órgãos e entidades públicas para atender a finalidades específicas de execução de políticas públicas, no âmbito de suas atribuições legais, respeitados os princípios de proteção de dados pessoais elencados no Artigo 6º da Lei Federal nº 13.709, de 2018.

Artigo 13.

É vedado aos órgãos e entidades da Administração Pública Municipal transferir a entidades privadas dados pessoais constantes de bases de dados a que tenha acesso, exceto:

I – em casos de execução descentralizada de atividade pública que exija a transferência, exclusivamente para esse fim específico e determinado, observado o disposto na Lei Federal nº 12.527, de 2011;

II – nos casos em que os dados forem acessíveis publicamente, observadas as disposições da Lei Federal nº 13.709, de 2018;

III – quando houver previsão legal ou a transferência for respaldada, por meio de cláusula específica, em contratos, convênios ou instrumentos congêneres, cuja celebração deverá ser informada pelo responsável ao Controlador Geral do Município para comunicação à autoridade nacional de proteção de dados;

IV – na hipótese de a transferência dos dados objetivar exclusivamente a prevenção de fraudes e irregularidades, ou proteger e resguardar a segurança e a integridade do titular dos dados, desde que vedado o tratamento para outras finalidades.

Parágrafo único. Em quaisquer das hipóteses previstas neste artigo:

I – a transferência de dados dependerá de autorização específica conferida pelo órgão municipal à entidade privada;

II – as entidades privadas deverão assegurar que não haverá comprometimento do nível de proteção dos dados garantido pelo órgão ou entidade municipal.

Artigo 14.

Os órgãos e entidades da Administração Pública Municipal podem efetuar a comunicação ou o uso compartilhado de dados pessoais a pessoa de direito privado, desde que:

I – o Controlador Geral do Município informe a Autoridade Nacional de Proteção de Dados, na forma do regulamento federal correspondente;

II – seja obtido o consentimento do titular, salvo:

a) nas hipóteses de dispensa de consentimento previstas na Lei Federal nº 13.709, de 2018;

b) nos casos de uso compartilhado de dados, em que será dada publicidade nos termos do Artigo 11, inciso II deste decreto;

c) nas hipóteses do Artigo 13 deste decreto.

Parágrafo único. Sempre que necessário o consentimento, a comunicação dos dados pessoais a entidades privadas e o uso compartilhado entre estas e o órgãos e entidades municipais poderão ocorrer somente nos termos e para as finalidades indicadas no ato do consentimento.

Artigo 15.

Os planos de adequação devem observar, no mínimo, o seguinte:

I – publicidade das informações relativas ao tratamento de dados em veículos de fácil acesso, preferencialmente nas páginas dos órgãos e entidades na internet, bem como no Portal da Transparência, em seção específica a que se refere o parágrafo único do Artigo 5º deste decreto;

II – atendimento das exigências que vierem a ser estabelecidas pela Autoridade Nacional de Proteção de Dados, nos termos do Artigo 23, § 1º, e do Artigo 27, parágrafo único da Lei Federal nº 13.709, de 2018;

III – manutenção de dados em formato interoperável e estruturado para o uso compartilhado de dados com vistas à execução de políticas públicas, à prestação de serviços públicos, à descentralização da atividade pública e à disseminação e ao acesso das informações pelo público em geral.

Artigo 16.

As entidades integrantes da Administração Municipal indireta que atuarem em regime de concorrência, sujeitas ao disposto no Artigo 173 da Constituição Federal, deverão observar o regime relativo às pessoas jurídicas de direito privado particulares, exceto quando estiverem operacionalizando políticas públicas e no âmbito da execução delas, nos termos do Artigo 24 da Lei nº 13.709, de 2018.

CAPÍTULO.- DAS DISPOSIÇÕES FINAIS

Artigo 17.

As Secretarias e Subprefeituras deverão comprovar ao Controlador Geral do Município estar em conformidade com o disposto no Artigo 4º deste decreto no prazo de 180 (cento e oitenta dias) dias a contar da sua publicação.

Artigo 18.

As entidades da Administração indireta deverão apresentar ao Controlador Geral do Município, no prazo de 90 (noventa) dias, o respectivo plano de adequação às exigências da Lei Federal nº 13.709, de 2018.

Artigo 19.

O artigo 53 do Decreto Municipal nº 53.623, de 2012, passa a vigorar com a seguinte alteração:

“Artigo 53. …

VII – deliberar sobre qualquer assunto relacionado à aplicação da Lei Federal nº 13.709, de 14 de agosto de 2018, e do presente decreto pelos órgãos do Poder Executivo.

§ 3º As questões referentes ao inciso VII do “caput” deste artigo entrarão em pauta a partir de solicitação do Controlador Geral do Município, que poderá convocar sessão extraordinária para a referida deliberação.”

Artigo 20.

Este decreto entrará em vigor na data de sua publicação.

PREFEITURA DO MUNICÍPIO DE SÃO PAULO/SP, aos 15 de setembro de 2020, 467º da fundação de São Paulo.

BRUNO COVAS, PREFEITO

JUAN MANUEL QUIRÓS SADIR, Secretário Municipal de Inovação e Tecnologia

JOÃO MANOEL SCUDELER DE BARROS, Controlador Geral Do Município

ORLANDO LINDÓRIO DE FARIA, Secretário Municipal da Casa Civil

MARINA MAGRO BERINGHS MARTINEZ, Respondendo pelo cargo de Secretária Municipal de Justiça

RUBENS NAMAN RIZEK JUNIOR, Secretário de Governo Municipal

Publicado na Casa Civil, em 15 de setembro de 2020.

02Oct/20

Real Decreto-ley 28/2020, de 22 de septiembre, de trabajo a distancia (B.O.E. número 253, de 23 de septiembre de 2020)

EXPOSICIÓN DE MOTIVOS

I

El trabajo a distancia, entendido como trabajo que se realiza fuera de los establecimientos y centros habituales de la empresa y del que el teletrabajo es una subespecie que implica la prestación de servicios con nuevas tecnologías, ha sido objeto de regulación tanto en el ámbito interno como en el ámbito comunitario e internacional.

En el ámbito comunitario, la Confederación Europea de Sindicatos (CES), la Unión de Confederaciones de la Industria y de Empresarios de Europa (UNICE), la Unión Europea del Artesanado y de la Pequeña y Mediana Empresa (UNICE/UEAPME) y el Centro Europeo de la Empresa Pública (CEEP), firmaron, ya en el año 2002, el Acuerdo Marco Europeo sobre Teletrabajo, suscrito por los interlocutores sociales europeos en julio de 2002 y revisado en 2009, a fin de dar más seguridad a los teletrabajadores y las teletrabajadoras por cuenta ajena en la UE. Este Acuerdo entendió esta modalidad del trabajo a distancia como un medio para modernizar la organización del trabajo para las empresas y organizaciones de servicios públicos, y para dar una mayor autonomía en la realización de sus tareas a las personas trabajadoras.

El objeto del Acuerdo era elaborar un marco general a escala europea sobre las condiciones laborales de teletrabajadoras y teletrabajadores y compaginar las necesidades de flexibilidad y seguridad que son comunes a estos y a las empresas. El Acuerdo otorga a las personas trabajadoras a distancia la misma protección global que a las que ejercen sus actividades en los locales de la empresa.

En dicho Acuerdo se define el teletrabajo como una forma de organización o de realización del trabajo utilizando las tecnologías de la información, en el marco de un contrato o de una relación laboral, en la que un trabajo que también habría podido realizarse en los locales de la empresa, se ejecuta habitualmente fuera de estos.

En el Acuerdo se resaltan varios ámbitos clave, en los que es preciso tener en cuenta las peculiaridades del teletrabajo. En particular, este acuerdo se refiere especialmente el carácter voluntario del teletrabajo; la igualdad de derechos de las personas teletrabajadoras en relación a las que desarrollan su actividad en el establecimiento de la empresa, con una mención expresa a su derecho a la formación y la carrera profesional, o al pleno ejercicio de sus derechos colectivos; la dotación de equipos; la seguridad y la salud, especificando la aplicación íntegra de la normativa europea sobre la materia y la responsabilidad empresarial correspondiente; la gestión de la organización del trabajo por parte de la persona teletrabajadora, en el marco de la legislación y convenios colectivos aplicables.

Asimismo, la Organización Internacional del Trabajo reguló, en su Convenio nº 177 y en la Recomendación n.º 184, el trabajo a domicilio, entendiendo que esta modalidad se produce cuando se realiza la actividad laboral en el domicilio de la persona trabajadora o en otro local que esta escoja, distinto de los locales de trabajo de la empresa, a cambio de una remuneración y con el fin de elaborar un producto o prestar un servicio conforme a las especificaciones de la misma.

En el ámbito de la normativa interna española, la Ley 3/2012, de 6 de julio, de medidas urgentes para la reforma del mercado laboral, modificó la ordenación del tradicional trabajo a domicilio para dar acogida al trabajo a distancia basado en el uso intensivo de las nuevas tecnologías. La exposición de motivos de dicha ley reconocía el teletrabajo como una particular forma de organización del trabajo que encaja perfectamente en el modelo productivo y económico, al favorecer la flexibilidad de las empresas en la organización del trabajo, incrementar las oportunidades de empleo y optimizar la relación entre tiempo de trabajo y vida personal y familiar. De acuerdo con esta modificación, el trabajo a distancia está definido en el artículo 13 del texto refundido de la Ley del Estatuto de los Trabajadores, aprobado por el Real Decreto Legislativo 2/2015, de 23 de octubre, como aquel en que «la prestación de la actividad laboral se realice de manera preponderante en el domicilio del trabajador o en el lugar libremente elegido por este de modo alternativo a su desarrollo presencial en el centro de trabajo de la empresa».

Además, el trabajo a distancia es fundamental para favorecer el asentamiento y la fijación de población en el medio rural, tal y como se señala en las Directrices Generales de la Estrategia Nacional frente al Reto Demográfico, aprobadas por Consejo de Ministros el 29 de marzo de 2019. Esta norma ha de servir para hacer factible la oportunidad de revertir la despoblación, de acuerdo con las características de los territorios que sufren el declive demográfico, como zonas rurales y remotas, o pequeños municipios.

El artículo 13 del Estatuto de los Trabajadores resulta insuficiente para aplicarlo a las peculiaridades del teletrabajo, que requiere no solo de una prestación laboral que se desarrolle preferentemente fuera de los locales de la empresa, sino también de un uso intensivo de las nuevas tecnologías informáticas y de la comunicación.

Por su parte, el Real Decreto-ley 6/2019, de 1 de marzo, de medidas urgentes para garantía de la igualdad de trato y de oportunidades entre mujeres y hombres en el empleo y la ocupación, modificó el artículo 34.8 del Estatuto de los Trabajadores, anticipándose al contenido de la Directiva 2019/1158 (UE) del Consejo, de 20 de junio de 2019, relativa a la conciliación de la vida familiar y la vida profesional de los progenitores y los cuidadores y por la que se deroga la Directiva UE 2010/18 del Consejo, en la cual se establece un auténtico derecho a la conciliación de la vida laboral y familiar a través del uso de las formas flexibles de trabajo, incluidas la fórmulas de trabajo a distancia.

En la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales, se establecen por primera vez de manera expresa, y recogiendo la jurisprudencia nacional, comunitaria e internacional, un conjunto de derechos relacionados con el uso de dispositivos en el ámbito laboral como son, entre otros, el derecho a la intimidad y uso de dispositivos digitales en el ámbito laboral y el derecho a la desconexión digital.

El artículo 5 del Real Decreto-ley 8/2020, de 17 de marzo, de medidas urgentes extraordinarias para hacer frente al impacto económico y social del COVID-19, establece el carácter preferente del trabajo a distancia frente a otras medidas en relación con el empleo, debiendo la empresa adoptar las medidas oportunas si ello es técnica y razonablemente posible y si el esfuerzo de adaptación necesario resulta proporcionado, tratándose de una norma excepcional y de vigencia limitada.

II

La expansión de la pandemia y las necesarias medidas de contención han alterado de forma abrupta la evolución económica global, con caídas pronunciadas en la actividad y en el empleo. Aun cuando la pandemia remita, se prevé una caída acusada del Producto Interior Bruto (PIB), dependiendo las tasas de crecimiento y las posibilidades de recuperación de la propia evolución de la pandemia y la eventualidad de los rebrotes.

El PIB de la economía española ha sufrido la mayor contracción intertrimestral de su historia, siendo el impacto de esta crisis especialmente acusado sobre el empleo, con una fuerte reducción de las afiliaciones a la Seguridad Social y una utilización masiva de los expedientes temporales de regulación de empleo.

Pero además de lo anterior, la mayor parte del ajuste está recayendo sobre el colectivo de las personas con contrato temporal, y dentro de estas, sobre las trabajadoras y trabajadores jóvenes.

La incidencia tanto geográfica como sectorial ha sido muy heterogénea, siendo más negativa en los servicios que en las manufacturas, siendo un dato estable en el tiempo que en estos sectores o las denominadas «industrias sociales», mujeres y menores de 35 años están sobrerrepresentados, alcanzado porcentajes que superan el cuarenta por cierto.

Desde primeros de mayo, en un contexto de mayor control de la pandemia, la implementación progresiva del Plan de Desescalada se ha traducido en una reactivación gradual de la economía, y todas las proyecciones apuntan a una contracción muy acusada en el año 2020, seguida de un repunte sustancial en el año 2021.

En todo caso, se mantiene una elevada incertidumbre que depende de la evolución de la pandemia y el ritmo al que la actividad recupere cierta normalidad, el daño que pueda haberse producido en el tejido productivo y el potencial de crecimiento.

En suma, a los retos que ya se planteaban en el ámbito laboral español (tasas de temporalidad, riesgo de pobreza salarial, precariedad laboral y una fuerte segmentación), se suman nuevos desafíos que obligan a afrontar los cambios post-COVID-19 en los procesos de globalización y digitalización, y el uso de fórmulas eficaces de incremento de productividad que aumenten la calidad en el empleo y reduzcan la existencia de brechas salariales y profesionales.

De otro lado, la crisis sanitaria ha hecho que el trabajo a distancia se mostrara como el mecanismo más eficaz para asegurar el mantenimiento de la actividad durante la pandemia y para garantizar la prevención frente al contagio. Durante la crisis sanitaria no solo se ha reforzado la tendencia a la normalización del trabajo a distancia que ya se anticipaba con anterioridad a la misma, sino que incluso su utilización se ha llegado a configurar como preferente.

En algunos países las cifras reflejan claramente esta preferencia de uso: por ejemplo, en Finlandia durante la pandemia el uso del teletrabajo alcanzó el sesenta por ciento. Asimismo, en países como Francia, Portugal o Italia, el uso del trabajo a distancia se configuró con cierto grado de obligatoriedad o de preferencia frente a otras formas de actuación empresarial durante la pandemia. Según la encuesta de Eurofound «Living, working and COVID-19», casi cuatro de cada diez personas trabajadoras (un treinta y siete por ciento) empezaron a teletrabajar a causa de la pandemia (un treinta por ciento en España). Esto ha contribuido a que el número de horas trabajadas haya disminuido menos en aquellos países en que el teletrabajo ha aumentado en mayor proporción. De forma similar, en una encuesta a PYMES realizada por CEPYME, se asume el teletrabajo como la medida estrella para afrontar la crisis del coronavirus, en un cuarenta y seis por ciento de los casos.

En suma, las tecnologías de la comunicación han constituido una herramienta clave para reducir el impacto de las medidas de contención y restricciones a la actividad productiva, lo cual favorece a personas trabajadoras y empresas, hace posibles empresas eficientes y con una alta especialización, permite la aceleración económica de las zonas rurales e incrementa las posibilidades de empleo.

La situación descrita de contracción del PIB, la tasa de desempleo, la incertidumbre acerca de la evolución de la pandemia, la retroalimentación de estos factores de incertidumbre sobre los riesgos y debilidades estructurales del mercado de trabajo español, la salvaguarda de los derechos y obligaciones referidos en nuestro ordenamiento laboral, hacen necesario potenciar de una manera ordenada, urgente y con garantías el uso del trabajo a distancia.

III

El trabajo a distancia, en su concepción clásica de trabajo a domicilio, como aquel que se realiza fuera del centro de trabajo habitual y sin el control directo por parte de la empresa y vinculado a sectores y ámbitos geográficos muy concretos, se ha visto superado por la realidad de un nuevo marco de relaciones y un impacto severo de las nuevas tecnologías.

En la actualidad, más que trabajo a domicilio lo que existe es un trabajo remoto y flexible, que permite que el trabajo se realice en nuevos entornos que no requieren la presencia de la persona trabajadora en el centro de trabajo.

Esta virtualización de las relaciones laborales desvincula o deslocaliza a la persona trabajadora de un lugar y un tiempo concretos, lo que sin duda trae consigo notables ventajas, entre otras, mayor flexibilidad en la gestión de los tiempos de trabajo y los descansos; mayores posibilidades, en algunos casos, de una autoorganización, con consecuencias positivas, en estos supuestos, para la conciliación de la vida personal, familiar y laboral; reducción de costes en las oficinas y ahorro de costes en los desplazamientos; productividad y racionalización de horarios; fijación de población en el territorio, especialmente en las áreas rurales; compromiso y experiencia de la persona empleada; atracción y retención de talento o reducción del absentismo.

La figura del teletrabajo como forma de trabajo a distancia está cogiendo auge frente a la organización empresarial tradicional, lo que sin duda trae consigo prácticas novedosas y más flexibles, lo que estimula cambios organizativos en las empresas y fortalece la formación y empleabilidad de las personas trabajadoras. Asimismo, disminuye la contaminación en tanto decrece el número de desplazamientos y el uso de los vehículos privados y, potencialmente, tendrá efectos positivos en la emisión de gases con efectos invernadero al procurar una mayor eficiencia en el consumo de energía de las empresas.

Sin embargo, también presenta posibles inconvenientes: protección de datos, brechas de seguridad, tecnoestrés, horario continuo, fatiga informática, conectividad digital permanente, mayor aislamiento laboral, pérdida de la identidad corporativa, deficiencias en el intercambio de información entre las personas que trabajan presencialmente y aquellas que lo hacen de manera exclusiva a distancia, dificultades asociadas a la falta de servicios básicos en el territorio, como la conectividad digital o servicios para la conciliación laboral y familiar, o traslado a la persona trabajadora de costes de la actividad productiva sin compensación alguna, entre otros.

El teletrabajo se ha instalado en nuestro país como respuesta a las restricciones y medidas de contención de la pandemia aún vigentes, en un contexto legal caracterizado por la casi total ausencia de regulación específica. La generalización del teletrabajo en España, que trae su causa en las medidas adoptadas por las autoridades competentes para contener y frenar la expansión de la pandemia, se ha traducido en una suerte de desequilibrio de derechos y obligaciones entre empresas y personas trabajadoras, cuando menos. Se requiere de una norma que ayude a las partes empresarial y trabajadora a trasladar el carácter tuitivo del derecho del trabajo a la nueva realidad que se ha visto acelerada exponencialmente, como consecuencia de circunstancias exógenas e imprevisibles para los sindicatos, las patronales, las empresas, las personas trabajadoras y para el propio Gobierno.

En definitiva, la extensión y normalización del trabajo a distancia sin un marco legal suficiente que permita establecer las certezas y garantías necesarias puede distorsionar el marco de las relaciones laborales, y afecta a condiciones que se incorporan como esenciales de acuerdo con nuestro marco constitucional y legislativo (artículo 35 de la Constitución Española y el Estatuto de los Trabajadores) y el acervo de normas internacionales, comunitarias y nacionales que integran «un suelo social mínimo» (entre otras, Recomendación 2017/761, de 26 de abril Pilar Social europeo de derechos sociales, capítulo II, Directiva 2003/88/ CE, de 4 de noviembre de 2003, Carta Social Europea, hecha en Turín de 18 de octubre de 1961, ratificada por Instrumento de 29 de abril de 1980, la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales, la Directiva Marco 89/391/CEE del Consejo, de 12 de junio de 1989, relativa a la aplicación de medidas para promover la mejora de la seguridad y de la salud de los trabajadores en el trabajo y el propio texto refundido de la Ley del Estatuto de los Trabajadores).

IV

El objetivo es proporcionar una regulación suficiente, transversal e integrada en una norma sustantiva única que dé respuestas a diversas necesidades, equilibrando el uso de estas nuevas formas de prestación de trabajo por cuenta ajena y las ventajas que suponen para empresas y personas trabajadoras, de un lado, y un marco de derechos que satisfagan, entre otros, los principios sobre su carácter voluntario y reversible, el principio de igualdad de trato en las condiciones profesionales, en especial la retribución incluida la compensación de gastos, la promoción y la formación profesional, el ejercicio de derechos colectivos, los tiempos máximos de trabajo y los tiempos mínimos de descanso, la igualdad de oportunidades en el territorio, la distribución flexible del tiempo de trabajo, así como los aspectos preventivos relacionados básicamente con la fatiga física y mental, el uso de pantallas de visualización de datos y los riesgos de aislamiento.

Es necesario, por tanto, llenar el vacío normativo que existe, igualando el tratamiento jurídico en los aspectos más importantes de esta forma de organización del trabajo, acudiendo en la medida necesaria a la negociación colectiva, que se considera instrumento imprescindible para completar la normativa aplicable en cada uno de los sectores específicos, estableciendo criterios propios.

Esta norma es, además, fruto de la concertación social, de un dilatado proceso de reflexión y debate compartidos que, tras más tres meses, ha conseguido culminar en el Acuerdo de Trabajo a Distancia (ATD), que asegura el justo equilibrio de la regulación del trabajo a distancia y, que, sin duda, determinará su perdurabilidad en el tiempo, como sucede con todos aquellos cambios que afectan al ámbito laboral y vienen de la mano del consenso.

Esta regulación básica, que se entiende necesaria con un alcance general cualquiera que sea el sector profesional, desarrolla, como ejes de la misma, tres aspectos mínimos, que ya aparecen recogidos en el citado Acuerdo Marco Europeo sobre Teletrabajo, en el acervo comunitario –entre otras, directivas sobre condiciones mínimas de seguridad y salud, sobre tiempo de trabajo y previsibilidad y transparencia en las condiciones de trabajo– o en el ordenamiento estatutario que es el marco personal y material en el que se desarrolla.

En primer lugar, su definición, que supera el concepto del artículo 13 del Estatuto de los Trabajadores e introduce los ingredientes necesarios de especificación.

Lo relevante a los efectos de prever una mayor protección es el carácter regular de esta forma de prestación, garantizándose la necesaria flexibilidad en su uso, que se acomodará a las distintas circunstancias e intereses concurrentes de empresas y personas trabajadoras, huyendo de cualquier concepción rígida, pero proporcionando la necesaria seguridad jurídica, resultando de aplicación a toda forma de trabajo en la que concurran las condiciones previstas en el artículo 1.1 del Estatuto de los Trabajadores.

En segundo lugar, su carácter voluntario para la persona trabajadora y la empresa, debiendo adoptarse mediante un acuerdo por escrito que deberá recoger todas las informaciones escritas pertinentes, incluidas las especificidades que derivan del trabajo a distancia y que permiten garantizar con claridad y transparencia el contenido de sus elementos esenciales, más allá de que puedan deducirse de la normativa laboral de carácter general.

De esta manera, esta modalidad de organización o prestación de la actividad laboral no resulta de los poderes de dirección y organización empresariales, ni de la figura de la modificación sustancial de condiciones de trabajo –artículo 41 del Estatuto de los Trabajadores– sino que es una opción voluntaria para ambas partes.

La norma establece ciertas limitaciones en relación con supuestos concretos, como los menores y los contratos formativos. En el primer caso, la vulnerabilidad, las necesidades de formación y descanso y la especial susceptibilidad a los riesgos vinculados con esta forma específica de organización (fatiga física y mental, aislamiento, problemas de seguridad y de acoso en el trabajo) aconsejan que en dicho colectivo, de acuerdo con las exigencias de la normativa existente, artículos 6.2 del Estatuto de los Trabajadores y 27 de la Ley 31/1995, de 8 de noviembre, de Prevención de Riesgos Laborales, se establezcan limitaciones que garanticen un mínimo de tiempo de presencia en los mencionados acuerdos de trabajo a distancia.

Respecto de los contratos formativos, igual que ocurre en relación con otros aspectos e incidencias de su régimen jurídico, exigen las cautelas y limitaciones necesarias para garantizar el cumplimiento de su objeto, ya sea la práctica profesional adecuada al nivel de estudios cursado, ya la obtención de una cualificación profesional, bajo la adecuada y suficiente supervisión de la empresa.

En tercer lugar, y en lo que respecta a sus condiciones de trabajo, las personas que desarrollan trabajo a distancia se beneficiarán de los mismos derechos que los garantizados por la legislación y los convenios colectivos aplicables a las personas comparables que trabajen o, de existir, trabajasen, en los locales de la empresa, sin que dicha modalidad de organización suponga cambio alguno en el estatus jurídico de la persona trabajadora, ni constituya causa justificativa por sí misma para modificar las condiciones laborales ni para extinguir la relación de trabajo. No obstante, teniendo en cuenta las peculiaridades del trabajo a distancia, el real decreto-ley recoge aspectos complementarios, que resultan necesarios precisamente para garantizar que se mantiene el mismo nivel de protección.

Así, elementos como la entrega e instalación de equipos y medios necesarios para el desarrollo del trabajo a distancia, los costes asociados a su uso y mantenimiento, el ejercicio de acciones formativas adecuadas y específicas, la identidad de acceso, de trato y conocimiento puntual en las oportunidades de promoción profesional, la instalación de medios de control y vigilancia, la correcta aplicación de las medidas de seguridad y salud, las limitaciones al acceso del lugar de trabajo cuando coincide con el domicilio de la persona trabajadora, la organización del tiempo de trabajo, incluidas la flexibilidad, los periodos de disponibilidad y el adecuado registro, la vinculación necesaria a un centro de trabajo, etc., son condiciones esenciales que deben figurar de manera expresa sin perjuicio de la legislación estatutaria y de los convenios colectivos aplicables.

En este apartado ocupan un lugar destacado los derechos de las personas trabajadoras relacionadas con el derecho a la intimidad y el uso de dispositivos digitales en el ámbito laboral, protección de datos y derecho a la desconexión digital de acuerdo con lo previsto en la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales y el Reglamento (UE) 2016/679 del Parlamento Europeo y del Consejo, de 27 de abril de 2016, relativo a la protección de las personas físicas en lo que respecta al tratamiento de sus datos personales y a la libre circulación de estos datos.

Asimismo, se entiende necesario establecer en la medida precisa las facultades de control y organización que corresponden a la empresa, para garantizar un uso y conservación adecuados de los equipamientos entregados, las limitaciones de uso personal de los equipos y conexiones, el cumplimiento por la persona trabajadora de sus obligaciones y deberes laborales y las instrucciones necesarias para preservar a la empresa frente a posibles brechas de seguridad.

Existen, además, entre otros aspectos destacables, una marcada atención al necesario papel de la negociación colectiva en el ámbito del trabajo a distancia, con llamadas expresas del real decreto-ley a la hora de definir las tareas y actividades susceptibles de trabajo a distancia, los criterios de preferencia en el acceso a esta modalidad, el ejercicio de la reversibilidad, los distintos derechos de contenido económico asociados a esta forma de prestación y organización, el contenido del acuerdo e incluso los porcentajes de trabajo a distancia a los efectos de definir en sectores profesionales específicos lo que se considera trabajo a distancia regular.

V

Por otra parte, se introduce a través de este real decreto-ley una reforma imprescindible y es que la puesta en marcha de los procedimientos de reconocimiento de la prestación no contributiva de Ingreso Mínimo Vital, regulada en el Real Decreto-ley 20/2020, de 29 de mayo, por el que se establece el ingreso mínimo vital, ha hecho evidente la necesidad de modificar con urgencia algunos de sus preceptos con la finalidad de dar cobertura al mayor número de personas en el menor tiempo posible.

Así, se llevan a cabo mejoras en la redacción del texto que han de repercutir positivamente en agilizar el acceso a la misma, aumentando las competencias del Instituto Nacional de la Seguridad Social para llevar a cabo el reconocimiento de oficio de la prestación económica transitoria de ingreso mínimo vital durante 2020, o habilitando la base de coordinación padronal del INE para la confirmación de las solicitudes cuando coincidan los datos aportados por el solicitante de la prestación. En esta misma línea, el certificado de empadronamiento no requerirá el consentimiento de las personas empadronadas en el mismo domicilio que el solicitante, al tiempo que se contempla una fase previa de admisión vinculada exclusivamente a la situación de vulnerabilidad económica. Y mención especial merece la supresión de ser demandante de empleo, que pasa a configurarse como una obligación de los beneficiarios sin perjuicio de la previsión de excepciones.

Por otro lado, ante la complejidad en la tramitación de la prestación, y en aras de garantizar el acceso a la protección, se modifica la Disposición transitoria segunda para ampliar el periodo de efecto retroactivo allí previsto. Así, las solicitudes que se hubieran presentado antes del 1 de enero de 2021 verán, en su caso, reconocida la prestación con efectos del 1 de junio del presente año.

En el actual escenario de contención y prevención del COVID-19 tan urgente y necesario es atajar la epidemia y evitar su propagación para proteger la salud pública, como también lo es adoptar medidas de contenido económico y social para afrontar sus consecuencias en la ciudadanía, en particular, en los colectivos más vulnerables. En esta línea de razonamiento, y dentro del juicio político o de oportunidad que corresponde al Gobierno en los términos que establece la doctrina constitucional (STC 61/2018), se considera imprescindible introducir el conjunto de modificaciones de la regulación del ingreso mínimo vital que esta norma contiene con el fin de reforzar la agilidad del procedimiento a través del cual se reconoce esta prestación, reforzar la seguridad jurídica y corregir las disfuncionalidades detectadas en los meses de vigencia, logrando así que las personas y unidades de convivencia en situación de vulnerabilidad económica puedan acceder a la prestación cuanto antes. A la vista de ello, puede considerarse concurrente el presupuesto de extraordinaria y urgente necesidad que el artículo 86 de la Constitución exige para la aprobación de un decreto-ley.

VI

El presente real decreto-ley se estructura en cuatro capítulos, veintidós artículos, siete disposiciones adicionales, cuatro disposiciones transitorias y catorce disposiciones finales, acompañándose de un anexo.

La totalidad de los capítulos de la norma, así como las disposiciones adicionales primera y segunda, las disposiciones transitorias primera, segunda y tercera, y las disposiciones finales primera, segunda y tercera provienen del Acuerdo sobre Trabajo a Distancia.

En el capítulo I, dedicado a las disposiciones generales, se establece el ámbito personal de aplicación, incluyendo toda forma de trabajo en la que concurran las condiciones previstas en el artículo 1.1 del Estatuto de los Trabajadores, las definiciones de trabajo a distancia, teletrabajo y trabajo presencial a los efectos de este real decreto-ley, limitaciones, así como los principios de igualdad de trato y oportunidades y no discriminación, recogiendo aspectos concretos para hacer efectivo estos principios, teniendo en cuenta las especificidades que puede conllevar el trabajo a distancia en las condiciones de trabajo.

El capítulo II del real decreto-ley se ocupa del acuerdo de trabajo a distancia, de las obligaciones formales vinculadas al mismo, subrayando su carácter voluntario para ambas partes, la adopción expresa de un acuerdo escrito con un contenido mínimo, ya de manera inicial o ya sobrevenida, la no afectación al estatus laboral de la persona trabajadora, el ejercicio de la reversibilidad, el carácter acordado de las modificaciones del acuerdo y la ordenación de las prioridades de acceso, así como la remisión a la negociación colectiva en el procedimiento y criterios que deben de seguirse, debiéndose evitar la perpetuación de roles de género y fomentando la corresponsabilidad entre mujeres y hombres.

En su capítulo III, el real decreto-ley desarrolla la igualdad de derechos proclamada en el capítulo I, mediante la mención de las especiales precauciones a tener en cuenta respecto de los derechos laborales, cuando sean predicables en relación con las personas que llevan a cabo trabajo a distancia, estructurándose en torno a las siguientes secciones: derechos vinculados a la carrera profesional, derechos relativos a la dotación y mantenimiento de medios y al abono y compensación de gastos, derechos con repercusión en el tiempo de trabajo, derecho a la prevención de riesgos laborales, derechos relacionados con el uso de medios digitales y los derechos colectivos de las personas que trabajan a distancia.

En su capítulo IV, el real decreto-ley se refiere de manera específica a las facultades de organización, dirección y control empresarial en el trabajo a distancia, incluyendo la protección de datos y seguridad de la información, el cumplimiento por la persona trabajadora de sus obligaciones y deberes laborales y las instrucciones necesarias para preservar a la empresa frente a posibles brechas de seguridad.

Las disposiciones adicionales primera y segunda provienen del Acuerdo sobre Trabajo a Distancia, se refieren de manera respectiva al trabajo a distancia en la negociación colectiva y la regulación del trabajo a distancia para el personal laboral al servicio de las Administraciones Públicas.

La disposición adicional tercera prevé la prórroga del artículo 6 del Real Decreto-ley 8/2020, de 17 de marzo, en el que se regula el Plan MECUIDA, que permanecerá vigente hasta el 31 de enero de 2021, de conformidad con lo dispuesto en la disposición final décima del Real Decreto-ley 8/2020, de 17 de marzo, y en el artículo 15 del Real Decreto-ley 15/2020, de 21 de abril, de medidas urgentes complementarias para apoyar la economía y el empleo.

La disposición adicional cuarta confiere la consideración como contingencia profesional derivada de accidente de trabajo a las enfermedades padecidas por el personal que presta servicio en centros sanitarios o socio-sanitarios como consecuencia del contagio del virus SARS-CoV2 durante el estado de alarma.

La disposición adicional quinta se refiere a los convenios de colaboración entre las entidades gestoras de la Seguridad Social, las comunidades autónomas y el Instituto Nacional de Gestión Sanitaria para el control y seguimiento de la incapacidad temporal.

La disposición adicional sexta regula el régimen fiscal aplicable a la final de la «UEFA Women’s Champions League 2020», teniendo en cuenta que el hecho de que fueran elegidas por la UEFA las ciudades de Bilbao y San Sebastián para albergar en ellas la final de la «UEFA Women’s Champions League 2020» requiere la regulación de un régimen fiscal específico.

Por otra parte, a través de la disposición adicional séptima, se mantiene hasta el 31 de octubre de 2020 la aplicación de un tipo del cero por ciento del Impuesto sobre el Valor Añadido a las entregas interiores, importaciones y adquisiciones intracomunitarias de material sanitario para combatir la COVID-19, cuyos destinatarios sean entidades públicas, sin ánimo de lucro y centros hospitalarios, que, hasta el 31 de julio de 2020, estuvo regulada en el artículo 8 del Real Decreto-ley 15/2020, de 21 de abril, de medidas urgentes complementarias para apoyar la economía y el empleo. De esta forma, se extiende su plazo de vigencia para garantizar la respuesta del sistema sanitario en la segunda fase de control de la pandemia una vez ya iniciado el periodo de nueva normalidad. También se actualiza, con efectos desde la entrada en vigor del citado Real Decreto-ley 15/2020, la relación de bienes a los que es de aplicación esta medida, que se recoge en el Anexo de este real decreto-ley. A estos efectos, los sujetos pasivos efectuarán, en su caso, conforme a la normativa del Impuesto, la rectificación del Impuesto sobre el Valor Añadido repercutido o satisfecho con anterioridad a la entrada en vigor de este real decreto-ley.

La disposición transitoria primera que proviene del Acuerdo sobre Trabajo a Distancia, de la norma tiene un doble objetivo. Por un lado, garantizar que este real decreto-ley no pueda instrumentalizarse para mermar derechos reconocidos a las personas trabajadoras que prestasen servicios a distancia con anterioridad a su entrada en vigor. Por otro, cubrir los posibles vacíos regulatorios respectos de las relaciones laborales que ya se prestasen conforme a dicha modalidad con carácter previo.

Las disposiciones transitorias segunda y tercera, que también provienen del Acuerdo de Trabajo a Distancia, prevén, respectivamente, un régimen transitorio respecto del personal descrito en la adicional segunda y el régimen transitorio del trabajo a distancia adoptado con carácter excepcional por aplicación del artículo 5 del Real Decreto-ley 8/2020, de 17 de marzo.

La disposición transitoria cuarta establece el régimen aplicable a los procedimientos para el reconocimiento del ingreso mínimo vital iniciados antes de la entrada en vigor del presente real decreto-ley en los que no se haya dictado resolución expresa.

Las disposiciones finales primera a tercera recogen las modificaciones legislativas derivadas del Acuerdo Sobre Trabajo a Distancia.

La disposición final primera modifica el apartado 1 del artículo 7 el texto refundido de la Ley sobre Infracciones y Sanciones en el Orden Social, aprobado por Real Decreto Legislativo 5/2000, de 4 de agosto, a efectos de especificar la infracción referida al incumplimiento de la obligación de formalizar el acuerdo de trabajo a distancia en los términos y con los requisitos previstos en el real decreto-ley o el convenio colectivo aplicable.

La disposición final segunda establece un procedimiento judicial especial, mediante la introducción de un nuevo artículo, el 138 bis, a la Ley 36/2011, de 10 de octubre, reguladora de la jurisdicción social, aplicable a las reclamaciones relacionadas con derecho de acceso, reversión y modificación del trabajo a distancia.

A través de la disposición final tercera se introducen en el texto del Estatuto de los Trabajadores aquellas modificaciones necesarias conforme a lo recogido en el presente real decreto-ley, en los artículos 13, 23.1 a) y 37.8 de dicha norma legal.

En la disposición final cuarta, se modifica el artículo 54 de la Ley 47/2003, de 26 de noviembre, General Presupuestaria, para incluir entre los créditos considerados ampliables, los destinados al sistema de protección por cese de actividad.

La disposición final quinta incorpora una medida sobre la acreditación de la identidad para obtener certificados electrónicos, mediante la modificación de la Ley 59/2003, de 19 de diciembre, de firma electrónica. En el ámbito de la identificación de solicitantes de certificados electrónicos cualificados, el Reglamento (UE) 910/2014, del Parlamento Europeo y del Consejo, de 23 de julio de 2014, relativo a la identificación electrónica y los servicios de confianza para las transacciones electrónicas en el mercado interior y por el que se deroga la Directiva 1999/93/CE, contempla en su artículo 24.1 d) la posibilidad de que tal verificación se realice utilizando otros métodos de identificación reconocidos a escala nacional que aporten una seguridad equivalente en términos de fiabilidad a la presencia física. Como consecuencia, resulta precisa una regulación específica en nuestro Derecho nacional de los exigentes requisitos organizativos y de seguridad aplicables a tales métodos. A tal fin, procede atribuir al Ministerio de Asuntos Económicos y Transformación Digital, departamento competente para la regulación de los servicios electrónicos de confianza, la habilitación para la determinación de tales condiciones y requisitos.

Por otra parte, las disposiciones finales sexta y séptima abordan la modificación puntual de la Ley 13/2011, de 27 de mayo, de regulación del juego y de la Ley 3/2013, de 4 de junio, de creación de la Comisión Nacional de los Mercados y de la Competencia, respectivamente. Las competencias que en materia de juego tenía atribuidas el Ministerio de Hacienda, han sido atribuidas al Ministerio de Consumo, en virtud de los artículos 2 y 4 del Real Decreto 495/2020, de 28 de abril, por el que se desarrolla la estructura orgánica básica del Ministerio de Consumo y se modifica el Real Decreto 139/2020, de 28 de enero, por el que se establece la estructura orgánica básica de los departamentos ministeriales, salvo el análisis y definición de la política global en materia tributaria, la propuesta, elaboración e interpretación del régimen tributario y la gestión y liquidación de las tasas derivadas de la gestión administrativa del juego según dispone el artículo 2.1.f) del Real Decreto 689/2020, de 21 de julio, por el que se desarrolla la estructura orgánica básica del Ministerio de Hacienda y se modifica el Real Decreto 139/2020, de 28 de enero, por el que se establece la estructura orgánica básica de los departamentos ministeriales. Por ello es necesario modificar la disposición transitoria primera de la Ley 13/2011, de 27 de mayo, de regulación del juego, y las disposiciones adicionales segunda y décima de la Ley 3/2013, de 4 de junio, de creación de la Comisión Nacional de los Mercados y de la Competencia para indicar que las competencias relacionadas con la gestión y recaudación de las tasas derivadas de la gestión administrativa del juego serán ejercidas por la Agencia Estatal de la Administración Tributaria.

La disposición final octava modifica la Ley 38/2015, de 29 de septiembre, del sector ferroviario, introduciendo una nueva disposición adicional vigésima primera, que habilita al Director de la Agencia Estatal de Seguridad Ferroviaria, en el marco de sus competencias y bajo ciertas condiciones, para conceder, en el ámbito de la seguridad operacional ferroviaria sujeta a normativa nacional, exenciones específicas cuando se produzcan circunstancias urgentes imprevistas o necesidades operacionales urgentes. De este modo se permiten medidas excepcionales de las que se derive una recuperación escalonada que evite el colapso y permita la recuperación de la normalidad en el sector, de manera similar a lo que ha sucedido con las medidas excepcionales adoptadas como consecuencia de la situación de emergencia derivada del COVID-19.

En la disposición final novena, se incluye una modificación específica de la Ley 39/2015, de 1 de octubre, del Procedimiento Administrativo Común de las Administraciones Públicas, a efectos de ampliar el plazo de entrada en vigor de las previsiones de la disposición final séptima de la referida norma, en lo relativo al registro electrónico de apoderamientos, el registro electrónico, el registro de empleados públicos habilitados, el punto de acceso general electrónico de la Administración y el archivo electrónico; ante la dificultad de concluir los procesos de adaptación necesarios antes del 2 de octubre de 2020, que es el plazo fijado actualmente, se amplía hasta el 2 de abril de 2021, fecha a partir de la cual producirán efectos las previsiones sobre tales materias.

La disposición final décima modifica el artículo quinto del Real Decreto-ley 6/2020, de 10 de marzo, por el que se adoptan determinadas medidas urgentes en el ámbito económico y para la protección de la salud pública, referido a la consideración excepcional como situación asimilada a accidente de trabajo de los periodos de aislamiento, contagio o restricción en las salidas del municipio donde tengan el domicilio o su centro de trabajo las personas trabajadoras como consecuencia del virus COVID-19.

La disposición final undécima se ocupa de la modificación del Real Decreto-ley 20/2020, de 29 de mayo, por el que se establece el ingreso mínimo vital, antes reseñada.

La disposición final duodécima modifica el Real Decreto-ley 25/2020, de 3 de julio, de medidas urgentes para apoyar la reactivación económica y el empleo, en la parte que regula el programa de ayudas a la adquisición de vehículos para la renovación del parque circulante, con criterios de sostenibilidad y sociales, el Programa RENOVE, con el fin de aclarar el procedimiento de pago, realizar determinadas modificaciones en materia presupuestaria, y habilitar a la entidad colaboradora que gestione el programa a distribuir los fondos a los beneficiarios.

La disposición final decimotercera establece el título competencial, correspondiendo a la disposición final decimocuarta señalar la fecha de su entrada en vigor.

VII

Como tiene reiteradamente declarado el Tribunal Constitucional (así, STC 61/2018, de 7 de junio, FJ 5), la adecuada fiscalización del recurso al decreto-ley requiere el análisis de dos aspectos desde la perspectiva constitucional: por un lado, la presentación explícita y razonada de los motivos que han sido tenidos en cuenta por el Gobierno en su aprobación (SSTC 29/1982, de 31 de mayo, FJ 3; 111/1983, de 2 de diciembre, FJ 5; 182/1997, de 20 de octubre, FJ 3, y 137/2003, de 3 de julio, FJ 4) y, por otro lado, la existencia de una necesaria conexión entre la situación de urgencia definida y la medida concreta adoptada para subvenir a ella (SSTC 29/1982, de 31 de mayo, FJ 3; 182/1997, de 20 de octubre, FJ 3, y 137/2003, de 3 de julio, FJ 4).

En cuanto a la definición de la situación de urgencia, se ha precisado que no es necesario que tal definición expresa de la extraordinaria y urgente necesidad haya de contenerse siempre en el propio real decreto-ley, sino que tal presupuesto cabe deducirlo igualmente de una pluralidad de elementos. El examen de la concurrencia del presupuesto habilitante de la «extraordinaria y urgente necesidad» siempre se ha de llevar a cabo mediante la valoración conjunta de todos aquellos factores que determinaron al Gobierno a dictar la disposición legal excepcional y que son, básicamente, los que quedan reflejados en la exposición de motivos de la norma, y en el propio expediente de elaboración de la misma (SSTC 29/1982, de 31 de mayo, FJ 4; 182/1997, de 28 de octubre, FJ 4; 11/2002, de 17 de enero, FJ 4, y 137/2003, de 3 de julio, FJ 3).

En cuanto a la segunda dimensión del presupuesto habilitante de la legislación de urgencia, concebida como conexión de sentido entre la situación de necesidad definida y las medidas que en el real decreto-ley se adoptan, generalmente, se ha venido admitiendo el uso del decreto-ley en situaciones que se han calificado como «coyunturas económicas problemáticas», para cuyo tratamiento representa un instrumento constitucionalmente lícito, en tanto que pertinente y adecuado para la consecución del fin que justifica la legislación de urgencia, que no es otro que subvenir a «situaciones concretas de los objetivos gubernamentales que por razones difíciles de prever requieran una acción normativa inmediata en un plazo más breve que el requerido por la vía normal o por el procedimiento de urgencia para la tramitación parlamentaria de las leyes» (SSTC 31/2011, de 17 de marzo, FJ 4; 137/2011, de 14 de septiembre, FJ 6, y 100/2012, de 8 de mayo, FJ 8).

Finalmente, ha de advertirse que el hecho de que se considere una reforma estructural no impide, por sí sola, la utilización de la figura del decreto-ley, pues, y esto es particularmente pertinente en el supuesto que se analiza, el posible carácter estructural del problema que se pretende atajar no excluye que dicho problema pueda convertirse en un momento dado en un supuesto de extraordinaria y urgente necesidad, que justifique la aprobación de un decreto-ley, lo que deberá ser determinado atendiendo a las circunstancias concurrentes en cada caso (STC 137/2011, FJ 6; reiterado en SSTC 183/2014, FJ 5; 47/2015, FJ 5, y 139/2016, FJ 3).

La suma de todos los factores que se explican- la grave incidencia de la pandemia en el empleo y en la recuperación económica con altos grados de incertidumbre causados por los «rebrotes», la necesidad de procurar una ordenación segura, general y eficaz que evite mermas de derechos o situaciones de inseguridad- y que integran el supuesto descrito en el artículo 86.1 de la Constitución Española, requieren como se expone en la motivación de este real decreto-ley, una regulación completa y suficiente, basada a partes iguales en la protección de los derechos de las personas trabajadoras, y en la certeza y seguridad para las empresas, con la participación de la negociación colectiva que aporte los ingredientes necesarios de flexibilidad.

Además, la protección y la certeza de los trabajadores es especialmente urgente y necesaria en el caso de las situaciones de trabajo a distancia implantadas excepcionalmente conforme al artículo 5 del Real Decreto-ley 8/2020, de 17 de marzo, para las cuales, se requiere la adopción inmediata de este real decreto-ley, con las salvedades establecidas en la disposición transitoria tercera.

VIII

Con esta norma se avanza en el cumplimiento de la meta 8.5 de la Agenda 2030 para el Desarrollo Sostenible, es decir, lograr el empleo pleno y productivo y el trabajo decente para todas las mujeres y los hombres, incluidos los jóvenes y las personas con discapacidad, así como la igualdad de remuneración por trabajo de igual valor; y de las metas 8.4 y 11.6 de la Agenda 2030, relativas a la mejora progresiva de la producción y el consumo eficientes, procurando desvincular el crecimiento económico de la degradación del medio ambiente; y a la reducción del impacto ambiental negativo per cápita de ciudad.

Este real decreto-ley cumple con los principios de buena regulación exigibles conforme al artículo 129 de la Ley 39/2015, de 1 de octubre, del Procedimiento Administrativo Común de las Administraciones Públicas. Tal y como se pone de manifiesto en la motivación y los objetivos la norma está llamada a proporcionar una regulación adecuada y suficiente de los diferentes aspectos que singularizan la prestación del trabajo a distancia y para lo cual no basta con la aplicación de los preceptos vigentes, dejándolo a la autonomía de las partes, lo que podría conllevar situaciones de desprotección, desigualdad y desconocimiento de derechos básicos dada la situación de asimetría y el espacio y medios particulares en los que se desarrolla el trabajo a distancia.

Es eficaz y proporcional, ya que regula los aspectos imprescindibles para posibilitar el cumplimiento de dicho objetivo, aspectos que han sido puestos de manifiesto, entre otros, por el Acuerdo Marco Europeo sobre Teletrabajo de 2002. Cumple también con el principio de transparencia, ya que identifica claramente su propósito y se ofrece una explicación completa de su contenido en las diferentes fases de su tramitación.

Ha sido sometido a los trámites de audiencia e información públicas, y de manera específica, a la previa consulta de las organizaciones sindicales y patronales más representativas, habiéndose acordado en Consejo de Ministros su tramitación urgente, todo ello sin perjuicio de que tales trámites no resulten preceptivos para la tramitación y aprobación de decretos-leyes, de conformidad con lo dispuesto en el artículo 26.11 de la Ley 50/1997, de 27 de noviembre, del Gobierno.

Este real decreto-ley se dicta al amparo de lo dispuesto en el artículo 149.1.7.ª y 13.ª de la Constitución Española, que atribuye al Estado las competencias exclusivas en las materias de legislación laboral; así como de bases y coordinación de la planificación general de la actividad económica.

Durante su tramitación se ha recabado el dictamen del Consejo Económico y Social.

En su virtud, haciendo uso de la autorización contenida en el artículo 86 de la Constitución Española, a propuesta de la Ministra de Trabajo y Economía Social, y previa deliberación del Consejo de Ministros en su reunión del día 22 de septiembre de 2020,

DISPONGO:

CAPÍTULO I.- Disposiciones generales

Artículo 1. Ámbito de aplicación.

Las relaciones de trabajo a las que resultará de aplicación el presente real decreto-ley serán aquellas en las que concurran las condiciones descritas en el artículo 1.1 del texto refundido de la Ley del Estatuto de los Trabajadores aprobado por el Real Decreto Legislativo 2/2015, de 23 de octubre, que se desarrollen a distancia con carácter regular.

Se entenderá que es regular el trabajo a distancia que se preste, en un periodo de referencia de tres meses, un mínimo del treinta por ciento de la jornada, o el porcentaje proporcional equivalente en función de la duración del contrato de trabajo.

Artículo 2. Definiciones.

A los efectos de lo establecido en este real decreto-ley, se entenderá por:

a) «trabajo a distancia»: forma de organización del trabajo o de realización de la actividad laboral conforme a la cual esta se presta en el domicilio de la persona trabajadora o en el lugar elegido por esta, durante toda su jornada o parte de ella, con carácter regular.

b) «teletrabajo»: aquel trabajo a distancia que se lleva a cabo mediante el uso exclusivo o prevalente de medios y sistemas informáticos, telemáticos y de telecomunicación.

c) «trabajo presencial»: aquel trabajo que se presta en el centro de trabajo o en el lugar determinado por la empresa.

Artículo 3. Limitaciones en el trabajo a distancia.

En los contratos de trabajo celebrados con menores y en los contratos en prácticas y para la formación y el aprendizaje, solo cabrá un acuerdo de trabajo a distancia que garantice, como mínimo, un porcentaje del cincuenta por ciento de prestación de servicios presencial, sin perjuicio del desarrollo telemático, en su caso, de la formación teórica vinculada a estos últimos.

Artículo 4. Igualdad de trato y de oportunidades y no discriminación.

1. Las personas que desarrollan trabajo a distancia tendrán los mismos derechos que hubieran ostentado si prestasen servicios en el centro de trabajo de la empresa, salvo aquellos que sean inherentes a la realización de la prestación laboral en el mismo de manera presencial, y no podrán sufrir perjuicio en ninguna de sus condiciones laborales, incluyendo retribución, estabilidad en el empleo, tiempo de trabajo, formación y promoción profesional.

Sin perjuicio de lo previsto en el párrafo anterior, las personas que desarrollan total o parcialmente trabajo a distancia tendrán derecho a percibir, como mínimo, la retribución total establecida conforme a su grupo profesional, nivel, puesto y funciones, así como los complementos establecidos para las personas trabajadoras que solo prestan servicios de forma presencial, particularmente aquellos vinculados a las condiciones personales, los resultados de la empresa o las características del puesto de trabajo.

2. Las personas que desarrollan trabajo a distancia no podrán sufrir perjuicio alguno ni modificación en las condiciones pactadas, en particular en materia de tiempo de trabajo o de retribución, por las dificultades, técnicas u otras no imputables a la persona trabajadora, que eventualmente pudieran producirse, sobre todo en caso de teletrabajo.

3. Las empresas están obligadas a evitar cualquier discriminación, directa o indirecta, particularmente por razón de sexo, de las personas trabajadoras que prestan servicios a distancia.

Igualmente, las empresas están obligadas a tener en cuenta a las personas teletrabajadoras o trabajadoras a distancia y sus características laborales en el diagnóstico, implementación, aplicación, seguimiento y evaluación de medidas y planes de igualdad.

4. De conformidad con lo previsto en la normativa aplicable, las empresas deberán tener en cuenta las particularidades del trabajo a distancia, especialmente del teletrabajo, en la configuración y aplicación de medidas contra el acoso sexual, acoso por razón de sexo, acoso por causa discriminatoria y acoso laboral.

En la elaboración de medidas para la protección de las víctimas de violencia de género, deberán tenerse especialmente en cuenta, dentro de la capacidad de actuación empresarial en este ámbito, las posibles consecuencias y particularidades de esta forma de prestación de servicios en aras a la protección y garantía de derechos sociolaborales de estas personas.

5. Las personas que realizan trabajo a distancia tienen los mismos derechos que las personas trabajadoras presenciales en materia de conciliación y corresponsabilidad, incluyendo el derecho de adaptación a la jornada establecido en el artículo 34.8 del Estatuto de los Trabajadores, a fin de que no interfiera el trabajo con la vida personal y familiar.

CAPÍTULO II.- El acuerdo de trabajo a distancia

Sección 1.ª Voluntariedad del trabajo a distancia

Artículo 5. Voluntariedad del trabajo a distancia y acuerdo de trabajo a distancia.

1. El trabajo a distancia será voluntario para la persona trabajadora y para la empleadora y requerirá la firma del acuerdo de trabajo a distancia regulado en este real decreto-ley, que podrá formar parte del contrato inicial o realizarse en un momento posterior, sin que pueda ser impuesto en aplicación del artículo 41 del Estatuto de los Trabajadores, todo ello sin perjuicio del derecho al trabajo a distancia que pueda reconocer la legislación o la negociación colectiva.

2. La negativa de la persona trabajadora a trabajar a distancia, el ejercicio de la reversibilidad al trabajo presencial y las dificultades para el desarrollo adecuado de la actividad laboral a distancia que estén exclusivamente relacionadas con el cambio de una prestación presencial a otra que incluya trabajo a distancia, no serán causas justificativas de la extinción de la relación laboral ni de la modificación sustancial de las condiciones de trabajo.

3. La decisión de trabajar a distancia desde una modalidad de trabajo presencial será reversible para la empresa y la persona trabajadora. El ejercicio de esta reversibilidad podrá ejercerse en los términos establecidos en la negociación colectiva o, en su defecto, en los fijados en el acuerdo de trabajo a distancia al que se refiere el artículo 7.

Sección 2.ª El acuerdo de trabajo a distancia

Artículo 6. Obligaciones formales del acuerdo de trabajo a distancia.

1. El acuerdo de trabajo a distancia deberá realizarse por escrito. Este acuerdo podrá estar incorporado al contrato de trabajo inicial o realizarse en un momento posterior, pero en todo caso deberá formalizarse antes de que se inicie el trabajo a distancia.

2. La empresa deberá entregar a la representación legal de las personas trabajadoras una copia de todos los acuerdos de trabajo a distancia que se realicen y de sus actualizaciones, excluyendo aquellos datos que, de acuerdo con la Ley Orgánica 1/1982, de 5 de mayo, de protección civil del derecho al honor, a la intimidad personal y familiar y a la propia imagen, pudieran afectar a la intimidad personal, de conformidad con lo previsto en el artículo 8.4 del Estatuto de los Trabajadores. El tratamiento de la información facilitada estará sometido a los principios y garantías previstos en la normativa aplicable en materia de protección de datos.

Esta copia se entregará por la empresa, en un plazo no superior a diez días desde su formalización, a la representación legal de las personas trabajadoras, que la firmarán a efectos de acreditar que se ha producido la entrega.

Posteriormente, dicha copia se enviará a la oficina de empleo. Cuando no exista representación legal de las personas trabajadoras también deberá formalizarse copia básica y remitirse a la oficina de empleo.

Artículo 7. Contenido del acuerdo de trabajo a distancia.

Será contenido mínimo obligatorio del acuerdo de trabajo a distancia, sin perjuicio de la regulación recogida al respecto en los convenios o acuerdos colectivos, el siguiente:

a) Inventario de los medios, equipos y herramientas que exige el desarrollo del trabajo a distancia concertado, incluidos los consumibles y los elementos muebles, así como de la vida útil o periodo máximo para la renovación de estos.

b) Enumeración de los gastos que pudiera tener la persona trabajadora por el hecho de prestar servicios a distancia, así como forma de cuantificación de la compensación que obligatoriamente debe abonar la empresa y momento y forma para realizar la misma, que se corresponderá, de existir, con la previsión recogida en el convenio o acuerdo colectivo de aplicación.

c) Horario de trabajo de la persona trabajadora y dentro de él, en su caso, reglas de disponibilidad.

d) Porcentaje y distribución entre trabajo presencial y trabajo a distancia, en su caso.

e) Centro de trabajo de la empresa al que queda adscrita la persona trabajadora a distancia y donde, en su caso, desarrollará la parte de la jornada de trabajo presencial.

f) Lugar de trabajo a distancia elegido por la persona trabajadora para el desarrollo del trabajo a distancia.

g) Duración de plazos de preaviso para el ejercicio de las situaciones de reversibilidad, en su caso.

h) Medios de control empresarial de la actividad.

i) Procedimiento a seguir en el caso de producirse dificultades técnicas que impidan el normal desarrollo del trabajo a distancia.

j) Instrucciones dictadas por la empresa, con la participación de la representación legal de las personas trabajadoras, en materia de protección de datos, específicamente aplicables en el trabajo a distancia.

k) Instrucciones dictadas por la empresa, previa información a la representación legal de las personas trabajadoras, sobre seguridad de la información, específicamente aplicables en el trabajo a distancia.

l) Duración del acuerdo de trabajo a distancia.

Artículo 8. Modificación del acuerdo de trabajo a distancia y ordenación de prioridades.

1. La modificación de las condiciones establecidas en el acuerdo de trabajo a distancia, incluido el porcentaje de presencialidad, deberá ser objeto de acuerdo entre la empresa y la persona trabajadora, formalizándose por escrito con carácter previo a su aplicación. Esta modificación será puesta en conocimiento de la representación legal de las personas trabajadoras.

2. Las personas que realizan trabajo a distancia desde el inicio de la relación laboral durante la totalidad de su jornada, tendrán prioridad para ocupar puestos de trabajo que se realizan total o parcialmente de manera presencial. A estos efectos, la empresa informará a estas personas que trabajan a distancia y a la representación legal de las personas trabajadoras de los puestos de trabajo vacantes de carácter presencial que se produzcan.

3. Los convenios o acuerdos colectivos podrán establecer los mecanismos y criterios por los que la persona que desarrolla trabajo presencial puede pasar a trabajo a distancia o viceversa, así como preferencias vinculadas a determinadas circunstancias, como las relacionadas con la formación, la promoción y estabilidad en el empleo de personas con diversidad funcional o con riesgos específicos, la existencia de pluriempleo o pluriactividad o la concurrencia de determinadas circunstancias personales o familiares, así como la ordenación de las prioridades establecidas en el presente real decreto-ley.

En el diseño de estos mecanismos se deberá evitar la perpetuación de roles y estereotipos de género y se deberá tener en cuenta el fomento de la corresponsabilidad entre mujeres y hombres, debiendo ser objeto de diagnóstico y tratamiento por parte del plan de igualdad que, en su caso, corresponda aplicar en la empresa.

CAPÍTULO III.- Derechos de las personas trabajadoras a distancia

Sección 1.ª Derecho a la carrera profesional

Artículo 9. Derecho a la formación.

1. Las empresas deberán adoptar las medidas necesarias para garantizar la participación efectiva en las acciones formativas de las personas que trabajan a distancia, en términos equivalentes a las de las personas que prestan servicios en el centro de trabajo de la empresa, debiendo atender el desarrollo de estas acciones, en lo posible, a las características de su prestación de servicios a distancia.

2. La empresa deberá garantizar a las personas que trabajan a distancia la formación necesaria para el adecuado desarrollo de su actividad tanto al momento de formalizar el acuerdo de trabajo a distancia como cuando se produzcan cambios en los medios o tecnologías utilizadas.

Artículo 10. Derecho a la promoción profesional.

Las personas que trabajan a distancia tendrán derecho, en los mismos términos que las que prestan servicios de forma presencial, a la promoción profesional, debiendo la empresa informar a aquellas, de manera expresa y por escrito, de las posibilidades de ascenso que se produzcan, ya se trate de puestos de desarrollo presencial o a distancia.

Sección 2.ª Derechos relativos a la dotación y mantenimiento de medios y al abono y compensación de gastos

Artículo 11. Derecho a la dotación suficiente y mantenimiento de medios, equipos y herramientas.

1. Las personas que trabajan a distancia tendrán derecho a la dotación y mantenimiento adecuado por parte de la empresa de todos los medios, equipos y herramientas necesarios para el desarrollo de la actividad, de conformidad con el inventario incorporado en el acuerdo referido en el artículo 7 y con los términos establecidos, en su caso, en el convenio o acuerdo colectivo de aplicación.

2. Asimismo, se garantizará la atención precisa en el caso de dificultades técnicas, especialmente en el caso de teletrabajo.

Artículo 12. El derecho al abono y compensación de gastos.

1. El desarrollo del trabajo a distancia deberá ser sufragado o compensado por la empresa, y no podrá suponer la asunción por parte de la persona trabajadora de gastos relacionados con los equipos, herramientas y medios vinculados al desarrollo de su actividad laboral.

2. Los convenios o acuerdos colectivos podrán establecer el mecanismo para la determinación, y compensación o abono de estos gastos.

Sección 3.ª Derechos con repercusión en el tiempo de trabajo

Artículo 13. Derecho al horario flexible en los términos del acuerdo.

De conformidad con los términos establecidos en el acuerdo de trabajo a distancia y la negociación colectiva, respetando los tiempos de disponibilidad obligatoria y la normativa sobre tiempo de trabajo y descanso, la persona que desarrolla trabajo a distancia podrá flexibilizar el horario de prestación de servicios establecido.

Artículo 14. Derecho al registro horario adecuado.

El sistema de registro horario que se regula en el artículo 34.9 del Estatuto de los Trabajadores, de conformidad con lo establecido en la negociación colectiva, deberá reflejar fielmente el tiempo que la persona trabajadora que realiza trabajo a distancia dedica a la actividad laboral, sin perjuicio de la flexibilidad horaria, y deberá incluir, entre otros, el momento de inicio y finalización de la jornada.

Sección 4.ª Derecho a la prevención de riesgos laborales

Artículo 15. Aplicación de la normativa preventiva en el trabajo a distancia.

Las personas que trabajan a distancia tienen derecho a una adecuada protección en materia de seguridad y salud en el trabajo, de conformidad con lo establecido en la Ley 31/1995, de 8 de noviembre, de Prevención de Riesgos Laborales, y su normativa de desarrollo.

Artículo 16. Evaluación de riesgos y planificación de la actividad preventiva.

1. La evaluación de riesgos y la planificación de la actividad preventiva del trabajo a distancia deberán tener en cuenta los riesgos característicos de esta modalidad de trabajo, poniendo especial atención en los factores psicosociales, ergonómicos y organizativos. En particular, deberá tenerse en cuenta la distribución de la jornada, los tiempos de disponibilidad y la garantía de los descansos y desconexiones durante la jornada.

La evaluación de riesgos únicamente debe alcanzar a la zona habilitada para la prestación de servicios, no extendiéndose al resto de zonas de la vivienda o del lugar elegido para el desarrollo del trabajo a distancia.

2. La empresa deberá obtener toda la información acerca de los riesgos a los que está expuesta la persona que trabaja a distancia mediante una metodología que ofrezca confianza respecto de sus resultados, y prever las medidas de protección que resulten más adecuadas en cada caso.

Cuando la obtención de dicha información exigiera la visita por parte de quien tuviera competencias en materia preventiva al lugar en el que, conforme a lo recogido en el acuerdo al que se refiere el artículo 7, se desarrolla el trabajo a distancia, deberá emitirse informe escrito que justifique dicho extremo que se entregará a la persona trabajadora y a las delegadas y delegados de prevención.

La referida visita requerirá, en cualquier caso, el permiso de la persona trabajadora, de tratarse de su domicilio o del de una tercera persona física.

De no concederse dicho permiso, el desarrollo de la actividad preventiva por parte de la empresa podrá efectuarse en base a la determinación de los riesgos que se derive de la información recabada de la persona trabajadora según las instrucciones del servicio de prevención.

Sección 5.ª Derechos relacionados con el uso de medios digitales.

Artículo 17. Derecho a la intimidad y a la protección de datos.

1. La utilización de los medios telemáticos y el control de la prestación laboral mediante dispositivos automáticos garantizará adecuadamente el derecho a la intimidad y a la protección de datos, en los términos previstos en la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales, de acuerdo con los principios de idoneidad, necesidad y proporcionalidad de los medios utilizados.

2. La empresa no podrá exigir la instalación de programas o aplicaciones en dispositivos propiedad de la persona trabajadora, ni la utilización de estos dispositivos en el desarrollo del trabajo a distancia.

3. Las empresas deberán establecer criterios de utilización de los dispositivos digitales respetando en todo caso los estándares mínimos de protección de su intimidad de acuerdo con los usos sociales y los derechos reconocidos legal y constitucionalmente. En su elaboración deberá participar la representación legal de las personas trabajadoras.

Los convenios o acuerdos colectivos podrán especificar los términos dentro de los cuales las personas trabajadoras pueden hacer uso por motivos personales de los equipos informáticos puestos a su disposición por parte de la empresa para el desarrollo del trabajo a distancia, teniendo en cuenta los usos sociales de dichos medios y las particularidades del trabajo a distancia.

Artículo 18. Derecho a la desconexión digital.

1. Las personas que trabajan a distancia, particularmente en teletrabajo, tienen derecho a la desconexión digital fuera de su horario de trabajo en los términos establecidos en el artículo 88 de la Ley Orgánica 3/2018, de 5 de diciembre.

El deber empresarial de garantizar la desconexión conlleva una limitación del uso de los medios tecnológicos de comunicación empresarial y de trabajo durante los periodos de descanso, así como el respeto a la duración máxima de la jornada y a cualesquiera límites y precauciones en materia de jornada que dispongan la normativa legal o convencional aplicables.

2. La empresa, previa audiencia de la representación legal de las personas trabajadoras, elaborará una política interna dirigida a personas trabajadoras, incluidas los que ocupen puestos directivos, en la que definirán las modalidades de ejercicio del derecho a la desconexión y las acciones de formación y de sensibilización del personal sobre un uso razonable de las herramientas tecnológicas que evite el riesgo de fatiga informática. En particular, se preservará el derecho a la desconexión digital en los supuestos de realización total o parcial del trabajo a distancia, así como en el domicilio de la persona empleada vinculado al uso con fines laborales de herramientas tecnológicas.

Los convenios o acuerdos colectivos de trabajo podrán establecer los medios y medidas adecuadas para garantizar el ejercicio efectivo del derecho a la desconexión en el trabajo a distancia y la organización adecuada de la jornada de forma que sea compatible con la garantía de tiempos de descanso.

Sección 6.ª Derechos colectivos

Artículo 19. Derechos colectivos de las personas que trabajan a distancia.

1. Las personas trabajadoras a distancia tendrán derecho a ejercitar sus derechos de naturaleza colectiva con el mismo contenido y alcance que el resto de las personas trabajadoras del centro al que están adscritas.

A estos efectos, la negociación colectiva podrá establecer las condiciones para garantizar el ejercicio de los derechos colectivos de las personas trabajadoras a distancia, en atención a las singularidades de su prestación, con respeto pleno al principio de igualdad de trato y de oportunidades entre la persona trabajadora a distancia y la que desempeñe tareas en el establecimiento de la empresa.

2. La empresa deberá suministrar a la representación legal de las personas trabajadoras los elementos precisos para el desarrollo de su actividad representativa, entre ellos, el acceso a las comunicaciones y direcciones electrónicas de uso en la empresa y la implantación del tablón virtual, cuando sea compatible con la forma de prestación del trabajo a distancia.

Deberá asegurarse que no existen obstáculos para la comunicación entre las personas trabajadoras a distancia y sus representantes legales, así como con el resto de personas trabajadoras.

3. Deberá garantizarse que las personas trabajadoras a distancia pueden participar de manera efectiva en las actividades organizadas o convocadas por su representación legal o por el resto de las personas trabajadoras en defensa de sus intereses laborales, en particular, su participación efectiva presencial para el ejercicio del derecho a voto en las elecciones a representantes legales.

CAPÍTULO IV.- Facultades de organización, dirección y control empresarial en el trabajo a distancia

Artículo 20. Protección de datos y seguridad de la información.

1. Las personas trabajadoras, en el desarrollo del trabajo a distancia, deberán cumplir las instrucciones que haya establecido la empresa en el marco de la legislación sobre protección de datos, previa participación de la representación legal de las personas trabajadoras.

2. Las personas trabajadoras deberán cumplir las instrucciones sobre seguridad de la información específicamente fijadas por la empresa, previa información a su representación legal, en el ámbito del trabajo a distancia.

Artículo 21. Condiciones e instrucciones de uso y conservación de equipos o útiles informáticos.

Las personas trabajadoras deberán cumplir las condiciones e instrucciones de uso y conservación establecidas en la empresa en relación con los equipos o útiles informáticos, dentro de los términos que, en su caso, se establezcan en la negociación colectiva.

Artículo 22. Facultades de control empresarial.

La empresa podrá adoptar las medidas que estime más oportunas de vigilancia y control para verificar el cumplimiento por la persona trabajadora de sus obligaciones y deberes laborales, incluida la utilización de medios telemáticos, guardando en su adopción y aplicación la consideración debida a su dignidad y teniendo en cuenta, en su caso, la capacidad real de los trabajadores con discapacidad.

Disposición adicional primera. El trabajo a distancia en la negociación colectiva.

1. Los convenios o acuerdos colectivos podrán establecer, en atención a la especificidad de la actividad concreta de su ámbito, la identificación de los puestos de trabajo y funciones susceptibles de ser realizados a través del trabajo a distancia, las condiciones de acceso y desarrollo de la actividad laboral mediante esta modalidad, la duración máxima del trabajo a distancia, así como contenidos adicionales en el acuerdo de trabajo a distancia y cuantas otras cuestiones se consideren necesario regular.

2. Los convenios o acuerdos colectivos podrán regular una jornada mínima presencial en el trabajo a distancia, el ejercicio de la reversibilidad al trabajo en los locales de la empresa, un porcentaje o periodo de referencia inferiores a los fijados en el presente real decreto-ley a los efectos de calificar como «regular» esta modalidad de ejecución de la actividad laboral, un porcentaje de trabajo presencial de los contratos formativos diferente al previsto en el mismo, siempre que no se celebren con menores de edad, así como las posibles circunstancias extraordinarias de modulación del derecho a la desconexión.

Disposición adicional segunda. Personal laboral al servicio de las Administraciones Públicas.

Las previsiones contenidas en el presente real decreto-ley no serán de aplicación al personal laboral al servicio de las Administraciones Públicas, que se regirá en esta materia por su normativa específica.

Disposición adicional tercera. Prórroga de la vigencia del artículo 6 del Real Decreto-ley 8/2020, de 17 de marzo, de medidas urgentes extraordinarias para hacer frente al impacto económico y social del COVID-19.

El artículo 6 del Real Decreto-ley 8/2020, de 17 de marzo, en el que se regula el Plan MECUIDA, permanecerá vigente hasta el 31 de enero de 2021.

Disposición adicional cuarta. Consideración como contingencia profesional derivada de accidente de trabajo a las enfermedades padecidas por el personal que presta servicio en centros sanitarios o socio-sanitarios como consecuencia del contagio del virus SARS-CoV2 durante el estado de alarma.

1. Desde la declaración de la pandemia internacional por la Organización Mundial de la Salud y hasta que las autoridades sanitarias levanten todas las medidas de prevención adoptadas para hacer frente a la crisis sanitaria ocasionada por el COVID-19, las prestaciones de Seguridad Social que cause el personal que presta servicios en centros sanitarios o socio-sanitarios, inscritos en los registros correspondientes, y que en el ejercicio de su profesión, hayan contraído el virus SARS-CoV2 por haber estado expuesto a ese riesgo específico durante la prestación de servicios sanitarios y socio-sanitarios, cuando así se acredite por los servicios de Prevención de Riesgos laborales y Salud Laboral, se considerarán derivadas de accidente de trabajo, al entender cumplidos los requisitos exigidos en el artículo 156.2.e) del texto refundido de la Ley General de la Seguridad Social, aprobado por el Real Decreto Legislativo 8/2015, de 30 de octubre.

2. El contagio y padecimiento de la enfermedad se acreditará mediante el correspondiente parte de accidente de trabajo que deberá haberse expedido dentro del mismo periodo de referencia.

3. En los casos de fallecimiento, se considerará que la causa es accidente de trabajo siempre que el fallecimiento se haya producido dentro de los cinco años siguientes al contagio de la enfermedad y derivado de la misma, de conformidad con lo dispuesto en el artículo 217.2 del texto refundido de la Ley General de la Seguridad Social.

Disposición adicional quinta. Convenios de colaboración entre las entidades gestoras de la Seguridad Social, las comunidades autónomas y el Instituto Nacional de Gestión Sanitaria para el control y seguimiento de la incapacidad temporal.

En los convenios de colaboración que formalicen las entidades gestoras de la Seguridad Social con las comunidades autónomas y con el Instituto Nacional de Gestión Sanitaria para el control y seguimiento de la incapacidad temporal podrá preverse el anticipo de hasta la cuantía total del importe previsto en el respectivo convenio para la financiación de las actuaciones a desarrollar por las comunidades autónomas y por el Instituto Nacional de Gestión Sanitaria.

A estos efectos, con carácter previo a la formalización de los convenios a que se refiere el párrafo anterior, se requerirá la autorización del Consejo de Ministros. Con esta finalidad, el titular del Ministerio de Inclusión, Seguridad Social y Migraciones, previo informe del Ministerio de Hacienda, elevará la oportuna propuesta al Consejo de Ministros.

No será de aplicación, para el caso exclusivo de estos convenios, lo dispuesto en el apartado 1 del artículo 47 de la Ley General Presupuestaria, en lo que se refiere a la necesidad de iniciar la ejecución del gasto en el propio ejercicio en el que se adquiere el compromiso del gasto.

Disposición adicional sexta. Régimen fiscal aplicable a la final de la «UEFA Women’s Champions League 2020».

Uno. Régimen fiscal de la entidad organizadora de la final de la «UEFA Women’s Champions League 2020» y de los equipos participantes:

Las personas jurídicas residentes en territorio español constituidas con motivo de la final de la «UEFA Women’s Champions League 2020» por la entidad organizadora o por los equipos participantes estarán exentas del Impuesto sobre Sociedades por las rentas obtenidas durante la celebración del acontecimiento y en la medida en que estén directamente relacionadas con su participación en él.

Lo establecido en el párrafo anterior se aplicará igualmente en el Impuesto sobre la Renta de no Residentes a los establecimientos permanentes que la entidad organizadora de la final de la «UEFA Women’s Champions League 2020» o los equipos participantes constituyan en España con motivo del acontecimiento por las rentas obtenidas durante su celebración y en la medida que estén directamente relacionadas con su participación en él.

Estarán exentas las rentas obtenidas sin establecimiento permanente por la entidad organizadora de la final de la «UEFA Women’s Champions League 2020» o los equipos participantes, generadas con motivo de la celebración de la final de la «UEFA Women’s Champions League 2020» y en la medida en que estén directamente relacionadas con su participación en aquella.

Dos. Régimen fiscal de las personas físicas que presten servicios a la entidad organizadora o a los equipos participantes:

1. No se considerarán obtenidas en España las rentas que perciban las personas físicas que no sean residentes en España, por los servicios que presten a la entidad organizadora o a los equipos participantes, generadas con motivo de la celebración de la final de la «UEFA Women’s Champions League 2020» y en la medida en que estén directamente relacionadas con su participación en aquella.

2. Las personas físicas que adquieran la condición de contribuyentes por el Impuesto sobre la Renta de las Personas Físicas como consecuencia de su desplazamiento a territorio español con motivo de la final de la «UEFA Women’s Champions League 2020» podrán optar por tributar por el Impuesto sobre la Renta de no Residentes, en los términos y condiciones previstos en el artículo 93 de la Ley 35/2006, de 28 de noviembre, del Impuesto sobre la Renta de las Personas Físicas y de modificación parcial de las leyes de los Impuestos sobre Sociedades, sobre la Renta de no Residentes y sobre el Patrimonio.

Tres. Régimen aduanero y tributario aplicable a las mercancías que se importen para afectarlas al desarrollo y celebración de la final de la «UEFA Women’s Champions League 2020»:

1. Con carácter general, el régimen aduanero aplicable a las mercancías que se importen para su utilización en la celebración y desarrollo de la final de la «UEFA Women’s Champions League 2020» será el que resulte de las disposiciones contenidas en el Reglamento (UE) n.º 952/2013 del Parlamento Europeo y del Consejo, de 9 de octubre de 2013, por el que se establece el Código Aduanero de la Unión, y demás legislación aduanera de aplicación.

2. Sin perjuicio de lo anterior y con arreglo al artículo 251 del Código Aduanero de la Unión y al artículo 7 del Convenio relativo a la Importación Temporal, hecho en Estambul el 26 de junio de 1990, las mercancías a que se refiere el número 1 de este apartado que se vinculen al régimen aduanero de importación temporal podrán permanecer al amparo de dicho régimen por un plazo máximo de 24 meses desde su vinculación al mismo, que, en todo caso, expirará, a más tardar, el 31 de diciembre del año siguiente al de la finalización de la final de la «UEFA Women’s Champions League 2020».

3. Se autoriza al Departamento de Aduanas e Impuestos Especiales de la Agencia Estatal de Administración Tributaria para que adopte las medidas necesarias para la ejecución de lo dispuesto en este apartado tres.

Cuatro. Impuesto sobre el Valor Añadido:

1. Por excepción a lo dispuesto en el número 2.º del artículo 119 bis de la Ley 37/1992, de 28 de diciembre, del Impuesto sobre el Valor Añadido, no se exigirá el requisito de reciprocidad en la devolución a empresarios o profesionales no establecidos en la Comunidad que soporten o satisfagan cuotas del Impuesto como consecuencia de la realización de operaciones relacionadas con la celebración de la final de la «UEFA Women’s Champions League 2020».

2. Por excepción de lo establecido en el número 7.º del apartado uno del artículo 164 de la Ley 37/1992, cuando se trate de empresarios o profesionales no establecidos en la Comunidad, Canarias, Ceuta o Melilla, o en un Estado con el que existan instrumentos de asistencia mutua análogos a los instituidos en la Comunidad, no será necesario que nombren un representante a efectos del cumplimiento de las obligaciones impuestas en dicha Ley.

3. Los empresarios o profesionales no establecidos en el territorio de aplicación del Impuesto que tengan la condición de sujetos pasivos y que soporten o satisfagan cuotas como consecuencia de la realización de operaciones relacionadas con la final de la «UEFA Women’s Champions League 2020» tendrán derecho a la devolución de dichas cuotas al término de cada periodo de liquidación.

Para dichos empresarios o profesionales, el período de liquidación coincidirá con el mes natural, debiendo presentar sus declaraciones-liquidaciones durante los 20 primeros días naturales del mes siguiente al periodo de liquidación. Sin embargo, las declaraciones-liquidaciones correspondientes al último período del año deberán presentarse durante los treinta primeros días naturales del mes de enero.

Lo establecido en el párrafo anterior no determinará la obligación para dichos empresarios o profesionales de la llevanza de los Libros Registro del Impuesto a través de la Sede Electrónica de la Agencia Estatal de Administración Tributaria, a que se refiere el artículo 62.6 del Reglamento del Impuesto sobre el Valor Añadido, aprobado por el Real Decreto 1624/1992, de 29 de diciembre.

Lo dispuesto en este número será igualmente aplicable a la entidad organizadora del acontecimiento, a los equipos participantes y a las personas jurídicas a que se refiere el número 1 anterior.

No obstante, cuando se trate de empresarios o profesionales no establecidos en los que concurran los requisitos previstos en los artículos 119 o 119 bis de la Ley 37/1992, de 28 de diciembre, la devolución de las cuotas soportadas se efectuará conforme al procedimiento establecido en dichos artículos y en los artículos 31 y 31 bis del Reglamento del Impuesto, aprobado por el Real Decreto 1624/1992.

4. Respecto a las operaciones relacionadas con los bienes vinculados al régimen de importación temporal con exención total de derechos, a que se alude en el apartado tres anterior, resultará aplicable lo dispuesto en el artículo 24 de la Ley del Impuesto.

5. El plazo a que se refiere el párrafo g) del apartado 3 del artículo 9 de la Ley del Impuesto será, en relación con los bienes que se utilicen temporalmente en la celebración y desarrollo de la final de la «UEFA Women’s Champions League 2020», el previsto en el número 2 del apartado tres anterior.

6. La regla establecida en el apartado dos del artículo 70 de la Ley del Impuesto no resultará aplicable a los servicios del número 1 de este apartado cuando sean prestados por las personas jurídicas residentes en España constituidas con motivo del acontecimiento por la entidad organizadora de la final de la «UEFA Women’s Champions League 2020» por los equipos participantes y estén en relación con la organización, la promoción o el apoyo de dicho acontecimiento.

Disposición adicional séptima. Tipo impositivo aplicable del Impuesto sobre el Valor Añadido a las entregas, importaciones y adquisiciones intracomunitarias de bienes necesarios para combatir los efectos del COVID-19.

Con efectos desde la entrada en vigor del Real Decreto-ley 15/2020, de 21 de abril, de medidas urgentes complementarias para apoyar la economía y el empleo, y vigencia hasta el 31 de octubre de 2020, se aplicará el tipo del 0 por ciento del Impuesto sobre el Valor Añadido a las entregas de bienes, importaciones y adquisiciones intracomunitarias de bienes referidos en el Anexo de este real decreto-ley cuyos destinatarios sean entidades de Derecho Público, clínicas o centros hospitalarios, o entidades privadas de carácter social a que se refiere el apartado tres del artículo 20 de la Ley 37/1992, de 28 de diciembre, del Impuesto sobre el Valor Añadido. Estas operaciones se documentarán en factura como operaciones exentas.

Disposición transitoria primera. Situaciones de trabajo a distancia existentes a la entrada en vigor del real decreto-ley.

1. Este real decreto-ley será íntegramente aplicable a las relaciones de trabajo vigentes y que estuvieran reguladas, con anterioridad a su publicación, por convenios o acuerdos colectivos sobre condiciones de prestación de servicios a distancia, desde el momento en el que estos pierdan su vigencia.

En caso de que los convenios o acuerdos referidos en el apartado anterior no prevean un plazo de duración, esta norma resultará de aplicación íntegramente una vez transcurrido un año desde su publicación en el «Boletín Oficial del Estado», salvo que las partes firmantes de estos acuerden expresamente un plazo superior, que como máximo podrá ser de tres años.

2. En ningún caso la aplicación de este real decreto-ley podrá tener como consecuencia la compensación, absorción o desaparición de cualesquiera derechos o condiciones más beneficiosas que vinieran disfrutando las personas que prestasen con carácter previo sus servicios a distancia que se reflejarán en el acuerdo de trabajo a distancia, de conformidad con lo previsto en el artículo 7.

3. El acuerdo de trabajo a distancia regulado en la sección segunda del capítulo II de este real decreto-ley deberá formalizarse en el plazo de tres meses desde que el presente real decreto-ley resulte de aplicación a la relación laboral concreta. En idéntico plazo deberán efectuarse adaptaciones o modificaciones de los acuerdos de trabajo a distancia de carácter individual vigentes a la fecha de publicación de este real decreto-ley, no derivados de convenios o acuerdos colectivos.

Disposición transitoria segunda. Personal laboral al servicio de las Administraciones Públicas.

Hasta que se apruebe la normativa prevista en la disposición adicional segunda, se mantendrá en vigor para el personal laboral al servicio de las Administraciones Públicas lo previsto por el artículo 13 del texto refundido de la Ley del Estatuto de los Trabajadores en la redacción vigente antes de la entrada en vigor del presente real decreto-ley.

Disposición transitoria tercera. Trabajo a distancia como medida de contención sanitaria derivada de la COVID-19.

Al trabajo a distancia implantado excepcionalmente en aplicación del artículo 5 del Real Decreto-ley 8/2020, de 17 de marzo, o como consecuencia de las medidas de contención sanitaria derivadas de la COVID-19, y mientras estas se mantengan, le seguirá resultando de aplicación la normativa laboral ordinaria.

En todo caso, las empresas estarán obligadas a dotar de los medios, equipos, herramientas y consumibles que exige el desarrollo del trabajo a distancia, así como al mantenimiento que resulte necesario.

En su caso, la negociación colectiva establecerá la forma de compensación de los gastos derivados para la persona trabajadora de esta forma de trabajo a distancia, si existieran y no hubieran sido ya compensados.

Disposición transitoria cuarta. Procedimientos para el reconocimiento del ingreso mínimo vital iniciados antes de la entrada en vigor del presente real decreto-ley en los que no se haya dictado resolución expresa.

A los procedimientos para el reconocimiento del ingreso mínimo vital en los que no se hubiera dictado resolución expresa a la fecha de entrada en vigor del presente real decreto-ley, les será de aplicación lo que a continuación se establece.

1. El plazo para resolver y notificar será el de seis meses previsto en el artículo 25.3 del Real Decreto-ley 20/2020, de 29 de mayo, por el que se establece el ingreso mínimo vital, aun cuando a la fecha de entrada en vigor del presente real decreto-ley hayan transcurrido tres meses desde la presentación de la solicitud. A tal efecto, el periodo transcurrido sin haberse dictado resolución expresa será tenido en cuenta para el cómputo de los seis meses establecidos en el citado artículo 25.3.

2. Con independencia del estado en que se encuentre el procedimiento para el reconocimiento de la prestación económica del ingreso mínimo vital a la entrada en vigor de esta disposición transitoria, se comprobará el cumplimiento por los interesados de la condición de vulnerabilidad establecida en el artículo 7.1.b) del Real Decreto-ley 20/2020, de 29 de mayo, como requisito necesario para poder continuar su tramitación. En el supuesto de que no quedara acreditado dicho requisito, se dictará resolución declarando la imposibilidad de continuar la tramitación del procedimiento.

Frente a esta resolución, se podrá interponer reclamación administrativa previa en materia de prestaciones de Seguridad Social, de acuerdo con lo establecido en el artículo 71 de la Ley 36/2011, de 10 de octubre, reguladora de la jurisdicción social, y cuyo objeto se limitará a conocer sobre la posibilidad de seguir el procedimiento, en razón del cumplimiento del requisito de vulnerabilidad establecido en el citado artículo 7.1.b), por lo que la estimación de la reclamación previa tendrá como único efecto, permitir seguir la tramitación administrativa.

La continuación del procedimiento no obstará a la desestimación de la solicitud si la entidad gestora efectuara nuevas comprobaciones que determinaran el incumplimiento del requisito de vulnerabilidad previsto en el indicado artículo 7.1.b).

Disposición final primera. Modificación del texto refundido de la Ley sobre Infracciones y Sanciones en el Orden Social, aprobado por el Real Decreto Legislativo 5/2000, de 4 de agosto.

Se modifica el apartado 1 del artículo 7 del texto refundido de la Ley sobre Infracciones y Sanciones en el Orden Social, aprobado por el Real Decreto Legislativo 5/2000, de 4 de agosto, con la siguiente redacción:

«1. No formalizar por escrito el contrato de trabajo, cuando este requisito sea exigible o lo haya solicitado la persona trabajadora, o no formalizar el acuerdo de trabajo a distancia en los términos y con los requisitos legal y convencionalmente previstos.»

Disposición final segunda. Modificación de la Ley 36/2011, de 10 de octubre, reguladora de la jurisdicción social.

La Ley 36/2011, de 10 de octubre, reguladora de la jurisdicción social queda modificada del siguiente modo:

Uno. Se modifica el título de la sección 4.ª del capítulo V del Título II del libro segundo, con la siguiente redacción:

«Sección 4.ª Movilidad geográfica, modificaciones sustanciales de condiciones de trabajo, trabajo a distancia, suspensión del contrato y reducción de jornada por causas económicas, técnicas, organizativas o de producción o derivadas de fuerza mayor.»

Dos. Se incorpora un nuevo artículo 138 bis, con la siguiente redacción:

«Artículo 138 bis. Tramitación en reclamaciones sobre acceso, reversión y modificación del trabajo a distancia.

1. El procedimiento para las reclamaciones sobre acceso, reversión y modificación del trabajo a distancia se regirá por las siguientes reglas:

a) La persona trabajadora dispondrá de un plazo de veinte días hábiles, a partir de que la empresa le comunique su negativa o su disconformidad con la propuesta realizada por la persona trabajadora, para presentar demanda ante el Juzgado de lo Social.

b) El órgano jurisdiccional podrá recabar informe urgente de la Inspección de Trabajo y Seguridad Social, remitiéndole copia de la demanda y documentos que la acompañen. El informe versará sobre la negativa o la disconformidad comunicada por la empresa respecto de la propuesta realizada por la persona trabajadora y demás circunstancias concurrentes.

c) El procedimiento será urgente y se le dará tramitación preferente. El acto de la vista habrá de señalarse dentro de los cinco días siguientes al de la admisión de la demanda. La sentencia se dictará en el plazo de tres días. Contra la misma no procederá recurso, salvo cuando se haya acumulado pretensión de resarcimiento de perjuicios que por su cuantía pudiera dar lugar a recurso de suplicación, en cuyo caso el pronunciamiento será ejecutivo desde que se dicte la sentencia.

2. Cuando la causa de la reclamación en materia de trabajo a distancia esté relacionada con el ejercicio de los derechos de conciliación de la vida personal, familiar y laboral, reconocidos legal o convencionalmente, se regirá por el procedimiento establecido en el artículo 139.»

Disposición final tercera. Modificación del texto refundido de la Ley del Estatuto de los Trabajadores aprobado por el Real Decreto Legislativo 2/2015, de 23 de octubre.

El texto refundido de la Ley del Estatuto de los Trabajadores, aprobado por el Real Decreto 2/2015, de 23 de octubre, queda modificado del siguiente modo:

Uno. Se modifica el artículo 13 que queda redactado como sigue:

«Artículo 13. Trabajo a distancia.

Las personas trabajadoras podrán prestar trabajo a distancia en los términos previstos en el Real Decreto-ley 28/2020, de 22 de septiembre, de trabajo a distancia.»

Dos. Se modifica la letra a) del apartado 1 del artículo 23 con la siguiente redacción:

«a) Al disfrute de los permisos necesarios para concurrir a exámenes, así como a una preferencia a elegir turno de trabajo y a acceder al trabajo a distancia, si tal es el régimen instaurado en la empresa, y el puesto o funciones son compatibles con esta forma de realización del trabajo, cuando curse con regularidad estudios para la obtención de un título académico o profesional.»

Tres. Se modifica el apartado 8 del artículo 37 con la siguiente redacción:

«8. Las personas trabajadoras que tengan la consideración de víctimas de violencia de género o de víctimas del terrorismo tendrán derecho, para hacer efectiva su protección o su derecho a la asistencia social integral, a la reducción de la jornada de trabajo con disminución proporcional del salario o a la reordenación del tiempo de trabajo, a través de la adaptación del horario, de la aplicación del horario flexible o de otras formas de ordenación del tiempo de trabajo que se utilicen en la empresa. También tendrán derecho a realizar su trabajo total o parcialmente a distancia o a dejar de hacerlo si este fuera el sistema establecido, siempre en ambos casos que esta modalidad de prestación de servicios sea compatible con el puesto y funciones desarrolladas por la persona.

Estos derechos se podrán ejercitar en los términos que para estos supuestos concretos se establezcan en los convenios colectivos o en los acuerdos entre la empresa y los representantes legales de las personas trabajadoras, o conforme al acuerdo entre la empresa y las personas trabajadoras afectadas. En su defecto, la concreción de estos derechos corresponderá a estas, siendo de aplicación las reglas establecidas en el apartado anterior, incluidas las relativas a la resolución de discrepancias.»

Disposición final cuarta. Modificación de la Ley 47/2003, de 26 de noviembre, General Presupuestaria.

Con efectos desde la entrada en vigor de este real decreto-ley y vigencia indefinida se añade un nuevo párrafo h), al apartado 2 del artículo 54 de la Ley 47/2003, de 26 de noviembre, General Presupuestaria, con la siguiente redacción:

«h) Los destinados al sistema de protección por cese de actividad.»

Disposición final quinta. Modificación de la Ley 59/2003, de 19 de diciembre, de firma electrónica.

Se añade un nuevo apartado 6 al artículo 13 de la Ley 59/2003, de 19 de diciembre, de firma electrónica, con el siguiente tenor:

«6. Por Orden de la persona titular del Ministerio de Asuntos Económicos y Transformación Digital se determinarán las condiciones y requisitos técnicos aplicables a la verificación de la identidad y, si procede, otros atributos específicos de la persona solicitante de un certificado cualificado, mediante otros métodos de identificación que aporten una seguridad equivalente en términos de fiabilidad a la presencia física.»

Disposición final sexta. Modificación de la disposición transitoria primera de la Ley 13/2011, de 27 de mayo, de regulación del juego.

Se modifica el primer párrafo de la disposición transitoria primera de la Ley 13/2011, de 27 de mayo, de regulación del juego, que queda redactado del siguiente modo:

«Las competencias previstas para la Comisión Nacional del Juego serán ejercidas por la Dirección General de Ordenación del Juego, del Ministerio de Consumo, salvo las relacionadas con la gestión y recaudación de las tasas a las que se refiere el artículo 49 de esta Ley, que serán ejercidas por la Agencia Estatal de Administración Tributaria.»

Disposición final séptima. Modificación de la Ley 3/2013, de 4 de junio, de creación de la Comisión Nacional de los Mercados y de la Competencia.

La Ley 3/2013, de 4 de junio, de creación de la Comisión Nacional de los Mercados y de la Competencia, queda modificada como sigue:

Uno. El apartado 3 de la disposición adicional segunda, queda redactado del siguiente modo:

«3. Las referencias contenidas en cualquier norma del ordenamiento jurídico a la Comisión Nacional del Juego se entenderán realizadas a la Dirección General de Ordenación del Juego del Ministerio de Consumo que la sustituye y asume sus competencias, en los términos previstos en la disposición adicional décima.»

Dos. La disposición adicional décima queda redactada del siguiente modo:

«Disposición adicional décima. Funciones que asumen la Dirección General de Ordenación del Juego del Ministerio de Consumo y la Agencia Estatal de Administración Tributaria en materia de juego.

La Dirección General de Ordenación del Juego del Ministerio de Consumo asumirá el objeto, funciones y competencias que la Ley 13/2011, de 27 de mayo, de regulación del juego, atribuye a la extinta Comisión Nacional del Juego, salvo las relacionadas con la gestión y recaudación de las tasas a las que se refiere el artículo 49 de dicha ley, que serán ejercidas por la Agencia Estatal de Administración Tributaria.»

Disposición final octava. Modificación de la Ley 38/2015, de 29 de septiembre, del sector ferroviario.

Se modifica la Ley 38/2015, de 29 de septiembre, del sector ferroviario, para añadir una nueva disposición adicional vigésima primera del siguiente tenor:

«Disposición adicional vigésima primera. Exenciones en materia operacional ferroviaria en situaciones de emergencia.

Se habilita a la persona titular de la Dirección de la Agencia Estatal de Seguridad Ferroviaria, en el marco de sus competencias, para conceder de oficio a los titulares o solicitantes de licencias, certificados, habilitaciones o autorizaciones, exenciones específicas al cumplimiento de la normativa aplicable en materia operacional ferroviaria en los ámbitos no regulados por la normativa de la Unión Europea, cuando se produzcan circunstancias urgentes imprevistas o necesidades operativas urgentes, siempre que se cumplan todas las condiciones siguientes:

a) Que no sea posible hacer frente a esas circunstancias o necesidades de forma adecuada cumpliendo los requisitos aplicables;

b) Que se garantice la seguridad en caso necesario mediante la aplicación de las correspondientes medidas de mitigación;

c) Que se mitigue cualquier posible distorsión de las condiciones del mercado como consecuencia de la concesión de la exención en la medida de lo posible,

d) Que el alcance y la duración de la exención estén limitados a lo que resulte estrictamente necesario y que esta se aplique sin ocasionar discriminación.

Asimismo, dichas exenciones se podrán emitir, si se cumplen todas las condiciones mencionadas en el párrafo anterior, previa solicitud de los interesados en la que se motive adecuadamente su cumplimiento, se especifiquen las circunstancias urgentes imprevistas o las necesidades operativas urgentes y que incluya, por parte del solicitante, las medidas de mitigación que permitan establecer un nivel de seguridad operacional equivalente.»

Disposición final novena. Modificación de la Ley 39/2015, de 1 de octubre, del Procedimiento Administrativo Común de las Administraciones Públicas.

Se modifica la disposición final séptima de la Ley 39/2015, de 1 de octubre, del Procedimiento Administrativo Común de las Administraciones Públicas, que queda redactada como sigue:

«Disposición final séptima. Entrada en vigor.

La presente Ley entrará en vigor al año de su publicación en el “Boletín Oficial del Estado”.

No obstante, las previsiones relativas al registro electrónico de apoderamientos, registro electrónico, registro de empleados públicos habilitados, punto de acceso general electrónico de la Administración y archivo único electrónico producirán efectos a partir del día 2 de abril de 2021.»

Disposición final décima. Modificación del Real Decreto-ley 6/2020, de 10 de marzo, por el que se adoptan determinadas medidas urgentes en el ámbito económico y para la protección de la salud pública.

El artículo quinto del Real Decreto-ley 6/2020, de 10 de marzo, por el que se adoptan determinadas medidas urgentes en el ámbito económico y para la protección de la salud pública, queda redactado en los siguientes términos:

«Artículo quinto. Consideración excepcional como situación asimilada a accidente de trabajo de los periodos de aislamiento, contagio o restricción en las salidas del municipio donde tengan el domicilio o su centro de trabajo las personas trabajadoras como consecuencia del virus COVID-19.

1. Al objeto de proteger la salud pública, se considerarán, con carácter excepcional, situación asimilada a accidente de trabajo, exclusivamente para la prestación económica de incapacidad temporal del sistema de Seguridad Social, aquellos periodos de aislamiento o contagio de las personas trabajadoras provocados por el virus COVID-19, salvo que se pruebe que el contagio de la enfermedad se ha contraído con causa exclusiva en la realización del trabajo en los términos que señala el artículo 156 del texto refundido de la Ley General de la Seguridad Social, aprobado por el Real Decreto Legislativo 8/2015, de 30 de octubre, en cuyo caso será calificada como accidente de trabajo.

Con el mismo carácter excepcional, con efectos desde el inicio de la situación de restricción de la salida o entrada a un municipio, y mediante el correspondiente parte de baja, se extenderá esta protección a aquellos trabajadores que se vean obligados a desplazarse de localidad para prestar servicios en las actividades no afectadas por el Real Decreto 463/2020, de 14 de marzo, por el que se declara el estado de alarma para la gestión de la situación de crisis sanitaria ocasionada por el COVID-19, siempre que por la autoridad competente se haya acordado restringir la salida, o la entrada, de personas del municipio donde dichos trabajadores tengan su domicilio, o donde la empresa tenga su centro de trabajo en el caso de que el trabajador tenga su domicilio en otro municipio, y les haya sido denegada de forma expresa la posibilidad de desplazarse por la autoridad competente, no puedan realizar su trabajo de forma telemática por causas no imputables a la empresa para la que prestan sus servicios o al propio trabajador y no tengan derecho a percibir ninguna otra prestación pública.

La acreditación del acuerdo de restricción de la población donde el trabajador tiene su domicilio o la empresa su centro de trabajo, y la denegación de la posibilidad de desplazamiento se realizará mediante certificación expedida por el ayuntamiento del domicilio o, en su caso, por el del centro de trabajo afectado por la restricción ante el correspondiente órgano del servicio público de salud.

De igual forma, la imposibilidad de realización del trabajo de forma telemática se acreditará mediante una certificación de la empresa o una declaración responsable en el caso de los trabajadores por cuenta propia ante el mismo órgano del servicio público de salud.

En el supuesto de trabajadores por cuenta ajena que tuvieran el domicilio en distinto municipio al del centro de trabajo, además de lo previsto en el párrafo anterior, se requerirá acreditar:

a) El domicilio del trabajador mediante el correspondiente certificado de empadronamiento.

b) Que el trabajador desarrolla su trabajo en el centro sito en el municipio afectado por la restricción, mediante la correspondiente certificación de la empresa.

c) Que la empresa no ha procedido al cierre del centro de trabajo, mediante la correspondiente certificación de la empresa.

2. La duración de esta prestación excepcional vendrá determinada por el parte de baja y la correspondiente alta.

Siempre que por la autoridad competente se haya acordado, con anterioridad a la entrada en vigor del Real Decreto 463/2020, de 14 de marzo, restringir las salidas o las entradas del municipio donde tengan el domicilio o en el que tenga el centro de trabajo la empresa en que prestan sus servicios, de tratarse de las personas trabajadoras por cuenta ajena a las que se refiere el artículo 1 del Real Decreto-ley 10/2020, de 29 de marzo, por el que se regula un permiso retribuido recuperable para las personas trabajadoras por cuenta ajena que no presten servicios esenciales, con el fin de reducir la movilidad de la población en el contexto de la lucha contra el COVID-19, se expedirá un parte de baja con efectos desde la fecha de inicio de la restricción y un parte de alta con efectos de 29 de marzo de 2020.

De tratarse de trabajadores por cuenta propia o autónomos, cuando la restricción adoptada con anterioridad a la entrada en vigor del Real Decreto 463/2020, de 14 de marzo, restringiera su salida del municipio donde tengan su domicilio o, teniendo su domicilio en otro, vieran restringida la entrada en el municipio impidiéndoles totalmente la realización de su actividad, el derecho a la prestación comenzará con el parte de baja desde la fecha de inicio de la restricción y durará hasta la fecha de finalización de la misma, no pudiendo, en ningún caso, durar más allá de la fecha de finalización del estado de alarma.

Este subsidio por incapacidad temporal es incompatible con los salarios que se hubieren percibido así como con el derecho a cualquier otra prestación económica de la Seguridad Social, incluida la incapacidad temporal por contingencias comunes o profesionales. En estos supuestos se percibirá la prestación de la Seguridad social distinta al subsidio previsto en el presente artículo.

A efectos de lo previsto en el párrafo anterior, el trabajador deberá presentar ante el correspondiente órgano del servicio público de salud, certificación de la empresa acreditativa de la no percepción de salarios.

3. Podrá causar derecho a esta prestación la persona trabajadora por cuenta propia o ajena que se encuentre en la fecha del hecho causante en situación de alta en cualquiera de los regímenes de Seguridad Social.

4. La fecha hecho causante será la fecha en la que se acuerde el aislamiento, restricción o enfermedad del trabajador, sin perjuicio de que el parte de baja se expida con posterioridad a esa fecha.»

Disposición final undécima. Modificación del Real Decreto-ley 20/2020, de 29 de mayo, por el que se establece el ingreso mínimo vital.

Uno. Se modifican los apartados 1 y 2 del artículo 7, que pasan a tener la siguiente redacción:

«Artículo 7. Requisitos de acceso.

1. Todas las personas beneficiarias, estén o no integradas en una unidad de convivencia, deberán cumplir los siguientes requisitos:

a) Tener residencia legal y efectiva en España y haberla tenido de forma continuada e ininterrumpida durante al menos el año inmediatamente anterior a la fecha de presentación de la solicitud. No se exigirá este plazo respecto de:

1.º Los menores incorporados a la unidad de convivencia por nacimiento, adopción, guarda con fines de adopción o acogimiento familiar permanente.

2.º Las personas víctimas de trata de seres humanos y de explotación sexual

3.º Las mujeres víctimas de violencia de género.

A efectos del mantenimiento del derecho a esta prestación, se entenderá que una persona tiene su residencia habitual en España aun cuando haya tenido estancias en el extranjero, siempre que estas no superen los noventa días naturales a lo largo de cada año natural o cuando la ausencia del territorio español esté motivada por causas de enfermedad debidamente justificadas.

b) Encontrarse en situación de vulnerabilidad económica por carecer de rentas, ingresos o patrimonio suficientes, en los términos establecidos en el artículo 8.

c) Haber solicitado las pensiones y prestaciones públicas vigentes que se determinen reglamentariamente, a las que pudieran tener derecho. En todo caso, quedan exceptuados los salarios sociales, rentas mínimas de inserción o ayudas análogas de asistencia social concedidas por las comunidades autónomas.

2. Las personas beneficiarias a las que se refiere el artículo 4.1.b), que sean menores de 30 años en la fecha de la solicitud, deberán haber tenido residencia legal y efectiva en España, y haber vivido de forma independiente, durante al menos los tres años inmediatamente anteriores a la indicada fecha.

Se entenderá que una persona ha vivido de forma independiente siempre que acredite que su domicilio ha sido distinto al de sus progenitores, tutores o acogedores durante los tres años inmediatamente anteriores a la solicitud, y en dicho periodo hubiere permanecido durante al menos doce meses, continuados o no, en situación de alta en cualquiera de los regímenes que integran el sistema de la Seguridad Social, incluido el de Clases Pasivas del Estado, o en una mutualidad de previsión social alternativa al Régimen Especial de la Seguridad Social de los Trabajadores por Cuenta Propia o Autónomos.

Este requisito no se exigirá a las personas que por ser víctimas de violencia de género hayan abandonado su domicilio habitual, a las que hayan iniciado los trámites de separación o divorcio o a las que se encuentren en otras circunstancias que puedan determinarse reglamentariamente.»

Dos. Se modifican los apartados 4, 5, 6 y 7, y se introduce un nuevo apartado 8 en el artículo 19, con la siguiente redacción:

«4. La existencia de la unidad de convivencia se acreditará con el libro de familia, certificado del registro civil, y con los datos obrantes en los Padrones municipales relativos a los inscritos en la misma vivienda. A estos efectos el Instituto Nacional de la Seguridad Social tendrá acceso a la base de datos de coordinación de los Padrones municipales del Instituto Nacional de Estadística para la confirmación de los requisitos exigidos.

No obstante, cuando de la misma no pueda deducirse la coincidencia con los datos que se hayan hecho constar en la solicitud de la prestación se solicitará la aportación del correspondiente certificado de empadronamiento, histórico y colectivo del período requerido en cada supuesto, referidos a los domicilios donde residen o han residido los miembros de la unidad de convivencia, expedido por el Ayuntamiento en virtud de lo establecido en el artículo 83.3 del Reglamento de Población y Demarcación Territorial de las Entidades Locales.

Tanto los datos obtenidos del Instituto Nacional de Estadística como, en su caso, el certificado de empadronamiento citado, servirán igualmente para acreditar la existencia de la unidad de convivencia a que se refiere el artículo 6.2.c) o de que el solicitante a que se refiere el artículo 4.1.b) vive solo o compartiendo domicilio con una unidad de convivencia de la que no forma parte.

A los efectos de los datos relativos al Padrón municipal de conformidad con lo previsto en los párrafos anteriores, no se requerirá el consentimiento de las personas empadronadas en el domicilio del solicitante.

La existencia de pareja de hecho se acreditará mediante certificación de la inscripción en alguno de los registros específicos existentes en las comunidades autónomas o ayuntamientos del lugar de residencia o documento público en el que conste la constitución de dicha pareja. Tanto la mencionada inscripción como la formalización del correspondiente documento público deberán haberse producido con una antelación mínima de dos años con respecto a la fecha de la solicitud de la prestación.

El inicio de los trámites de separación o divorcio, o su existencia, se acreditará con la presentación de la demanda o con la correspondiente resolución judicial.

5. La acreditación de haber vivido de forma independiente respecto a los progenitores, tutores o acogedores, durante al menos tres años conforme lo previsto en el artículo 7.2, se efectuará mediante los datos facilitados por el Instituto Nacional de Estadística o, en su caso, el certificado de empadronamiento histórico y colectivo en el que consten todas las personas empadronadas en el domicilio del solicitante durante dicho periodo, de conformidad con lo previsto en el apartado 4.

A los efectos de los datos relativos al padrón municipal de conformidad con lo previsto en el apartado anterior, no se requerirá el consentimiento de las personas empadronadas en el domicilio del solicitante.

6. La condición de víctima de violencia de género se acreditará por cualquiera de los medios establecidos en el artículo 23 de la Ley Orgánica 1/2004, de 28 de diciembre, de Medidas de Protección Integral contra la Violencia de Género.

La condición de víctima de trata de seres humanos y de explotación sexual se acreditará a través de un informe emitido por los servicios públicos encargados de la atención integral a estas víctimas o por los servicios sociales, así como por cualquier otro medio de acreditación que se determine reglamentariamente.

7. Los requisitos de ingresos y patrimonio establecidos en el presente real decreto-ley, para el acceso y mantenimiento de la prestación económica de ingreso mínimo vital, se realizará por la entidad gestora conforme a la información que se recabe por medios telemáticos de la Agencia Estatal de Administración Tributaria y en las Haciendas Tributarias Forales de Navarra y de los territorios históricos del País Vasco. A tales efectos, se tomará como referencia la información que conste en esas Haciendas Públicas respecto del ejercicio anterior a aquel en el que se realiza esa actividad de reconocimiento o control, o en su defecto, la información que conste más actualizada en dichas administraciones públicas.

En su solicitud, cada interesado autorizará expresamente a la administración que tramita su solicitud para que recabe sus datos tributarios de la Agencia Estatal de Administración Tributaria, de los órganos competentes de las comunidades autónomas, de la Hacienda Foral de Navarra o diputaciones forales del País Vasco y de la Dirección General del Catastro Inmobiliario, conforme al artículo 95.1.k) de la Ley 58/2003, de 17 de diciembre, General Tributaria o, en su caso, en la normativa foral aplicable.

Lo dispuesto en el párrafo anterior se entiende sin perjuicio de la cesión de datos tributarios legalmente prevista con ocasión de la colaboración en el descubrimiento de fraudes en la obtención y disfrute de prestaciones a la Seguridad Social de apartado 1.c) del citado artículo 95 de la Ley 58/2003, de 17 de diciembre, General Tributaria o, en su caso, en la normativa foral aplicable.

8. En ningún caso será exigible al solicitante la acreditación de hechos, datos o circunstancias que la Administración de la Seguridad Social deba conocer por sí misma, tales como la situación del beneficiario en relación con el sistema de la Seguridad Social; o la percepción por los miembros de la unidad de convivencia de otra prestación económica que conste en el Registro de Prestaciones Sociales Públicas.»

Tres. Se modifica el artículo 25 que pasa a tener la siguiente redacción:

«Artículo 25. Tramitación.

1. Una vez recibida la solicitud de la prestación, el órgano competente, con carácter previo a la admisión de la misma, procederá a comprobar si los beneficiarios que vivan solos o formando parte de una unidad de convivencia, en función de los datos declarados en la solicitud presentada, cumplen el requisito de vulnerabilidad previsto en el artículo 7.1.b).

Frente a la resolución de inadmisión, que deberá ser dictada en el plazo de 30 días, se podrá interponer reclamación administrativa previa en materia de prestaciones de Seguridad Social, de acuerdo con lo establecido en el artículo 71 de la Ley 36/2011, de 10 de octubre, reguladora de la jurisdicción social, y cuyo objeto se limitará a conocer sobre la causa de inadmisión.

La admisión de la solicitud no obstará a su desestimación si, durante la instrucción del procedimiento, la entidad gestora efectuara nuevas comprobaciones que determinaran el incumplimiento del requisito de vulnerabilidad previsto en el artículo 7.1.b).

2. Admitida a trámite la solicitud, procederá iniciar la instrucción del procedimiento administrativo en orden a comprobar el cumplimiento de los requisitos determinantes del reconocimiento de la prestación.

3. El Instituto Nacional de la Seguridad Social procederá a dictar resolución, y a notificar la misma a la persona solicitante, en el plazo máximo de seis meses desde la fecha de entrada en su registro de la solicitud.

Transcurrido dicho plazo sin que se hubiera notificado resolución expresa, se entenderá desestimada.

4. En el supuesto de que con posterioridad a la solicitud el interesado no hubiera aportado la documentación a que se hubiera obligado en la declaración responsable prevista en el artículo 24.2, con carácter previo a dictar resolución la entidad gestora le requerirá a tal efecto. En este caso, quedará suspendido el procedimiento durante el plazo máximo de tres meses. Si transcurrido dicho plazo no hubiere presentado la documentación requerida, se producirá la caducidad del procedimiento.»

Cuatro. Se modifica el artículo 33, que pasa a tener la siguiente redacción:

«Artículo 33. Obligaciones de las personas beneficiarias.

1. Las personas titulares del ingreso mínimo vital estarán sujetas durante el tiempo de percepción de la prestación a las siguientes obligaciones:

a) Proporcionar la documentación e información precisa en orden a la acreditación de los requisitos y la conservación de la prestación, así como para garantizar la recepción de notificaciones y comunicaciones.

b) Comunicar cualquier cambio o situación que pudiera dar lugar a la modificación, suspensión o extinción de la prestación, en el plazo de treinta días naturales desde que estos se produzcan.

c) Comunicar cualquier cambio de domicilio o de situación en el Padrón municipal que afecte personalmente a dichos titulares o a cualquier otro miembro que forme parte de la unidad de convivencia, en el plazo de treinta días naturales desde que se produzcan.

d) Reintegrar el importe de las prestaciones indebidamente percibidas.

e) Comunicar a la entidad gestora, con carácter previo, las salidas al extranjero, tanto del titular como de los miembros de la unidad de convivencia, por un período, continuado o no, superior a noventa días naturales durante cada año natural, así como, en su caso, justificar la ausencia del territorio español de conformidad con lo previsto en el último párrafo del artículo 7.1.a).

f) Presentar anualmente declaración correspondiente al Impuesto sobre la Renta de las Personas Físicas.

g) Si no están trabajando y son personas mayores de edad o menores emancipadas, acreditar, dentro de los seis meses siguientes a la notificación de la resolución por la que se concede la prestación, que figuran inscritas como demandantes de empleo, salvo en los siguientes supuestos:

1.º Estar cursando estudios reglados y ser menor de 28 años. En su caso, el plazo de seis meses para acreditar la inscripción como demandante de empleo se iniciará en la fecha en que el beneficiario cumpla 28 años edad.

2.º Tener suscrito el convenio especial regulado en el Real Decreto 615/2007, de 11 de mayo, por el que se regula la Seguridad Social de los cuidadores de las personas en situación de dependencia.

3.º Estar percibiendo una pensión contributiva de incapacidad permanente en grado de absoluta o gran invalidez, una pensión de invalidez no contributiva o una pensión de jubilación contributiva o haber cumplido los 65 años de edad.

4.º Estar afectado por una discapacidad en un grado igual o superior al 65 por ciento.

5.º Tener reconocida una situación de dependencia, conforme a lo dispuesto en la Ley 39/2006, de 14 de diciembre, de Promoción de la Autonomía Personal y Atención a las personas en situación de dependencia.

La situación de demandante de empleo quedará acreditada con el documento expedido al efecto por la administración competente o mediante el acceso por parte de la entidad gestora a través de los medios electrónicos habilitados al efecto.

h) En caso de compatibilizar la prestación del ingreso mínimo vital con las rentas del trabajo o la actividad económica conforme con lo previsto en el artículo 8.4, cumplir las condiciones establecidas para el acceso y mantenimiento de dicha compatibilidad.

i) Participar en las estrategias de inclusión que promueva el Ministerio de Inclusión, Seguridad Social y Migraciones, previstas en el artículo 28.1, en los términos que se establezcan.

j) Cualquier otra obligación que pueda establecerse reglamentariamente.

2. Las personas integrantes de la unidad de convivencia estarán obligadas a:

a) Comunicar el fallecimiento del titular.

b) Poner en conocimiento de la administración cualquier hecho que distorsione el fin de la prestación otorgada.

c) Presentar anualmente declaración correspondiente al Impuesto sobre la Renta de las Personas Físicas.

d) Cumplir las obligaciones que el apartado anterior impone al titular y este, cualquiera que sea el motivo, no lleva a cabo.

e) Si no están trabajando y son mayores de edad o menores emancipados, acreditar, dentro de los seis meses siguientes a la notificación de la resolución por la que se concede la prestación, que figuran inscritas como demandantes de empleo, con las mismas salvedades y modo de acreditación que las señaladas en el apartado anterior para las personas titulares.

f) En caso de compatibilizar la prestación del ingreso mínimo vital con las rentas del trabajo o la actividad económica conforme con lo previsto en el artículo 8.4, cumplir las condiciones establecidas para el acceso y mantenimiento de dicha compatibilidad.

g) Participar en las estrategias de inclusión que promueva el Ministerio de Inclusión, Seguridad Social y Migraciones, previstas en el artículo 28.1, en los términos que se establezcan.

h) Cumplir cualquier otra obligación que pueda establecerse reglamentariamente.»

Cinco. Se modifica la disposición transitoria primera, que pasa a tener la siguiente redacción:

«Disposición transitoria primera. Prestaciones económicas transitorias de ingreso mínimo vital hasta el 31 de diciembre de 2021.

1. El Instituto Nacional de la Seguridad Social reconocerá durante 2020 la prestación transitoria de ingreso mínimo vital a los actuales beneficiarios de la asignación económica por hijo o menor a cargo del sistema de la Seguridad Social que, a fecha de entrada en vigor del presente real decreto-ley, reúnan los requisitos que se exponen en los apartados siguientes, siempre que el importe de la prestación transitoria de ingreso mínimo vital sea igual o superior al importe de la asignación económica que viniera percibiendo.

2. Los requisitos para percibir la prestación transitoria serán los siguientes:

a) Ser beneficiario de la asignación económica por hijo o menor a cargo sin discapacidad o con discapacidad inferior al 33 por ciento.

b) Formar parte de una unidad de convivencia constituida exclusivamente por el beneficiario de una asignación económica por hijo o menor a cargo sin discapacidad o con discapacidad inferior al 33 por ciento, el otro progenitor en caso de convivencia, y los hijos o menores a cargo causantes de dicha asignación por hijo a cargo.

c) Encontrarse la unidad de convivencia referida en el apartado anterior, en situación de vulnerabilidad económica por carecer de patrimonio, rentas o ingresos suficientes, en los términos establecidos en el artículo 8 del presente real decreto-ley.

d) Que la asignación económica que se perciba, o la suma de todas ellas en el supuesto que sean varias las asignaciones, sea inferior al importe de la prestación de ingreso mínimo vital.

3. El Instituto Nacional de la Seguridad Social reconocerá, asimismo, la prestación transitoria de ingreso mínimo vital, cuando concurran los siguientes requisitos:

a) Ser beneficiario de la asignación económica por hijo o menor a cargo sin discapacidad o con discapacidad inferior al 33 por ciento.

b) Cuando el número total de convivientes que consta en las bases de datos de población disponible que el Instituto Nacional de Estadística cede periódicamente a dicha Agencia Estatal de Administración Tributaria para fines de estudio y análisis, sea mayor que el número de integrantes de la unidad de convivencia prevista en el apartado 2.b), a los exclusivos efectos de lo previsto en el presente apartado 3, la unidad de convivencia estará constituida únicamente por el beneficiario de una asignación económica por hijo o menor a cargo sin discapacidad o con discapacidad inferior al 33 por ciento, el otro progenitor en caso de convivencia, y los hijos o menores a cargo causantes de dicha asignación por hijo a cargo.

c) Encontrarse la unidad de convivencia referida en el apartado anterior, en situación de vulnerabilidad económica por carecer de patrimonio, rentas o ingresos suficientes, en los términos establecidos en el artículo 8 del presente real decreto-ley.

Siempre que, además, la suma de las rentas e ingresos del total de convivientes no supere la cuantía mensual de la renta garantizada que les correspondería en el caso de que de constituyeran una unidad de convivencia, en los términos establecidos en el presente Real Decreto-ley.

d) Que la asignación económica por hijo o menor a cargo del sistema de la Seguridad Social que se perciba, o la suma de todas ellas en el supuesto que sean varias las asignaciones, sea inferior al importe de la prestación transitoria establecida en este apartado.

4. A los exclusivos efectos de la comprobación del cumplimiento de lo previsto en la letra b) del apartado 2 y en la letra b) y segundo párrafo de la c) del apartado 3, la Agencia Estatal de Administración Tributaria, previa autorización del Instituto Nacional de Estadística, cederá, sin consentimiento de los interesados, la información relativa a la agrupación de las personas en los hogares que consta en las bases de datos de población disponible que el Instituto Nacional de Estadística cede periódicamente a dicha Agencia Estatal de Administración Tributaria para fines de estudio y análisis. Dicha información solo será utilizada por la Secretaría General de Objetivos y Políticas de Inclusión y Previsión Social del Ministerio de Inclusión, Seguridad Social y Migraciones, para realizar las actuaciones necesarias que permitan determinar los beneficiarios con derecho a prestaciones de ingreso mínimo vital en los términos establecidos en esta disposición transitoria.

5. A los exclusivos efectos de la comprobación del cumplimiento de lo establecido en los apartados 2.c) y 3.c) el Instituto Nacional de la Seguridad Social solicitará a la Agencia Estatal de Administración Tributaria y esta le remitirá la información estrictamente necesaria relativa a ingresos y patrimonio de las unidades de convivencia previstas en los apartados 2.b) y 3.b), que permitan determinar los beneficiarios con derecho a prestaciones de ingreso mínimo vital en los términos establecidos en esta disposición transitoria. Dicha información solo será utilizada para la finalidad indicada y el procedimiento de intercambio de información entre la Agencia Estatal de Administración Tributaria y el Instituto Nacional de la Seguridad Social sin necesidad de recabar el consentimiento de los interesados.

6. En los supuestos en que las unidades de convivencia descritas en los apartados 2.b) y 3.b) tuvieran su domicilio en la Comunidad Foral de Navarra o la del País Vasco, la referencia a la Agencia Estatal de Administración Tributaria realizada en el párrafo anterior se entenderá referida a las Haciendas Tributarias Forales de Navarra y de los territorios históricos del País Vasco, respectivamente. En estos supuestos, el reconocimiento de las prestaciones quedará supeditada a la remisión, por parte de las Haciendas Tributarias forales correspondientes, de la información necesaria para poder llevarlo a cabo.

7. Las prestaciones transitorias de ingreso mínimo vital serán incompatibles con la asignación económica por hijo o menor a cargo sin discapacidad o con discapacidad inferior al 33 por ciento, quedando esta suspendida durante la vigencia de aquellas.

8. El Instituto Nacional de la Seguridad Social notificará a los beneficiarios que cumplan los requisitos exigidos en los apartados 2 y 3 de esta disposición transitoria la resolución en la que se reconozca el derecho a la prestación transitoria correspondiente, y el derecho de opción entre el percibo de esta prestación y la asignación económica por hijo o menor a cargo que viniera percibiendo.

9. En el plazo de treinta días naturales a contar desde la notificación de la resolución de la prestación transitoria correspondiente, el interesado podrá ejercitar su derecho de opción por seguir manteniendo la asignación económica por hijo o menor a cargo. Dicha opción surtirá efectos desde la fecha de efectos económicos de la prestación transitoria correspondiente, procediéndose, en su caso, a la correspondiente regularización económica.

En el supuesto de que no se ejercite el derecho de opción dentro del plazo señalado se entenderá que opta por percibir la prestación transitoria que corresponda.

10. Si, una vez reconocido el derecho a la prestación transitoria, la unidad de convivencia se modificara, se aplicará lo previsto en el presente real decreto-ley, en cuanto a la obligación de comunicación, cumplimiento de requisitos, y revisión de la prestación.

En cualquier caso, la cuantía de la prestación transitoria se actualizará con efectos del día 1 de enero de 2021, tomando como referencia los ingresos anuales computables del ejercicio anterior. Cuando la variación de los ingresos anuales computables del ejercicio anterior motivara la extinción de la prestación, esta surtirá igualmente efectos a partir del día 1 de enero del año siguiente a aquel al que correspondan dichos ingresos. En otro caso, se reanudará el percibo de la asignación económica por hijo o menor a cargo, siempre que se mantengan los requisitos para ser beneficiario de esta prestación.

El derecho a la prestación transitoria se extinguirá a partir de la fecha de la resolución de la solicitud de la prestación de ingreso mínimo vital o, en su caso, en la fecha de sus efectos económicos si esta fuera posterior. En el supuesto de que la fecha de efectos económicos fuera anterior y la cuantía de la prestación de ingreso mínimo vital fuera superior a la de la prestación transitoria se procederá, en su caso, a la correspondiente regularización.

11. A partir del 1 de enero de 2022 la prestación transitoria devendrá en la prestación de ingreso mínimo vital, siempre que se reúnan los requisitos establecidos en el presente real decreto-ley y el interesado aporte antes del 31 de diciembre de 2021 la documentación que a tal efecto le sea requerida por el Instituto Nacional de la Seguridad Social.

Para la determinación de la situación de vulnerabilidad se tendrá en cuenta el patrimonio, renta e ingresos de todos los miembros que integran la unidad de convivencia configurada en los términos previstos en el artículo 6 de esta norma.

En otro caso, se reanudará el percibo de la asignación económica por hijo o menor a cargo, siempre que se mantengan los requisitos para ser beneficiario de esta prestación.

12. Los beneficiarios de la asignación económica por hijo o menor a cargo, del sistema de la Seguridad Social, a los que no les hubiera sido notificada la resolución de reconocimiento de ninguna de las prestaciones transitorias, y cumplieran los requisitos previstos en el apartado 2 o 3 de esta disposición transitoria, podrán solicitar su reconocimiento ante el Instituto Nacional de la Seguridad Social. La prestación se reconocerá, en su caso, con efectos desde la fecha de entrada en vigor del presente real decreto-ley, siempre que se presente hasta el 31 de diciembre de 2020. En otro caso, los efectos económicos serán del día primero del mes siguiente a la presentación de la solicitud.

13. Asimismo, el Instituto Nacional de la Seguridad Social podrá, hasta el 31 de diciembre de 2020, reconocer la prestación de ingreso mínimo vital a aquellas personas beneficiarias de alguna de las distintas rentas de inserción o básicas establecidas por las comunidades autónomas. Para ello, las comunidades autónomas, si han obtenido la conformidad para la remisión de los datos de sus beneficiarios al Instituto Nacional de la Seguridad Social a efectos del reconocimiento de la prestación, comunicaran al referido Instituto, a través de los protocolos telemáticos de intercambio de información habilitados al efecto, los datos necesarios para la identificación de los potenciales beneficiarios, que deberá incluir un certificado emitido por la correspondiente comunidad autónoma acreditativo de la constitución de una unidad de convivencia conforme establece el artículo 6 y del cumplimiento de los requisitos a que se refieren los artículos 4, 5 y el artículo 7 del presente real decreto-ley; así como de que se encuentran en su poder toda la documentación que pruebe el cumplimiento de dichos requisitos, a excepción de la vulnerabilidad económica a la que se refiere el artículo 8 del presente real decreto-ley, que será analizada por el Instituto Nacional de la Seguridad Social. Este certificado será suficiente para que dicha entidad gestora considere cumplidos dichos requisitos, sin perjuicio de la obligación de las Comunidades Autónomas de remitir al referido Instituto toda la documentación en el plazo máximo de seis meses a contar desde el 1 de enero de 2021 o cuando la solicite para la resolución de cualquier reclamación.

En el supuesto de que se emitiese un certificado conformando la documentación y se reconociese una prestación que, posteriormente, fuera declarada indebida y no fuese posible recuperar el importe abonado, los perjuicios ocasionados serán a cargo de la comunidad autónoma certificadora.

Los expedientes resueltos por el Instituto Nacional de la Seguridad Social se comunicarán a las comunidades autónomas a través de los protocolos informáticos establecidos.

14. Para la aplicación de esta disposición se podrán comenzar a realizar las operaciones técnicas necesarias para la puesta en marcha de la prestación desde el 29 de mayo de 2020 de conformidad con lo previsto en el artículo 11.1 del presente real decreto-ley.»

Seis. Se modifica la disposición transitoria segunda, que pasa a tener la siguiente redacción:

«Disposición transitoria segunda. Presentación de solicitudes.

Las solicitudes de acceso a la prestación económica podrán presentarse a partir del día 15 de junio de 2020. Si la solicitud se presenta antes del 1 de enero de 2021, los efectos económicos se retrotraerán al día 1 de junio de 2020 siempre que, en esta fecha, se acrediten todos los requisitos para su acceso. En caso de no cumplir los requisitos en la referida fecha los efectos económicos se fijarán el día primero del mes siguiente a aquel en que se cumplan los requisitos.

Si la solicitud se presenta después del 31 de diciembre de 2020, los efectos económicos se fijarán el día primero del mes siguiente a la presentación de la solicitud, de conformidad con lo previsto en el artículo 11.1 del presente real decreto-ley.»

Disposición final duodécima. Modificación del Real Decreto-ley 25/2020, de 3 de julio, de medidas urgentes para apoyar la reactivación económica y el empleo.

Se modifica el Real Decreto-ley 25/2020, de 3 de julio, de medidas urgentes para apoyar la reactivación económica y el empleo, en los siguientes términos:

Uno. Se modifica el apartado 1 del artículo 44, que queda redactado como sigue:

«1. Para la gestión de las subvenciones podrán intervenir una o varias entidades colaboradoras que deberán cumplir los requisitos y las obligaciones y desempeñar las funciones establecidas en los artículos 13 y 15 de la Ley 38/2003, de 17 de noviembre, y será seleccionada con observancia a lo dispuesto en el artículo 16 de dicha Ley. En caso de seleccionar entidad colaboradora, podrán actuar como tal únicamente las entidades públicas empresariales y las sociedades mercantiles estatales. La entidad colaboradora entregará y distribuirá los fondos presupuestarios de los pagos a los beneficiarios.»

Dos. Se modifica el apartado 4 del artículo 46, que queda redactado como sigue:

«4. Con posterioridad al dictado de la resolución de concesión, se procederá al pago de la ayuda al beneficiario por una cuantía que deberá coincidir con el indicado en la solicitud. Los pagos se realizarán mediante transferencia a una cuenta bancaria indicada por el beneficiario en el cuestionario de solicitud.»

Tres. Se modifica la letra d) del artículo 47, que queda redactado como sigue:

«d) El beneficiario de la ayuda deberá mantener la titularidad del vehículo y su matriculación en España al menos durante dos años desde el momento de la concesión de la subvención, excepto para operaciones de renting, para las que el contrato de arrendamiento deberá establecer una duración mínima de dos años desde la fecha de su entrada en vigor y su formalización tendrá fecha igual o posterior al 15 de junio de 2020.»

Cuatro. Se modifica la disposición adicional primera, que queda redactada como sigue:

«Se aprueba la concesión de un crédito extraordinario por importe total de 250 millones de euros en el Ministerio de Industria, Comercio y Turismo, distribuido por aplicaciones presupuestarias como se indica:

20.09.422B.772. “A empresas privadas. Plan Renove, dentro del Plan de impulso de la cadena de valor de la Industria de la Automoción”. 38 millones de euros.

20.09.422B.782. “A familias e instituciones sin fines de lucro. Plan Renove, dentro del Plan de impulso de la cadena de valor de la Industria de la Automoción”. 212 millones de euros.

La financiación del crédito extraordinario se realizará de conformidad con el artículo 46 de la Ley 6/2018, de 3 de julio, de Presupuestos Generales del Estado para 2018.

Con la aprobación de este real decreto-ley se otorga la autorización a que se refieren el artículo 10.2 de la Ley 38/2003, de 17 de noviembre, General de Subvenciones.

De conformidad con lo dispuesto en el artículo 58.a) de la Ley 47/2003, de 26 de noviembre, General Presupuestaria los remanentes de crédito que, a la finalización del presente ejercicio, se registren en las dos aplicaciones presupuestarias señaladas podrán ser incorporados a los créditos del ejercicio 2021.»

Disposición final decimotercera. Título competencial.

Este real decreto-ley se dicta al amparo de lo dispuesto en el artículo 149.1. 7.ª y 13.ª de la Constitución Española, que atribuye al Estado las competencias exclusivas en las materias de legislación laboral; así como de bases y coordinación de la planificación general de la actividad económica.

Disposición final decimocuarta. Entrada en vigor.

1. El presente real decreto-ley entrará en vigor a los 20 días de su publicación en el «Boletín Oficial del Estado», sin perjuicio de lo establecido en su disposición adicional séptima.

2. No obstante, las disposiciones adicionales tercera, cuarta, quinta y sexta, la disposición transitoria cuarta, así como las disposiciones finales cuarta, quinta, octava, novena, décima, undécima y duodécima entrarán en vigor el mismo día de su publicación en el «Boletín Oficial del Estado».

Dado en Madrid, el 22 de septiembre de 2020.

FELIPE R.

El Presidente del Gobierno,

PEDRO SÁNCHEZ PÉREZ-CASTEJÓN

24Nov/19

Resolución 119/2019, de 18 de julio de 2019, de la Agencia de Acceso a la Información Pública

Resolución 119/2019, de 18 de julio de 2019, de la Agencia de Acceso a la Información Pública, que establece los criterios de implementación y cumplimiento de las obligaciones y funciones previstas en la Ley 27.275. Resol-2019-119-APN-AAIP

Ciudad de Buenos Aires, 18 de julio de 2019

VISTO el EX-2019-58829917-APN-DNAIP#AAIP, la Ley n° 27.275, la Ley n° 25.326, el Decreto n° 206 del 27 de marzo de 2017 y el Decreto n° 746 del 25 de septiembre de 2017, y

CONSIDERANDO

Que la Ley nº 27.275 tiene por objeto garantizar el efectivo ejercicio del derecho de acceso a la información pública, promover la participación ciudadana y la transparencia de la gestión pública (artículo 1°).

Que por el artículo 19 de la referida ley se creó la AGENCIA DE ACCESO A LA INFORMACIÓN PÚBLICA (AAIP) como ente autárquico con autonomía funcional en el ámbito del PODER EJECUTIVO NACIONAL -Jefatura de Gabinete de Ministros- con el objeto de velar por el cumplimiento de los principios y procedimientos establecidos en la Ley n° 27.275, garantizar el efectivo ejercicio del derecho de acceso a la información pública, promover medidas de transparencia activa y actuar como Autoridad de Aplicación de la Ley de Protección de Datos Personales n° 25.326.

Que en virtud de lo prescripto en el artículo 24, inciso k) de la ley es función de la Agencia elaborar criterios orientadores y mejores prácticas destinados a los sujetos obligados.

Que en este sentido ya se dictaron las resoluciones AAIP n° 4 y 48, del 2 de febrero y del 26 de julio de 2018 respectivamente, que establecen criterios generales de actuación e implementación de la Ley n° 27.275.

Que en pos de una implementación homogénea en los sujetos obligados es necesario avanzar sobre la interpretación y alcances de la norma, como también en la determinación de procedimientos que simplifiquen la aplicación de las obligaciones previstas.

Que es menester atender a la obligación de entregar la información en el estado en el que se encuentre pero también a la de entregarla en formatos digitales abiertos cuando sea posible como manda el artículo 5 de la Ley 27.275.

Que si la preocupación del sujeto obligado se subscribe sólo a la cantidad de trabajo administrativo que llevará la respuesta a una solicitud se debe recurrir al artículo 5 de la ley 27.275 que dispone que “la información debe ser brindada en el estado en el que se encuentre al momento de efectuarse la solicitud, no estando el sujeto obligado requerido a procesarla o clasificarla (…)”. Sin embargo, antes de acudir a esta respuesta es necesario que el sujeto obligado considere otros medios para poder contestar la solicitud como por ejemplo la consulta con el solicitante, la entrega fraccionada en plazos o la subsanación de preguntas.

Que el proceso de modernización del Estado tiene por objetivo utilizar tecnologías para simplificar la relación entre la ciudadanía y el Estado, dotar de mayor agilidad y transparencia los diferentes procesos (Decretos 434/16; 561/16; 1063/16; 1131/16; 1273/16; 891/17; 892/17; 894/17; 733/2018 y Ley n° 27.446) y, en consecuencia, la posibilidad reducir los costos de reproducción y tiempos de entrega de la información.

Que en concordancia con las buenas prácticas internacionales y la Ley Modelo Interamericana sobre Acceso a la Información Pública, la Ley n° 27.275 no prevé expresamente una norma que limite a los solicitantes abusivos.

Que resulta necesario considerar que lo que puede resultar de mala fe es la solicitud, no el solicitante, solo porque alguien haya realizado solicitudes de mala fe con anterioridad no implica que su siguiente solicitud vaya a ser de mala fe, cada solicitud debe ser considerada por sus propios méritos.

Que, sin embargo, la autoridad pública que reciba una solicitud debería realizar una interpretación razonable acerca del alcance y la naturaleza de la solicitud para favorecer el acceso y no constituirse en una restricción a un posible uso abusivo del derecho ponderando siempre el principio de buena fe tanto del lado de la administración como del solicitante.

Que la decisión de rechazar una solicitud por ser considerada de mala fe deberá ser tomada por la máxima autoridad, basada en evidencia detallada y debe ser razonable, que deberán estar debidamente documentadas.

Que, a su vez, el régimen de acceso a la información pública, por la naturaleza del derecho que regula, establece plazos breves en función del principio de máxima premura y de la importancia que implica responder de forma oportuna, en consecuencia, no resulta de aplicación supletoria la disposición del art. 1, inc. e), acápite 5º, de la Ley nº 19.549.

Que el artículo 32 de la Ley n° 27.275 contiene las obligaciones de transparencia activa entre las que se incluyen los subsidios y transferencias que otorga y realiza el organismo (inciso f).

Que la obligación de publicar “todo acto o resolución de carácter general o particular, especialmente las normas que establecieran beneficios para el público en general o para un sector…” (inciso h), es también extensiva al otorgamiento de una exención o deducción impositiva, en tanto implica beneficios para el público en general o a un sector en particular y por ello se entiende la obligación de publicidad proactiva de esta información.

Que adicionalmente el inciso t) establece la posibilidad de los sujetos obligados de incorporar cualquier otra información relevante en los ítems previstos a ser publicados en transparencia activa.

Que la Oficina Anticorrupción, como autoridad de aplicación del Decreto reglamentario n° 1179/16, creó el Registro de obsequios a funcionarios públicos y el Registro de gastos de viajes o estadías financiados por terceros que se publica en todas las páginas web institucionales de los sujetos obligados por el Decreto mencionado, y en el entendimiento armónico de la política de transparencia del Estado Nacional se pueden unificar los sitios dónde se publica la información relacionada con dichas políticas para mejor interacción con el ciudadano.

Que para un correcto ejercicio e interpretación de las normas es necesario distinguir trámites que son exclusivos del ejercicio del derecho de acceso a información pública del derecho administrativo ya que tienen características y alcances diferentes.

Que en el acceso a la información pública la legitimación activa es amplia, en tanto “Toda persona humana o jurídica, pública o privada, tiene derecho a solicitar y recibir información pública, no pudiendo exigirse al solicitante que motive la solicitud, que acredite derecho subjetivo o interés legítimo o que cuente con patrocinio letrado” (artículo 4°, Ley n° 27.275), mientras que en el caso de la vista de expedientes de la administración “[l]a parte interesada, su apoderado o letrado patrocinante, podrán tomar vista del expediente durante todo su trámite, con excepción de actuaciones, diligencias, informes o dictámenes que a pedido del órgano competente y previo asesoramiento del servicio jurídico correspondiente, fueren declarados reservados o secretos mediante decisión fundada del respectivo Subsecretario del Ministerio o del titular del ente descentralizado de que se trate” (artículo 38 del Reglamento de Procedimientos Administrativos. Decreto 1759/72 – T.O. 2017).

Que entonces los alcances de cada uno de estos institutos son diferentes en tanto la vista apunta a garantizar los derechos de aquel que tuviera un interés legítimo mientras que el acceso a la información es el derecho de toda persona a acceder a información pública. Aunque el objetivo termine siendo el mismo: acceder a información en manos de los organismos públicos.

Que es competencia del Estado, delegada también a los organismos específicos, reservar información por diferentes motivos, como aquellos casos que sea necesario resguardar situaciones de defensa, política exterior o confidencialidad.

Que el inciso a) del artículo 8 de la Ley 27.275 establece como excepción a la entrega de información pública aquellas cuestiones reservadas por los motivos arriba expuestos.

Que, sin embargo, el inciso a) in fine deja de lado de la excepción a la información “necesaria para evaluar la definición de las políticas de seguridad, defensa y de relaciones exteriores de la Nación; ni aquella otra cuya divulgación no represente un riesgo real e identificable de perjuicio significativo para un interés legítimo vinculado a tales políticas”.

Que por el principio de presunción de publicidad que establece la Ley n° 27.275 se presume que toda la información del Estado es pública y lo que se decida expresamente que no lo es debe ser fundado y su retiro de la luz pública no debe ser indeterminado.

Que, en consonancia con la comunidad internacional, el Estado argentino avanzó en una evaluación de gobierno corporativo de las empresas públicas dirigido por la ORGANIZACIÓN PARA LA COOPERACIÓN Y EL DESARROLLO ECONÓMICO (OCDE), y consecuentemente con la creación de una Red de Integridad de Empresas Públicas en la que participan también la OFICINA ANTICORRUPCIÓN (OA) y la SINDICATURA GENERAL DE LA NACIÓN (SIGEN), en donde se discuten políticas anticorrupción y se intercambian prácticas de buen gobierno entre las empresas.

Que, en febrero de 2018, se firmó la decisión administrativa 85/2018 por la que se aprobaron los “Lineamientos de Buen Gobierno para empresas de Participación Estatal Mayoritaria de Argentina”.

Que los lineamientos son de aplicación para las empresas y sociedades consignadas en el artículo 8 inciso b) de la Ley de Administración Financiera y de los Sistemas de Control del Sector Público Nacional nº 24.156 y para todos aquellos organismos descentralizados cuyo objetivo esencial sea la producción de bienes o servicios.

Que dichas empresas y sociedades son a su vez sujetos obligados de la Ley n° 27.275 de Acceso a la Información Pública por lo que también deben cumplir con las obligaciones que dicta dicha norma.

Que es interpretación de esta Agencia que las obligaciones de la Ley n° 27.275 y los lineamientos de Buen Gobierno Corporativo son compatibles y armonizables, sin necesidad de duplicar los esfuerzos sino complementando y completando ambos requerimientos.

Que el artículo 32 de la Ley de Acceso a la Información Pública estipula qué tipo de información se debe publicar de manera activa pero no diferencia por tipo de sujeto obligado en los términos del artículo 7°.

Que de acuerdo al universo de sujetos obligados comprendidos en el artículo 7° de la Ley n° 27.275 resulta imprescindible interpretar los alcances del artículo 32 de obligaciones de transparencia activa para garantizar su correcta implementación.

Que todo lo expuesto funda la necesidad de establecer criterios de implementación y cumplimiento de las obligaciones y funciones previstas en la Ley n° 27.275.

Que la DIRECCIÓN NACIONAL DE ACCESO A LA INFORMACIÓN PÚBLICA y la COORDINACIÓN DE ASUNTOS JURÍDICOS de la AGENCIA DE ACCESO A LA INFORMACIÓN PÚBLICA tomaron la intervención que les compete.

Que la presente se dicta en uso de las facultades conferidas por el artículo 24 de la Ley n° 27.275 y por el artículo 29, inciso b de la Ley n° 25.326.

Por ello,

EL DIRECTOR DE LA AGENCIA DE ACCESO A LA INFORMACIÓN PÚBLICA

RESUELVE:

ARTÍCULO 1°.

Apruébanse los criterios orientadores e indicadores de mejores prácticas en la aplicación de la Ley n° 27.275, siendo de observancia obligatoria para los sujetos enumerados en el artículo 7°, incisos a), g), h), i), j), k), l), m), n), o), p) y q) de dicha ley, y que como Anexo I (IF-2019-64974560-APN-AAIP), Anexo II (IF-2019-64973936-APN-AAIP) y Anexo III (IF-2019-64973854-APN-AAIP) forman parte integrante de la presente Resolución.

ARTÍCULO 2°

Comuníquese, publíquese, dese a la DIRECCIÓN NACIONAL DEL REGISTRO OFICIAL y, oportunamente, archívese.

Eduardo Andrés Bertoni

25Nov/18

Real Decreto-ley 5/2018, de 27 de julio, de medidas urgentes para la adaptación del Derecho español a la normativa de la Unión Europea en materia de protección de datos

Real Decreto-ley 5/2018, de 27 de julio, de medidas urgentes para la adaptación del Derecho español a la normativa de la Unión Europea en materia de protección de datos (Boletín Oficial del Estado número 183, de 30 de julio de 2018)

(Derogado por la Disposición derogatoria única de la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales)

PREÁMBULO

I

El Reglamento (UE) 2016/679 del Parlamento Europeo y del Consejo, de 27 de abril de 2016, relativo a la protección de las personas físicas en lo que respecta al tratamiento de sus datos personales y a la libre circulación de estos datos y por el que se deroga la Directiva 95/46/CE (Reglamento General de Protección de Datos), es plenamente aplicable en España desde el pasado 25 de mayo.

El Reglamento General de Protección de Datos supone una profunda modificación del régimen vigente en materia de protección de datos personales, no sólo desde el punto de vista sustantivo y de cumplimiento por los sujetos obligados, sino particularmente en lo que afecta a la actividad de supervisión por parte de las autoridades de control que el mismo regula.

Además, la plena aplicación del Reglamento General de Protección de Datos implica que hayan de considerarse desplazadas por él aquellas disposiciones de Derecho interno que no resulten conformes con el régimen que el mismo establece. Así sucedería con muchos de los preceptos de la Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal y su Reglamento de desarrollo, aprobado por Real Decreto 1720/2007, de 21 de diciembre.

Por otra parte, numerosos preceptos del reglamento europeo se remiten a su desarrollo, obligatorio o potestativo, por los Estados miembros, conteniendo un total de cincuenta y seis remisiones a los ordenamientos nacionales. De entre estas remisiones, el reglamento impone a los Estados miembros, entre otras cuestiones, la regulación del estatuto de las autoridades de control, la determinación del régimen aplicable a los inspectores de un tercer Estado que lleven a cabo actividades conjuntas de investigación o la designación de la autoridad que representará al Estado miembro en el Comité Europeo de Protección de Datos.

Otras disposiciones del Reglamento General de Protección de Datos exigen una adecuación del Derecho interno, aun cuando no exista una remisión directa y expresa al mismo. Así, si bien el reglamento europeo establece un régimen sancionador en que se tipifican las conductas típicas, no regula cuestiones tan esenciales como los plazos de prescripción de dichas infracciones, al considerar que dicha cuestión corresponde al ordenamiento de los Estados Miembros. Del mismo modo, establece un procedimiento de cooperación entre los Estados miembros en los supuestos de tratamientos denominados transfronterizos, con la participación de todas las autoridades implicadas, pero no regula el modo en que el Derecho interno de los Estados habrá de verse afectado como consecuencia de los trámites previstos en la propia norma europea para estos procedimientos.

La necesidad de adaptar el marco normativo interno al Reglamento General de Protección de Datos supuso la aprobación por el Consejo de Ministros en su sesión de 10 de noviembre de 2017 de un proyecto de ley orgánica, remitido a las Cortes Generales, que actualmente se encuentra en tramitación parlamentaria.

Teniendo en cuenta lo anterior, y sin perjuicio de que los aspectos que configuran el contenido esencial del derecho fundamental a la protección de datos de carácter personal hayan de incorporarse a una ley orgánica, no es menos cierto que en determinadas cuestiones que no son objeto de reserva de ley orgánica resulta imprescindible la adopción urgente de una norma con rango de ley que permita la adaptación del Derecho español al Reglamento General de Protección de Datos. En otras palabras, el objeto de este real decreto-ley se ciñe a la adecuación de nuestro ordenamiento al reglamento europeo en aquellos aspectos concretos que, sin rango orgánico, no admiten demora y debe entenderse sin perjuicio de la necesidad de una legislación orgánica de protección de datos que procure la plena adaptación de la normativa interna a los estándares fijados en la materia por la Unión Europea a través de una disposición directamente aplicable.

II

El real decreto-ley comprende catorce artículos estructurados en tres capítulos, dos disposiciones adicionales, dos transitorias, una derogatoria y una final. Su contenido afecta únicamente a cuestiones cuya inmediata incorporación al Derecho interno resulta imprescindible para la adecuada aplicación en España del Reglamento General de Protección de Datos y que no están excluidas del ámbito del legislador de urgencia por el artículo 86 de la Constitución Española.

El Capítulo I atiende a la necesidad de identificar al personal competente para el ejercicio de los poderes de investigación que el Reglamento General de Protección de Datos otorga en su artículo 58.1 a las autoridades de control. Ello exige que el Derecho interno regule el modo en que podrán ejercerse dichos poderes, qué personas ejercerán la actividad de investigación e inspección y en qué consistirán esas atribuciones expresamente establecidas en el reglamento europeo desde el punto de vista del ordenamiento español. Asimismo, y en aplicación del artículo 62.3 del Reglamento General de Protección de Datos, es preciso determinar el régimen aplicable al personal de las autoridades de supervisión de otros Estados miembros que participen en actuaciones conjuntas de investigación.

El Capítulo II articula el novedoso régimen sancionador establecido en el Reglamento General de Protección de Datos, reemplazando los tipos infractores actualmente contenidos en la Ley Orgánica 15/1999 por la remisión a los que están establecidos en los apartados 4, 5 y 6 del artículo 83 de dicho reglamento, lo que resulta de todo punto necesario. Además, existen dos cuestiones sobre las que es ineludible la adopción de disposiciones por el Derecho interno que garanticen la efectividad de este régimen sancionador y la seguridad jurídica en su aplicación. La primera se refiere a la necesaria delimitación de los sujetos que pudieran incurrir en la responsabilidad derivada de la aplicación de dicho régimen sancionador. La segunda reviste aún mayor importancia y se refiere a la necesidad de determinar los plazos de prescripción de las infracciones y sanciones previstas en la norma europea.

El Capítulo III contiene la regulación del procedimiento en caso de que exista una posible vulneración del Reglamento General de Protección de Datos. En este punto, es preciso tener en cuenta que el reglamento distingue en la práctica tres tipos de tratamientos a los que aplicaría distintas normas procedimentales: los tratamientos transfronterizos, definidos por el artículo 4.23 del Reglamento general de Protección de Datos, los transfronterizos con relevancia local en un Estado miembro, a los que se refiere el artículo 56 del mismo, y aquéllos que tendrían la condición de exclusivamente nacionales, entre los que figuran en todo caso los previstos en el artículo 55 de la norma europea. El reglamento europeo prevé una serie de trámites específicos para los dos primeros supuestos entre los que se encuentran los necesarios para determinar la competencia de la autoridad de control principal, así como los que permiten la adopción de una decisión consensuada entre las autoridades principal e interesadas en el procedimiento. En estos casos la regulación europea establece la obligación de que la autoridad principal someta los distintos proyectos de decisión a las restantes autoridades, que dispondrán de plazos tasados para la emisión de «observaciones pertinentes motivadas», y previéndose el sometimiento de la resolución al Comité Europeo de Protección de Datos en caso de no alcanzarse un acuerdo entre todas ellas.

Estas previsiones han de trasladarse a la normas que regulen el procedimiento en caso de plantearse una reclamación ante la Agencia Española de Protección de Datos así como en los supuestos en que, sin haber recibido reclamación, tenga la condición de autoridad principal respecto de la reclamación recibida en otro Estado Miembros o considere que ha de intervenir como interesada en un procedimiento ya abierto.

Todo ello impone la necesidad de incorporar al procedimiento fases específicas como la admisión a trámite de las reclamaciones o la posibilidad de archivo provisional del expediente en los supuestos en que la Agencia Española de Protección de Datos no tramite la reclamación pero pueda tener que resolver sobre la misma. En particular, es indispensable incluir en las normas de procedimiento su suspensión en los supuestos en que proceda recabar el parecer de las autoridades de otros Estados miembros durante todo el tiempo previsto para su obtención, dado que en caso contrario existe una muy alta probabilidad de caducidad de los procedimientos, con las consecuencias negativas que ello conlleva no sólo para la aplicabilidad en España de las normas de protección de datos, sino para la garantía del derecho fundamental de los ciudadanos europeos en su conjunto en aquellos casos en que la Agencia Española de Protección de Datos tuviera la condición de autoridad de control principal.

En definitiva, este último capítulo tiene como objetivo hacer posible la aplicación de las especialidades del régimen procedimental del Reglamento General de Protección de Datos, en un contexto en el que, siendo la norma europea directamente aplicable, ya se han puesto en marcha procedimientos de especial trascendencia al amparo de este régimen.

Por último, en cumplimiento del artículo 68.4 del Reglamento General de Protección de Datos, la disposición adicional primera designa como representante de España en el Comité Europeo a la Agencia Española de Protección de Datos, que informará a las autoridades autonómicas acerca de las decisiones adoptadas en dicho organismo de la Unión y recabará su parecer cuando se trate de materias de su competencia. Por su parte, la disposición adicional segunda contiene previsiones en lo relativo a la publicidad de las resoluciones de la Agencia Española de Protección de Datos, con el fin de garantizar la transparencia de su actuación, ante el nuevo marco procedimental configurado por el Reglamento General de Protección de Datos.

En consecuencia, a la vista de los hechos descritos, la extraordinaria y urgente necesidad de este real decreto-ley resulta plenamente justificada. Dada la plena aplicación del Reglamento General de Protección de Datos desde el 25 de mayo de 2018, hasta la completa adecuación a él de nuestro ordenamiento, que solamente será posible a través de una nueva legislación orgánica, es ineludible la adopción de una disposición con rango de ley que permita la adaptación del Derecho español en varias cuestiones a la normativa de la Unión Europea en materia de protección de datos, para garantizar de forma efectiva el derecho del artículo 18.4 de la Constitución en un marco de seguridad jurídica. En coherencia con ello, la vigencia de este real decreto-ley se limita al período que medie entre el día siguiente de su publicación en el Boletín Oficial del Estado y la entrada en vigor de la nueva ley orgánica que se encuentra en tramitación parlamentaria.

Además, este real decreto-ley no afecta al ordenamiento de las instituciones básicas del Estado, a los derechos, deberes y libertades de los ciudadanos regulados en el Título I de la Constitución, al régimen de las Comunidades Autónomas ni al Derecho electoral general.

En definitiva, de todo lo anterior resulta que, en este caso, el real decreto-ley representa un instrumento constitucionalmente lícito, en tanto que pertinente y adecuado para la consecución del fin que justifica la legislación de urgencia, que no es otro, tal como reiteradamente ha exigido nuestro Tribunal Constitucional, que subvenir a un situación concreta, dentro de los objetivos gubernamentales, que por razones difíciles de prever requiere una acción normativa inmediata en un plazo más breve que el requerido por la vía normal o por el procedimiento de urgencia para la tramitación parlamentaria de las Leyes.

Por tanto, en el conjunto y en cada una de las medidas que se adoptan, concurren, por su naturaleza y finalidad, las circunstancias de extraordinaria y urgente necesidad que exige el artículo 86 de la Constitución Española como presupuestos habilitantes para la aprobación de un real decreto-ley.

En su virtud, en uso de la autorización contenida en el artículo 86 de la Constitución Española, a propuesta de la Ministra de Justicia, previa deliberación del Consejo de Ministros en su reunión del día 27 de julio de 2018,

 

DISPONGO:

 

CAPÍTULO I.- INSPECCIÓN EN MATERIA DE PROTECCIÓN DE DATOS

 

Artículo 1.- Ámbito y personal competente para el ejercicio de la actividad de investigación de la Agencia Española de Protección de Datos.

1.- La actividad de investigación de la Agencia Española de Protección de Datos se llevará a cabo por los funcionarios de la Agencia o por funcionarios ajenos a ella habilitados expresamente por su Director.

2.- En los casos de actuaciones conjuntas de investigación conforme a lo dispuesto en el artículo 62 del Reglamento (UE) 2016/679, el personal de las autoridades de control de otros Estados Miembros de Unión Europea que colabore con la Agencia ejercerá sus facultades con arreglo a lo previsto en la normativa española y bajo la orientación y en presencia del personal de ésta.

3.- Los funcionarios que desarrollen actividades de investigación tendrán la consideración de agentes de la autoridad en el ejercicio de sus funciones, y estarán obligados a guardar secreto sobre las informaciones que conozcan con ocasión de dicho ejercicio, incluso después de haber cesado en él.

 

Artículo 2.- Alcance de la actividad de investigación.

Quienes desarrollen la actividad de investigación podrán recabar las informaciones precisas para el cumplimiento de sus funciones, realizar inspecciones, requerir la exhibición o el envío de los documentos y datos necesarios, examinarlos en el lugar en que se encuentren depositados o en donde se lleven a cabo los tratamientos, obtener copia de ellos, inspeccionar los equipos físicos y lógicos y requerir la ejecución de tratamientos y programas o procedimientos de gestión y soporte del tratamiento sujetos a investigación. Los poderes de investigación en lo que se refiere a la entrada en domicilios deben ejercerse de conformidad con las normas procesales, en particular, en los casos en los que sea precisa la autorización judicial previa. Cuando se trate de órganos judiciales u Oficinas Judiciales el ejercicio de las facultades de inspección se efectuará a través y por mediación del Consejo General del Poder Judicial.

 

CAPÍTULO II.- RÉGIMEN SANCIONADOR EN MATERIA DE PROTECCIÓN DE DATOS

Artículo 3.- Sujetos responsables.

1.- Están sujetos al régimen sancionador establecido en el Reglamento (UE) 2016/679 y la normativa española de protección de datos:

a) Los responsables de los tratamientos.

b) Los encargados de los tratamientos.

c) Los representantes de los responsables o encargados de los tratamientos no establecidos en el territorio de la Unión Europea.

d) Las entidades de certificación.

e) Las entidades acreditadas de supervisión de los códigos de conducta.

2.- No será de aplicación al delegado de protección de datos el régimen sancionador en esta materia.

 

Artículo 4.- Infracciones.

Constituyen infracciones las vulneraciones del Reglamento (UE) 2016/679 a las que se refieren los apartados 4, 5 y 6 de su artículo 83.

 

Artículo 5.- Prescripción de las infracciones.

1.- Las infracciones previstas en los apartados 5 y 6 del artículo 83 del Reglamento (UE) 2016/679 prescribirán a los tres años.

2.- Las infracciones previstas en el artículo 83.4 Reglamento (UE) 2016/679 prescribirán a los dos años.

3.- Interrumpirá la prescripción la iniciación, con conocimiento del interesado, del procedimiento sancionador, reiniciándose el plazo de prescripción si el expediente sancionador estuviere paralizado durante más de seis meses por causas no imputables al presunto infractor.

Cuando la Agencia Española de Protección de Datos ostente la condición de autoridad de control principal y deba seguirse el procedimiento previsto en el artículo 60 del Reglamento (UE) 2016/679 interrumpirá la prescripción el conocimiento formal por el interesado del proyecto de acuerdo de inicio que sea sometido a las autoridades de control interesadas.

 

Artículo 6.- Prescripción de las sanciones.

1.- Las sanciones impuestas en aplicación del Reglamento (UE) 2016/679 prescriben en los siguientes plazos:

a) Las sanciones por importe igual o inferior a 40.000 euros, prescriben en el plazo de un año.

b) Las sanciones por importe comprendido entre 40.001 y 300.000 euros prescriben a los dos años.

c) Las sanciones por un importe superior a 300.000 euros prescriben a los tres años.

2.- El plazo de prescripción de las sanciones comenzará a contarse desde el día siguiente a aquel en que sea ejecutable la resolución por la que se impone la sanción o haya transcurrido el plazo para recurrirla.

3.- La prescripción se interrumpirá por la iniciación, con conocimiento del interesado, del procedimiento de ejecución, volviendo a transcurrir el plazo si el mismo está paralizado durante más de seis meses por causa no imputable al infractor.

 

CAPÍTULO III.- PROCEDIMIENTOS EN CASO DE POSIBLE VULNERACIÓN DE LA NORMATIVA DE PROTECCIÓN DE DATOS

Artículo 7.- Régimen jurídico.

1.- Las disposiciones de este capítulo serán de aplicación a los procedimientos tramitados por la Agencia Española de Protección de Datos en los supuestos en los que un afectado reclame que no ha sido atendida su solicitud de ejercicio de los derechos reconocidos en los artículos 15 a 22 del Reglamento (UE) 2016/679, así como en los que aquélla investigue la existencia de una posible infracción de lo dispuesto en el mencionado reglamento y la normativa española de protección de datos.

2.- Los procedimientos tramitados por la Agencia Española de Protección de Datos se regirán por lo dispuesto en el Reglamento (UE) 2016/679, en la normativa española de protección de datos y, en cuanto no las contradigan, con carácter subsidiario, por las normas generales sobre los procedimientos administrativos.

 

Artículo 8.- Forma de iniciación del procedimiento y duración.

1.- Cuando el procedimiento se refiera exclusivamente a la falta de atención de una solicitud de ejercicio de los derechos establecidos en los artículos 15 a 22 del Reglamento (UE) 2016/679, se iniciará por acuerdo de admisión a trámite, que se adoptará conforme a lo establecido en el artículo siguiente.

En este caso el plazo para resolver el procedimiento será de seis meses a contar desde la fecha en que hubiera sido notificado al reclamante el acuerdo de admisión a trámite. Transcurrido ese plazo, el interesado podrá considerar estimada su reclamación.

2.- Cuando el procedimiento tenga por objeto la determinación de la posible existencia de una infracción de lo dispuesto en el Reglamento (UE) 2016/679 y la normativa española de protección de datos, se iniciará mediante acuerdo de inicio adoptado por propia iniciativa o como consecuencia de reclamación.

Si el procedimiento se fundase en una reclamación formulada ante la Agencia Española de Protección de Datos, con carácter previo, ésta decidirá sobre su admisión a trámite, conforme a lo dispuesto en el artículo siguiente.

Cuando fuesen de aplicación las normas establecidas en el artículo 60 del Reglamento (UE) 2016/679, el procedimiento se iniciará mediante la adopción del proyecto de acuerdo de inicio de procedimiento sancionador, del que se dará conocimiento formal al interesado a los efectos previstos en el artículo 5 de este real decreto-ley.

Admitida a trámite la reclamación así como en los supuestos en que la Agencia Española de Protección de Datos actúe por propia iniciativa, con carácter previo al acuerdo de inicio, podrá existir una fase de actuaciones previas de investigación, que se regirá por lo previsto en el artículo 11 de este real decreto-ley.

El procedimiento tendrá una duración máxima de nueve meses a contar desde la fecha del acuerdo de inicio o, en su caso, del proyecto de acuerdo de inicio. Transcurrido ese plazo se producirá su caducidad, y en consecuencia, el archivo de actuaciones.

3.- El procedimiento podrá también tramitarse como consecuencia de la comunicación a la Agencia Española de Protección de Datos por parte de la autoridad de control de otro Estado miembro de la Unión Europea de la reclamación formulada ante la misma, cuando la Agencia Española de Protección de Datos tuviese la condición de autoridad de control principal para la tramitación de un procedimiento conforme a lo dispuesto en los artículos 56 y 60 del Reglamento (UE) 2016/679. Será en este caso de aplicación lo dispuesto en el apartado 1 y en los párrafos primero, tercero, cuarto y quinto del apartado 2.

4.- Los plazos de tramitación establecidos en este artículo así como los de admisión a trámite regulado por el apartado 5 del artículo siguiente y de duración de las actuaciones previas de investigación previsto en el artículo 11.2 de este real decreto-ley, quedarán automáticamente suspendidos cuando deba recabarse información, consulta, solicitud de asistencia o pronunciamiento preceptivo de un órgano u organismo de la Unión Europea o de una o varias autoridades de control de los Estados miembros conforme con lo establecido en el Reglamento (UE) 2016/679, por el tiempo que medie entre la solicitud y la notificación del pronunciamiento a la Agencia Española de Protección de Datos.

 

Artículo 9.- Admisión a trámite de las reclamaciones.

1.- Cuando se presentase ante la Agencia Española de Protección de datos una reclamación, ésta deberá evaluar su admisibilidad a trámite, de conformidad con las previsiones de este artículo.

2.- La Agencia Española de Protección de Datos inadmitirá las reclamaciones presentadas cuando no versen sobre cuestiones de protección de datos de carácter personal, carezcan manifiestamente de fundamento, sean abusivas o no aporten indicios racionales de la existencia de una infracción.

3.- Igualmente, la Agencia Española de Protección de Datos podrá inadmitir la reclamación cuando el responsable o encargado del tratamiento, previa advertencia formulada por la Agencia, hubiera adoptado las medidas correctivas encaminadas a poner fin al posible incumplimiento de la legislación de protección de datos y concurra alguna de las siguientes circunstancias:

a) Que no se haya causado perjuicio al afectado.

b) Que el derecho del afectado quede plenamente garantizado mediante la aplicación de las medidas.

4.- Antes de resolver sobre la admisión a trámite de la reclamación, la Agencia Española de Protección de Datos podrá remitir la misma al delegado de protección de datos que hubiera, en su caso, designado el responsable o encargado del tratamiento o al organismo de supervisión establecido para la aplicación de los códigos de conducta, a fin de que den respuesta a la reclamación en el plazo de un mes.

La Agencia Española de Protección de Datos podrá igualmente remitir la reclamación al responsable o encargado del tratamiento cuando no se hubiera designado un delegado de protección de datos ni estuviera adherido a mecanismos de resolución extrajudicial de conflictos, en cuyo caso el responsable o encargado deberá dar respuesta a la reclamación también en el plazo de un mes.

5.- La decisión sobre la admisión o inadmisión a trámite, así como la que determine, en su caso, la remisión de la reclamación a la Autoridad de control principal que se estime competente, deberá notificarse al reclamante en el plazo de tres meses. Si, transcurrido este plazo, no se produjera dicha notificación, se entenderá que prosigue la tramitación de la reclamación con arreglo a lo dispuesto en este capítulo a partir de la fecha en que se cumpliesen tres meses desde que la reclamación tuvo entrada en la Agencia Española de Protección de Datos.

 

Artículo 10.- Determinación del alcance territorial.

1.- Salvo en los supuestos a los que se refiere el artículo 8.3 de este real decreto-ley, la Agencia Española de Protección de Datos deberá, con carácter previo a la realización de cualquier otra actuación, incluida la admisión a trámite de una reclamación o el comienzo de actuaciones previas de investigación, examinar su competencia y determinar el carácter nacional o transfronterizo, en cualquiera de sus modalidades, del procedimiento a seguir.

2.- Si la Agencia considera que no tiene la condición de autoridad de control principal para la tramitación del procedimiento remitirá, sin más trámite, la reclamación formulada a la Autoridad de control principal que considere competente, a fin de que por la misma se le dé el curso oportuno. La Agencia notificará esta circunstancia a quien, en su caso, hubiera formulado la reclamación.

El acuerdo por el que se resuelva la remisión a la que se refiere el párrafo anterior implicará el archivo provisional del procedimiento, sin perjuicio de que por la Agencia se dicte, en caso de que así proceda, la resolución a la que se refiere el apartado 8 del artículo 60 del Reglamento (UE) 2016/679.

 

Artículo 11.- Actuaciones previas de investigación.

1.- Antes de la adopción del acuerdo de inicio de procedimiento, y una vez admitida a trámite la reclamación si la hubiese, la Agencia Española de Protección de Datos podrá llevar a cabo actuaciones previas de investigación a fin de lograr una mejor determinación de los hechos y las circunstancias que justifican la tramitación del procedimiento.

La Agencia Española de Protección de Datos actuará en todo caso cuando sea precisa la investigación de tratamientos que implique un tratamiento masivo de datos personales.

2.- Las actuaciones previas de investigación se someterán a lo dispuesto en el capítulo I y no podrán tener una duración superior a doce meses a contar desde la fecha del acuerdo de admisión a trámite o de la fecha del acuerdo por el que se decida su iniciación cuando la Agencia actúe por propia iniciativa o como consecuencia de la comunicación que le hubiera sido remitida por la autoridad de control de otro Estado miembro de la Unión Europea, conforme al artículo 8.3 de este real decreto-ley.

 

Artículo 12.- Acuerdo de inicio del procedimiento para el ejercicio de la potestad sancionadora.

1.- Concluidas, en su caso, las actuaciones a las que se refiere el artículo anterior, corresponderá al Director de la Agencia Española de Protección de Datos, cuando así proceda, dictar acuerdo de inicio de procedimiento para el ejercicio de la potestad sancionadora, en que se concretarán los hechos, la identificación de la persona o entidad contra la que se dirija el procedimiento, la infracción que hubiera podido cometerse y su posible sanción.

2.- Cuando la Agencia Española de Protección de Datos ostente la condición de autoridad de control principal y deba seguirse el procedimiento previsto en el artículo 60 del Reglamento (UE) 2016/679, el proyecto de acuerdo de inicio de procedimiento sancionador se someterá a lo dispuesto en el mismo.

 

Artículo 13.- Medidas provisionales

1.- Durante la realización de las actuaciones previas de investigación o iniciado un procedimiento para el ejercicio de la potestad sancionadora, la Agencia Española de Protección de Datos podrá acordar motivadamente las medidas provisionales necesarias y proporcionadas para salvaguardar el derecho fundamental a la protección de datos y, en especial, las previstas en el artículo 66.1 del Reglamento (UE) 2016/679, el bloqueo cautelar de los datos y la obligación inmediata de atender el derecho solicitado.

2.- En los casos en que la Agencia Española de Protección de Datos considere que la continuación del tratamiento de los datos de carácter personal, su comunicación o transferencia internacional comportara un menoscabo grave del derecho a la protección de datos de carácter personal, podrá ordenar a los responsables o encargados de los tratamientos el bloqueo de los datos y la cesación de su tratamiento y, caso de incumplirse por éstos dichos mandatos, proceder a su inmovilización.

3.- Cuando se hubiese presentado ante la Agencia Española de Protección de Datos una reclamación que se refiriese, entre otras cuestiones, a la falta de atención en plazo de los derechos establecidos en los artículos 15 a 22 del Reglamento (UE) 2016/679, la Agencia Española de Protección de Datos podrá acordar en cualquier momento, incluso con anterioridad a la iniciación del procedimiento para el ejercicio de la potestad sancionadora, mediante resolución motivada y previa audiencia del responsable del tratamiento, la obligación de atender el derecho solicitado, prosiguiéndose el procedimiento en cuanto al resto de las cuestiones objeto de la reclamación.

 

Artículo 14.- Procedimiento en relación con las competencias atribuidas a la Agencia Española de Protección de Datos por otras leyes.

Lo dispuesto en este capítulo será de aplicación a los procedimientos que la Agencia Española de Protección de Datos hubiera de tramitar en ejercicio de las competencias que le fueran atribuidas por otras leyes.

 

Disposición adicional primera.- Representación española en el Comité Europeo de Protección de Datos.

La Agencia Española de Protección de Datos tendrá la condición de representante común de las autoridades de protección de datos en el Comité Europeo de Protección de Datos.

La Agencia Española de Protección de Datos informará a las autoridades autonómicas de protección de datos acerca de las decisiones adoptadas en el Comité Europeo de Protección de Datos y recabará su parecer cuando se trate de materias de su competencia.

 

Disposición adicional segunda.- Publicación de resoluciones de la Agencia Española de Protección de Datos.

La Agencia Española de Protección de Datos publicará las resoluciones de su Director que declaren haber lugar o no a la atención de los derechos reconocidos en los artículos 15 a 22 del Reglamento (UE) 2016/679, las que pongan fin a los procedimientos de reclamación, las que archiven las actuaciones previas de investigación, las que sancionen con apercibimiento a las entidades a que se refiere el artículo 46 de la Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal, las que impongan medidas cautelares y las demás que disponga su Estatuto.

 

Disposición transitoria primera.- Régimen transitorio de los procedimientos.

1.- Los procedimientos ya iniciados a la entrada en vigor de este real decreto-ley se regirán por la normativa anterior, salvo que el régimen establecido en el mismo contenga disposiciones más favorables para el interesado.

2.- Lo dispuesto en el apartado anterior será asimismo de aplicación a los procedimientos respecto de los cuales ya se hubieren iniciado las actuaciones previas a las que se refiere la Sección 2.ª del Capítulo III del Título IX del Reglamento de desarrollo de la Ley Orgánica 15/1999, de 13 de diciembre, de protección de datos de carácter personal, aprobado por Real Decreto 1720/2007, de 21 de diciembre.

 

Disposición transitoria segunda.- Contratos de encargado del tratamiento.

Los contratos de encargado del tratamiento suscritos con anterioridad al 25 de mayo de 2018 al amparo de lo dispuesto en el artículo 12 de la Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal mantendrán su vigencia hasta la fecha de vencimiento señalada en los mismos y en caso de haberse pactado de forma indefinida, hasta el 25 de mayo de 2022.

Durante dichos plazos cualquiera de las partes podrá exigir a la otra la modificación del contrato a fin de que el mismo resulte conforme a lo dispuesto en el artículo 28 del Reglamento (UE) 2016/679

 

Disposición derogatoria única.- Derogación normativa.

Quedan derogadas todas las normas de igual o inferior rango que se opongan a lo establecido en el presente real decreto-ley, y en particular, los siguientes artículos de la Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal:

a) El artículo 40.

b) Los artículos 43 al 49, con excepción del artículo 46.

 

Disposición final única.- Vigencia.

El presente real decreto-ley entrará en vigor al día siguiente de su publicación en el «Boletín Oficial del Estado» y lo estará hasta la vigencia de la nueva legislación orgánica de protección de datos que tenga por objeto adaptar el ordenamiento jurídico español al Reglamento (UE) 2016/679 del Parlamento Europeo y el Consejo, de 27 de abril de 2016, relativo a la protección de las personas físicas en lo que respecta al tratamiento de sus datos personales y a la libre circulación de estos datos, y completar sus disposiciones.

 

Dado en Madrid, el 27 de julio de 2018.

FELIPE R.

El Presidente del Gobierno, PEDRO SÁNCHEZ PÉREZ-CASTEJÓN

 

10May/18

Law on Personal Data Protection 2008

 

Law on Personal Data Protection 2008 (Official Gazette of the Republic of Serbia number 97/2008). Law on protection of personal data (Official Gazette of the Republic of Serbia, nos. 97/2008, 104/2009, 68/2012 and Decisión of the Constitutional Court 107/2012)

 

I.- BASIC PROVISIONS

Scope

Article 1

This Law shall set out the conditions for personal data collection and processing, the rights and protection of the rights of persons whose data are collected and processed, limitations to personal data protection, proceedings before an authority responsible for data protection, data security, data filing, data transfers outside the Republic of Serbia and enforcement of this Law.

Every natural person shall be entitled to personal data protection regardless of their nationality and residence, race, age, gender, language, religion, political and other affiliations, ethnicity, social background and status, wealth, birth, education, social position or any other personal characteristic.

The duties of personal data protection shall be carried out by the Commissioner for Information of Public Importance and Personal Data Protection (hereinafter referred to as the Commissioner), as an autonomous public authority who exercises his/her powers independently.

Purpose

Article 2

The purpose of this Law is to enable every natural person to exercise and have recourse to protection of their right to privacy and other rights and freedoms in the context of personal data protection.

Definition of Terms used in this Law

Article 3

As used herein, the following terms shall have the meaning set forth below:

1) “personal data” means any information relating to a natural person, regardless of the form of its presentation or the medium used (paper, tape, film, electronic media etc.), regardless on whose order, on whose behalf or for whose account such information is stored, regardless of the date of its creation or the place of its storage, regardless of the way in which such information is learned (directly, by listening,
watching etc., or indirectly, by accessing a document containing the information etc.) and regardless of any other characteristic of such information (hereinafter referred to as data);

2) “natural person” means any data subject identified or identifiable on the basis of his/her proper name, unique personal identification number, address code or any other distinguishing feature of his/her physical, psychological, spiritual, economic, cultural or social identity (hereinafter referred to as person);

3) “data processing” means any action taken in connection with data, including: collection, recording, transcription,  multiplication, copying, transmission, searching, classification, storage, separation, crossing, merging, adaptation, modification, provision, use, granting access, disclosure, publication, dissemination, recording, organizing, keeping, editing, disclosure through transmission or otherwise, withholding, dislocation or other actions aimed at rendering the data inaccessible, as well as other actions carried out in connection with such data, regardless whether those actions are automated, semi-automated or otherwise performed (hereinafter referred to as processing);

4) “public authority” means a state authority, a territorial autonomy or local self-government authority or another authority or organization vested with public powers;

5) “data controller” means a natural person, legal entity or public authority responsible for data processing (hereinafter referred to as controller);

6) “data file” means any set of data undergoing automated or non-automated processing and available on personal grounds, case-related grounds or any other grounds, regardless of the mode of their filing and place of their storage;

7) “data user” means any natural person, legal entity or public authority authorized by virtue of the law or on the basis of a person’s consent to use data (hereinafter referred to as user);

8) “data processor” means any natural person, legal entity or public authority to whom/which a controller delegates certain processing-related duties under the law or on the basis of a contract (hereinafter referred to as processor);

9) “in writing” includes also electronically, subject to the provisions of the law governing electronic signature;

10) “Central Data File Register” (hereinafter referred to as the Central Register) means a record comprising a register of data files and a catalogue of data files, managed by the Commissioner.

Application of the Law

Article 4

The provisions of this Law shall apply to any automated processing, as well as to processing incorporated in non-automated data files.

Data excluded from the Scope of the Law

Article 5

Save where a person’s contrary interests manifestly prevail, certain provisions of this Law pertaining to processing requirements and to the rights and responsibilities in connection with processing shall not apply to the processing of:

1) Data available to everyone and published in mass media or publications or accessible in archives, museums and other similar organizations;

2) Data processed for family purposes and other personal purposes which are unavailable to third parties;

3) Data on members of political parties, associations, trade unions and other forms of alliances processed by such organizations, provided that the member concerned has given his/her consent in writing to waive the application of certain provisions of this Law to his/her personal data for a specified period of time, which however cannot exceed the term of his/her office;

4) Data published on oneself by a person capable of taking care of his/her interests.

Processing for Historical, Statistical or Research and Development Purposes

Article 6

Data collected and processed for other purposes can be processed solely for historical, statistical or research and development purposes, provided they are not used in decisionmaking or in the taking of measures against the person concerned and only if adequate safeguards are in place.

Safeguards for the protection of data archived solely for historical, statistical or research and development purposes shall be set out in a special regulation.

Controller appointed under Special Regulation

Article 7

If a special regulation governs the purpose and manner of processing, the controller can be appointed pursuant to such regulation.

II.- PROCESSING REQUIREMENTS

Inadmissibility of Processing

Article 8

Processing shall not be allowed:

1) If a natural person did not give his/her consent to processing, i.e. if processing is carried out without legal authority;

2) If processing is done for purposes other than those specified, regardless whether it is based on a person’s consent or on statutory powers for data processing without consent, unless it is done in order to raise funds for humanitarian purposes referred to in Article 12, item 2a) and Article 12a of this Act;

3) If the purpose of processing is vaguely defined, modified, inadmissible or already achieved;

4) If the data subject is identified or identifiable even after the purpose of such processing is achieved;

5) If the processing method is inadmissible;

6) If the processed data is unnecessary or unsuitable for the purpose of processing;

7) If the number or type of data processed is disproportionate taking into account the purpose of processing;

8) If the data are inaccurate and incomplete, i.e. if they are not based on a credible source or are outdated.

Decision made by Automated Processing

Article 9

Any decision producing legal consequences for a person or compromising his/her position cannot be based solely on data processed automatically and used in the assessment of some specific characteristic of his/hers (work ability, reliability, creditworthiness etc.).

Decisions referred to in paragraph 1 of this Article can be made where expressly provided for by the law or when a person’s request relating to contract execution or performance is adopted, provided that adequate safeguards are put in place.

In cases referred to in paragraph 2 of this Article, the person concerned must be informed of the automated data processing and the decision-making process.

Processing with Consent

Article 10

Consent to data processing is deemed to be valid if given by a person who has received prior information from the controller within the meaning of Article 15 of this Law.

A person’s valid consent can be given in writing of verbally for the record.

Consent may be given through a proxy.

A proxy’s power of attorney shall be notarized, unless provided otherwise by the law.

For persons incapable of giving their own consent, such consent shall be given by their appointed representatives or guardians.

Consent for processing of data on deceased persons may be given by the spouse, children above 15 years of age, parents, siblings, legal heirs or persons appointed for that purpose by the deceased.

Withdrawal of Consent

Article 11

Consent may be withdrawn.

A person’s valid withdrawal of consent can be made in writing or verbally for the record.

In case of withdrawal, the person who previously gave his/her consent shall reimburse the controller for any and all justifiable costs incurred and damage sustained, in accordance with the regulations pertaining to damage liability.

Data processing shall not be allowed once the consent has been withdrawn.

Processing without Consent

Article 12

Processing without consent shall be allowed in the following cases:

1) To achieve or protect vital interests of the data subject or a third party, in particular their life, health and physical integrity;

2) For the purpose of discharging duties laid down by a law, an enactment adopted pursuant to a law or a contract concluded between the person concerned and the controller, as well as for the purpose of contract preparation;

2a) To raise funds for humanitarian purposes;

3) In other cases envisaged by this Law or another regulation adopted pursuant to this Law, for the purpose of achieving a prevailing justifiable interest of the person concerned, the controller or a user.

Article 12a

In case referred to in Article 12, item 2a), the personal data already processed for specific purposes by the controller based on statutory authorization, may also be processed by the controller in order to raise funds for humanitarian purposes.

Processing by Public Authorities

Article 13

Public authorities shall process data without the consent of the person concerned if such processing is necessary for them to perform duties within their spheres of competence as defined by a law or another regulation with a view to achieving the interests of national or public safety, national defence, crime prevention, detection, investigation and prosecution, economic or financial interests of the state, protection of health and ethical norms, protection of rights and freedoms and other public interests, while processing in all other cases shall require the consent in writing from the person concerned.

Data Collection

Article 14

Data shall be collected from data subjects and from public authorities authorized under the law to collect such data.

Data may also be collected from third parties if:

1) envisaged by a contract concluded with a data subject;

2) envisaged by a law or another regulation passed pursuant to a law;

3) necessary taking into account the nature of the task;

4) data collection from a data subject is timeconsuming or requires disproportionately high resources;

5) data are collected for the purpose of achieving or protecting vital interests of a data subject, in particular his/her life, health and physical integrity.

Notification of Data Processing

Article 15

The controller who collects data from data subjects or from third parties shall, before data collection, inform the data subject or the third party of:

1) His/her identity, i.e. name and address or business name, or the identity of another person responsible for data processing under the law;

2) The purpose of data collection and subsequent processing;

3) The manner in which data will be used;

4) The identity or categories of persons who will use data;

5) The mandatory nature and legal grounds or else the voluntary nature of data provision and processing;

6) The right to withdraw one’s consent to processing and the legal consequences in the event of withdrawal;

7) The data subject’s rights in case of unlawful processing;

8) Other circumstances the withholding of which from a data subject or a third party would be contrary to conscientious treatment.

The obligation referred to in paragraph 1 of this Article shall not pertain where such information, taking into account the specific circumstances of a case, is impossible or obviously unnecessary or unsuitable, in particular if the data subject or the third party is already informed or if the data subject is unavailable.

A controller who collected data on a data subject from a third party shall inform the data subject of the requirements of paragraph 1 of this Article without delay or at the time of first processing at the latest, save where such informing, taking into account the circumstances of the case, is impossible or obviously unnecessary or unsuitable, in particular if the data subject is already informed or if the data subject is unavailable or if collection and processing of data obtained from a third party is provided for under the law.

In cases referred to in paragraph 3 of this Article, the controller shall inform the data subject as soon as reasonably possible or when required by the data subject.

The information referred to in paragraph 1 of this Article shall be provided in writing if the consent to processing is given in writing, except when the data subject or third person agrees to receive information verbally.

The controller shall notify the data subject and the data user of any modification, amendment or deletion of data without delay, and in any case not later than 15 days of the date of such modification, amendment or deletion.

Particularly Sensitive Data

Article 16

Data relating to ethnicity, race, gender, language, religion, political party affiliation, trade union membership, health status, receipt of social support, victims of violence, criminal record and sexual life shall be processed on the basis of informed consent of data subjects, save where the law does not allow the processing of such data even with the subject’s consent.

By way of derogation, data relating to political party affiliation, health status and receipt of social support may be processed without the consent of data subjects, insofar as this is allowed under the law.

In cases referred to in paragraphs 1 and 2 of this Article, processing must be specially labeled and protected by safeguards.

In cases referred to in paragraphs 1 and 2 of this Article, the Commissioner shall be entitled to access and ascertain the legality of data protection, wither ex officio or upon request of the data subject or controller.

The filing method and the safeguards applied to data referred to in paragraphs 1 and 2 of this Article shall be defined by the Government, upon obtaining the Commissioner’s opinion.

Consent to Processing of Particularly Sensitive Data

Article 17

Consent to processing of particularly sensitive shall be given in writing and shall contain a designation of the data processed, the purpose of processing and the manner of use of such consent.

If a person giving consent is illiterate or otherwise incapable of signing the consent in hand, such consent shall be valid if two witnesses confirm by their signatures that the document represents the true intent of the person giving the consent.

Withdrawal of Consent to Processing of Particularly Sensitive Data

Article 18

In case of withdrawal, the person who previously gave his/her consent shall reimburse the controller for any and all justifiable costs incurred and damage sustained, in accordance with the regulations pertaining to damage liability, save where otherwise defined in the statement of consent.

Article 11 of this Law shall apply mutatis mutandis to withdrawals of consent to processing of particularly sensitive data.

III.- RIGHTS OF DATA SUBJECTS AND PROTECTION OF RIGHTS OF DATA SUBJECTS

1. Rights

Right to Notification of Data Processing

Article 19

Data subjects shall have the right to be accurately and fully informed by the controller of the following:

1) Whether the controller is processing data on them and, if so, which processing operations it is performing;

2) Which data are being processed;

3) Who the data was collected from, i.e. who was the source of data;

4) The purposes for which the data is being processed;

5) The legal grounds for data processing;

6) Which data files contain the data;

7) Who uses such data;

8) Data and/or types of data that are used;

9) The purpose for which such data is used;

10) The legal grounds for the use of data;

11) Who receives the data;

12) Which data are transferred;

13) The purposes for which the data are transferred;

14) The legal grounds for data transfer;

15) The period in which the data are processed.

Right of Access

Article 20

Data subject shall have the right to request from controllers to access data relating to them.

The right of access to data relating to oneself shall include the right to review, read and listen to data, as well as the right to make notes.

Right to a Copy

Article 21

Data subjects shall have the right to request from controllers to obtain copies of data relating to them.

Controllers shall issue data copies (photocopies, audio-copies, video-copies, digital copies etc.) in the form in which such information is stored or in another form if such information would not be understandable to the data subject concerned if it were disclosed in the form in which it is stored.

Data subjects shall bear the necessary costs of making and providing copies of data.

Rights of Data Subjects upon obtaining Access to Data

Article 22

Data subjects shall have the right to require of controllers to correct, modify, update or delete data, as well as to a stay and suspension of processing.

Data subjects shall have the right to have their data deleted in the following cases:

1) If the purpose of processing is not clearly specified;

2) If the purpose of processing is changed, but the processing requirements for such changed purpose are not met;

3) If the purpose of processing has been achieved, i.e. if data is no longer needed for such purpose;

4) If data are processed by inadmissible means;

5) If data are such that their number or type is disproportionate to the purpose of processing;

6) If data are inaccurate and cannot be replaced with accurate ones by means of corrections;

7) If data are processed without consent or authority based on the law, as well as in other cases where processing is not allowed under this Law.

Data subjects shall have the right to have data processing stayed or suspended if they challenged the correctness, completeness and accuracy of data, as well as the right to have such data labeled as challenged pending a decision on their correctness, completeness and accuracy.

2. Restrictions

Restrictions of Rights

Article 23

The right to notification, access and copy may be restricted in the following cases:

1) If a data subject requests information referred to in Article 19, items 2) and 7) to 10) of this Law and the collector has already entered the data on him/her in a public register or has otherwise made them publicly available;

2) If a data subject abuses his/her right to notification, access and copy;

3) If the controller or another person has already notified to the data subject in accordance with Article 15 of this Law the information he/she requires, i.e. if the data subject has already accessed the information or obtained a copy and the data have not changed in the meantime;

4) If the controller would be prevented from performing duties within his sphere of competence;

5) If the provision of such information would significantly prejudice the interests of national or public safety, national defence or crime prevention, detection, investigation and prosecution;

6) If the provision of such information would significantly prejudice a major economic or financial interest of the state;

7) If the provision of such information would disclose data identified as confidential under a law or other regulations or enactment based on a law, insofar as the disclosure of such data could seriously prejudice an interest protected by the law;

8) If the provision of such information would seriously prejudice privacy or a vital interest of the data subject, in particular his/her life, health and physical integrity;

9) If data on the data subject are used solely for research and development purposes and statistical purposes, for as long as such usage of data continues.

Data subjects shall not have the right to access data during the stay of processing if the processing was stayed on their request.

3. Request

Request for Exercise of a Right

Article 24

Requests for notification, access and copy shall be submitted to controllers in writing, but controllers may also accept verbal requests for reasons of efficiency and cost-effectiveness. Requests for exercising one’s rights upon obtaining access to data shall be submitted to controllers in writing.

Requests referred to in paragraph 1 of this Article shall contain: information on identity of the person filing the request (name and surname, name of one parent, date and town/city of birth, unique personal identification number); residence or dwelling address; as well as any other necessary contact information.

Requests filed by legal heirs of deceased persons shall also contain information on identity of such deceased persons. Enclosed with such requests, requesters shall submit death certificate and evidence of the requester’s kinship with the deceased person.

Illiterate persons or persons unable to file requests in writing due to physical or other disabilities may make their requests verbally for the record.

Controllers may specify a format in which requests are to be filed, but they shall be required to take into consideration also any requests that are not made in such format.

If a request is unintelligible or incomplete, the controller shall instruct the requester to rectify any shortcomings.

If a requester fails to rectify shortcomings within the period specified, and in any case not later than 15 days of receipt of instruction to supplement a request, and if the shortcomings are such that the request cannot be processed, the controller shall dismiss such request as unacceptable by passing a relevant resolution.

4. Decision-making

Deciding on Requests for Notification, Access and Copy

Article 25

Controllers shall issue notices of filed requests without delay, and in any case not later than 15 days of the date of filing. Notices shall be issued in writing and, by way of exception, also verbally, if the requester agrees.

Controllers shall forthwith, and in any case not later than 30 days of receipt of an orderly request for access or obtaining a copy, enable the requester to access information or provide a copy of such information, as the case may be.

Together with the notice of granting access to data or of issuing copies of data, controllers shall also inform the requesters of the time, place and manner in which access to data will be enabled and the amount of necessary costs for producing copies of data and, if they do not have technical means at their disposal to issue a copy, they shall inform the requesters of the possibility to use their own equipment to make copies.

Requesters referred to in paragraph 2 of this Article may ask to access data at a time other than specified, where justifiable reasons for this pertain. As a rule, data shall be accessed on the controller’s official premises.

If justifiable reasons prevent controllers from acting upon a request within the time limit set out herein, they shall notify the requester accordingly and set a new time limit for request processing, which time limit cannot be longer than 30 days of expiry of the rime limit referred to in paragraphs 1 and 2 of this Article.

If a controller accepts a request for notification, access and copy, he shall make a note thereon.

If a controller rejects a request, he shall pass a resolution thereon, with an instruction on available remedies.

If a controller fails to respond to a request within the time limits set out in paragraphs 1 and 2 of this Article, or if a controller rejects a request, the requester may appeal to the Commissioner.

Deciding on Requests upon Obtaining Access to Data

Article 26

Controllers shall decide on requests field upon obtaining access to data referred to in Article 24 of this Law without delay, and in any case not later than 15 days of the date of filing, and shall notify the requesters of their decisions accordingly.

If a controller rejects a request referred to in paragraph 1 of this Article, the rationale of the ruling shall specify the reasons for rejection, as well as the reasons why processing is allowed.

A requester may lodge an appeal with the Commissioner against a ruling on rejection of request referred to in paragraph 1 of this Article within 15 days of receipt of such ruling.

If a controller finds that a request filed upon obtaining access to data is grounded, but has no technical capacities for acting upon such request without delay or urgent action upon such request would require disproportionately high amounts of time or resources, such controller shall ex officio mark such data as challenged and temporarily stay their processing.

If a controller that is a public authority establishes that a request filed upon obtaining access to data is grounded, it shall mark such data as challenged and temporarily stay their processing. Such controller shall not modify, amend, update or delete data or suspend processing if:

1) The time limit for mandatory data retaining has not expired;

2) Acting upon a request would manifestly be seriously prejudicial to the interests of other persons;

3) Because of a special method of data storage, acting upon a request is impossible or would require disproportionately high amounts of time or resources.

A mark indicating data as challenged under Article 22, paragraph 3 of this Law shall be deleted pursuant to a decision of a competent authority or with the consent of the person to whom such data relate.

5. Methods of Exercising Rights

Method of Exercising the Right of Access

Article 27

Controllers shall make data relating to data subjects available to such data subjects in a comprehensible form.

Controllers shall make all data available to requesters in the given state.

If data are kept in different formats (paper, audio, video or electronic record etc.), requesters shall be entitled to access data in the format of their choice, except where this is impracticable.

Any person who is incapable of accessing data without a guardian may do so with the help of a guardian.

Upon request from persons who need specialist assistance to understand the content of data relating to them, controllers shall provide such assistance.

Controllers shall not subject the exercise of the right to access data to any fees.

Where a controller has at its disposal data in the language in which a request is made, it shall make the data available to the requester and produce a copy in such language, except where the requester specifies otherwise and the controller has the necessary capacities to comply with the request.

Methods of Exercising the Right to Copy

Article 28

Controllers shall issue copies of data (photocopy, audio copy, video copy, digital copy etc.) in the format in which such data are stored or in another format if data would be unintelligible to the requester in the format in which they are stored.

Requester shall bear the necessary costs of making and providing copies of data.

6. Processing for the Purposes of Public Media

Article 29

Processing by journalists and other media workers for the sole purpose of publication by mass media, with the exception of processing for advertising purposes, shall be governed by the provisions of Articles 3, 5 and 8(1) to (5) and Articles 46 and 47 of this Law.

Data relating to affiliation of persons with political parties may be used for the purposes of processing referred to in paragraph 1 of this Article, insofar as such data are relevant taking into account the public office held by the person concerned.

Attachment of Replies and Other Information

Article 30

Controllers shall attach any replies, corrections, retractions or any other information published on request from a data subject referred to in Article 29 of this Law to the processed data and shall retain all such information for as long as the relevant data are kept.

Protection of Personality

Article 31

If the publication of data in mass media or in print constitutes a violation of a right or a legally protected interest of a person, the injured party may require the editor-in-chief and the publisher of a medium to notify him/her of the data processed about him/her, to grant him/her access to such data and to obtain a copy of such data, unless:

1) Such action would disclose data in connection with a data source which a journalist or another media worker is not required or willing to give;

2) Such action would disclose data in connection with a person who took part in the preparation and publication of such information and the editor-inchief is not willing to disclose such data;

3) Circumstances pertain in which notification, accessing or issuing copies of data would significantly hamper the provision of information of public importance to the general public.

7. Special Provisions

Forwarding of Requests to the Commissioner

Article 32

If controllers are not processing the pertinent data, they shall forward requests to the Commissioner, save where the requester objects to such action.

Handling by the Commissioner

Article 33

Upon receipt of a request, the Commissioner shall establish whether a controller is processing the requested data.

If the Commissioner finds that a controller is not processing the data, he/she shall forward the request to the controller that is actually processing the data and shall notify the requester accordingly or shall instruct the requester to address the controller that is processing the data, as appropriate, taking into account the need to ensure that the request is handled in the most efficient way possible.

If the Commissioner finds that a controller is processing the data, he/she shall pass a ruling ordering such controller to decide on the request.

Controllers shall decide on requests referred to in paragraph 2 of this Article within the time limits set out in Article 25, paragraph 1, and Article 26, paragraph 1 of this Law from the date of submission, while decisions on requests referred to in paragraph 3 of this Article shall be made within seven days of service of the Commissioner’s ruling.

Proxy

Article 34

The rights enshrined in this Law may be exercised in person or through proxies.

A proxy must have a notarized power of attorney.

Retention and Use in the Event of Death

Article 35

In the event of death or if a missing person is declared dead, data collected under a contract or on the basis of consent given in writing shall be retained in accordance with the conditions set out in the contract or consent, while data collected pursuant to the law shall be retained for at least a year of the date of death or the data on which a missing person is declared dead, after which they shall be destroyed.

An official notice shall be made of any destruction of data.

Consent for the use of data on deceased persons shall be given by the persons referred to in Article 10, paragraph 6 of this Law.

Controllers’ Duties

Article 36

If a data file is formed under a contract or on the basis of consent in writing and such contract is terminated or such consent in writing is withdrawn, the controller shall delete the data within 15 days of contract termination or withdrawal of consent, unless provided for or agreed otherwise.

Application of Provisions of the Law on Administrative Proceedings mutatis mutandis

Article 37

The provisions of the law governing general administrative proceedings shall apply mutatis mutandis to the procedure of deciding upon requests, unless provided otherwise in this Law.

IV.- APPEAL PROCEDURE

Right of Appeal

Article 38

Persons filing requests for exercising a right related to processing may lodge appeals with the Commissioner:

1) Against a controller’s decision rejecting or denying a request;

2) If a controller fails to decide on a request within the specified time limit;

3) If a controller fails to grant access to data or issue a copy thereof or fails to do so within the time limit and in the manner provided for in this Law;

4) If a controller makes the issuing of a copy of data subject to the payment of a fee the amount of which exceeds the necessary costs of producing a copy;

5) If a controller, in violation of the Law, hampers or prevents the exercise of rights.

Appeals may be lodged within 15 days of the date of service of a decision rejecting or denying a request or upon expiry of the specified time limit for deciding and handling.

Enclosed with an appeal, requesters shall submit the relevant request with evidence of delivery to the controller and the challenged decision.

Handling of Appeals by the Commissioner

Article 39

The Commissioner shall decide on appeals within 30 days of lodging at the latest. Appeals shall be forwarded to the controller for reply. The appellant may file a rejoinder to the contestations stated in the appeal.

The Commissioner shall reject by means of resolutions all untimely or incomplete appeals or appeals lodged by unauthorized persons.

If the Commissioner, acting on an appeal lodged for failure to act upon request, establishes that the appeal is grounded, he/she shall order the controller to act upon request within a specified period of time.

If the controller, after the lodging of an appeal for failure to act upon request, but before the Commissioner rules on such appeal, enables the exercise of the right to access data or obtain a copy or if decides upon such request, the Commissioner shall terminate appeal proceedings by a resolution.

Appeal proceedings shall also be terminated if the appellant waives the appeal.

Establishment of Facts in Appeal Proceedings

Article 40

The Commissioner shall take such actions to establish the facts as may be necessary in order to rule on an appeal.

The Commissioner or a person specifically authorized by the Commissioner shall be given access to data or data files for the purpose of establishing the facts, except in cases referred to in Article 45, paragraph 2 of this Law.

Mandatory Nature and Enforcement of Rulings

Article 41

The Commissioner’s rulings on appeals shall be binding, final and enforceable.

Where necessary, the Government shall ensure that the Commissioner’s rulings are enforced and may regulate in more detail the manner in which such rulings are to be enforced.

Legal Remedies against Rulings

Article 42

The Commissioner’s rulings may be challenged in administrative proceedings.

Other Procedural Provisions

Article 43

The procedure of ruling on an appeal shall be governed by the law on general administrative proceedings, unless provided otherwise in this Law.

V.- COMMISSIONER

Competences

Article 44

The Commissioner shall:

1) Supervise the enforcement of data protection;

2) Decide on appeals in cases set out in this Law;

3) Maintain the Central Register;

4) Supervise and allow transborder transfer of data from the Republic of Serbia;

5) Point out the identified cases of abuse in data collection;

6) Produce a list of countries and international organizations with adequate provisions on data protection;

7) Give his/her opinion on the formation of new data files or introduction of new information technologies in data processing;

8) Give his/her opinion in case of doubt whether a data set constitutes a data file within the meaning of this Law;

9) Give his/her opinion to the Government in the procedure of enactment of instruments governing the methods of data filing and safeguards for particularly sensitive data;

10) Monitor the implementation of data safeguards and suggests improvements;

11) Give proposals and recommendations for improving data protection;

12) Give prior opinion on whether a certain processing method constitutes specific risk for a citizen’s rights and freedoms;

13) Keep up to date with the data protection arrangements in other countries;

14) Cooperate with authorities responsible for data protection supervision in other countries;

15) Determine the way in which data are to be handled if a data controller ceased to exist, unless provided otherwise;

16) Perform other duties within his/her sphere of competence.

The Commissioner may have a deputy responsible for personal data protection.

The Commissioner shall forward the report he/she submits to the National Assembly to the President of the Republic, the Government and the Ombudsperson and shall make it available to the general public through appropriate means.

Right of Access and Examination

Article 45

The Commissioner shall have the right of access to and examination of:

1) Data and data files;

2) Complete set of documents relating to data collection and other processing activities, as well as to the exercise of data subjects’ rights under this Law;

3) General enactments of controllers;

4) Premises and equipment used by controllers.

VI.- DATA SECURITY

Confidentiality Duty

Article 46

The Commissioner, the Deputy Commissioner and the staff of the expert service shall keep the confidentiality of all data they learn during the performance of their duties, in accordance with the law and other regulations governing data confidentiality, unless provided otherwise.

The duty referred to in paragraph 1 of this Article shall subsist even after the Commissioner and the Deputy Commissioner have left office and after the staff of the expert service terminated their employment.

Controllers shall inform processors and persons who have access to data with the data confidentiality safeguards.

Organizational and Technical Measures

Article 47

Data must be adequately protected from abuse, destruction, loss, unauthorized alterations or access.

Controllers and processors shall take all necessary technical, human resources and organizational measures to protect data in accordance with the established standards and procedures in order to protect data from loss, damage, inadmissible access, modification, publication and any other abuse, as well as to provide for an obligation of keeping data confidentiality for all persons who work on data
processing.

VII.- RECORDS

Data Processing Records

Article 48

Controllers shall establish and maintain records containing the following information:

1) Type of data and name of data file;

2) Type of processing activities;

3) Business name, name, head office and address of the controller;

4) Date of commencement of data processing or date of data file creation;

5) The purpose of processing;

6) The legal grounds for data processing or creation of data file;

7) The category of data subjects;

8) The type and degree of data confidentiality;

9) The method of data collection and keeping;

10) The time limit for data keeping and use;

11) Business name, name, head office and address of the data user;

12) The mark under which data are transferred in or out of the Republic of Serbia, with an indication of the state or international organization and the foreign data user, the legal grounds and the purpose of transborder transfer in or out of the country;

13) Safeguards put in place to protect data;

14) Requests concerning data processing.

Controllers shall not be required to set up and maintain records for the processing of: data collected solely for family purposes and other personal purposes within the meaning of Article 5, item 2) of this Law; data processed for the purpose of maintaining registers required by the law; data in data files that contain only publicly available data; and data relating to persons whose identity remains undisclosed and the controller, the processor or the user is not authorized to establish such person’s identity.

Controllers shall update the records whenever a change occurs in relation to the basic data referred to in paragraph 1 of this Article within 15 days of the date when such change occurs.

The format of records and the manner of keeping of records referred to in paragraph 1 of this Article shall be specified by the Government.

Notification of the Commissioner

Article 49

Before the commencement of data processing or creation of data files, as the case may be, controllers shall notify the Commissioner of their intent to form a data file, with enclosed data referred to in Article 48 of this Law, as well as of any intended subsequent processing, such notification being due before the processing takes place and in any case not later than 15 days before the formation of the data file or before data processing.

The notification duty set out in paragraph 1 of this Article shall not apply to the commencement of data processing or creation of data files in cases where special regulations govern the purpose of processing, the type of data processed, the categories of users with access to the data and the period during which such data will be retained.

Prior Verification

Article 50

Upon receipt of a notification referred to in Article 49 of this Law and before the formation of a data file, the Commissioner shall verify any processing activities that could significantly prejudice the rights of data subjects.

The method in which verifications referred to in paragraph 1 of this Article are to be carried out shall be specified in an enactment passed by the Commissioner.

Duty to Submit

Article 51

Controllers shall submit to the Commissioner records of data files or changes in data records at the latest within 15 days of the date of data file formation or change.

The notifications referred to in Article 49, paragraph 1 of this Law and the records referred to in paragraph 1 of this Article shall be entered in the Central Register.

Central Register

Article 52

The Commissioner shall form and maintain the Central Register.

The Central Register shall comprise a register of data files and a catalogue of data files.

The register of data files shall contain the data referred to in Article 51, paragraph 2 of this Law.

The catalogue of data files shall contain a description of recorded data files.

The Central Register shall be public and has to be published on the Internet.

The Commissioner shall once a year publish an inventory of data files in the “Official Gazette of the Republic of Serbia”.

The Commissioner shall deny access to the record of data files upon request of a data controller, provided this is necessary for the achievement of a prevailing interest of national or public safety, national defence, crime prevention, detection, investigation and prosecution, or economic or financial interests of the state, or if a law or another regulation or enactment adopted pursuant to a law provide for the
confidentiality of the record of data files.

VIII.- TRANSBORDER TRANSFER OF DATA OUT OF THE REPUBLIC OF SERBIA

Article 53

Data can be transferred from the Republic of Serbia to a state party to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.

Data may be transferred from the Republic of Serbia to a state that is not a party to the Convention referred to in paragraph 1 of this Article or an international organization if such state or international organization has a regulation or a data transfer agreement in force which provides a level of data protection equivalent to that envisaged by the Convention.

In cases of transborder transfer of data referred to in paragraph 2 of this Article, the Commissioner shall determine whether the requirements are met and safeguards put in place for the transfer of data from the Republic of Serbia and shall authorize such transfer.

IX.- SUPERVISION

Competence

Article 54

The implementation of and compliance with this Law shall be supervised by the Commissioner.

The Commissioner shall perform the duties referred to in paragraph 1 of this Article through authorized officers.

Authorized officers shall carry out their supervision duties in a professional and timely fashion and shall produce records of their enforcement activities.

In supervising the enforcement of the Law, authorized officers shall use knowledge acquired ex officio or learned from appellants or third parties.

In supervising the enforcement of the Law, authorized officers shall furnish their official identification documents. The format of such identification documents shall be prescribed by the Commissioner.

Facilitation of Supervision

Article 55

Persons responsible for data protection under this Law shall enable authorized officers to freely carry out supervision duties and shall give them access to all necessary documents.

Commissioner’s Supervision Powers

Article 56

If violations of the provisions of this Law pertaining to processing are identified in the course of supervision, the Commissioner shall caution the controller against any irregularities in processing.

On the basis of the findings of an authorized officer, the Commissioner may:

1) Order the rectification of such irregularities within a specified period of time;

2) Temporarily ban any processing carried out contrary to the provisions of this Law;

3) Order the deletion of data collected without proper legal grounds.

Orders referred to in paragraph 2 of this Article shall not be subject to appeal, but they may be challenged in administrative proceedings.

The implementation of measures referred to in paragraph 2 of this Article shall be governed by an enactment of the Commissioner.

The Commissioner shall ex officio file petitions for institution of infringement proceedings in cases of violation of the provisions of this Law.

X.- PENAL PROVISIONS

Article 57

A fine in the amount of RSD 50,000 to 1,000,000 shall be charged for infringement to a collector, a processor or a user with the status of a legal entity that:

1) Processes data without consent, contrary to the provisions of Article 12 of this Law;

2) Processes data contrary to the provisions of Article 13 of this Law;

3) Collects data from a third party contrary to the provisions of Article 14, paragraph 2 of this Law;

4) Before the collection of data, fails to inform the data subject or a third party of the requirements of Article 15, paragraph 1 of this Law;

5) Processes particularly sensitive data contrary to the provisions of Articles 16 to 18 of this Law;

6) Fails to make all data available in their current format, contrary to Article 27, paragraph 2 of this Law;

7) Fails to issue a copy of data in the current format, contrary to Article 28, paragraph 1 of this Law;

8) Fails to delete data from a data file contrary to Article 36 of this Law;

9) Fails to proceed in accordance with the Commissioner’s ruling on appeal (Article 41, paragraph 1 of this Law);

10) Acts in violation of the confidentiality duty referred to in Article 46, paragraphs 1 and 2 of this Law;

11) Acts in violation of the duty to take the measures referred to in Article 47, paragraph 2 of this Law;

12) Fails to form or update a record in violation of Article 48, paragraphs 1 and 3 of this Law;

13) Fails to notify the Commissioner of its intent to form a data file within the specified period of time, contrary to Article 49, paragraph 1 of this Law;

14) Fails to submit to the Commissioner its record of data files or changes in data files within the specified period of time (Article 51, paragraph 1 of this Law);

15) Transfers data from the Republic of Serbia contrary to Article 53 of this Law;

16) Fails to enable an authorized officer to freely perform supervision activities and grant him/her access to all necessary documents (Article 55 of this Law);

17) Fails to act on the Commissioner’s orders (Article 56, paragraph 2 of this Law).

For infractions referred to in paragraph 1 of this Article, an entrepreneur shall be charged a fine in the amount of RSD 20,000 to 500,000.

For infractions referred to in paragraph 1 of this Article, a natural person or the responsible officer of a legal entity, public authority, body or territorial autonomy and local selfgovernment unit shall be charged a fine in the amount of RSD 5,000 to 50,000.

XI.- TRANSITIONAL AND FINAL PROVISIONS

Article 58

The head office, appointment, termination of office, procedure for relieving of duty, the status of the Commissioner, the Deputy Commissioner and the expert service, funding and reporting shall be governed by the provisions of the Law on Free Access to Information of Public Importance (“Official Gazette of the Republic of Serbia” Nos. 120/04 and 54/07).

Article 59

The Commissioner for Information of Public Importance, established under the Law on Free Access to Information of Public Importance (“Official Gazette of the Republic of Serbia” Nos. 120/04 and 54/07) shall continue to operate as the Commissioner for Information of Public Importance and Personal

Data Protection.

Article 60

Secondary legislation hereunder shall be passed within six months of the date when this Law comes into force.

Article 61

Data files and records formed by the date when this Law comes into force shall be harmonized with the provisions hereof within 12 months of the date when this Law comes into force.

Data controllers shall submit the records referred to in Article 48 of this Law to the Commissioner within 12 months of the date when this Law comes into force.

Article 62

As of the date when this Law comes into force, the Personal Data Protection Law (“Official Gazette of FRY” No. 24/98 and 26/98-Corrigendum) shall be superseded and extinguished.

Article 63

This Law shall come into force on the eighth day of its publication in the “Official Gazette of the Republic of Serbia” and shall take effect as of 1 January 2009.

21Feb/18

Artículo 173 Código Penal Federal Mexicano

Título Quinto.- Delitos en Materia de Vías de Comunicación y de Correspondencia
(Reubicado, antes Título Sexto, mediante Decreto publicado en el Diario Oficial de la Federación el 29 de julio de 1970)

Capítulo I.- Ataques a las Vías de Comunicación y Violación de Correspondencia
(Reformada la denominación mediante Decreto publicado en el Diario Oficial de la Federación el 15 de enero de 1951)

Capítulo II .- Violación de Correspondencia

Artículo 173.

Se aplicarán de tres a ciento ochenta jornadas de trabajo en favor de la comunidad:
(Reformado mediante Decreto publicado en el Diario Oficial de la Federación el 10 de enero de 1994)

I. Al que abra indebidamente una comunicación escrita que no esté dirigida a él, y

II. Al que indebidamente intercepte una comunicación escrita que no esté dirigida a él, aunque la conserve cerrada y no se imponga de su contenido.

Los delitos previstos en este artículo se perseguirán por querella.
(Adicionado mediante Decreto publicado en el Diario Oficial de la Federación el 30 de diciembre de 1991)

21Feb/18

Artículo 168 bis Código Penal Federal Mexicano

Título Quinto.- Delitos en Materia de Vías de Comunicación y de Correspondencia
(Reubicado, antes Título Sexto, mediante Decreto publicado en el Diario Oficial de la Federación el 29 de julio de 1970)

Capítulo I.- Ataques a las Vías de Comunicación y Violación de Correspondencia
(Reformada la denominación mediante Decreto publicado en el Diario Oficial de la Federación el 15 de enero de 1951)

Artículo 168 bis.

Se impondrán de seis meses a dos años de prisión y de trescientos a tres mil días multa, a quien sin derecho:

I. Descifre o decodifique señales de telecomunicaciones distintas a las de satélite portadoras de programas, o

II. Transmita la propiedad, uso o goce de aparatos, instrumentos o información que permitan descifrar o decodificar señales de telecomunicaciones distintas a las de satélite portadoras de programas.
(Artículo adicionado mediante Decreto publicado en el Diario Oficial de la Federación el 17 de mayo de 1999)

21Feb/18

Artículo 167 Código Penal Federal Mexicano

Título Quinto.- Delitos en Materia de Vías de Comunicación y de Correspondencia
(Reubicado, antes Título Sexto, mediante Decreto publicado en el Diario Oficial de la Federación el 29 de julio de 1970)

Capítulo I.- Ataques a las Vías de Comunicación y Violación de Correspondencia
(Reformada la denominación mediante Decreto publicado en el Diario Oficial de la Federación el 15 de enero de 1951)

Artículo 167.

Se impondrán de uno a cinco años de prisión y de cien a diez mil días multa:
(Reformado mediante Decreto publicado en el Diario Oficial de la Federación el 17 de mayo de 1999)

I. Por el solo hecho de quitar o modificar sin la debida autorización: uno o más durmientes, rieles, clavos, tornillos, planchas y demás objetos similares que los sujeten, o un cambiavías de ferrocarril de uso público;

II. Al que destruya o separe uno o más postes, aisladores, alambres, máquinas o aparatos, empleados en el servicio de telégrafos; cualquiera de los componentes de la red de telecomunicaciones, empleada en el servicio telefónico, de conmutación o de radiocomunicación, o cualquier componente de una instalación de producción de energía magnética o electromagnética o sus medios de transmisión;
(Reformada mediante Decreto publicado en el Diario Oficial de la Federación el 14 de julio de 2014)

III. Al que, para detener los vehículos en un camino público, o impedir el paso de una locomotora, o hacer descarrilar ésta o los vagones, quite o destruya los objetos que menciona la fracción I, ponga algún estorbo, o cualquier obstáculo adecuado;

IV. Por el incendio de un vagón, o de cualquier otro vehículo destinado al transporte de carga y que no forme parte de un tren en que se halle alguna persona;

V. Al que inundare en todo o en parte, un camino público o echare sobre él las aguas de modo que causen daño;

VI. Al que dolosamente o con fines de lucro, interrumpa o interfiera las comunicaciones, alámbricas, inalámbricas o de fibra óptica, sean telegráficas, telefónicas o satelitales, por medio de las cuales se transfieran señales de audio, de video o de datos;
(Reformada mediante Decreto publicado en el Diario Oficial de la Federación el 17 de mayo de 1999)

VII. Al que destruya en todo o en parte, o paralice por otro medio de los especificados en las fracciones anteriores, una máquina empleada en un camino de hierro, o una embarcación, o destruya o deteriore un puente, un dique, una calzada o camino, o una vía;
(Reformada mediante Decreto publicado en el Diario Oficial de la Federación el 28 de junio de 2007)

VIII. Al que con objeto de perjudicar o dificultar las comunicaciones, modifique o altere el mecanismo de un vehículo haciendo que pierda potencia, velocidad o seguridad, y
(Reformada mediante Decreto publicado en el Diario Oficial de la Federación el 28 de junio de 2007)

IX. Al que difunda o transmita información falsa que en cualquier forma perjudique o pueda perjudicar la seguridad de una aeronave, de un buque o de otro tipo de vehículo de servicio público federal.
(Adicionada mediante Decreto publicada en el Diario Oficial de la Federación el 28 de junio de 2007)

21Feb/18

Artículo 166 bis Código Penal Federal Mexicano

Título Quinto.- Delitos en Materia de Vías de Comunicación y de Correspondencia
(Reubicado, antes Título Sexto, mediante Decreto publicado en el Diario Oficial de la Federación el 29 de julio de 1970)

Capítulo I.- Ataques a las Vías de Comunicación y Violación de Correspondencia
(Reformada la denominación mediante Decreto publicado en el Diario Oficial de la Federación el 15 de enero de 1951)

Artículo 166 Bis.

A las personas que por razón de su cargo o empleo en empresas de telecomunicaciones, ilícitamente proporcionen informes acerca de las personas que hagan uso de esos medios de comunicación, se les impondrá pena de tres meses a tres años de prisión y serán destituidos de su cargo.

En el caso anterior, se aumentará la pena hasta en una mitad cuando el delito sea cometido por un servidor público en ejercicio de sus funciones. Asimismo, se le impondrán, además de las penas señaladas, la destitución del empleo y se le inhabilitará de uno a diez años para desempeñar cargo o comisión públicos.
(Artículo adicionado mediante Decreto publicado en el Diario Oficial de la Federación el 14 de julio de 2014)

18Feb/18

Decreto-Ley nº 308, de 23 de febrero de 2013

Decreto-Ley nº 308, de 23 de febrero de 2013, Cambia la denominación actual del Ministerio de la Informática y las Comunicaciones por la de Ministerio de Comunicaciones. (Publicado en la Gaceta Oficial de la República, Edición Extraordinaria nº 7 de 15 de marzo de 2013).

República de Cuba

CONSEJO DE ESTADO

PRESIDENCIA

RAÚL CASTRO RUZ, Presidente del Consejo de Estado de la República de Cuba.

HAGO SABER: Que el Consejo de Estado ha considerado lo siguiente:

POR CUANTO: La Constitución de la República de Cuba establece en su Artículo 95 que el número, denominación y funciones de los ministerios y organismos centrales que forman parte del Consejo de Ministros es determinado por la ley. Asimismo, el Artículo 29 del Decreto-Ley nº 67, “De Organización de la Administración Central del Estado”, de 19 de abril de 1983, tal y como quedó modificado por el Decreto-Ley nº 303, de 25 de octubre de 2012, dispone que la creación, modificación, disolución, clasificación, denominación y misión de los organismos de la Administración Central del Estado, se determinan por la Asamblea Nacional del Poder Popular o, en su caso, por el Consejo de Estado.

POR CUANTO: El Decreto-Ley nº 204, de 11 de enero de 2000, cambió la denominación del Ministerio de Comunicaciones por la de Ministerio de la Informática y las Comunicaciones, como consecuencia del proceso de reestructuración del Estado.

POR CUANTO: En el proceso de perfeccionamiento, reorganización y racionalización de los organismos de la Administración Central del Estado resulta necesario el cambio de denominación de este organismo, así como la modificación de su misión, centrándola en el aseguramiento del Sistema Único de Comunicaciones del País.

POR TANTO: El Consejo de Estado, en ejercicio de las atribuciones que le están conferidas por el inciso c) del Artículo 90 de la Constitución de la República de Cuba, resuelve dictar el siguiente

DECRETO-LEY Nº 308

ARTÍCULO 1.- Cambiar la denominación actual del Ministerio de la Informática y las Comunicaciones por la de Ministerio de Comunicaciones.

ARTÍCULO  2.- El Ministerio de Comunicaciones es el organismo encargado de proponer, y una vez aprobada, dirigir y controlar la política del Estado y el Gobierno para el Sistema Único de Comunicaciones del País, que comprende las telecomunicaciones, la informática, las radiocomunicaciones, los servicios postales, la automática para los sistemas de comunicaciones, la gestión del espectro radioeléctrico y el aseguramiento técnico y de soporte asociado, asegurando, desde tiempo de paz, la infraestructura y los servicios para la seguridad y la defensa nacional.

DISPOSICIÓN ESPECIAL

ÚNICA.- Todas las menciones que en la legislación vigente se hacen respecto al Ministerio de la Informática y las Comunicaciones se considerarán referidas al Ministerio de Comunicaciones, cuya denominación se establece en el presente Decreto-Ley.

DISPOSICIONES FINALES

PRIMERA: El Consejo de Ministros dentro de los treinta (30) días posteriores a la entrada en vigor del presente Decreto-Ley.

a. Establece las funciones específicas del Ministerio de Comunicaciones

b. Define la estructura del órgano central y la composición del sistema del Ministerio de Comunicaciones, así como el límite máximo de trabajadores y los cargos de dirección del órgano central.

c. Dictar cuantas disposiciones complementarias sean necesarias a los fines de lo dispuesto.

SEGUNDA: Se deroga el Decreto-Ley nº 204, de 11 de enero de 2000.

PUBLÍQUESE en la Gaceta Oficial de la República de Cuba-

DADO en el Palacio de la Revolución, en la Habana, a los 23 días del mes de febrero de 2013, “Año 55 de la Revolución”.

RAÚL CASTRO RUZ

Presidente del Consejo de Estado.

17Feb/18

Resolución nº 254/2013, de 1 de agosto, del Ministerio de Comunicaciones

Resolución nº 254/2013, de 1 de agosto, del Ministerio de Comunicaciones

POR CUANTO: El Acuerdo nº 7380 del Consejo de Ministros, de fecha 28 de febrero de 2013, en su numeral Cuarto apartado Primero, establece que el Ministerio de Comunicaciones tiene la función específica de ordenar, regular y controlar los servicios de telecomunicaciones, radiocomunicaciones e informáticos, nacionales e internacionales.

POR CUANTO: Entre los años 1988 al 2009 fueron emitidas resoluciones por el Ministro de Comunicaciones, e instrucciones del Director de Regulaciones y Normas de dicho organismo, que por el transcurso del tiempo han perdido su vigencia, son ineficaces y por tanto han quedado obsoletas; por lo que se hace necesario proceder a su derogación expresa.

POR TANTO: En el ejercicio de la facultad que me está conferida por el numeral Cuarto, apartado Tercero del Acuerdo nº 2817 del Comité Ejecutivo del Consejo de Ministros, de fecha 25 de noviembre de 1994;

 

RESUELVO:

 

PRIMERO: Derogar las resoluciones e instrucciones que en su momento fueron emitidas por nuestro Ministerio y que por el transcurso del tiempo han perdido vigencia, las cuales son:

1. Resolución nº 233, de fecha 17 de noviembre de 1988, que pone en vigor el Reglamento sobre la instauración de los servicios de facsímil en nuestro país en sus distintos modos de operación o servicio.

2. Resolución nº 21, de fecha 28 de febrero de 1992, que aprueba los Planes de Desarrollo de CUBACEL S.A.

3. Resolución nº 236, de fecha 17 de octubre de 1995, que aprueba el Plan de Inversión de la Empresa de Telecomunicaciones de Cuba, S.A. de 1996.

4. Resolución nº 262, de fecha 20 de diciembre de 1995, que aprueba tarifas del servicio de adiestramiento a telefonistas de pizarras telefónicas privadas, así como las concernientes a la instalación de tierras de protección de pizarras privadas y al mantenimiento y reparación a instalación de tierras de protección de pizarras privadas

5. Resolución nº 72, de fecha 10 de julio de 1996, que aprueba la aplicación gradual de la tarifa manual de llamadas de larga distancia nacional aprobada por el Comité Estatal de Precios.

6. Resolución nº 204, de fecha 20 de noviembre de 1996, que aprueba el Reglamento sobre la protección y seguridad técnica de los sistemas informáticos.

7. Resolución nº 57, de fecha 31 de marzo de 1997, sobre la formación de tarifas correspondientes a los servicios públicos de aplicaciones de mensajería, valores informativos nacionales e Intranet /Internet.

8. Resolución nº 64, de fecha 21 de abril de 1997, que aprueba la propuesta de Plan de Numeración Telegráfica, elaborado por la Empresa de Telecomunicaciones de Cuba, S.A. para la comunicación nacional e internacional de los abonados al servicio Telex y TGX

9. Resolución nº 65, de fecha 21 de abril de 1997, que aprueba la propuesta de Plan de Señalización Telegráfica y el Plan de Señalización Telex.

10. Resolución nº 2, de fecha 12 de enero de 2000, que aprueba el Plan de
Sincronización del servicio telefónico elaborado por la Empresa de Telecomunicaciones de Cuba, S.A.

11. Resolución nº 3, de fecha 12 de enero 2000, que aprueba la propuesta de Sistema de Señalización por Canal Común nº 7 elaborado por la Empresa de
Telecomunicaciones de Cuba, S.A. con carácter provisional.

12. Resolución nº 117, de fecha 24 de mayo de 2001, que aprueba requisitos de prestación de los servicios por TDATACUBA.

13. Resolución nº 136, de fecha 6 de julio de 2001, que aprueba las tarifas de
interconexión.

14. Resolución nº 191, de fecha 22 de noviembre de 2001, que aprueba las tarifas y precios de los servicios y productos de la Empresa MOVITEL, S.A.

15. Resolución nº 65, de fecha 21 de mayo de 2002, que aprueba el Plan de Indicadores de Calidad del Servicio para el 2002 que brindará la Empresa Radiocuba.

16. Resolución nº 81, de fecha 27 de junio de 2002, que aprueba la modificación del Indicador de Calidad relativo al Completamiento de Llamadas de Larga Distancia Nacional para el año 2002.

17. Resolución nº 112, de fecha 26 de agosto de 2002, que autoriza al Grupo de la Industria Electrónica, la Informática, la Automatización y las Comunicaciones, para coordinar la proyección, construcción, operación y comercialización de cables de fibra óptica submarinas de alcance nacional e internacional.

18. Resolución nº 74, de fecha 8 de julio de 2005, que aprueba la introducción de la Telefonía Fija Alternativa, para personal de colaboración médica en Venezuela cuya aplicación permite a los usuarios disponer de un teléfono fijo con acceso inalámbrico a través de la infraestructura de la red móvil y aprobar con carácter temporal las tarifas en pesos cubanos (CUP), para personal de colaboración médica en Venezuela.

19. Resolución nº 75, de fecha 8 de julio de 2005, que aprueba la introducción de la Telefonía Móvil Celular en pesos cubanos (CUP), aplicable para personal de colaboración médica en Venezuela, la que permite a sus clientes disponer de un teléfono móvil celular con acceso a través de la infraestructura de la red móvil y aprobar con carácter temporal las tarifas en pesos cubanos (CUP), para personal de colaboración médica en Venezuela.

20. Resolución nº 114, de fecha 2 de noviembre de 2005, que aprueba que la Empresa de Telecomunicaciones de Cuba, S.A., mantenga como Moneda Libremente Convertible el Dólar de los Estados Unidos de América (USD) en toda su actividad comercial, estableciendo una excepción con carácter provisional para las tarifas de Servicios de Transmisión de Datos y de tarjetas prepagadas los cuales utilizarán en calidad de moneda el Peso Convertible.

21. Resolución nº 33, de fecha 27 de marzo de 2006, que aprueba el Plan de Indicadores Directivos de Calidad de los Servicios Postales que brindará la Empresa Correos de Cuba durante el año 2006.

22. Resolución nº 101, de fechas 22 de junio de 2009, que establece que las estaciones terrenas móviles de Inmarsat cuyos gastos se sufraguen mediante patrocinio de la Empresa de Telecomunicaciones de Cuba, S.A.

 

SEGUNDO: Derogar las instrucciones del Director de Regulaciones y Normas siguientes:

1. Instrucción nº 2, de fecha 10 de marzo de 2005, que aprueba que las tarifas de la Empresa de Telecomunicaciones de Cuba, S.A. en las que la moneda de pago es el peso convertible puedan ser consideradas como valores máximos.

2. Instrucción nº 12, de fecha 8 de julio de 2005, que aprueba la propuesta de Contrato Temporal de Telefonía Fija Alternativa, con pago en pesos cubanos (CUP) para personal de colaboración medica en Venezuela, presentada por la Empresa de Telecomunicaciones de Cuba, S.A.

3. Instrucción nº 13, de fecha 8 de julio de 2005, que aprueba la propuesta de Contrato Temporal de Telefonía Móvil Celular, con pago en pesos cubanos (CUP) para personal de colaboración médica en Venezuela.

4. Instrucción nº 20, de fecha 5 de octubre de 2005, que aprueba el procedimiento para la instrumentación del Plan Anual de Transmisión de datos nacional e internacional para los Programas y Entidades Priorizadas (PEP).

5. Instrucción nº 10, de fecha 24 de agosto de 2006, que aprueba el Procedimiento PEP Servicio de Centro de Datos (DATACENTER).

6. Instrucción nº 5, de fecha 13 de mayo de 2008, que aprueba los requisitos de presentación por la Empresa de Telecomunicaciones de Cuba, S.A. del informe de cumplimiento de las Metas de Desarrollo y Calidad 2004-2008.
7. Instrucción nº 6, de fecha 13 de junio de 2008, que restituye la condición de
RADIOCUBA como único punto de Activación de Servicios y Proveedor de Servicios Inmarsat, y autoriza a la Empresa de Telecomunicaciones de Cuba, S.A. a que continúe prestando servicio a las 26 estaciones Inmarsat, que bajo el régimen de franquicia, ha autorizado el Ministerio de Comunicaciones.

 

COMUNÍQUESE a los viceministros, al Director de Regulaciones y Normas, a los directores generales de la Agencia de Control y Supervisión, de la Empresa de Radiocomunicación y Difusión de Cuba y de la Empresa MOVITEL, S.A.; al Presidente Ejecutivo de la Empresa de
Telecomunicaciones de Cuba S.A., al Presidente del Grupo Empresarial Correos de Cuba y al Presidente del Grupo de la Electrónica.

 

ARCHÍVESE el original en la Dirección Jurídica del Ministerio de Comunicaciones.

 

PUBLÍQUESE en la Gaceta Oficial de la República de Cuba.

 

Dada en La Habana, a los 1 días del mes de agosto de 2013.

Maimir Mesa Ramos
Ministro

17Oct/17

Act nº 41 of  14 July 2017. Commerce Commission (Budget Amendment) Act 2017

Act nº 41 of 2017. Commerce Commission (Budget Amendment) Act 2017

 

AN ACT

TO AMEND THE COMMERCE COMMISSION ACT 2010

ENACTED by the Parliament of the Republic of Fiji

 

Short title and commencement

 

1.-

(1) This Act may be cited as the Commerce Commission (Budget Amendment) Act 2017.

(2) This Act comes into force on 1 August 2017.

(3) In this Act, the Commerce Commission Act 2010 is referred to as the “Principal Act”.

 

Section 4 amended

 

2.- Section 4 of the Principal Act is amended by:

(a) in the definition of “authorisation”, deleting “under Part 11”;

(b) in the definition of “financial year”, deleting “commencing on 1 January” and substituting “which coincides with the financial year of the Government”;

(c) inserting the following new definition:

““market” means a market in Fiji and, when used in relation to any goods or services, includes a market for those goods or services and other goods or services that are substitutable for, or otherwise competitive with, the first mentioned goods or services;”;

(d) in the definition of “trade or commerce” after “activity”, inserting “within Fiji or between Fiji and places outside Fiji”; and

(e) deleting the definition of “trader” and substituting the following:

““trader” means any person who sells, has sold or proposes to sell any goods or who supplies or who carries on any service, whether for profit or not;”.

 

New sections 4A and 4B inserted

 

3.- The Principal Act is amended after section 4 by inserting the following new sections:

“Exclusionary provisions

4A.-

(1) A provision of a contract, arrangement or understanding, or of a proposed contract, arrangement or understanding, shall be taken to be an exclusionary provision for the purposes of this Act if:

(a) the contract or arrangement was made, or the understanding was arrived at, or the proposed contract or arrangement is to be made, or the proposed understanding is to be arrived at, between 2 or more persons that are competitive with each other; and

(b) the provision has the purpose of preventing, restricting or limiting:

(i) the supply of goods or services to, or the acquisition of goods or services from, particular persons or classes of persons; or

(ii) the supply of goods or services to, or the acquisition of goods or services from, particular persons or classes of persons in particular circumstances or on particular conditions,

by all or any of the parties to the contract, arrangement or understanding or of the proposed parties to the proposed contract, arrangement or understanding or, if a party or proposed party is a body corporate, by a body corporate that is related to the body corporate.

(2) Aperson shall be deemed to be competitive with another person for the purposes of subsection (1) if:

(a) the first mentioned person or a body corporate that is related to that person is, or is likely to be; or

(b) but for the provision of any contract, arrangement or understanding or of any proposed contract, arrangement or understanding, would be, or would likely be,

in competition with the other person, or with a body corporate that is related to the other person, in relation to the supply or acquisition of all or any of the goods or services to which the relevant provision of the contract, arrangement or understanding or of the proposed contract, arrangement or understanding relates.

Lessening of competition to include preventing or hindering competition

4B. For the purposes of this Act, references to the lessening of competition shall be read as including references to preventing or hindering competition.”.

 

Section 5 amended

 

4.- Section 5(2) of the Principal Act is amended by:

(a) in paragraph (c) after “;”, deleting “or”;

(b) in paragraph (d), deleting “.” and substituting “; or”; and

(c) after paragraph (d), inserting the following new paragraph:

“(e) the industry is engaged in the supply of any goods or services, where competition is lessened or likely to be limited as assessed and determined by the Commission.”.

 

New section 13 inserted

 

5.- The Principal Act is amended after section 12 by inserting the following new section:

“Meetings of the Commission

13.-

(1) Meetings of the Commission must be held at such times and places as the Chairperson appoints.

(2) Subject to subsection (3), the Chairperson must preside at each meeting of the Commission.

(3) In the event of the absence of the Chairperson from any meeting of the Commission, the Deputy Chairperson must preside at that meeting, and if both the Chairperson and the Deputy Chairperson are absent, the meeting must be presided over by a member who is nominated by the Chairperson, and failing any such nomination, the meeting must be presided over by a member appointed by the members present.

(4) At all meetings of the Commission, the quorum necessary for the transaction of business of the Commission is 3 members.

(5) All questions arising at any meeting of the Commission must be decided by a majority of votes of the members of the Commission present at the meeting.

(6) At a meeting of the Commission, the Chairperson and all members of the Commission present have the right to vote, and in the case of equality of votes, the Chairperson, or in the absence of the Chairperson the member presiding, has a casting vote.

(7) A resolution of the Commission in writing signed, or assented to by letter, facsimile, e-mail or such other electronic means as approved by the Commission, by a majority of the members of the Commission, is as valid and effectual as if it had been passed at a meeting of the Commission duly called and constituted.

(8) Subject to this Act, the Commission may regulate its own proceedings.”.

 

New section 18A inserted

 

6.- The Principal Act is amended after section 18 by inserting the following new section:

“Enforcement officers 18A.-

(1) The Minister may, from time to time, by written notice appoint enforcement officers to exercise any powers and functions rendered to the Commission under this Act or any other written law.

(2) A written notice issued under subsection (1) may be made to a specified person, committee or unit or to the holder for the time being of a specified office or to the holders of offices of a specified class.

(3) An appointment made under this section may be made subject to such restrictions and conditions as the Minister thinks fit, and may be made either generally or in relation to any particular case or class of cases.

(4) A person, committee or unit purporting to exercise any power by virtue of an appointment under this section must, when required to do so, produce evidence of authority to exercise the power.

(5) The Minister shall by notice in the Gazette publish the name of a person or names of persons appointed under this section.”.

 

Section 41 amended

 

7.- Section 41 of the Principal Act is amended by:

(a) after subsection (1), inserting the following new subsection:

“(1A) An authorisation for the price of controlled goods or services made under this Act or any subsidiary legislation shall be authorised by the Commission.”; and

(b) deleting subsection (3) and substituting the following— “(3) A person who acts or aids and abets another person to contravene this section commits an offence.”.

 

Section 42 amended

 

8.- Section 42 of the Principal Act is amended by deleting subsection (3) and substituting the following:

“(3) A person who acts or aids and abets another person to contravene this section commits an offence and is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $50,000 or imprisonment for a term not exceeding 10 years or both; or

(b) in the case of a body corporate, a fine not exceeding $100,000.”.

 

Section 45 amended

 

9.- Section 45 of the Principal Act is amended by deleting subsection (3) and substituting the followin:

“(3) A person who increases rent in contravention of subsection (1) or (2) commits an offence.”.

 

Section 53 amended

 

10.- Section 53 of the Principal Act is amended by deleting subsection (2) and substituting the following:

“(2) A person who acts or aids and abets another person to contravene this section commits an offence.”.

 

New section 55A inserted

 

11.- The Principal Act is amended after section 55 by inserting the following new section:

“Receipts

55A. A trader shall supply at the time of sale to every purchaser a receipt containing the following particulars and shall retain a copy of such receipt:

(a) the name, address and tax identification number of the trader;

(b) the date;

(c) the individual description of the goods or services;

(d) the quantity of goods or services;

(e) the price charged inclusive of any tax;

(f) other relevant requirements in any other written law; and

(g) such other particulars as the Commission may, with the approval of the Minister, by order require generally or with reference to certain goods or services, or classes of goods or services.”.

 

Section 56 amended

 

12.- Section 56(3) of the Principal Act is amended by deleting “3 years” and substituting “7 years”.

 

Section 59 amended

 

13.- The Principal Act is amended by deleting section 59 and substituting the following:

“Issue of fixed penalty notice

59.-

(1) Where the Commission has reason to believe that a person has committed an offence against section 41, 45, 52, 53, 54, 55, 55A, 56, 70, 71, 75, 77, 78, 83, 84, 85, 86, 87, 87E, 87F, 87G, 88, 112, 113, 114, 117 or 118, it shall be lawful for the Commission to institute proceedings in respect of the alleged commission of an offence by issuing upon that person a fixed penalty notice which shall require that person to pay such fixed penalty as prescribed by regulations.

(2) The Commission may serve a fixed penalty notice:

(a) personally upon the person; or

(b) if personal service of a fixed penalty notice cannot be practicably, conveniently or expediently effected, by sending the fixed penalty notice by prepaid registered post addressed to the last known place of abode or business of that person.

(3) The fixed penalty notice shall be in a form prescribed by regulations.

(4) If the person fails to make payment pursuant to subsection (1), the Commission may institute legal proceedings, subject to subsection (6), and the person is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $50,000 or imprisonment for a term not exceeding 10 years or both; or

(b) in the case of a body corporate, a fine not exceeding $250,000.

(5) The liability of a person in criminal proceedings shall not be a bar to another person seeking civil remedies against the first mentioned person.

(6) Proceedings instituted by a fixed penalty notice may be pursued in accordance with Division 4 of Part 7 of the Criminal Procedure Act 2009.”.

 

Section 88 amended

 

14.- Section 88 of the Principal Act is amended after subsection (1) by inserting the following new subsection:

“(1A) Where payment or other consideration has been accepted, the onus shall lie on the person who accepts payment or other consideration for goods or services to prove that at the time of acceptance, the person intended to supply the goods or services in respect of which payment or other consideration was accepted.”.

 

Section 119 amended

 

15.- Section 119 of the Principal Act is amended by:

(a) in subsection (4):

(i) deleting “A” and substituting “Subject to subsection (10), a”; and

(ii) deleting “, is guilty of an offence under this Act. If the offender is a natural person $1,000 and imprisonment for 12 months and if the offender is a body corporate $5,000”;

(b) after subsection (4), deleting subsections (5) and (6) and substituting the following:

“(4A) Any person who contravenes subsection (4) commits an offence and is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both; or

(b) in the case of a body corporate, a fine not exceeding $50,000.

(5) A requisition made under subsection (1) shall be made in a prescribed form which specifically states that any and all information furnished by the person including information incriminating that person shall be admissible in evidence against that person in proceedings in any court of competent jurisdiction or tribunal.

(6) Subject to subsection (5), if in response to a requisition authorised by subsection (1) a person furnishes information that would tend to incriminate that person in relation to any offence, the information furnished shall be admissible in evidence against that person in proceedings in any court of competent jurisdiction or tribunal.”; and

(c) deleting subsection (12) and substituting the following:

“(12) A person who contravenes this section commits an offence and is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both; or

(b) in the case of a body corporate, a fine not exceeding $50,000.”.

 

Section 120 amended

 

16.- Section 120 of the Principal Act is amended by:

(a) in subsection (2), deleting the following:

“Penalty:

(a) if the offender is a natural person $1,000 and imprisonment for 12 months;

(b) if the offender is a body corporate $5,000.”; and

(b) after subsection (2), inserting the following new subsection:

“(3) A person who contravenes subsection (2) commits an offence and is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both; or

(b) in the case of a body corporate, a fine not exceeding $50,000.”.

 

Section 121 amended

 

17.- Section 121 of the Principal Act is amended by:

(a) in subsection (3), deleting the following:

“Penalty:

(a) if the offender is a natural person $1,000;

(b) if the offender is a body corporate $5,000.”; and

(b) after subsection (3), inserting the following new subsection:

“(4) A person who contravenes subsection (3) commits an offence and is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both; or

(b) in the case of a body corporate, a fine not exceeding $50,000.”.

 

Section 121A amended

 

18.- Section 121A of the Principal Act is amended by:

(a) in subsection (1), deleting the following:

“Penalty:

(a) if the offender is a natural person $1,000 and imprisonment for 12 months;

(b) if the offender is a body corporate $5,000.”;

(b) after subsection (1), inserting the following new subsection:

“(1A) A person who contravenes subsection (1) commits an offence and is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both; or

(b) in the case of a body corporate, a fine not exceeding $50,000.”;

(c) in subsection (2), deleting the following:

“Penalty:

(a) if the offender is a natural person $1,000 and imprisonment for 12 months;

(b) if the offender is a body corporate $5,000.”; and

(d) after subsection (2), inserting the following new subsection:

“(2A) A person who contravenes subsection (2) commits an offence and is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both; or

(b) in the case of a body corporate, a fine not exceeding $50,000.”.

 

Section 124 amended

 

19.- Section 124(1)(c) of the Principal Act is amended by deleting “section 20(2)” and substituting “section 20(1) and (2)”.

 

New section 127 inserted

 

20.- The Principal Act is amended after section 126 by inserting the following new section:

“Enforcement of undertakings

127.-

(1) The Commission may accept a written undertaking given by a person for the purposes of this section in connection with a matter in relation to which the Commission has a power or function under this Act.

(2) The Commission may accept a written undertaking given by a person for the purposes of this section in connection with a clearance or an authorisation.

(3) The person, with the prior written consent of the Commission, may withdraw or vary the undertaking at any time.

(4) A person who breaches any term or condition of an undertaking given under this section commits an offence.

(5) Notwithstanding subsection (4), if the Commission considers that the person who gave the undertaking has breached any of its terms or conditions, the Commission may apply to any court of competent jurisdiction for an order under subsection (6).

(6) If the court of competent jurisdiction is satisfied that the person has breached a term or condition of the undertaking, the court of competent jurisdiction may make any of the following orders:

(a) an order directing the person to comply with that term or condition of the undertaking;

(b) an order directing the person to pay the Commission an amount up to the amount of any financial benefit, as determined by the Commission, that the person has obtained directly or indirectly and that is reasonably attributable to the breach;

(c) any order that the court of competent jurisdiction considers appropriate directing the person to compensate any other person who has suffered loss or damage as a result of the breach; or

(d) any other order that the court of competent jurisdiction considers appropriate.”.

 

Section 129 amended

 

21.- Section 129 of the Principal Act is amended by:

(a) in subsection (1), deleting “$10,000” and substituting “$1 million”;

(b) deleting subsection (1A) and substituting the following:

“(1A) Subject to subsections (2) and (3), a person who commits an offence under this Act for which no other penalty is provided is liable upon conviction to a fine not exceeding $10,000 for a first offence and $100,000 for a second or subsequent offence, or imprisonment for a term not exceeding 10 years or both.”; and

(c) in subsection (2), deleting “3 years” and substituting “10 years”.

 

Section 130 amended

 

22.- Section 130(1)(c) of the Principal Act is amended by deleting “shall be liable to a penalty not less than $1,000” and substituting “is liable upon conviction to a fine not exceeding $1,000”.

 

Section 150 amended

 

23.- Section 150 of the Principal Act is amended by:

(a) in subsection (8):

(i) deleting “ ” and substituting “.”; and

(ii) deleting the following:

“Penalty:

(a) in the case of a natural person $2,000;

(b) in the case of a body corporate $10,000.”;

(b) deleting subsection (9) and substituting the following—:

“(9) A person who contravenes subsection (8) commits an offence and is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both; or

(b) in the case of a body corporate, a fine not exceeding $50,000.

(10) In addition to subsection (9), a person who contravenes subsection (8) and commits an offence in relation to the contravention of an order is liable upon conviction to:

(a) in the case of a natural person, a fine not exceeding $1,000; or

(b) in the case of a body corporate, a fine not exceeding $5,000,

for each day after the service of the order during any part of which that contravention continues.”.

 

Section 158 amended

 

24.- Section 158(1)(c)(i) of the Principal Act is amended by:

(a) deleting “$5,000” and substituting “$50,000”; and

(b) deleting “$10,000” and substituting “$100,000”.

 

New section 160A inserted

 

25.- The Principal Act is amended after section 160 by inserting the following new section:

“Amendment of all references to the Commission

160A. All written laws and all State documents of any nature whatsoever (including the titles of any written law) are amended by deleting “Fiji Commerce Commission” and “Commerce Commission” wherever they appear and substituting “Fijian Competition and Consumer Commission”, unless the context otherwise requires.”.

 

Passed by the Parliament of the Republic of Fiji this 14th day of July 2017.

 

K. KONROTE

President

 

22Sep/17

Constitution of the Syrian Arab Republic – 2012

Preamble

Arab civilization, which is part of human heritage, has faced through its long history great challenges aimed at breaking its will and subjecting it to colonial domination, but it has always rose through its own creative abilities to exercise its role in building human civilization.

The Syrian Arab Republic is proud of its Arab identity and the fact that its people are an integral part of the Arab nation. The Syrian Arab Republic embodies this belonging in its national and pan-Arab project and the work to support Arab cooperation in order to promote integration and achieve the unity of the Arab nation.

The Syrian Arab Republic considers international peace and security a key objective and a strategic choice, and it works on achieving both of them under the International Law and the values of right and justice.

The Syrian Arab role has increased on the regional and international levels over the past decades, which has led to achieving human and national aspirations and achievements in all fields and domains. Syria has occupied an important political position as it is the beating heart of Arabism, the forefront of confrontation with the Zionist enemy and the bedrock of resistance against colonial hegemony on the Arab world and its capabilities and wealth. The long struggle and sacrifices of our people for the sake of its independence, progress and national unity has paved the way for building the strong state and promoting cohesion between the people and their Syrian Arab army which is the main guarantor and protector of the homeland’s sovereignty, security, stability and territorial integrity; thus, forming the solid foundation of the people’s struggle for liberating all occupied territories.

The Syrian society with all its components and constituents and through its popular, political and civil institutions and organizations, has managed to accomplish achievements that demonstrated the depth of civilizational accumulation represented by the Syrian society, its unwavering will and its ability to keep pace with the changes and to create the appropriate environment to maintain its human role as a historical and effective power in the march of human civilization.

Since the beginning of the 21st century, Syria, both as people and institutions had faced the challenge of development and modernization during tough regional and international circumstances which targeted its national sovereignty. This has formed the incentive to accomplish this Constitution as the basis for strengthening the rule of law.

The completion of this Constitution is the culmination of the people’s struggle on the road to freedom and democracy. It is a real embodiment of achievements, a response to shifts and changes, an evidence of organizing the march of the state towards the future, a regulator of the movement of its institutions and a source of legislation. All of this is attainable through a system of fundamental principles that enshrines independence, sovereignty and the rule of the people based on election, political and party pluralism and the protection of national unity, cultural diversity, public freedoms, human rights, social justice, equality, equal opportunities, citizenship and the rule of law, where the society and the citizen are the objective and purpose for which every national effort is dedicated. Preserving the dignity of the society and the citizen is an indicator of the civilization of the country and the prestige of the state.

Title I.- Basic Principles

Chapter I.- Political Principles

Article 1

The Syrian Arab Republic is a democratic state with full sovereignty, indivisible, and may not waive any part of its territory, and is part of the Arab homeland; The people of Syria are part of the Arab nation.

Article 2

The system of governance in the state shall be a republican system; Sovereignty is an attribute of the people; and no individual or group may claim sovereignty. Sovereignty shall be based on the principle of the rule of the people by the people and for the people; The People shall exercise their sovereignty within the aspects and limits prescribed in the Constitution.

Article 3

The religion of the President of the Republic is Islam; Islamic jurisprudence shall be a major source of legislation; The State shall respect all religions, and ensure the freedom to perform all the rituals that do not prejudice public order; The personal status of religious communities shall be protected and respected.

Article 4

The official language of the state is Arabic.

Article 5

The capital of the state is Damascus.

Article 6

The flag of the Syrian Arab Republic consists of three colors: red, white and black, in addition to two stars, each with five heads of green color. The flag is rectangular in shape; its width equals two thirds of its length and consists of three rectangles evenly spaced along the flag, the highest in red, the middle in white and lowest in black, and the two stars are in the middle of the white rectangle; The law identifies the state’s emblem, its national anthem and the respective provisions.

Article 7

The constitutional oath shall be as follows: “I swear by the Almighty God to respect the country’s constitution, laws and Republican system, to look after the interests and freedoms of the people, to safeguard the homeland’s sovereignty, independence, freedom and to defend its territorial integrity and to act in order to achieve social justice and the unity of the Arab Nation”.

Article 8

1. The political system of the state shall be based on the principle of political pluralism, and exercising power democratically through the ballot box;

2. Licensed political parties and constituencies shall contribute to the national political life, and shall respect the principles of national sovereignty and democracy;

3. The law shall regulate the provisions and procedures related to the formation of political parties;

4. Carrying out any political activity or forming any political parties or groupings on the basis of religious, sectarian, tribal, regional, class-based, professional, or on discrimination based on gender, origin, race or color may not be undertaken;

5. Public office or public money may not be exploited for a political, electoral or party interest.

Article 9

As a national heritage that promotes national unity in the framework of territorial integrity of the Syrian Arab Republic, the Constitution shall guarantee the protection of cultural diversity of the Syrian society with all its components and the multiplicity of its tributaries.

Article 10

Public organizations, professional unions and associations shall be bodies that group citizens in order to develop society and attain the interests of its members. The State shall guarantee the independence of these bodies and the right to exercise public control and participation in various sectors and councils defined in laws; in areas which achieve their objectives, and in accordance with the terms and conditions prescribed by law.

Article 11

The army and the armed forces shall be a national institution responsible for defending the security of the homeland and its territorial integrity. This institution shall be in the service of the people’s interests and the protection of its objectives and national security.

Article 12

Democratically elected councils at the national or local level shall be institutions through which citizens exercise their role in sovereignty, state-building and leading society.

Chapter II.- Economic Principles

Article 13

1. The national economy shall be based on the principle of developing public and private economic activity through economic and social plans aiming at increasing the national income, developing production, raising the individual’s living standards and creating jobs;

2. Economic policy of the state shall aim at meeting the basic needs of individuals and society through the achievement of economic growth and social justice in order to reach comprehensive, balanced and sustainable development;

3. The State shall guarantee the protection of producers and consumers, foster trade and investment, prevent monopoly in various economic fields and work on developing human resources and protecting the labor force in a way that serves the national economy.

Article 14

Natural resources, facilities, institutions and public utilities shall be publicly owned, and the state shall invest and oversee their management for the benefit of all people, and the citizens’ duty is to protect them.

Article 15

Collective and individual private ownership shall be protected in accordance with the following basis:

1. General confiscation of funds shall be prohibited;

2. Private ownership shall not be removed except in the public interest by a decree and against fair compensation according to the law;

3. Confiscation of private property shall not be imposed without a final court ruling;

4. Private property may be confiscated for necessities of war and disasters by a law and against fair compensation;

5. Compensation shall be equivalent to the real value of the property.

Article 16

The law shall determine the maximum level of agricultural ownership and agricultural investment to ensure the protection of the farmer and the agricultural laborer from exploitation and to ensure increased production.

Article 17

The right of inheritance shall be maintained in accordance with the law.

Article 18

1. Taxes, fees and overhead costs shall not be imposed except by a law;

2. The tax system shall be based on a fair basis; and taxes shall be progressive in a way that achieves the principles of equality and social justice.

Chapter III.- Social Principles

Article 19

Society in the Syrian Arab Republic shall be based on the basis of solidarity, symbiosis and respect for the principles of social justice, freedom, equality and maintenance of human dignity of every individual.

Article 20

1. The family shall be the nucleus of society and the law shall maintain its existence and strengthen its ties;

2. The state shall protect and encourage marriage, and shall work on removing material and social obstacles that hinder it. The state shall also protect maternity and childhood, take care of young children and youth and provide the suitable conditions for the development of their talents.

Article 21

Martyrdom for the sake of the homeland shall be a supreme value, and the State shall guarantee the families of the martyrs in accordance with the law.

Article 22

1. The state shall guarantee every citizen and his family in cases of emergency, sickness, disability, orphan-hood and old age;

2. The state shall protect the health of citizens and provide them with the means of prevention, treatment and medication.

Article 23

The state shall provide women with all opportunities enabling them to effectively and fully contribute to the political, economic, social and cultural life, and the state shall work on removing the restrictions that prevent their development and participation in building society.

Article 24

The state shall shoulder, in solidarity with the community, the burdens resulting from natural disasters.

Article 25

Education, health and social services shall be the basic pillars for building society, and the state shall work on achieving balanced development among all regions of the Syrian Arab Republic.

Article 26

1. Public service shall be a responsibility and an honor the purpose of which is to achieve public interest and to serve the people;

2. Citizens shall be equal in assuming the functions of public service, and the law shall determine the conditions of assuming such functions and the rights and duties assigned to them.

Article 27

Protection of the environment shall be the responsibility of the state and society and it shall be the duty of every citizen.

Chapter IV.- Educational and Cultural Principles

Article 28

The educational system shall be based on creating a generation committed to its identity, heritage, belonging and national unity.

Article 29

1. Education shall be a right guaranteed by the state, and it is free at all levels. The law shall regulate the cases where education could not be free at universities and government institutes;

2. Education shall be compulsory until the end of basic education stage, and the state shall work on extending compulsory education to other stages;

3. The state shall oversee education and direct it in a way that achieves the link between it and the needs of society and the requirements of development;

4. The law shall regulate the state’s supervision of private educational institutions.

Article 30

Physical education shall be an essential pillar in building society; and the state shall encourage it to prepare a generation which is physically, morally and intellectually fit.

Article 31

The state shall support scientific research and all its requirements, ensure the freedom of scientific, literary, artistic and cultural creativity and provide the necessary means for that end. The state shall provide any assistance for the progress of sciences and arts, and shall encourage scientific and technical inventions, creative skills and talents and protect their results.

Article 32

The state shall protect antiquities, archaeological and heritage sites and objects of artistic, historical and cultural value.

Title II.- Rights, Freedoms and the Rule of Law

Chapter I.- Rights and Freedoms

Article 33

1. Freedom shall be a sacred right and the state shall guarantee the personal freedom of citizens and preserve their dignity and security;

2. Citizenship shall be a fundamental principle which involves rights and duties enjoyed by every citizen and exercised according to law;

3. Citizens shall be equal in rights and duties without discrimination among them on grounds of sex, origin, language, religion or creed;

4. The state shall guarantee the principle of equal opportunities among citizens.

Article 34

Every citizen shall have the right to participate in the political, economic, social and cultural life and the law shall regulate this.

Article 35

Every citizen shall be subjected to the duty of respecting the Constitution and laws.

Article 36

1. The inviolability of private life shall be protected by the law;

2. Houses shall not be entered or inspected except by an order of the competent judicial authority in the cases prescribed by law.

Article 37

Confidentiality of postal correspondence, telecommunications and radio and other communication shall be guaranteed in accordance with the law.

Article 38

1. No citizen may be deported from the country, or prevented from returning to it;

2. No citizen may be extradited to any foreign entity;

3. Every citizen shall have the right to move in or leave the territory of the state, unless prevented by a decision from the competent court or the public prosecution office or in accordance with the laws of public health and safety.

Article 39

Political refugees shall not be extradited because of their political beliefs or for their defense of freedom.

Article 40

1. Work shall be a right and a duty for every citizen, and the state shall endeavor to provide for all citizens, and the law shall organize work, its conditions and the workers’ rights;

2. Each worker shall have a fair wage according to the quality and output of the work; this wage shall be no less than the minimum wage that ensures the requirements of living and changes in living conditions;

3. The state shall guarantee social and health security of workers.

Article 41

Payment of taxes, fees and public costs shall be a duty in accordance with the law.

Article 42

1. Freedom of belief shall be protected in accordance with the law;

2. Every citizen shall have the right to freely and openly express his views whether in writing or orally or by all other means of expression.

Article 43

The state shall guarantee freedom of the press, printing and publishing, the media and its independence in accordance with the law.

Article 44

Citizens shall have the right to assemble, peacefully demonstrate and to strike from work within the framework of the Constitution principles, and the law shall regulate the exercise of these rights.

Article 45

Freedom of forming associations and unions shall be based on a national basis, for lawful purposes and by peaceful means which are guaranteed in accordance with the terms and conditions prescribed by law.

Article 46

1. Compulsory military service shall be a sacred duty and is regulated by a law;

2. Defending the territorial integrity of the homeland and maintaining the secrets of state shall be a duty of every citizen.

Article 47

The state shall guarantee the protection of national unity, and the citizens’ duty is to maintain it.

Article 48

The law shall regulate the Syrian Arab citizenship.

Article 49

Election and referendum are the right and duty of the citizens and the law shall regulate their exercise.

Chapter II.- The Rule of Law

Article 50

The rule of law shall be the basis of governance in the state.

Article 51

1. Punishment shall be personal; no crime and no punishment except by a law;

2. Every defendant shall be presumed innocent until convicted by a final court ruling in a fair trial;

3. The right to conduct litigation and remedies, review, and the defense before the judiciary shall be protected by the law, and the state shall guarantee legal aid to those who are incapable to do so, in accordance with the law;

4. Any provision of the law shall prohibit the immunity of any act or administrative decision from judicial review.

Article 52

Provisions of the laws shall only apply to the date of its commencement and shall not have a retroactive effect, and it may apply otherwise in matters other than criminal.

Article 53

1. No one may be investigated or arrested, except under an order or decision issued by the competent judicial authority, or if he was arrested in the case of being caught in the act, or with intent to bring him to the judicial authorities on charges of committing a felony or misdemeanor;

2. No one may be tortured or treated in a humiliating manner, and the law shall define the punishment for those who do so;

3. Any person who is arrested must be informed of the reasons for his arrest and his rights, and may not be incarcerated in front of the administrative authority except by an order of the competent judicial authority;

4. Every person sentenced by a final ruling, carried out his sentence and the ruling proved wrong shall have the right to ask the state for compensation for the damage he suffered.

Article 54

Any assault on individual freedom, on the inviolability of private life or any other rights and public freedoms guaranteed by the Constitution shall be considered a punishable crime by the law.

Title III.- State Authorities

Chapter I.- Legislative Authority

Article 55

The legislative authority of the state shall be assumed by the People’s Assembly in accordance with the manner prescribed in the Constitution.

Article 56

The People’s Assembly term shall be for four calendar years from the date of its first meeting and it may not be extended except in case of war by a law.

Article 57

Members of the People’s Assembly shall be elected by the public, secret, direct and equal vote in accordance with the provisions of the Election Law.

Article 58

A member of the People’s Assembly shall represent the whole people, and his/her commission may not be defined by a restriction or condition, and shall exercise duties under the guidance of hi/hers honor and conscience.

Article 59

Voters shall be the citizens who have completed eighteen years of age and met the conditions stipulated in the Election Law.

Article 60

1. The system of electing members of the People’s Assembly, their number and the conditions to be met by the candidates shall be determined by a law;

2. Half of the members of the People’s Assembly at least shall be of the workers and farmers, and the law shall state the definition of the worker and the farmer.

Article 61

The Election Law shall include the provisions that ensure:

1. The freedom of voters to choose their representatives and the safety and integrity of the electoral procedures;

2. The right of candidates to supervise the electoral process;

3. Punishing those who abuse the will of the voters;

4. Identifying the regulations of financing election campaigns;

5. Organizing the election campaign and the use of media outlets.

Article 62

1. Elections shall be held during the sixty days preceding the expiry date of the mandate of the People’s Assembly term;

2. The People’s Assembly shall continue its meetings if no other Assembly is elected and it shall remain in place until a new Assembly is elected.

Article 63

If the membership of a member of the People’s Assembly is vacant for some reason, an alternative shall be elected within sixty days from the date of the membership vacancy, provided that the remaining term of the Assembly is no less than six months. The membership of the new member shall end by the expiry date of the mandate of the Assembly’s term, and the Election Law shall determine the cases of vacant membership.

Article 64

1. The People’s Assembly shall be called to convene by a decree issued by the President of the Republic within fifteen days from the expiry date of the mandate of the existing Assembly or from the date of announcing the election results in case of not having such an Assembly. The People’s Assembly shall be definitely convened on the sixteenth day if the call-to-convene decree is not issued;

2. The Assembly shall elect, at its first meeting, its speaker and members who shall be annually re-elected.

Article 65

1. The Assembly shall call for three regular sessions per year; the total of which should not be less than six months, and the Assembly’s rules of procedure shall set the time and duration of each of them;

2. The Assembly may be invited to extraordinary sessions upon the request of the Speaker, one third of the members of the Assembly or the Assembly’s office;

3. The last legislative session of the year shall remain open until the approval of the state budget.

Article 66

1. The Supreme Constitutional Court shall have jurisdiction to consider appeals related to the elections of the members of the People’s Assembly.

2. Appeals shall be submitted by the candidate within three days from the date of announcing the results; and the court shall decide its final judgments within seven days from the expiry date of submitting appeals.

Article 67

Members of the People’s Assembly shall swear-in the constitutional oath mentioned in Article 7 of the Constitution.

Article 68

The emoluments and compensations of members of the People’s Assembly shall be determined by a law.

Article 69

The People’s Assembly shall put its rules of procedure to regulate the manner of working in it and the way of exercising its functions, and define terms of reference of the Assembly’ office.

Article 70

Members of the People’s Assembly shall not be questioned in a civil or criminal manner because of events or opinions they express or during a vote in public or private meetings and during the work of the committees.

Article 71

Members of the People’s Assembly shall enjoy immunity for the mandate duration of the Assembly. Criminal proceedings against any member of them shall be taken after having a prior permission from the Assembly unless caught in the act. In non-session cases, permission shall be taken from the Assembly’s office, and the Assembly shall be notified by any action taken at its first meeting.

Article 72

1. No member may take advantage of membership in any business;

2. The law shall specify the business which may not be combined with the membership in the Assembly.

Article 73

1. The speaker of the People’s Assembly shall represent the Assembly, sign and speak on its behalf;

2. The People’s Assembly shall have special guards under the authority of the Speaker of the Assembly; and no armed force may enter the Assembly without the permission of its Speaker.

Article 74

Members of the People’s Assembly shall exercise the right of proposing laws and directing questions and inquiries to the cabinet or a minister in accordance with the rules of procedure of the Assembly.

Article 75

The People’s Assembly undertakes the following functions:

1. Approval of laws;

2. Discussing the statement of the cabinet;

3. Perform a vote of no-confidence in the cabinet or a minister;

4. Approval of the general budget and final accounts;

5. Approval of development plans;

6. Approval of international treaties and conventions related to the safety of the state, including treaties of peace, alliance and all treaties related to the rights of sovereignty or conventions which grant privileges to foreign companies or institutions as well as treaties and conventions entailing additional expenses not included in its budget; or treaties and conventions related to loans’ contract or that are contrary to the provisions of the laws in force and requires new legislation which should come into force;

7. Approval of a general amnesty;

8. Accepting or rejecting the resignation of one of the members of the Assembly.

Article 76

1. The Prime Minister shall present the cabinet’s statement within thirty days from the date of its formation to the People’s Assembly for discussion;

2. The cabinet shall be responsible for the implementation of its statement before the People’s Assembly;

3. If the Assembly is not in a regular session, it shall be invited to convene an extraordinary session.

Article 77

1. A vote of no-confidence can only be conducted after the cabinet or one of its ministers is questioned in the Assembly; a vote of no-confidence should be upon a proposal made by at least a fifth of the members of the People’s Assembly and it must be obtained with a majority of the members;

2. If a vote of no-confidence is obtained, the Prime Minister shall submit the cabinet’s resignation to the President, so should the minister who got a vote of no-confidence.

Article 78

The Assembly might form temporary committees from among its members to collect information and find facts on the issues related to exercising its authorities.

Article 79

1. For every fiscal year there shall be one budget; and the beginning of fiscal year shall be determined by a law;

2. The law states the method of preparing the state’s general budget;

3. The draft budget should be presented to the people’s Assembly at least two months before the beginning of the fiscal year.

Article 80

1. The Assembly votes on the budget title by title; and the budget shall not enter into force unless approved by the Assembly;

2. If the Assembly did not complete the process of approving the budget until the beginning of the new fiscal year, the budget of the previous years is used until the new year budget is approved and the revenues are collected in accordance with the laws and regulations in force;

3. Appropriations cannot be transferred from one title to another except according to the provisions of the law;

4. The Assembly might not increase the estimates of total revenues or expenditures while examining the budget.

Article 81

The people’s Assembly might, after approving the budget, approve laws which could create new expenditures and new revenues to cover them.

Article 82

The final accounts of the fiscal year shall be presented to the People’s Assembly within a period not longer than one year as of the end of this year. The final account is done by a law; and the same procedures in approving the budget apply to the final account period.

Chapter Two.- The Executive Authority

(1) The President of the Republic

Article 83

The President of the Republic and the Prime Minister exercise executive authority on behalf of the people within the limits provided for in the constitution.

Article 84

The candidate for the office of President of the Republic should:

1. Have completed forty years of age;

2. Be of Syrian nationality by birth, of parents who are of Syrian nationality by birth;

3. Enjoy civil and political rights and not convicted of a dishonorable felony, even if he was reinstated;

4. Not be married to a non-Syrian wife;

5. Be a resident of the Syrian Arab Republic for no less than 10 years continuously upon being nominated.

Article 85

The nomination of a candidate for the office of President of the Republic shall be as follows:

1. The Speaker of the People’s Assembly calls for the election of the President of the Republic before the end of the term of office of the existing president by no less than 60 days and no more than 90 days;

2. The candidacy application shall be made to the Supreme Constitutional Court, and is entered in a special register, within 10 days of announcing the call for electing the president;

3. The candidacy application shall not be accepted unless the applicant has acquired the support of at least 35 members of the People’s Assembly; and no member of the assembly might support more than one candidate;

4. Applications shall be examined by the Supreme Constitutional Court; and should be ruled on within 5 days of the deadline for application;

5. If the conditions required for candidacy were met by only one candidate during the period set for applying, the Speaker of the people’s assembly should call for fresh nominations according to the same conditions.

Article 86

1. The President of the Republic shall be elected directly by the people;

2. The candidate who wins the election for the President of the Republic is the one who gets the absolute majority of those who take part in the elections. If no candidate receives that majority, a rerun is carried out between the two candidates who receive the largest number of votes;

3. The results shall be announced by the Speaker of the People’s Assembly.

Article 87

1. If the People’s Assembly was dissolved during the period set for electing a new President of the Republic, the existing President of the Republic continues to exercise his duties until after the new Assembly is elected and convened; and the new President of the Republic shall be elected within the 90 days which follow the date of convening this Assembly;

2. If the term of the President of the Republic finished and no new president was elected, the Existing President of the Republic continues to assume his duties until the new president is elected.

Article 88

The President of the Republic is elected for 7 years as of the end of the term of the existing President. The President can be elected for only one more successive term.

Article 89

1. The Supreme Constitutional Court has the jurisdiction to examine the challenges to the election of the President of the Republic;

2. The challenges shall be made by the candidate within 3 days of announcing the results; and the court rules on them finally within 7 days of the end of the deadline for making the challenges.

Article 90

The President of the Republic shall be sworn in before the People’s Assembly before assuming his duties by repeating the constitutional oath mentioned in Article 7 of the Constitution.

Article 91

1. The President of the Republic might name one or more deputies and delegate to them some of his authorities;

2. The Vice-president is sworn in before the President of the Republic by repeating the constitutional oath mentioned in Article 7 of the Constitution.

Article 92

If an impediment prevented the President of the Republic from continuing to carry out his duties, the Vice-president shall deputize for him.

Article 93

1. If the office of the President of the Republic becomes vacant or if he is permanently incapacitated, the first Vice-president assumes the President’s duties for a period of no more than 90 days of the President of the Republic’s office becoming vacant. During this period new presidential elections shall be conducted;

2. If the office of the President of the Republic becomes vacant, and he does not have a Vice-president, his duties shall be assumed temporarily by the Prime Minister for a period of no more than 90 days of the date of the President of the Republic’s office becoming vacant. During this period new presidential elections shall be conducted.

Article 94

If the President of the Republic resigned from office, he should address the resignation letter to the People’s Assembly.

Article 95

The protocol, privileges and allocations required for the office of President of the Republic shall be set out in a law.

Article 96

The President of the Republic shall insure respect for the Constitution, the regular running of public authorities, protection of national unity and survival of the state.

Article 97

The President of the Republic shall name the Prime Minister, his deputies, ministers and their deputies, accept their resignation and dismiss them from office.

Article 98

In a meeting chaired by him, the President of the Republic lays down the general policy of the state and oversees its implementation.

Article 99

The President of the Republic might call the Council of Ministers to a meeting chaired by him; and might ask for reports from the Prime Minister and the ministers.

Article 100

The President of the Republic shall pass the laws approved by the People’s Assembly. He might also reject them through a justified decision within one month of these laws being received by the Presidency. If they are approved a second time by the People’s Assembly with a two thirds majority, they shall be passed by the President of the Republic.

Article 101

The President of the Republic shall pass decrees, decisions and orders in accordance with the laws.

Article 102

The President of the Republic declares war, calls for general mobilization and concludes peace agreements after obtaining the approval of the People’s Assembly.

Article 103

The President of the Republic declares the state of emergency and repeals it in a decree taken at the Council of Ministers chaired by him with a two thirds majority, provided that the decree is presented to the People’s Assembly in its first session. The law sets out the relevant provisions.

Article 104

The President of the Republic accredits heads of diplomatic missions in foreign countries and accepts the credentials of heads of foreign diplomatic missions in the Syrian Arab Republic.

Article 105

The President of the Republic is the Commander in Chief of the army and armed forces; and he issues all the decisions necessary to exercise this authority. He might delegate some of these authorities.

Article 106

The President of the Republic appoints civilian and military employees and ends their services in accordance with the law.

Article 107

The President of the Republic concludes international treaties and agreements and revokes them in accordance with provisions of the Constitution and rules of international law.

Article 108

The President of the Republic grants special amnesty and might reinstate individuals.

Article 109

The President of the Republic has the right to award medals and honors.

Article 110

The President of the Republic might address letters to the People’s Assembly and make statements before it.

Article 111

1. The President of the Republic might decide to dissolve the People’s Assembly in a justified decision he makes;

2. Elections for a new People’s Assembly shall be conducted within 60 days of the date of dissolution;

3. The People’s Assembly might not be dissolved more than once for the same reason.

Article 112

The President of the Republic might prepare draft laws and refer them to the People’s Assembly to consider them for approval.

Article 113

1. The President of the Republic assumes the authority of legislation when the People’s Assembly is not in session, or during sessions if absolute necessity requires this, or in the period during which the Assembly is dissolved.

2. These legislation shall be referred to the Assembly within 15 days of its first session;

3. The Assembly has the right to revoke such legislation or amend them in a law with a majority of two thirds of the members registered for attending the session, provided it is no less than the absolute majority of all its members. Such amendment or revocation shall not have a retroactive effect. If they are not amended or revoked, they shall be considered approved.

Article 114

If a grave danger and a situation threatening national unity, the safety and integrity of the territories of the homeland occurs, or prevents state institutions from shouldering their constitutional responsibilities, the President of the Republic might take the quick measures necessitated by these circumstances to face that danger.

Article 115

The President of the Republic might set up special bodies, councils and committees whose tasks and mandates are set out in the decisions taken to create them.

Article 116

The President of the Republic might call for a referendum on important issues which affect the higher interests of the country. The result of the referendum shall be binding and come into force as of the date of its announcement; and it shall be published by the President of the Republic.

Article 117

The President of the Republic is not responsible for the acts he does in carrying out his duties except in the case of high treason; and the accusation should be made through a People’s Assembly decision taken by the Assembly in a public vote and with a two thirds majority in a secret session based on a proposal made by at least one third of the members. He shall be tried before the Supreme Constitutional Court.

(2) The Council of Ministers

Article 118

1. The Council of Ministers is the highest executive and administrative authority of the state. It consists of the Prime Minister, his deputies and the ministers. It supervises the implementation of the laws and regulations and oversees the work of state institutions;

2. The Prime Minister supervises the work of his deputies and the ministers.

Article 119

The allocations and benefits of the Prime Minister, his deputies and the ministers shall be set out in a law.

Article 120

The Prime Minister, his deputies and the ministers shall be sworn in before the President of the Republic when a new government is formed by repeating the constitutional oath mentioned in Article 7 of the Constitution before they start their work. When the government is reshuffled, only the new ministers shall be sworn in.

Article 121

The Prime Minister, his deputies and the ministers shall be responsible before the President of the Republic and the People’s Assembly.

Article 122

The minister is the highest administrative authority in his ministry, and he shall implement the state’s public policy in relation to his ministry.

Article 123

While in office, ministers shall be barred from being members of the boards of private companies or agents for such companies and from carrying out, directly or indirectly, any commercial activity or private profession.

Article 124

1. The Prime Minister, his deputies and the ministers shall be responsible for their acts, from a civil and penal perspective, in accordance with the law;

2. The President of the Republic has the right to refer the Prime Minister, his deputies and the ministers to the courts for any crimes any of them commits while in office or because of such crimes;

3. The accused shall be suspended from office as soon as an indictment is made until a ruling is passed on the accusation made against him. His resignation or dismissal does not prevent his trial. Procedures are conducted as stated in the law.

Article 125

1. The cabinet shall be considered as resigned in the following cases:

a. Upon the end of the term of office of the President of the Republic;

b. Upon the election of a new People’s Assembly;

c. If the majority of the ministers resigned.

2. The cabinet carries on in a care taker capacity until a decree is passed naming a new cabinet.

Article 126

An individual can be a minister and a member of the People’s Assembly at the same time.

Article 127

Provisions applying to ministers apply to deputy ministers.

Article 128

The mandate of the Council of Ministers is as follows:

1. It draws the executive plans of the state’s general policy;

2. It guides the work of ministers and other public bodies;

3. It draws the state’s draft budget;

4. It drafts laws;

5. It prepares development plans and plans for upgrading production and the exploitation of national resources and everything that could support and develop the economy and increase national income;

6. It concludes loan contracts and grants loans in accordance with provisions of the constitution;

7. Concludes treaties and agreements in accordance with provisions of the constitution;

8. Follows up on enforcing the laws and protects the interests and the security of the state and protects the freedoms and rights of the population;

9. Passes administrative decisions in accordance with the laws and regulations and oversees their implementation.

Article 129

The Prime Minister and the ministers exercise the authorities provided for in the laws in force in a manner that does not contravene the authorities given to other authorities in the Constitution, in addition to the other authorities stated in its provisions.

(3) Local Councils

Article 130

The Syrian Arab Republic consists of administrative units; and the law states their number, boundaries, authorities and the extent to which they enjoy the status of a legal entity, financial and administrative independence.

Article 131

1. The organization of local administration units is based on applying the principle of decentralization of authorities and responsibilities. The law states the relationship between these units and the central authority, their mandate, financial revenues and control over their work. It also states the way their heads are appointed or elected, their authorities and the authorities of heads of sectors.

2. Local administration units shall have councils elected in a general, secret, direct and equal manner.

Chapter III.- The Judicial Authority

(1) The Courts and Attorney General’s Office

Article 132

The judicial authority is independent; and the President of the Republic insures this independence assisted by the Supreme Judicial Council.

Article 133

1. The Supreme Judicial Council is headed by the President of the Republic; and the law states the way it shall be formed, its mandate and its rules of procedures;

2. The Supreme Judicial Council insures the provision of the guarantees necessary for the independence of the judiciary.

Article 134

1. Judges are independent and there is no authority over them except that of the law;

2. The judges’ honor, conscience and impartiality constitute the guarantees for people’s rights and freedoms.

Article 135

The law regulates the different branches, categories and degrees of the judicial system. It also states the rules for the mandates of different courts.

Article 136

The law states the conditions for appointing judges, promoting, transferring, disciplining and dismissing them.

Article 137

The Attorney General’s Office is a single judicial institution headed by the Minister of Justice. The law regulates its function and mandate.

Article 138

1. Judicial rulings are made in the name of the Arab people of Syria;

2. Not implementing judicial rulings or obstructing their implementation is a crime punished in accordance with provisions of the law.

(2) Administrative Judiciary

Article 139

The State’s Council is in charge of Administrative Judiciary. It is an independent judicial and advisory body. The law states its mandate and conditions for appointing, promoting, transferring, disciplining and dismissing them.

Title Four.- The Supreme Constitutional Court

Article 140

The Supreme Constitutional Court is an independent judicial body based in Damascus.

Article 141

The Supreme Constitutional Court consists of at least seven members, one of them shall be named president in a decree passed by the President of the Republic.

Article 142

An individual cannot be a member of the Supreme Constitutional Court and a minister or a member of the People’s Assembly at the same time. The law states the other jobs that cannot be done by a member of the Court.

Article 143

The duration of membership of the Supreme Constitutional Court shall be four years renewable. Article 144 Members of the Supreme Constitutional Court cannot be dismissed from its membership except in accordance with the law.

Article 145

President and members of the Supreme Constitutional Court shall be sworn in before the President of the Republic in the presence of the Speaker of the People’s Assembly before they assume their duties. They repeat the following oath: “I swear by the Great Almighty to respect the Constitution and the laws of the country and to carry out my responsibilities with integrity and impartiality”.

Article 146

The mandate of the Supreme Constitutional Court is as follows:

1. Control over the constitutionality of the laws, legislative decrees, bylaws and regulations;

2. Expressing opinion, upon the request of the President of the Republic, on the constitutionality of the draft laws and legislative decrees and the legality of draft decrees;

3. Supervising the election of the President of the Republic and organizing the relevant procedures;

4. Considering the challenges made to the soundness of the measures of electing the President of the Republic and members of the People’s Assembly and ruling on these challenges;

5. Trying the President of the Republic in the case of high treason;

6. The law states its other authorities.

Article 147

1. The Supreme Constitutional Court is charged with control over the constitutionality of the laws as follows:

a. If the President of the Republic or a fifth of the members of the People’s Assembly object to a law before it is passed, on the grounds of its unconstitutionality, it shall be suspended until the Court rules on it within 15 days of the date of lodging the objection at the Court. If the law is urgently needed, the Court shall rule on it within 7 days;

b. If a fifth of the members of the People’s Assembly object to a legislative decree, on the grounds of its unconstitutionality within 15 days of it is being presented to the Assembly, the Court shall rule on it within 15 days of lodging the objection at the Court;

c. If the Court ruled that the law, the legislative decree or the bylaw was unconstitutional, the items found to be unconstitutional shall be annulled with retroactive effect and all their consequences shall be removed.

2. Considering the claim of the unconstitutionality of a law or a legislative decree and ruling on it takes place as follows:

a. If an opponent making a challenge claimed the unconstitutionality of a legal text applied by the court whose ruling is being challenged, and if the court considering the challenge found that the claim was serious and should be ruled on, it halts the proceedings of the case and refers it to the Supreme Constitutional Court;

b. The Supreme Constitutional Court shall rule on the claim within 30 days of being entered in its register.

Article 148

The Supreme Constitutional Court shall not consider the constitutionality of the laws put by the President of the Republic to a referendum and obtained the approval of the people.

Article 149

The law regulates the principles of considering and ruling on the issues under the mandate of the Supreme Constitutional Court. The law states the number of its staff and the conditions which need to be met by its members. It also states their immunity, responsibilities, salaries and privileges.

Title Five.- Amending the Constitution

Article 150

1. The President of the Republic, and so does a third of the members of the People’s Assembly, might propose amending the Constitution;

2. The proposal for amending the Constitution shall state the text proposed to be amended and the reasons for making the amendment;

3. As soon as the People’s Assembly receives the proposal for amendment, it sets up a special committee to examine it.

4. The Assembly discusses the proposal for amendment. If it approved it with a three quarters majority, the amendment shall be considered final provided that it is also approved by the President of the Republic.

Title Six.- General and Transitional Provisions

Article 151

The Preamble of the Constitution is considered part and parcel of the Constitution

Article 152

No person carrying another nationality, in addition to the nationality of the Syrian Arab Republic, might occupy the office of President of the Republic, Vice-president, Prime Minister, deputy prime ministers, ministers, members of the People’s Assembly or members of the Supreme Constitutional Court.

Article 153

This constitution shall not be amended before 18 months of coming into force.

Article 154

The legislation in force and passed before approving this Constitution remain in force until they are amended in accordance with its provisions, provided that the amendment is done within a period of no longer than 3 years.

Article 155

The term of office of the current President of the Republic terminates after 7 years of his being sworn in as President. He has the right to stand again for the office of President of the Republic. Provisions of Article 88 of this Constitution apply to him as of the next presidential elections.

Article 156

Elections for the first People’s Assembly under this Constitution shall be held within 90 days of the date of its being approved through referendum.

Article 157

This Constitution shall be published in the official bulletin and enters into force as of being approved.

13Sep/17

Privacy Amendment Act nº 12, 2017 Australia

An Act to amend the Privacy Act 1988, and for related purposes

(Assented to 22 February 2017)

The Parliament of Australia enacts:

 

1.-  Short title

This Act is the Privacy Amendment (Notifiable Data Breaches) Act 2017.

 

2.-  Commencement

  • Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.

Commencement information

Column 1             Column 2                                            Column 3

Provisions            Commencement                                  Date/Details

  1. Sections 1  The day this Act receives the Royal        22 February 2017

To 3 and        Assent.

anything in

this Act not

elsewhere

covered by this

table

 

  1. Schedule 1          A single day to be fixed by

Proclamation.

However, if the provisions do not

Commence within the period of 12

Months beginning on the day this

Act receives the Royal Assent, they

Commence on the day after the end

of that period.

 

 

Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.

 

(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.

 

3.-  Schedules

Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.

 

Schedule 1.- Amendments

 

Privacy Act 1988

 

1.-  Subsection 6(1)

Insert:

at risk from an eligible data breach has the meaning given by section 26WE.

eligible data breach has the meaning given by Division 2 of Part IIIC.

 

2.-  After subsection 13(4)

Insert:

Notification of eligible data breaches etc.

(4A)  If an entity (within the meaning of Part IIIC) contravenes subsection 26WH(2), 26WK(2), 26WL(3) or 26WR(10), the contravention is taken to be an act that is an interference with the privacy of an individual.

 

3.-  After Part IIIB

Insert:

Part IIIC.- Notification of eligible data breaches

Division 1.-Introduction

26WA.-  Simplified outline of this Part

  • This Part sets up a scheme for notification of eligible data breaches.
  • An eligible data breach happens if:

(a)     there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and

(b)     the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

  • An entity must give a notification if:

(a)     it has reasonable grounds to believe that an eligible data breach has happened; or

(b)     it is directed to do so by the Commissioner.

 

26WB.-  Entity

For the purposes of this Part, entity includes a person who is a file number recipient.

 

26WC.-  Deemed holding of information

Overseas recipients

(1)  If:

(a)  an APP entity has disclosed personal information about one or more individuals to an overseas recipient; and

(b)  Australian Privacy Principle 8.1 applied to the disclosure of the personal information; and

(c)  the overseas recipient holds the personal information;

this Part has effect as if:

(d)  the personal information were held by the APP entity; and

(e)  the APP entity were required under section 15 not to do an act, or engage in a practice, that breaches Australian Privacy Principle 11.1 in relation to the personal information.

Bodies or persons with no Australian link

(2)  If:

(a)  either:

(i)  a credit provider has disclosed, under paragraph 21G(3)(b) or (c), credit eligibility information about one or more individuals to a related body corporate, or person, that does not have an Australian link; or

(ii)  a credit provider has disclosed, under subsection 21M(1), credit eligibility information about one or more individuals to a body or person that does not have an Australian link; and

(b)  the related body corporate, body or person holds the credit eligibility information;

this Part has effect as if:

(c)  the credit eligibility information were held by the credit provider; and

(d)  the credit provider were required to comply with subsection 21S(1) in relation to the credit eligibility information.

Note: See section 21NA. 

 

26WD.-  Exception-notification under the My Health Records Act 2012

If:

(a)  an unauthorised access to information; or

(b)  an unauthorised disclosure of information; or

(c)  a loss of information;

has been, or is required to be, notified under section 75 of the My Health     Records Act 2012, this Part does not apply in relation to the access, disclosure or loss.

 

Division 2.- Eligible data breach

 

26WE.-  Eligible data breach

Scope

(1)  This section applies if:

(a)  both:

(i)  an APP entity holds personal information relating to one or more individuals; and

(ii)  the APP entity is required under section 15 not to do an act, or engage in a practice, that breaches Australian Privacy Principle 11.1 in relation to the personal information; or

(b)  both:

(i)  a credit reporting body holds credit reporting information relating to one or more individuals; and

(ii)  the credit reporting body is required to comply with section 20Q in relation to the credit reporting information; or

(c)  both:

(i)  a credit provider holds credit eligibility information relating to one or more individuals; and

(ii)  the credit provider is required to comply with subsection 21S(1) in relation to the credit eligibility information; or

(d)  both:

(i)  a file number recipient holds tax file number information relating to one or more individuals; and

(ii)  the file number recipient is required under section 18 not to do an act, or engage in a practice, that breaches a section 17 rule that relates to the tax file number information.

Eligible data breach

(2)  For the purposes of this Act, if:

(a)  both of the following conditions are satisfied:

(i)  there is unauthorised access to, or unauthorised disclosure of, the information;

(ii)  a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or

(b)  the information is lost in circumstances where:

(i)  unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and

(ii)  assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;

then:

(c)  the access or disclosure covered by paragraph (a), or the loss covered by paragraph (b), is an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; and

(d)  an individual covered by subparagraph (a)(ii) or (b)(ii) is at risk from the eligible data breach.

(3)  Subsection (2) has effect subject to section 26WF.

 

26WF.-  Exception-remedial action

Access to, or disclosure of, information

(1)  If:

(a)  an access to, or disclosure of, information is covered by paragraph 26WE(2)(a); and

(b)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the access or disclosure; and

(c)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before the access or disclosure results in serious harm to any of the individuals to whom the information relates; and

(d)  as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to any of those individuals;

the access or disclosure is not, and is taken never to have been:

(e)  an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f)  an eligible data breach of any other entity.

(2)  If:

(a)  an access to, or disclosure of, information is covered by paragraph 26WE(2)(a); and

(b)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the access or disclosure; and

(c)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before the access or disclosure results in serious harm to a particular individual to whom the information relates; and

(d)  as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to the individual;

this Part does not require:

(e)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f)  any other entity;

to take steps to notify the individual of the contents of a statement that relates to the access or disclosure.

Loss of information

(3)  If:

(a)  a loss of information is covered by paragraph 26WE(2)(b); and

(b)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and

(c)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before there is unauthorised access to, or unauthorised disclosure of, the information; and

(d)  as a result of the action, there is no unauthorised access to, or unauthorised disclosure of, the information;

the loss is not, and is taken never to have been:

(e)  an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f)  an eligible data breach of any other entity.

(4)  If:

(a)  a loss of information is covered by paragraph 26WE(2)(b); and

(b)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and

(c)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so:

(i)  after there is unauthorised access to, or unauthorised disclosure of, the information; and

(ii)  before the access or disclosure results in serious harm to any of the individuals to whom the information relates; and

(d)  as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to any of those individuals;

the loss is not, and is taken never to have been:

(e)  an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f)  an eligible data breach of any other entity.

(5)  If:

(a)  a loss of information is covered by paragraph 26WE(2)(b); and

(b)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and

(c)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so:

(i)  after there is unauthorised access to, or unauthorised disclosure of, the information; and

(ii)  before the access or disclosure results in serious harm to a particular individual to whom the information relates; and

(d)  as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to the individual;

this Part does not require:

(e)  the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or

(f)  any other entity;

to take steps to notify the individual of the contents of a statement that relates to the loss.

 

26WG.-  Whether access or disclosure would be likely, or would not be likely, to result in serious harm-relevant matters

For the purposes of this Division, in determining whether a reasonable person would conclude that an access to, or a disclosure of, information:

(a)  would be likely; or

(b)  would not be likely;

to result in serious harm to any of the individuals to whom the information relates, have regard to the following:

(c)  the kind or kinds of information;

(d)  the sensitivity of the information;

(e)  whether the information is protected by one or more security measures;

(f)  if the information is protected by one or more security measures-the likelihood that any of those security measures could be overcome;

(g)  the persons, or the kinds of persons, who have obtained, or who could obtain, the information;

(h)  if a security technology or methodology:

(i)  was used in relation to the information; and

(ii)  was designed to make the information unintelligible or meaningless to persons who are not authorised to obtain the information;

the likelihood that the persons, or the kinds of persons, who:

(iii)  have obtained, or who could obtain, the information; and

(iv)  have, or are likely to have, the intention of causing harm to any of the individuals to whom the information relates;

have obtained, or could obtain, information or knowledge required to circumvent the security technology or methodology;

(i)  the nature of the harm;

(j)  any other relevant matters.

Note: If the security technology or methodology mentioned in paragraph (h) is encryption, an encryption key is an example of information required to circumvent the security technology or methodology.

 

Division 3.- Notification of eligible data breaches

 

Subdivision A.- Suspected eligible data breaches

 

26WH.-  Assessment of suspected eligible data breach

Scope

(1)  This section applies if:

(a)  an entity is aware that there are reasonable grounds to suspect that there may have been an eligible data breach of the entity; and

(b)  the entity is not aware that there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity.

Assessment

(2)  The entity must:

(a)  carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity; and

(b)  take all reasonable steps to ensure that the assessment is completed within 30 days after the entity becomes aware as mentioned in paragraph (1)(a).

Note: Section 26WK applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.

 

26WJ.-  Exception-eligible data breaches of other entities

If:

(a)  an entity complies with section 26WH in relation to an eligible data breach of the entity; and

(b)  the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities;

that section does not apply in relation to those eligible data breaches of those other entities.

 

Subdivision B.- General notification obligations

26WK.-  Statement about eligible data breach

Scope

(1)  This section applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.

Statement

(2)  The entity must:

(a)  both:

(i)  prepare a statement that complies with subsection (3); and

(ii)  give a copy of the statement to the Commissioner; and

(b)  do so as soon as practicable after the entity becomes so aware.

(3)  The statement referred to in subparagraph (2)(a)(i) must set out:

(a)  the identity and contact details of the entity; and

(b)  a description of the eligible data breach that the entity has reasonable grounds to believe has happened; and

(c)  the kind or kinds of information concerned; and

(d)  recommendations about the steps that individuals should take in response to the eligible data breach that the entity has reasonable grounds to believe has happened.

(4)  If the entity has reasonable grounds to believe that the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities, the statement referred to in subparagraph (2)(a)(i) may also set out the identity and contact details of those other entities.

 

26WL.-  Entity must notify eligible data breach

Scope

(1)  This section applies if:

(a)  an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity; and

(b)  the entity has prepared a statement that:

(i)  complies with subsection 26WK(3); and

(ii)  relates to the eligible data breach that the entity has reasonable grounds to believe has happened.

Notification

(2)  The entity must:

(a)  if it is practicable for the entity to notify the contents of the statement to each of the individuals to whom the relevant information relates-take such steps as are reasonable in the circumstances to notify the contents of the statement to each of the individuals to whom the relevant information relates; or

(b)  if it is practicable for the entity to notify the contents of the statement to each of the individuals who are at risk from the eligible data breach-take such steps as are reasonable in the circumstances to notify the contents of the statement to each of the individuals who are at risk from the eligible data breach; or

(c)  if neither paragraph (a) nor (b) applies:

(i)  publish a copy of the statement on the entity’s website (if any); and

(ii)  take reasonable steps to publicise the contents of the statement.

Note: See also subsections 26WF(2) and (5), which deal with remedial action.

(3)  The entity must comply with subsection (2) as soon as practicable after the completion of the preparation of the statement.

Method of providing a statement to an individual

(4)  If the entity normally communicates with a particular individual using a particular method, the notification to the individual under paragraph (2)(a) or (b) may use that method. This subsection does not limit paragraph (2)(a) or (b).

 

26WM.-  Exception-eligible data breaches of other entities

If:

(a)  an entity complies with sections 26WK and 26WL in relation to an eligible data breach of the entity; and

(b)  the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities;

those sections do not apply in relation to those eligible data breaches of those other entities.

 

26WN.-  Exception-enforcement related activities

If:

(a)  an entity is an enforcement body; and

(b)  the chief executive officer of the enforcement body believes on reasonable grounds that there has been an eligible data breach of the entity; and

(c)  the chief executive officer of the enforcement body believes on reasonable grounds that compliance with section 26WL in relation to the eligible data breach would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, the enforcement body;

paragraph 26WK(3)(d) and section 26WL do not apply in relation to:

(d)  the eligible data breach of the entity; and

(e)  if the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities—such an eligible data breach of those other entities.

 

26WP.-  Exception-inconsistency with secrecy provisions

Secrecy provisions

(1)  For the purposes of this section, secrecy provision means a provision that:

(a)  is a provision of a law of the Commonwealth (other than this Act); and

(b)  prohibits or regulates the use or disclosure of information.

(2)  If compliance by an entity with subparagraph 26WK(2)(a)(ii) in relation to a statement would, to any extent, be inconsistent with a secrecy provision (other than a prescribed secrecy provision), subsection 26WK(2) does not apply to the entity, in relation to the statement, to the extent of the inconsistency.

(3)  If compliance by an entity with section 26WL in relation to a statement would, to any extent, be inconsistent with a secrecy provision (other than a prescribed secrecy provision), section 26WL does not apply to the entity, in relation to the statement, to the extent of the inconsistency.

Prescribed secrecy provisions

(4)  For the purposes of this section, prescribed secrecy provision means a secrecy provision that is specified in the regulations.

(5)  For the purposes of a prescribed secrecy provision:

(a)  subparagraph 26WK(2)(a)(ii); and

(b)  section 26WL;

are taken not to be provisions that require or authorise the use or disclosure of information.

(6)  If compliance by an entity with subparagraph 26WK(2)(a)(ii) in relation to a statement would, to any extent, be inconsistent with a prescribed secrecy provision, subsection 26WK(2) does not apply to the entity in relation to the statement.

(7)  If compliance by an entity with section 26WL in relation to a statement would, to any extent, be inconsistent with a prescribed secrecy provision, section 26WL does not apply to the entity in relation to the statement.

 

26WQ.-  Exception-declaration by Commissioner

(1)  If the Commissioner:

(a)  is aware that there are reasonable grounds to believe that there has been an eligible data breach of an entity; or

(b)  is informed by an entity that the entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity;

the Commissioner may, by written notice given to the entity:

(c)  declare that sections 26WK and 26WL do not apply in relation to:

(i)  the eligible data breach of the entity; and

(ii)  if the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities—such an eligible data breach of those other entities; or

(d)  declare that subsection 26WL(3) has effect in relation to:

(i)  the eligible data breach of the entity; and

(ii)  if the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities-such an eligible data breach of those other entities;

as if that subsection required compliance with subsection 26WL(2) before the end of a period specified in the declaration.

(2)  The Commissioner’s power in paragraph (1)(d) may only be used to extend the time for compliance with subsection 26WL(2) to the end of a period that the Commissioner is satisfied is reasonable in the circumstances.

(3)  The Commissioner must not make a declaration under subsection (1) unless the Commissioner is satisfied that it is reasonable in the circumstances to do so, having regard to the following:

(a)  the public interest;

(b)  any relevant advice given to the Commissioner by:

(i)  an enforcement body; or

(ii)  the Australian Signals Directorate of the Defence Department;

(c)  such other matters (if any) as the Commissioner considers relevant.

(4)  Paragraph (3)(b) does not limit the advice to which the Commissioner may have regard.

(5)  The Commissioner may give a notice of a declaration to an entity under subsection (1):

(a)  on the Commissioner’s own initiative; or

(b)  on application made to the Commissioner by the entity.

Applications

(6)  An application by an entity under paragraph (5)(b) may be expressed to be:

(a)  an application for a paragraph (1)(c) declaration; or

(b)  an application for a paragraph (1)(d) declaration; or

(c)  an application for:

(i)  a paragraph (1)(c) declaration; or

(ii)  in the event that the Commissioner is not disposed to make such a declaration—a paragraph (1)(d) declaration.

(7)  If an entity applies to the Commissioner under paragraph (5)(b):

(a)  the Commissioner may refuse the application; and

(b)  if the Commissioner does so—the Commissioner must give written notice of the refusal to the entity.

(8)  If:

(a)  an application for a paragraph (1)(d) declaration nominates a period to be specified in the declaration; and

(b)  the Commissioner makes the declaration, but specifies a different period in the declaration;

the Commissioner is taken not to have refused the application.

(9)  If an entity applies to the Commissioner under paragraph (5)(b) for a declaration that, to any extent, relates to an eligible data breach of the entity, sections 26WK and 26WL do not apply in relation to:

(a)  the eligible data breach; or

(b)  if the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities-such an eligible data breach of those other entities;

until the Commissioner makes a decision in response to the application for the declaration.

(10)  An entity is not entitled to make an application under paragraph (5)(b) in relation to an eligible data breach of the entity if:

(a)  the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities; and

(b)  one of those other entities has already made an application under paragraph (5)(b) in relation to the eligible data breach of the other entity.

Extension of specified period

(11)  If notice of a paragraph (1)(d) declaration has been given to an entity, the Commissioner may, by written notice given to the entity, extend the period specified in the declaration.

 

Subdivision C.- Commissioner may direct entity to notify eligible data breach

 

26WR.-  Commissioner may direct entity to notify eligible data breach

(1)  If the Commissioner is aware that there are reasonable grounds to believe that there has been an eligible data breach of an entity, the Commissioner may, by written notice given to the entity, direct the entity to:

(a)  prepare a statement that complies with subsection (4); and

(b)  give a copy of the statement to the Commissioner.

(2)  The direction must also require the entity to:

(a)  if it is practicable for the entity to notify the contents of the statement to each of the individuals to whom the relevant information relates-take such steps as are reasonable in the circumstances to notify the contents of the statement to each of the individuals to whom the relevant information relates; or

(b)  if it is practicable for the entity to notify the contents of the statement to each of the individuals who are at risk from the eligible data breach-take such steps as are reasonable in the circumstances to notify the contents of the statement to each of the individuals who are at risk from the eligible data breach; or

(c)  if neither paragraph (a) nor (b) applies:

(i)  publish a copy of the statement on the entity’s website (if any); and

(ii)  take reasonable steps to publicise the contents of the statement.

Note: See also subsections 26WF(2) and (5), which deal with remedial action.

(3)  Before giving a direction to an entity under subsection (1), the Commissioner must invite the entity to make a submission to the Commissioner in relation to the direction within the period specified in the invitation.

(4)  The statement referred to in paragraph (1)(a) must set out:

(a)  the identity and contact details of the entity; and

(b)  a description of the eligible data breach that the Commissioner has reasonable grounds to believe has happened; and

(c)  the kind or kinds of information concerned; and

(d)  recommendations about the steps that individuals should take in response to the eligible data breach that the Commissioner has reasonable grounds to believe has happened.

(5)  A direction under subsection (1) may also require the statement referred to in paragraph (1)(a) to set out specified information that relates to the eligible data breach that the Commissioner has reasonable grounds to believe has happened.

(6)  In deciding whether to give a direction to an entity under subsection (1), the Commissioner must have regard to the following:

(a)  any relevant advice given to the Commissioner by:

(i)  an enforcement body; or

(ii)  the Australian Signals Directorate of the Defence Department;

(b)  any relevant submission that was made by the entity:

(i)  in response to an invitation under subsection (3); and

(ii)  within the period specified in the invitation;

(c)  such other matters (if any) as the Commissioner considers relevant.

(7)  Paragraph (6)(a) does not limit the advice to which the Commissioner may have regard.

(8)  If the Commissioner is aware that there are reasonable grounds to believe that the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities, a direction under subsection (1) may also require the statement referred to in paragraph (1)(a) to set out the identity and contact details of those other entities.

Method of providing a statement to an individual

(9)  If an entity normally communicates with a particular individual using a particular method, the notification to the individual mentioned in paragraph (2)(a) or (b) may use that method. This subsection does not limit paragraph (2)(a) or (b).

Compliance with direction

(10)  An entity must comply with a direction under subsection (1) as soon as practicable after the direction is given.

 

26WS.-  Exception-enforcement related activities

An entity is not required to comply with a direction under subsection 26WR(1) if:

(a)  the entity is an enforcement body; and

(b)  the chief executive officer of the enforcement body believes on reasonable grounds that compliance with the direction would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, the enforcement body.

 

26WT.-  Exception-inconsistency with secrecy provisions

Secrecy provisions

(1)  For the purposes of this section, secrecy provision means a provision that:

(a)  is a provision of a law of the Commonwealth (other than this Act); and

(b)  prohibits or regulates the use or disclosure of information.

(2)  If compliance by an entity with paragraph 26WR(1)(b) or subsection 26WR(2) in relation to a statement would, to any extent, be inconsistent with a secrecy provision (other than a prescribed secrecy provision), paragraph 26WR(1)(b) or subsection 26WR(2), as the case may be, does not apply to the entity, in relation to the statement, to the extent of the inconsistency.

Prescribed secrecy provisions

(3)  For the purposes of this section, prescribed secrecy provision means a secrecy provision that is specified in the regulations.

(4)  For the purposes of a prescribed secrecy provision:

(a)  paragraph 26WR(1)(b); and

(b)  subsection 26WR(2);

are taken not to be provisions that require or authorise the use or disclosure of information.

(5)  If compliance by an entity with paragraph 26WR(1)(b) or subsection 26WR(2) in relation to a statement would, to any extent, be inconsistent with a prescribed secrecy provision, paragraph 26WR(1)(b) or subsection 26WR(2), as the case may be, does not apply to the entity in relation to the statement.

 

 

4 .- After paragraph 96(1)(b)

Insert:

(ba)  a decision under subsection 26WQ(7) to refuse an application for a declaration;

(bb)  a decision to make a declaration under paragraph 26WQ(1)(d);

(bc)  a decision under subsection 26WR(1) to give a direction;

 

5.-  After subsection 96(2)

Insert:

(2A)  An application under paragraph (1)(ba) may only be made by:

(a)  the entity that made the application for a declaration; or

(b)  if another entity’s compliance with subsection 26WL(2) is affected by the decision to refuse the application for a declaration—that other entity.

(2B)  An application under paragraph (1)(bb) may only be made by:

(a)  the entity to whom notice of the declaration was given; or

(b)  if another entity’s compliance with subsection 26WL(2) is affected by the declaration-that other entity.

(2C)  An application under paragraph (1)(bc) may only be made by the entity to whom the direction was given.

(2D)  For the purposes of subsections (2A), (2B) and (2C), entity has the same meaning as in Part IIIC.

 

6.-  Application of amendments-eligible data breaches

(1)       Paragraph 26WE(2)(a) of the Privacy Act 1988 (as amended by this Schedule) applies to an access or disclosure that happens after the commencement of this item.

(2)       Paragraph 26WE(2)(b) of the Privacy Act 1988 (as amended by this Schedule) applies to a loss that happens after the commencement of this item.

13Sep/17

Copyright Amendment Bill B13-2017

Copyright Amendment Bill B13-2017

(As introduced in the National Assembly (proposed section 75); explanatory summary of Bill published in Government Gazette nº 40121 of 5 July 2016)

BILL
To amend the Copyright Act, 1978, so as to define certain words and expressions; to allow for the reproduction of copyright work; to provide for the protection of copyright in artistic work; to provide for the accreditation and registration of Collecting Societies; to provide for the procedure for settlement of royalties disputes; to allow fair use of copyright work; to provide for access to copyright works by persons with disabilities; to provide for the protection of authorship of orphan works by the State; to provide for the establishment of the Intellectual Property Tribunal; to provide for the appointment of members of the Intellectual Property Tribunal; to provide for the powers and functions of the Intellectual Property Tribunal; to provide for prohibited conduct in respect of technological protection measures; to provide for prohibited conduct in respect of copyright management information; to provide for management of digital rights; to provide for certain new offences; and to provide for matters connected therewith.

BE IT ENACTED by the Parliament of the Republic of South Africa, as
follows:
Amendment of section 1 of Act 98 of 1978, as amended by section 1 of Act 56 of 1980, section 1 of Act 66 of 1983, section 1 of Act 52 of 1984, section 1 of Act 13 of 1988, section 1 of Act 125 of 1992, section 50 of Act 38 of 1997, section 1 of Act 9 of 2002, section 224 of Act 71 of 2008 and section 3 of Act 28 of 2013

 

1. Section 1 of the Copyright Act, 1978 (hereinafter referred to as ‘‘the principal Act’’), is hereby amended :

(a) by the insertion before the definition of ‘‘adaptation’’ of the following
definition:                                                                                                            ‘‘ ‘accessible format copy’ means a copy of a work in an alternative
manner or form which gives a person with a disability access to the work
and which permits such person to have access as feasibly and
comfortably as a person without disability;’’;

(b) by the insertion after the definition of ‘‘artistic work’’ of the following
definition:                                                                                                            ‘‘ ‘audiovisual fixation’ has the meaning ascribed to it in section 1 of the
Performers’ Protection Act, 1967 (Act nº 11 of 1967);’’;

(c) by the insertion after the definition of ‘‘collecting society’’ of the following
definition:                                                                                                            ‘‘ ‘commercial’ means to obtain direct economic advantage or financial
gain in connection with the business or trade of the user of the work in
question;’’;

(d) by the insertion after the definition of ‘‘community protocol’’ of the following
definition:
‘‘ ‘Companies Act’ means the Companies Act, 2008 (Act nº 71 of 2008);’’;

(e) by the insertion after the definition of ‘‘copyright’’ of the following definition:
‘‘ ‘copyright management information’ means information, including
meta-data, attached to or embodied in a copy of a work that :
(a) identifies the work and its author or copyright author; or
(b) identifies or indicates some or all of the terms and conditions for using the work or indicates that the use of the work is subject to terms and conditions;’’;

(f) by the insertion after the definition of ‘‘National Trust’’ of the following
definition:
‘‘ ‘orphan work’ means a work in which copyright still subsists but none of the rights holders in that work is identified or, even if one or more of them are identified, none is located;’’;

(g) by the insertion after the definition of ‘‘performance’’ of the following
definitions:
‘‘ ‘performer’ has the meaning ascribed to it in section 1 of the Performers’ Protection Act, 1967 (Act nº 11 of 1967);
‘person with a disability’ includes a person who has a perceived or actual physical, intellectual, neurological or sensory impairment which, as a result of communication, physical or information barriers, requires an accessible format copy in order to access and use a work;’’;

(h) by the insertion after the definition of ‘‘sound recording’’ of the following
definitions:
‘‘ ‘technologically protected work’ means a work that is protected by a
technological protection measure;
‘technological protection measure’ :
(a) means any process, treatment, mechanism, technology, device, system or component that in the normal course of its operation is designed to prevent or restrict infringement of work; and
(b) does not include a process, treatment, mechanism, technology, device, system or component, to the extent that it controls any access to a work for non-infringing purposes;
‘technological protection measure circumvention device’ means a device primarily designed, produced or adapted for purposes of enabling or facilitating the unlawful circumvention of a technological protection measure;’’; and

(i) by the insertion after the definition of ‘‘traditional work’’ of the following
definition:
‘‘ ‘Tribunal’ means the Intellectual Property Tribunal established by section 29;’’.

 

Insertion of section 2A in Act 98 of 1978

2. The following section is hereby inserted in the principal Act after section 2:

‘‘Scope of copyright protection

2A.

(1) Copyright protection extends to expressions and not to:
(a) ideas, procedures, methods of operation or mathematical concepts; or
(b) in the case of computer programs, to interface specifications.

(2) Tables and compilations which, by reason of the selection or arrangement of their contents, constitute the author’s own intellectual creation shall be protected as such by copyright.

(3) The copyright protection of tables and compilations shall :
(a) not extend to their contents; and                                                                (b) be without prejudice to any rights subsisting in their contents.

(4) Notwithstanding the provisions of section 2, no protection shall :
(a) extend to an expression :
(i) inextricably merged with an idea such that the idea can be expressed intelligibly only in one or a limited number of ways; or
(ii) when the particular expression is directed by law or regulation such that only one form of expression will meet regulatory requirements, for example on a safety label;
(b) subsist in :
(i) official texts of a legislative, administrative or legal nature or in official translations of those texts;
(ii) speeches of a political nature, in speeches delivered in the course of legal proceedings or in news of the day that are mere items of press information: Provided that the maker of the speeches referred to in this subparagraph shall have the exclusive right of making a collection of the speeches in question.’’.

 

Amendment of section 5 of Act 98 of 1978, as amended by section 5 of Act 52 of 1984 and section 5 of Act 125 of 1992

3. Section 5 of the principal Act is hereby amended by the substitution for subsection (2) of the following subsection:
‘‘(2)

(a) Copyright shall be conferred by this section on every work which is
eligible for copyright and which is made by, funded by or under the direction or
control of the state or [such] an international [organizations as may be
prescribed] or local organisations.

(b) Copyright conferred in terms of paragraph (a) shall be owned by the state or organisation in question.’’.

 

Amendment of section 6 of Act 98 of 1978, as amended by section 3 of Act 56 of 1980 and section 6 of Act 125 of 1992

4. Section 6 of the principal Act is hereby amended:

(a) by the insertion after paragraph (e) of the following paragraph:
‘‘(eA) communicating the work to the public, by wire or wireless means,
including by means of internet access and the making of the work available to the public in such a way that any member of the public may access the work from a place and at a time chosen by that person, whether interactively or non-interactively;’’;

(b) by the substitution for paragraph (g) of the following paragraph:
‘‘(g) doing, in relation to an adaptation of the work, any of the acts specified in relation to the work in paragraphs (a) to [(e)] (eA) inclusive[.]’’; and

(c) by the addition of the following proviso:
‘‘: Provided that, notwithstanding the transfer of copyright in a literary or
musical work by the user, performer, owner, producer or author, the user,
performer, owner, producer or author of such work shall have the right to claim an equal portion of the royalty payable for the use of such copyright work.’’.

 

Amendment of section 7 of Act 98 of 1978, as amended by section 4 of Act 56 of 1980 and section 7 of Act 125 of 1992

5. Section 7 of the principal Act is hereby amended:

(a) by the insertion after paragraph (d) of the following paragraph:
‘‘(dA) communicating the work to the public, by wire or wireless means, including by means of internet access and the making of the work available to the public in such a way that any member of the public may access the work from a place and at a time chosen by that person, whether interactively or non-interactively;’’;

(b) by the substitution for paragraph (f) of the following paragraph:
‘‘(f) doing, in relation to an adaptation of the work, any of the acts specified in relation to the work in paragraphs (a) to [(d)] (dA) inclusive[.]’’; and

(c) by the addition of the following proviso:
‘‘Provided that, notwithstanding the transfer of copyright in an artistic work by the user, performer, owner, producer or author, the user, performer, owner, producer or author of such work shall have the right to claim an equal portion of the royalty payable for use of the copyright work.’’.

 

Substitution of section 8 of Act 98 of 1978, as amended by section 5 of Act 56 of 1980, section 6 of Act 52 of 1984, section 1 of Act 61 of 1989 and section 8 of Act 125 of 1992

6. The following section is hereby substituted for section 8 of the principal Act:

‘‘Nature of copyright in cinematograph films and audiovisual fixations

8.

(1) Copyright in a cinematograph film or an audiovisual fixation vests the exclusive right to do or to authorize the doing of any of the following acts in the Republic:

(a) Reproducing the film or fixation in any manner or form, including making a still photograph therefrom;

(b) causing the film or fixation, in so far as it consists of images, to be seen in public, or, in so far as it consists of sounds, to be heard in public;

(c) broadcasting the film or fixation;

(d) causing the film or fixation to be transmitted in a diffusion service, unless such service transmits a lawful television broadcast, including the film or fixation, and is operated by the original broadcaster;

(dA) communicating the film or fixation to the public, by wire or wireless
means, including by means of internet access and the making of the film or fixation available to the public in such a way that any member of the public may access the film or fixation from a place and at a time chosen by that person, whether interactively or non-interactively;

(e) making an adaptation of the film or fixation;

(f) doing, in relation to an adaptation of the film or fixation, any of the acts
specified in relation to the film or fixation in paragraphs (a) to [(d)] (dA) inclusive;

(g) letting, or offering or exposing for hire by way of trade, directly or
indirectly, a copy of the film or fixation:                                                   Provided that, notwithstanding the transfer of copyright in a cinematograph
film or an audiovisual fixation by the user, performer, owner, producer or author, the user, performer, owner, producer or author of such film or fixation shall have the right to claim an equal portion of the royalty payable for use of the copyright film or fixation.’’.

 

Amendment of section 9 of Act 98 of 1978, as substituted by section 2 of Act 9 of 2002

7. Section 9 of the principal Act is hereby amended by the substitution for paragraph (e) of the following paragraph:
‘‘(e) communicating the sound recording to the public, by wire or wireless means, including by means of internet access and the making of the sound recording available to the public in such a way that any member of the public may access the sound recording from a place and at a time chosen by that person, whether interactively or non-interactively.’’.

 

Substitution of section 9A of Act 98 of 1978, as inserted by section 3 of Act 9 of 2002

8. The following section is hereby substituted for section 9A of the principal Act:

‘‘Royalties

9A.

(1)

(a) In the absence of an agreement to the contrary or unless
otherwise authorised by law, no person may, without payment of a royalty to the owner of the relevant copyright:
(i) broadcast[,] a sound recording as contemplated in section 9(c);
(ii) cause the transmission of a sound recording as contemplated in section
9(d); or [play]
(iii) communicate a sound recording to the public as contemplated in [section 9(c), (d) or (e) without payment of a royalty to the owner of the relevant copyright] section 9(e).

(aA) Any person who intends to perform an act contemplated in section 9(c), (d), or (e) must, at any time before performing that act, submit a prescribed notice in the prescribed manner to the copyright user, performer, owner, producer, author, collecting society or indigenous community, community trust or National Trust, as the case may be, of his or her intention to perform that act, and must, in that notice:
(i) indicate, where practicable, the date of the proposed performance and the proposed terms and conditions of the payment of a royalty; and
(ii) request the copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust to sign the proposal attached to the notice in question.

(aB) If the person referred to in paragraph (aA) has failed to submit the   required notice to the copyright user, performer, owner, producer, author,
collecting society, indigenous community, community trust or National Trust before performing an act contemplated in section 9(c), (d), or (e), that person must forthwith:
(i) notify the copyright user, performer, owner, producer, author, collecting
society, indigenous community, community trust or National Trust of such act;
(ii) pay the generally applicable licence fees as per the proposal or as
published by the collecting society in respect of that person’s category of use; and
(iii) pay retrospective fees calculated from the date of first use, but not in
respect of use prior to the coming into operation of the Copyright
Amendment Act, 2017.

(aC) The copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust must as soon as is reasonably practicable upon receipt of such notice respond to such proposal.

(aD) If the copyright user, performer, owner, producer, author, collecting
society, indigenous community, community trust or National Trust rejects such proposal, or if the copyright user, performer, owner, producer, author,
collecting society, indigenous community, community trust or National Trust proposes different terms and conditions to such proposal and the proposal is rejected after negotiations, any party may in the prescribed manner refer the matter to the Tribunal.

(aE) The Tribunal must adjudicate the matter as soon as is reasonably
practicable and, if possible, before the performance which is the subject of the application make an order it deems fit, including, but not limited to, an order that a provisional payment of a royalty must be made into a trust account of an attorney nominated by the copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust pending the finalisation of the terms and royalty payable: Provided that such amount shall be paid over to the copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust as such amount represents the difference, if any, between the amount determined as the appropriate royalty and the amount already paid, and any balance must be repaid.

(b) The amount of any royalty contemplated in paragraph (a) shall be
determined by an agreement between the user of the sound recording, the
performer and the owner of the copyright, or between their [representative]
collecting societies.

(c) In the absence of an agreement contemplated in paragraph (b), the user, performer or owner may refer the matter to the [Copyright] Tribunal [referred to in section 29(1)] or they may agree to refer the matter for arbitration in terms of the Arbitration Act, 1965 (Act nº 42 of 1965).

(2)

(a) The user, performer, owner, producer, author, collecting society,
indigenous community, community trust or National Trust of the copyright who receives payment of a royalty in terms of this section shall share such royalty with any performer whose performance is featured on the sound recording in question and who would have been entitled to receive a royalty in that regard as contemplated in section 5 of the Performers’ Protection Act, 1967 (Act nº 11 of 1967): Provided that the royalty payable for the use of a sound recording shall be divided equally between the copyright user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust on the one hand and the performer on the other hand or between the recording company, user, performer, owner, producer, author, collecting society, indigenous community, community trust or National Trust.

(b) The performer’s share of the royalty shall represent fair and equitable
remuneration determined by an agreement between the performer and the
owner of copyright, or between their [representative] collecting societies.

(c) In the absence of an agreement contemplated in paragraph (b), the
performer or owner may refer the matter to the [Copyright] Tribunal [referred to in section 29 (1)], or they may agree to refer the matter for arbitration in terms of the Arbitration Act, 1965 (Act nº 42 of 1965).

(d) Any payment made by the user of the sound recording in terms of this
subsection shall be deemed to have discharged any obligation which that user might have to make any payment in respect of his or her use of a corresponding fixation in terms of section 5 of the Performers’ Protection
Act, 1967 (Act nº 11 of 1967).

(3) In the event of any right to a royalty being assigned to any successor in title, either by contractual arrangement, operation of law, testamentary
disposition or otherwise, any successor in title shall be entitled to enforce such right to a royalty against the person who in terms of this section is obliged to pay or against his or her successor in title.’’.

 

Insertion of sections 9B to 9F in Act 98 of 1978

9. The following sections are hereby inserted in the principal Act after section 9A:

‘‘Resale of royalty right

9B.

(1) The author of an artistic work shall enjoy an inalienable right to receive royalties on the commercial resale of his or her work subsequent to the first transfer by the user of that work (in this Chapter referred to as the ‘‘resale royalty right’’).

(2)

(a) Royalties in respect of artistic works shall be payable at the rate
prescribed by the Minister after consultation with the Minister responsible for arts and culture.

(b) The Minister must, before prescribing the rate referred to in paragraph (a), publish the rate proposed once in the Gazette and call for written comments by any interested party to be provided within 30 days after such publication.

(3) The user, performer, owner, producer or author of an artistic work
shall be entitled to receive a resale royalty if:

(a) at the time when the resale is concluded:
(i) the author is a South African citizen or is resident in the Republic; and
(ii) the term of validity of the resale royalty right has not expired;

(b) in the case of a deceased author, the deceased was at the time of death a South African citizen or was resident in the Republic;

(c) the resale or any part of the transaction takes place in the Republic or in any country contemplated in Article 1 of the Berne Convention for the Protection of Literary and Artistic Works; and

(d) the resale of the work is recognisable after the commencement of section 9 of the Copyright Amendment Act, 2017.

(4) A resale royalty right applies whether or not the author:

(a) is or was the first user, performer, owner, producer or author of any
copyright in the work; or

(b) has entered into an agreement with any person to assign, waive or charge a resale royalty right in contravention of this Act.

 

Proof of user, performer, owner, producer or author

9C.

(1) Where a mark or name purporting to identify a person as the author of an artistic work appears on such work, the person whose name appears, is, in the absence of evidence to the contrary, presumed to be the user, performer, owner, producer or author of such work.

(2) If it is found that an artistic work is a work of more than one user,
performer, owner, producer or author, the presumption in subsection (1)
applies to each artist linked with such artistic work.

(3) If it is found that an artistic work includes indigenous knowledge of a community, such community is entitled to an equitable share in the resale
royalty payable.

 

Duration of resale royalty right

9D.

(1) The resale royalty right of a user, performer, owner, producer or author of an artistic work expires at the end of the period of 50 years calculated from the end of the calendar year in which the author concerned died.

(2) In the case of :

(a) an artistic work created by an unknown author, the resale royalty right of the work expires at the end of the period of 50 years calculated from the end of the calendar year in which the work was first made available to the public, including by exhibition in public;

(b) an artistic work by more than one author, the resale royalty right continues:(i) if the identity of all the authors are known, until the end of the period of 50 years calculated from the end of the calendar year in which the last of the authors dies; or
(ii) if the identity of one or more, but not all, of the authors are known, until the end of the period of 50 years calculated from the date on which the last author whose identity is known dies.

(3) After the expiry of the resale royalty right of an artistic work created by an unknown author contemplated in subsection (2)(a), the resale right in that work revives if the identity of the author becomes known.

Assignment or waiver

9E.

(1) Assignment or waiver of a resale royalty right is unlawful.

(2) Any term of an agreement which purports to assign or waive a resale
royalty right is unenforceable.

 

Transmission of resale royalty right

9F.

(1) A resale royalty right may be transmitted on the death of the holder of the right in the following manner:

(a) The right passes to a person by testamentary disposition made by the
holder; or

(b) if there is no such direction by testamentary disposition by the holder,
by operation of law.

(2) In the case of a bequest of an artistic work by an author who did not
transfer authorship of that work in his or her lifetime, the bequest must be
read as including the resale royalty right.

(3) If a resale royalty right that passes to a person in accordance with
subsection (1)(a) may be exercised by two or more persons, the resale
royalty right may be exercised by each of them independently of the other:
Provided that if the resale royalty right is indivisible, the successors in title
of such right may not render the right commercially valueless.

(4) If resale royalties are recovered by a collecting society and an
indigenous community after the death of a holder of a resale royalty right,
those resale royalties must be treated as part of the estate of the deceased
holder.’’.

 

Amendment of section 12 of Act 98 of 1978, as amended by section 11 of Act 125 of 1992 and section 54 of Act 38 of 1997

10. Section 12 of the principal Act is hereby amended by the substitution for
subsection (1) of the following subsection:
‘‘(1)

(a) In addition to uses specifically authorised, fair use in respect of a work
or the performance of that work, for the following purposes, does not infringe
copyright in that work:
(i) Research, private study or personal use, including the use of a lawfully
possessed work at a different time or with a different device;
(ii) criticism or review of that work or of another work;
(iii) reporting current events;
(iv) scholarship, teaching and education;
(v) comment, illustration, parody, satire, caricature or pastiche;
(vi) preservation of and access to the collections of libraries, archives and
museums;
(vii) expanding access for underserved populations; and
(viii) ensuring proper performance of public administration.

(b) In determining whether an act done in relation to a work constitutes fair
dealing or fair use, all relevant factors shall be taken into account, including but not limited to :
(i) the nature of the work in question;
(ii) the amount and substantiality of the part of the work affected by the act in
relation to the whole of the work;
(iii) the purpose and character of the use, including whether:                       (aa) such use serves a purpose different from that of the work affected; and
(bb) it is of a commercial nature or for non-profit research, library or
educational purposes; and
(iv) the substitution effect of the act upon the potential market for the work in
question.

(c) For the purposes of paragraphs (a) and (b) and to the extent reasonably
practicable and appropriate, the source and the name of the author shall be
mentioned.’’.

 

Insertion of sections 12A and 12B in Act 98 of 1978

11. The following sections are hereby inserted in the principal Act after section 12:

‘‘General exceptions from copyright protection

12A.

(1) Copyright in a work shall not be infringed by any of the following acts:

(a) Any quotation, including a quotation from articles in a newspaper or
periodical, that is in the form of a summary of that work: Provided that the quotation shall be compatible with fair use in that the extent thereof shall not exceed the extent reasonably justified by the purpose:
Provided further that, to the extent that it is practicable, the source and the name of the author, if it appears on or in the work, shall be mentioned in the quotation;

(b) teaching or any illustration in a publication, broadcast, sound or visual
record: Provided that such use shall be compatible with fair practice in that the extent thereof shall not exceed the extent justified by the purpose: Provided further that, to the extent that it is practicable, the source and the name of the author, if it appears on or in the work, shall be mentioned in the act of teaching or in the illustration in question;

(c) the reproduction of such work by a broadcaster by means of its own
facilities where such reproduction or any copy of the reproduction is intended exclusively for lawful broadcasts of the broadcaster and is destroyed before the expiration of a period of six months immediately following the date of the making of the reproduction, or such longer period as may be agreed to by the owner of the relevant part of the copyright in the work: Provided that any such reproduction of a work may, if it is of an exceptional documentary nature, be preserved in the archives of the broadcaster, but shall, subject to the provisions of this Act, not be used for broadcasting or for any other purpose without the consent of the owner of the relevant part of the copyright in the work;

(d) the reproduction in the press or by broadcasting of a lecture, address or
other work of a similar nature which is delivered in public, if such reproduction or broadcast is for information purposes: Provided that the author of the lecture, address or other work so reproduced shall have the exclusive right of making a collection thereof;

(e) subject to the obligation to indicate the source and the name of the
author in so far as it is practicable :                                                                   (i) the reproduction by the press, in a broadcast, transmission or other communication to the public of an article published in a newspaper or periodical on current economic, political or religious topics, and of broadcast works of the same character in cases in which the reproduction, broadcasting or such communication thereof is not expressly reserved;
(ii) the reporting of current events, or the reproduction and the broadcasting or communication to the public of excerpts of a work seen or heard in the course of those events, to the extent justified by the purpose; and
(iii) the reproduction in a newspaper or periodical, or the broadcasting or communication to the public, of a political speech, lecture, address, sermon or other work of a similar nature delivered in public, or a speech delivered during legal proceedings, to the extent justified by the purpose of providing current information;

(f) the translation of such work by a person giving or receiving instruction: Provided that:
(i) such translation is not done for commercial purposes;
(ii) such translation is used for personal, educational, teaching, judicial proceedings, research and professional advice purposes only; or
(iii) such work is translated and communicated to the public for non-commercial public information purposes;

(g) the use of such work in a bona fide demonstration of electronic equipment to a client by a dealer in such equipment;

(h) the use of such work is for the purposes of judicial proceedings or
preparing a report of judicial proceedings;

(i) the reasonable use of such work for the purposes of cartoon, parody, satire, pastiche, tribute or homage; and

(j) the making of a copy of such work by an individual of:
(i) the individual’s own copy of the work; or
(ii) a personal copy of the work made by the individual for the individual’s personal use and made for ends which are not commercial.

(2) For the purposes of subsection (1)(j), permitted personal uses include:

(a) the making of a back-up copy;

(b) time or format-shifting; or

(c) the making of a copy for the purposes of storage, which storage may
include storage in an electronic storage area accessed by means of the
internet or similar means which is accessible only by the individual
and the person responsible for the storage area.

(3) The provisions of subsection (1) shall also apply with reference to the
making or use of an adaptation of a work and shall also include the right to
use the work either in its original language or in a different language.

(4) An authorisation to use a literary work as the basis for the making of a cinematograph film or audiovisual fixation, or as a contribution of the
literary work to such making, shall, in the absence of an agreement to the
contrary, include the right to broadcast such film or fixation.

 

Parallel importation

12B.

(1) Notwithstanding anything to the contrary in this Act, the Trademark Act, 1993 (Act nº 194 of 1993), and the Counterfeit Goods Act, 1997 (Act nº 37 of 1997), the first sale of or other transfer of ownership of a transferred original or copy of a work in the Republic or outside the Republic, shall exhaust the rights of distribution and importation locally and internationally in respect of such transferred original or copy.’’.

 

Insertion of sections 13A and 13B in Act 98 of 1978

12. The following sections are hereby inserted in the principal Act after section 13:

‘‘Temporary reproduction and adaptation

13A.

(1) Any person may make transient or incidental copies of a work, including reformatting an integral and essential part of a technical process, if the purpose of those copies or adaptations is:

(a) to enable the transmission of the work in a network between third parties by an intermediary or any other lawful use of the work; or

(b) to adapt the work to allow use on different technological devices, such
as mobile devices, as long as there is no independent economic significance to these acts.

 

Reproduction for educational and academic activities

13B.

(1) Any person may make copies of works, recordings of works and
broadcasts in radio and television for the purposes of educational and
academic activities if the copying does not exceed the extent justified by the
purpose.

(2)

(a) Educational establishments may incorporate the copies made under subsection (1) in printed and electronic course packs, study packs, resource lists and in any other material to be used in a course of instruction or in virtual learning environments, managed learning environments, virtual research environments and library environments hosted on a secure network and accessible only by the persons giving and receiving instruction at or from the educational establishment making such copies.

(b) Establishments referred to in paragraph (a) shall not include all or
substantially all of a book or journal issue, unless a licence to do so is not
available from the author or collecting society, or representative if it is an
indigenous community, on reasonable terms and conditions.

(3) Any person receiving instruction may incorporate portions of works in printed or electronic form in assignments and portfolios, thesis and
dissertations for personal use and library deposit, including institutional
repositories.

(4)

(a) The author of a scientific or other contribution, which is the result of a research activity publicly-funded by at least 50 per cent and which has
appeared in a collection, has the right, even after granting the publisher or
editor an exclusive right of use, to make the contribution available to the
public under a public licence or by means of an open access institutional repository in the final accepted manuscript version peer-reviewed post print.

(b) In the case of a contribution published in a collection that is issued
periodically at least once per year, an agreement may provide for a delay in
the exercise of the author’s right for up to 12 months from the date of the
first periodical publication.

(c) When the work is made available to the public, the place of the first
publication must be properly acknowledged.

(d) Third parties, such as librarians, may carry out these activities on behalf of the author.

(e) Any agreement to the detriment of the author shall be void, except as
provided for in this section.

(5) The source of the work reproduced and the name of the author shall be indicated as far as is practicable on all copies made under subsections (1)
to (4).

(6) The permission under subsection (1) shall not extend to reproductions for commercial purposes but the permission shall include the reproduction of a whole textbook:

(a) where the textbook is out of print;

(b) where the owner of the right cannot be found; or

(c) where authorised copies of the same edition of the text book are not for
sale in the country or cannot be obtained at a price reasonably related
to that normally charged in the country for comparable works.’’.

 

Amendment of section 16 of Act 98 of 1978, as substituted by section 14 of Act 125 of 1992

13. Section 16 of the principal Act is hereby amended by the deletion of
subsection (1).

 

Repeal of section 17 of Act 98 of 1978

14. Section 17 of the principal Act is hereby repealed.

 

Repeal of section 18 of Act 98 of 1978

15. Section 18 of the principal Act is hereby repealed.

 

Repeal of section 19A of Act 98 of 1978

16. Section 19A of the principal Act is hereby repealed.

 

Substitution of section 19B of Act 98 of 1978, as inserted by section 18 of Act 125 of 1992

17. The following section is hereby substituted for section 19B of the principal Act:

 

‘‘General exceptions regarding protection of computer programs

19B.

(1) A person having a right to use a copy of a computer program may, without the authorisation of the rights holder, observe, study or test the functioning of the program in order to determine the ideas and principles which underlie any element of the program if that person does so while performing any of the acts of loading, displaying, running, transmitting or storing the program which he or she is entitled to perform.

(2) The authorisation of the rights holder shall not be required where
reproduction of the code and translation of its form are indispensable in order to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs, if the following conditions are met:

(a) The acts referred to in subsection (1) are performed by the licensee or
another person having a right to use a copy of the program, or on their
behalf by a person authorised to do so;

(b) the information necessary to achieve interoperability has not previously
been readily available to the persons referred to in paragraph (a); and

(c) those acts are confined to the parts of the original program which are
necessary in order to achieve interoperability.

(3) The information obtained through the application of the provisions of
subsection (2) may not be:

(a) used for goals other than those to achieve the interoperability of the
independently created computer program;

(b) given to others except when necessary for the interoperability of the
independently created computer program;

(c) used for the development, production or marketing of a computer
program substantially similar in its expression to the program contemplated in subsection (1); or

(d) used for any other act which infringes copyright.

(4) For the purposes of this section, ‘‘ ‘interoperability’ means the ability to exchange information and to use the information which has been
exchanged.’’.

 

Insertion of sections 19C and 19D in Act 98 of 1978

18. The following sections are hereby inserted in the principal Act after section 19B:

 

‘‘General exceptions regarding protection of copyright work for libraries, archives, museums and galleries

19C.

(1) A library, archive, museum or gallery may, without the authorisation of the copyright owner, use a copyright work to the extent appropriate to its activities in accordance with subsections (2) to (13) if the work is not used for commercial purposes.

(2) A library, archive, museum or gallery may lend a copyright work
incorporated in tangible media to a user or to another institution.

(3) A library, archive, museum or gallery may provide temporary access to a copyright work in digital or other intangible media, to which it has lawful access, to a user or to another library.

(4) A library, archive, museum or gallery may, for educational or research
purposes, permit a user to view a whole film or audiovisual fixation, listen
to a full digital video disc, compact disc or other sound recording or musical
work on its premises, in an institutional classroom or lecture theatre, or
view such film or fixation or listen to such digital video disc, compact disc or other sound recording or musical work by means of a secure computer
network, without permission from rights owners, but may not permit a user to make a copy or recording of the work for commercial purposes.

(5) A library, archive, museum or gallery may make:

(a) a copy of any work in its collection for the purposes of back-up and
preservation; and

(b) copies of publicly accessible websites for the purposes of preservation.

(6) If a work or a copy of such work in the collection of a library, archive,
museum or gallery is incomplete, such library, archive, museum or gallery
may make or procure a copy of the missing parts from another institution.

(7) A library, archive, museum or gallery may, without the consent of the
author, engage in format-shifting or conversion of works from ageing or
obsolete technologies to new technologies in order to preserve the works
for perpetuity, and to make the resulting copies accessible consistent with
this section.

(8) This Act does not prevent the making of copies in accordance with
section 5 of the Legal Deposit Act, 1997 (Act nº 54 of 1997).

(9) A library, archive, museum or gallery may make a copy of a copyright
work when the permission of the author or other owner of copyright,
collecting society or representative of the indigenous community concerned
cannot after reasonable endeavour be obtained or where the work is not available by general trade or from the publisher.

(10) Notwithstanding any other section, a library, archive, museum or gallery may buy, import or otherwise acquire any copyright work that is legally available in any country.

(11) A library, archive, museum or gallery may reproduce in any format any copyright work which has been retracted or withdrawn from public access, but which has previously been communicated to the public or made available to the public by the author or other rights holder, and make such work available for preservation, research or any other legal use.

(12)

(a) A library, archive, museum or gallery may make a copy of any copyright work and make it available for institutional or public exhibition of a non-profit nature for the purposes of commemorating any historical or cultural event or for educational and research purposes.

(b) A library, archive, museum or gallery contemplated in paragraph (a)
may also, for the purposes of that paragraph:
(i) take and show a photograph of such work or show video footage of such work;
(ii) create other images such as paintings of buildings; or
(iii) photograph artworks on public buildings such as wall art and graffiti,
memorial sites, sculptures and other artworks which are permanently located in a public place.

(13)

(a) Subject to paragraph (b), a library may supply to any other library with a copy of a copyright work in its collection, whether by post, fax or secure electronic transmission.

(b) The receiving library must delete any electronic file received from the
other library immediately after supplying the patron who has requested it
with an electronic or paper copy of the work.

(14) An institutional officer or employee acting within the scope of his or her duties, shall be protected from any claim for damages, from criminal liability and from copyright infringement when the duty is performed in good faith and where there are reasonable grounds for believing that:

(a) the work is being used as permitted within the scope of an exception in this Act or in a way that is not restricted by copyright; or

(b) the copyright work, or material protected by related rights, is in the public domain or licensed to the public under a public or open licence.

(15) Nothing in this section shall diminish any rights that a library, archive, museum or gallery otherwise enjoy pursuant to other provisions of this Act, including those in sections 12 and 12A: Provided that, in exercising rights provided for in this section or elsewhere in the Act, such library, archive, museum or gallery shall take reasonable steps to ensure that any digital copy supplied by it is accompanied by information concerning the appropriate use of that copy.

 

General exceptions regarding protection of copyright work for persons
with disability

19D.

(1) Any person may, without the authorisation of the author, make an accessible format copy for the benefit of a person with a disability, supply that accessible format copy to a person with a disability by any means, including by non-commercial lending or by electronic communication by wire or wireless means, and undertake any intermediate steps to achieve these objectives, if the following conditions are met:

(a) The person wishing to undertake any activity under this subsection must have lawful access to the copyright work or a copy of that work;

(b) the copyright work must be converted into an accessible format copy,
which may include any means necessary to create such accessible format copy but which does not introduce changes other than those needed to make the work accessible to a person with a disability; and

(c) the activity under this subsection must be undertaken on a non-profit
basis.

(2)

(a) A person with a disability to whom the work is communicated by wire or wireless means as a result of an activity under subsection (1) may, without the authorisation of the author of the copyright work, reproduce the work for personal use.

(b) The provisions of paragraph (a) are without prejudice to any other
limitations or exceptions that the person referred to in that paragraph may
enjoy.

(3) A person with a disability or an organisation that serves persons with
disabilities may, without the authorisation of the author, export to or import
from another country any copy of an accessible format copy of a work
referred to in subsection (1), as long as such activity is undertaken on a
non-profit basis by that person or organisation.

(4) The exception created by this section is subject to the obligation of
indicating the source and the name of the author on any accessible format
copy in so far as it is practicable.’’.

 

Amendment of section 20 of Act 98 of 1978, as substituted by section 19 of Act 125 of 1992

19. Section 20 of the principal Act is hereby amended:

(a) by the substitution for subsections (1) and (2) of the following subsections,
respectively:
‘‘(1) Notwithstanding the transfer of the copyright in a [literary, musical or artistic work, in a cinematograph film or in a computer program] work, the author shall have the right to claim authorship of the work, subject to the provisions of this Act, and to object to any distortion, mutilation or other modification of the work where such action is or would be prejudicial to the honour or reputation of the author: Provided that an author who authorizes the use of his or her work in a sound recording or cinematograph film or [a television broadcast] audiovisual fixation an author of a computer program or a work associated with a computer program may not prevent or object to modifications that are absolutely necessary on technical grounds or for the purpose of commercial exploitation of the work.

(2) Any infringement of the provisions of this section shall be treated as an infringement of copyright under Chapter 2, [and] except that, for the purposes of the provisions of the said Chapter, the author shall be deemed [to be] to have the right to complain of any infringement, rather than the owner of the copyright in question.’’; and

 

(b) by the addition of the following subsections:

‘‘(3) A right contemplated in subsection (1) lapses on the date of the death of the author of the work, if any, and in the case of works created by more than one author the right lapses on the date of the death of the author who dies last.

(4) A right contemplated in subsection (1) is non-transferable and, where applicable, limitations and exceptions provided for in this Act, including those specified in sections 12 and 12A, shall apply to this section with the changes required by the context.’’.

 

Amendment of section 21 of Act 98 of 1978, as substituted by section 9 of Act 56 of 1980

20. Section 21 of the principal Act is hereby amended by the substitution in subsection (1) for paragraph (c) of the following paragraph:
‘‘(c) Where a person commissions the taking of a photograph, the painting or
drawing of a portrait, the making of a gravure, the making of a cinematograph film or audiovisual fixation or the making of a sound recording and pays or agrees to pay for it in money or money’s worth, and the work is made in pursuance of that commission, [such person shall, subject to the provisions of paragraph (b), be the owner of any copyright subsisting therein by virtue of section 3 or 4] the ownership of any copyright subsisting in the work shall be governed by contract:
Provided that in the absence of valid contract, ownership shall vest in the person commissioning the work and the author of the work shall have a licence to exercise any right which by virtue of this Act would, apart from the licence, be exercisable exclusively by such author.’’

 

Amendment of section 22 of Act 98 of 1978

21. Section 22 of the principal Act is hereby amended:

(a) by the substitution for subsection (1) of the following subsection:
‘‘(1) Subject to the provisions of this section, copyright shall be
transmissible as movable property by assignment, testamentary disposition
or operation of law: Provided that copyright owned by, vested in or under the custody of the state may not be assigned.’’;

(b) by the substitution for subsections (3) and (4) of the following subsections,
respectively:
‘‘(3) No assignment of copyright and no exclusive licence to do an act which is subject to copyright shall have effect unless it is in writing signed by or on behalf of the assignor, the [licenser] licensor or, in the case of an exclusive [principal act] sub-licence, the exclusive [sublicenser, as the case may be] sub-licensor, as stipulated in Schedule 2:
Provided that assignment of copyright shall be valid for a period of 25 years from the date of agreement of such assignment.
(4) A non-exclusive licence to do an act which is subject to copyright may be [written or oral] verbal or in writing, or may be inferred from conduct, and may be revoked at any time: Provided that such a licence granted [by contract] in writing or its electronic equivalent shall not be revoked, either by the person who granted the licence or his or her successor in title, except as the contract may provide, [or by a further contract] by a further contract or by operation of law.’’; and

(c) by the substitution for subsection (8) of the following subsection:
‘‘(8) Unless otherwise prohibited from doing so, a licensee may grant a sub-licence for the doing of any act that falls within the terms of the licence, including any implied term, without the consent of the original licensor.’’

 

Insertion of section 22A in Act 98 of 1978

22. The following section is hereby inserted in the principal Act after section 22:

 

‘‘Assignment and licences in respect of orphan works

22A.

(1) A person who wishes to obtain a licence to do an act which is subject to copyright in respect of an orphan work must make an application to the Commission in the prescribed manner.

(2) Before making an application in terms of subsection (1), the applicant
must publish his or her intention to make such application by notice in the
Gazette and in English and any other official language in two daily
newspapers having general circulation throughout the national territory of
the Republic.

(3) An application in terms of subsection (1) must be made in such form
as may be prescribed and must be accompanied by copies of the published
advertisement contemplated in subsection (2) and such fee as may be
prescribed.

(4) When the Commission receives an application in terms of subsection
(1), the Commission may, after holding such inquiry as may be prescribed,
grant to the applicant a licence to perform any act which is subject to
copyright, subject to subsections (5) and (6) and the payment of a royalty.

(5) A licence issued in terms of subsection (4) is non-exclusive and is
subject to such terms and conditions as the Commission may determine.

(6) The Commission may not issue the licence in terms of subsection (4)
unless the Commission is satisfied that the applicant has undertaken the
following steps in locating the copyright author:

(a) Conducted a search of the database of the register of copyright maintained by the Commission that is available to the public through either the internet or any other means relevant to identifying and locating registered copyright authors;

(b) conducted a search of reasonably available sources of copyright
authorship and authorship information and where appropriate, licensor
information;

(c) conducted a search using appropriate technology tools, printed
publications and enlisted, where reasonable, internal or external expert
assistance;

(d) conducted a search using any other database available to the public,
including any database that is available to the public through the
internet; and

(e) undertaken actions that are reasonable and appropriate in terms of the
facts relevant to the search, including:
(i) actions based on facts known at the start of the search and facts
uncovered during the search;
(ii) actions directed by the Commission; and
(iii) the review of any records not available to the public through the internet that are known to be useful in identifying and locating the copyright author.

(7) Where a licence is granted in terms of subsection (4), the Commission
may direct the applicant to deposit the amount of the royalty determined in
a particular account so as to enable the author of the copyright or, as the
case may be, his or her heirs, executors or legal representatives to claim
such royalty at any time.

(8) The copyright author may, not later than five years after the expiration
of a licence issued in terms of this section, collect the royalties fixed in the
licence or in default of payment by initiating a legal suit to recover such
royalties.

(9) Any person who can adduce evidence for the purposes of proving that
he or she is the author of an orphan work, may have the copyrighted work
returned to him or her with a claim in law to recover any fees that accrued
to the copyright work after such return.’’.

 

Insertion of Chapter 1A in Act 98 of 1978

23. The following Chapter is hereby inserted in the principal Act after Chapter 1:

‘‘CHAPTER 1A.- COLLECTING SOCIETIES

 

Registration

22B.

(1) Any person who intends to act as a representative collecting
society by:

(a) administering rights on behalf of any copyright owners or authors or
on behalf of an organisation representing copyright authors, has the
right to receive payment of a royalty in terms of this Act; or

(b) administering rights on behalf of performers or owners, on behalf of a
performers’ or owners’ organisation, has the right to receive payment of a royalty in terms of section 5(1)(b) of the Performers’ Protection Act, 1967 (Act nº 11 of 1967), and must be registered and accredited by the Commission.

(2) Any person contemplated in subsection (1)(b) may, in the prescribed
manner, lodge a written application with the Commission for registration.

(3) The Commission may, for purposes of issuing a registration certificate, consult with any person and may grant such registration and issue a registration certificate on such terms and conditions as may be determined by the Commission.

(4) The Commission shall not register and issue a registration certificate
to any applicant unless the Commission is satisfied that:

(a) having scrutinised the application and supporting documents, the
applicant is able to ensure adequate, efficient and effective administration
relating to collection of royalties; and

(b) the applicant may satisfactorily comply with any condition for accreditation and the relevant provisions of the Companies Act, 2008 (Act nº 71 of 2008), the Broad-Based Black Economic Empowerment Act, 2013 (Act nº 46 of 2013), and any other applicable legislation.

(5) A registration certificate issued in terms of this section is valid for a
period not exceeding five years and, unless it is suspended or cancelled,
may, in the prescribed manner, be renewed on such terms and conditions as
may be determined by the Commission.

(6) The Commission shall only register one collecting society for each
right or related right granted under copyright.

(7) Where there is no collecting society for a right or related right granted
under copyright, the user, performer, owner, producer or author may enter
into such contractual arrangements as may be prescribed.

 

Administration of rights by collecting society

22C. (1) Subject to such terms and conditions as may be prescribed:

(a) a collecting society or Community Trust may accept from a user,
performer, owner, producer, author, community trust or another
collecting society of rights exclusive authorisation to administer any
right in any work by the issuing of licences or the collecting of licence
fees, or both; and

(b) a user, performer, owner, producer, author, community trust or other
collecting society of rights may withdraw such authorisation without
prejudice to the right of the collecting society or Community Trust
concerned.

(2) A collecting society may:

(a) enter into an agreement with any foreign society or organisation
administering rights corresponding to rights that the collecting society
administer under this Act; and

(b) entrust to such foreign society or organisation the administration in the
foreign country in question of rights administered by the said collecting society in the Republic: Provided that no such collecting society, foreign society or organisation shall permit any discrimination in respect of the terms of a licence or the distribution of royalties collected.

(3) Subject to such conditions as may be prescribed, a collecting society
may:

(a) issue a licence in respect of any rights under this Act;

(b) collect royalties in pursuance of such a licence;

(c) distribute such collected royalties among users, performers, owners,
producers, authors, community trusts or collecting societies of rights
after deducting a prescribed amount from the collected royalties for its
own expenses;

(d) perform any other prescribed function; and

(e) negotiate royalty rates with publishers.

 

Control of collecting society or Community Trust by users, performers,
owners, producers or authors of rights

2D.

(1) A collecting society or Community Trust is subject to the control
of the users, performers, owners, producers or authors of rights under this
Act whose rights that collecting society or Community Trust administers,
and the collecting society or Community Trust shall, in such manner as may
be prescribed:

(a) obtain the approval of those users, performers, owners, producers or
authors of rights for its procedures of collection and distribution of
royalties;

(b) obtain the approval of those authors for the utilisation of any amounts
collected as royalties for any purpose other than the distribution of the
royalties to the user, performer, owner, producer or author of rights; and

(c) provide to those users, performers, owners, producers or authors
regular, full and detailed information concerning all the activities of
the collecting society in respect of the administration of the rights of
those authors.

(2) Royalties distributed among the authors of rights shall, as far as may
be possible, be distributed in proportion to the actual use of their works.

 

Submission of returns and reports

22E.

(1) A collecting society or Community Trust shall submit to the
Commission at the prescribed time such returns and reports as may be
prescribed.

(2) The Commission may call for a report and specific records from a
collecting society for the purposes of satisfying the Commission that:

(a) the affairs of the collecting society are conducted in a manner
consistent with the registration conditions of that collecting society; or

(b) the royalties collected by the collecting society in respect of rights
administered by that collecting society are being utilised or distributed
in accordance with the provisions of this Act.

 

Suspension and cancellation of registration of collecting society

22F.

(1) The Commission may issue a compliance notice or apply to the
Tribunal for an order to institute an inquiry into the affairs of a collecting
society, if the Commission is satisfied that the collecting society is being
managed in a manner that contravenes the registration conditions of that
collecting society or is managed in a manner detrimental to the interests of
the authors of rights concerned.

(2) The Commission may, if it is of the opinion that it will be in the interest of the authors of rights concerned, apply to the Tribunal for an order suspending the registration of such collecting society pending an inquiry for such period as may be specified in the order.

(3) The Commission may, after such inquiry and if it is of the opinion that it will be in the interest of the authors of rights concerned, apply to the Tribunal for an order of cancellation of the registration of the collecting society in question.

(4) The Commission shall be responsible for the administration and
discharge of the functions of the collecting society during the period of
suspension or cancellation of the registration of the collecting society in
question following the order of the Tribunal: Provided that the Tribunal
may, on application by the Commission, appoint any suitable person to
assist the Commission in the administration and discharging of the
functions of that collecting society.’’.

 

Amendment of section 23 of Act 98 of 1978, as amended by section 20 of Act 125 of 1992

24. Section 23 of the principal Act is hereby amended:

(a) by the substitution for subsection (1) of the following subsection:
‘‘(1) Copyright shall be infringed by any person[,]:
(a) not being the owner of the copyright, who, without the licence of such owner, does or causes any other person to do, in the Republic, any act which the owner has the exclusive right to do or to authorise;
(b) who tampers with any information kept by any other person in order to administer copyright in terms of this Act;
(c) who omits to pay the performer, owner, producer or author of copyright work a royalty fee as and when the copyright work is used;
(d) who omits to pay the author of artistic work a royalty fee as prescribed by this Act as and when the artistic work is sold;
(e) who misuses copyright and technological protection measures in order to constitute a defence to any claim of copyright liability or any independent cause of action that may be pursued either as a counterclaim in an action for infringement or instituted independently.’’; and

(b) by the deletion in subsection (2) of paragraph (b).

 

Amendment of section 27 of Act 98 of 1978, as amended by section 11 of Act 52 of 1984, section 3 of Act 61 of 1989 and section 24 of Act 125 of 1992

25. Section 27 of the principal Act is hereby amended by the addition of the following subsection:

‘‘(7) Any person who, at the time when copyright subsists in a work that is
protected by a technological protection measure applied by the owner of the
copyright:

(a) make, import, sell, distribute, let for hire, offer or expose for sale or hire or
advertise for sale or hire, a technological protection measure circumvention
device if:
(i) such person knows, or has reason to believe, that that device will or is
likely to be used to infringe copyright in a work protected by a technological protection measure;
(ii) such person provides a service to another person to enable or assist such
other person to circumvent a technological protection measure; or
(iii) such person knows or has reason to believe that the service contemplated
in subparagraph (ii) will or is likely to be used by another person to infringe copyright in a work protected by a technological protection measure;

(b) publishes information enabling or assisting any other person to circumvent a technological protection measure with the intention of inciting another person to unlawfully circumvent a technological protection measure in the Republic; or

(c) circumvent such technological protection measure when he or she is not
authorised to do so, shall be guilty of an offence and shall upon conviction be liable to a fine or to imprisonment for a period not exceeding five years, or to both a fine and such imprisonment.’’.

Amendment of section 28 of Act 98 of 1978, as substituted by section 12 of Act 52 of 1984 and amended by section 25 of Act 125 of 1992

26. Section 28 of the principal Act is hereby amended:

(a) by the substitution for subsection (2) of the following subsection:
‘‘(2) This section shall apply to any copy of the work in question made
outside the [Republic which if it had been made in the Republic would be an infringing copy of the work] Republic, if the making of such copy constituted an infringement of copyright in the country in which the work was made.’’; and

(b) by the substitution for subsection (5) of the following subsection:
‘‘(5) This section shall [mutatis mutandis], with the necessary changes, apply with reference to an exclusive licensee who has the right to import into the Republic any work published elsewhere, which would be an infringing copy of the work in the country in which it was made.’’.

 

Insertion of sections 28O to 28S in Act 98 of 1978

27. The following section is hereby inserted in the principal Act after section 28N:

 

‘‘Prohibited conduct in respect of technological protection measures

28O. (1) No person may make, import, sell, distribute, let for hire, offer or expose for sale, hire or advertise for sale a technological protection measure circumvention device if such a person knows or has reason to believe that it will or is likely to be used to infringe copyright in a technologically protected work.

(2) No person may provide a service to any other person if:

(a) such other person intends to use the service to circumvent an effective
technological protection measure; or

(b) such person knows or has reason to believe that the service will or is
likely to be used by another person to infringe copyright in a
technologically protected work.

(3) No person may publish information enabling or assisting another
person to circumvent an effective technological protection measure with the
specific intention of inciting another person to unlawfully circumvent a
technological protection measure in the Republic.

(4) No person may, during the subsistence of copyright in a work and
without a licence of the author of the copyright in such work, circumvent an
effective technological protection measure applied by the author of the
copyright to such work.

(5) A technological protection measure shall be deemed to be effective if
the use of the work is controlled by the author, exclusive licensee or person
assigned copyright in such work through the application of an access
control or protection process, such as encryption, scrambling or other
transformation of the work or a copy control mechanism which achieves the
protection objective.

(6) The provisions of this section must be read together with the provisions of sections 86, 87 and 88 of the Electronic Communications and Transactions Act, 2002 (Act nº 25 of 2002).

 

Exceptions in respect of technological protection measure

28P.

(1) For the purposes of this Act and of section 86 of the Electronic
Communications and Transactions Act, 2002 (Act nº 25 of 2002), nothing
in this Act shall prevent any person from using a technological protection
measure circumvention device to perform any of the following:

(a) An act permitted in terms of any exception provided for in this Act; or

(b) the sale, offer to sell, procurement for use, design, adaptation for use,
distribution or possession of any device or data, including a computer
program or a component, which is designed primarily to overcome security measures for the protection of data in order to enable the performance of any act permitted in terms of paragraph (a).

(2) A person or user of a technologically protected work who wishes to
circumvent a technological protection measure so as to perform a permitted
act contemplated in subsection (1) but cannot practically do so because of
such technological protection measure, may:

(a) apply to the copyright author for assistance to enable such person or
user to circumvent such technological protection measure in order to
perform such permitted act; or

(b) if the copyright author has refused such person’s or user’s request or
has failed to respond to it within reasonable time, engage the services
of any other person for assistance to enable such person or user to
circumvent such technological protection measure in order to perform
such permitted act.

(3) The person or user engaging the services of another person for
assistance to enable such person or user to circumvent a technological
measure in terms of subsection (2)(b) shall maintain a complete record of
the particulars of the:

(a) other person, including his or her name, address and all other relevant
information necessary to identify him or her; and

(b) purpose for which the services of such other person has been engaged.

 

Enforcement by Commission

28Q. The Commission must enforce this Act by:

(a) performing all the relevant functions contemplated in section 187 of
the Companies Act in respect of this Act;

(b) referring matters to and appearing before the Tribunal; and

(c) dealing with any other matter referred to it by any person, Tribunal or
any other regulatory authority.

 

Prohibited conduct in respect of copyright management information

28R. No person may:

(a) in respect of any copy of a work, remove or modify any copyright
management information; and

(b) in the course of business make, import, sell, let for hire, offer or expose
for sale, advertise for sale or hire a copy of a work if any copyright
management information has been removed or modified without the
authority of the copyright author.

 

Exceptions in respect of copyright management information

28S. The prohibition in section 28R does not apply if a person:

(a) is authorised by the user, performer, owner, producer or author to
remove or modify the copyright management information;

(b) does not know and has no reason to believe that the removal or
modification of the copyright management information will induce,
enable, facilitate or conceal an infringement of the copyright in the
work; or

(c) does not know or has no reason to believe that the copyright
management information has been removed or modified without the
authority of the copyright user, performer, owner, producer or
author.’’.

 

Substitution of heading of Chapter 3 of Act 98 of 1978

28. The following heading is hereby substituted for the heading of Chapter 3 of the principal Act:

 

‘‘[COPYRIGHT TRIBUNAL] REGULATORY AND ENFORCEMENT
AGENCIES’’.

 

Substitution of section 29 of Act 98 of 1978, as amended by section 26 of Act 125 of 1992

29. The following section is hereby substituted for section 29 of the principal Act:

 

‘‘Establishment of Tribunal

29.

(1) There is hereby established a juristic person to be known as the
Intellectual Property Tribunal, which:

(a) has jurisdiction throughout the Republic;

(b) is independent and subject only to the Constitution and the law; and

(c) must perform its functions impartially and without fear or favour.

(2) Each organ of state must assist the Tribunal to maintain its
independence and impartiality, and to perform its functions effectively.

(3) In carrying out its functions, the Tribunal may:

(a) have regard to international developments in the intellectual property
arena; and

(b) consult any person, organisation or institution with regard to any
matter within its jurisdiction.

(4) The Tribunal consists of a chairperson, deputy chairperson and not
less than nine members appointed by the Minister, on a full-time or
part-time basis.’’

 

Insertion of sections 29A to 29S in Act 98 of 1978

30. The following sections are hereby inserted in the principal Act after section 29:

 

‘‘Functions of Tribunal

29A.

(1) The Tribunal must carry out the functions entrusted to it in terms
of this Act or any other legislation.

(2) The Tribunal may:

(a) adjudicate any application or referral made to it in terms of this Act,
the Companies Act or any other relevant legislation, and may make
any appropriate order in respect of an application or referral;

(b) only hear matters referred to it by the Commission, a dispute
resolution institution or any regulatory authority, if the dispute relates
to intellectual property rights;

(c) review any decision of the Commission, dispute resolution institution
or any regulatory authority if it relates to intellectual property rights;

(d) adjudicate any application or referral made to it by any person,
institution or regulatory authority where the dispute can only be
directly referred to the Tribunal in terms of this Act and such dispute
relates to intellectual property rights; and

(e) settle disputes relating to payment of royalties or terms of agreements
entered into as required by this Act or agreements entered into in order
to regulate any other matter in relation to intellectual property rights.

 

Appointment of members of Tribunal

29B.

(1) The Minister must appoint as members of the Tribunal persons
who have adequate and appropriate qualifications and experience in
economics, law, commerce or public affairs.

(2) The Minister must designate a member of the Tribunal as chairperson
and another member as deputy chairperson of the Tribunal.

(3) The deputy chairperson shall perform the functions of the chairperson
whenever:

(a) the office of chairperson is vacant; or

(b) the chairperson is for any other reason temporarily unable to perform
those functions.

(4) The Minister, in consultation with the Minister of Finance, must
determine the remuneration, allowances, benefits and other terms and
conditions of employment of members of the Tribunal.

 

Qualifications for appointment

29C.

(1) To be eligible for appointment as a member of the Tribunal and to continue to hold that office, a person must, in addition to satisfying any other specific requirements set out in this Act:

(a) not be subject to any disqualification set out in subsection (2); and

(b) have submitted to the Minister a written declaration stating that he or
she is not disqualified in terms of subsection (2).

(2) A person may not be appointed or continue to be a member of the
Tribunal, if that person:

(a) is an office-bearer of any political party, political movement or
political organisation;

(b) has or through a related person acquires a personal financial interest
that may conflict or interfere with the proper performance of the duties of a member of the Tribunal;

(c) is disqualified in terms of section 69 of the Companies Act from serving as a director of a company;

(d) is subject to an order of court holding that person to be mentally unfit or disordered;

(e) has been found in any civil or criminal proceedings by a court of law,
whether in the Republic or elsewhere, to have acted fraudulently,
dishonourably, in breach of a fiduciary duty or of any other offence for which such person has been sentenced to direct imprisonment without the option of a fine;

(f) has been removed from a position of trust; or

(g) has at any time found to be in contravention of this Act.

 

Terms of office of members of Tribunal

29D.

(1) Each member of the Tribunal, including the chairperson and deputy chairperson, serves for a term of five years which may be renewed
only once for a further period of five years.

(2) The chairperson may, on one month written notice addressed to the
Minister:

(a) resign from the Tribunal; or

(b) resign as chairperson, but remain as a member of the Tribunal.

(3) A member of the Tribunal other than the chairperson may resign by
giving at least one month written notice to the Minister.

(4) In the event of the expiry of the term of office of a member of the
Tribunal, the member has a matter pending for adjudication before the
Tribunal, the member may continue to act as a member in respect of that
matter only.

 

Removal or suspension of members of Tribunal

29E. The Minister may, at any time, remove or suspend a member of the
Tribunal from office if such a member:

(a) becomes subject to any of the disqualifications referred to in section
29C(2);

(b) repeatedly fails to perform the duties of the Tribunal;

(c) due to a physical or mental illness or disability becomes incapable of
performing the functions of the Tribunal;

(d) is found guilty of a serious misconduct; or

(e) engages in any activity that may undermine the integrity of the Tribunal.

 

Conflict and disclosure of interest

29F.

(1) A member of the Tribunal may not represent any person before
the Tribunal.

(2) If, during a hearing in which a member of the Tribunal is participating, it appears to the member that the matter concerns a financial or other interest of the member contemplated in section 29C(2)(b), the member must:

(a) immediately and fully disclose the fact and nature of such interest to the chairperson, deputy chairperson and the presiding member at that hearing, as the case may be; and

(b) withdraw from any further involvement in that hearing.

(3) A member must not:

(a) make private use of or profit from confidential information obtained as
a result of performing his or her official duties as a member of the Tribunal; or

(b) divulge any information referred to in paragraph (a) to a third party, except as required and as part of the official functions as a member of the Tribunal.

 

Proceedings of Tribunal

29G.

(1) The chairperson is responsible for managing the case files of the
Tribunal, and must, taking into account the complexity of a matter, assign
the matter to:

(a) a member of the Tribunal; or

(b) a panel composed of any three members of the Tribunal.

(2) When assigning a matter to a panel in terms of subsection (1)(b), the
chairperson must:

(a) ensure that at least one member of the panel is a person with suitable
legal qualifications and experience; and

(b) designate a member of the panel to preside over the proceedings of the
Tribunal.

(3) If a member of the panel is unable to complete the proceedings in a
matter assigned to that panel due to resignation, illness, death, removal,
suspension or withdrawal from a hearing in terms of this Act, the
chairperson may:

(a) direct that the hearing of that matter proceed before the remaining
members of the panel, subject to the requirements of subsection (2)(a); or

(b) terminate the proceedings before that panel and constitute a new panel
which may include any member of the original panel and direct the new panel to conduct the hearing afresh.

(4) The decision of a Tribunal on a matter referred to it must be in writing
and must include reasons for that decision.

(5) A decision of a single member of the Tribunal hearing a matter in terms of subsection (1)(a), or of a majority of the members of a panel in any other case, is the decision of the Tribunal.

(6) A decision, judgment or order of the Tribunal may be served, executed and enforced as if it were an order of the High Court and is binding subject to review or appeal to a High Court.

 

Hearings before Tribunal

29H.

(1) The Tribunal must conduct its hearings in public:

(a) in an inquisitorial manner;

(b) as expeditiously as possible;

(c) as informally as possible; and

(d) in accordance with the principles of natural justice.

(2) Notwithstanding the provisions of subsection (1), a Tribunal member
presiding at a hearing may exclude members of the public, specific persons
or categories of persons from attending the hearing if:

(a) evidence to be presented is confidential information, but only to the
extent that the information cannot otherwise be protected;

(b) the proper conduct of the hearing requires it; or

(c) for any other reason that would be justifiable during proceedings in a
High Court.

 

Right to participate in hearing

29I. The following persons may participate in a hearing before the
Tribunal, in person or through a representative, and may put questions to
witnesses and inspect any books, documents or items presented at the
hearing:

(a) The Commission;

(b) the applicant, complainant and respondent; and

(c) any other person who has a material interest in the hearing, unless, in
the opinion of the presiding member of the Tribunal, such interest is
adequately represented by any other person participating at the hearing.

 

Powers of member presiding at hearing

29J. The member of the Tribunal presiding at a hearing may:

(a) direct or summon any person to appear before the Tribunal at any
specified time and place;

(b) question any person under oath or affirmation;

(c) summon or order any person to:
(i) produce any book, document or item necessary for the purposes of the hearing; or                                                                                                        (ii) perform any other act in relation to this Act; and

(d) give direction prohibiting or restricting the publication of any evidence adduced during a Tribunal hearing.

 

Rules of procedure

29K. Subject to the rules of procedure of the Tribunal, a member of the
Tribunal presiding at a hearing may determine any matter of procedure for
that hearing, with due regard to the circumstances of the case and the
requirements of the applicable provision of this Act.

 

Appeals and reviews

29L.

(1) A participant in a hearing before a single member of the Tribunal may appeal against the decision of that member to a full panel of the Tribunal.
(2) Subject to the rules of the High Court, a participant in a hearing before a full panel of the Tribunal may:

(a) apply to the High Court to review the decision of the Tribunal; or

(b) appeal to the High Court against the decision of the Tribunal.

 

Interim relief

29M.

(1) Any person may apply at any time, whether or not a hearing has
commenced, to the Tribunal for an interim order in respect of the matter
before the Tribunal.

(2) The Tribunal may grant such an order if:

(a) there is prima facie evidence that the allegations may be true;

(b) an interim order is reasonably necessary to:
(i) prevent serious, irreparable damage to that person; or
(ii) prevent the purposes of this Act from being frustrated;

(c) the respondent has been given a reasonable opportunity to be heard,
having regard to the urgency of the proceedings; and

(d) the balance of convenience favours the granting of the order.

(3) An interim order in terms of this section must not extend beyond the
earlier of:

(a) the date of the conclusion of a hearing into the matter before the
Tribunal; or

(b) six months after the date of the issue of the interim order extension of
that order in terms of subsection (4).

(4) If an interim order has been granted and a hearing into that matter has
not been concluded within six months after the date of that order, the
Tribunal may, on good cause shown, extend the interim order for a further
period not exceeding six months.

 

Orders of Tribunal

29N. In addition to the powers in terms of this Act and the Companies
Act, the Tribunal may make any appropriate order in relation to a matter
brought before it, including:

(a) declaring particular conduct to constitute an infringement of this Act
and as such prohibited;

(b) interdicting conduct which constitutes an infringement of this Act;

(c) imposing an administrative fine in terms of section 175 of the
Companies Act, with or without the addition of any other order in
terms of this Act;

(d) confirming a consent agreement in terms of section 173 of the
Companies Act as an order of the Tribunal;

(e) condoning any non-compliance of its rules and procedures on good
cause shown;

(f) confirming an order against an unregistered person to cease engaging
in any activity that is required to be registered in terms of this Act;

(g) suspending or cancelling the registrant’s registration or accreditation
subject to any such terms and conditions the Tribunal deems fit; or

(h) any other appropriate order required to give effect to a right
contemplated in this Act or any other relevant legislation.

 

Witnesses

29O.

(1) Every person giving evidence at a hearing of the Tribunal must
answer any relevant question.

(2) The law regarding a witness’s privilege in a criminal case in a court
of law applies to a person giving evidence at a hearing of the Tribunal.

(3) The Tribunal may order a person to answer any question or to produce
any article or document, even if it is self-incriminating to do so.

 

Costs

29P.

(1) Subject to subsection (2), each party participating in a hearing of
the Tribunal shall bear its own costs.

(2) If the Tribunal:

(a) has not made a finding against a respondent, the member of the
Tribunal presiding at the hearing may award costs to the respondent
and against a complainant who referred the complaint to the Tribunal; or

(b) has made a finding against a respondent, a member of the Tribunal
presiding at a hearing may award costs against the respondent and to
a complainant who referred the complaint to the Tribunal.

 

Appointment of staff of Tribunal

29Q. The Chairperson or any delegated member of the Tribunal may:

(a) appoint staff and enter into an agreement with or hire independent
contractors to assist the Tribunal in carrying out its functions; and

(b) in consultation with the Minister and the Minister of Finance,
determine the remuneration, allowances, benefits and other terms and
conditions of members of staff of the Tribunal or those contracted or
hired to assist the Tribunal.

 

Finances

29R.

(1) The Tribunal is financed from:

(a) money appropriated by Parliament;

(b) any fees or fines payable in terms of this Act or any relevant legislation;

(c) income derived from investment and deposit of surplus money in
terms of subsection (2); or

(d) other money accruing from any source.

(2) The Tribunal may invest or deposit money that is not immediately
required for contingencies or to meet current expenditures:

(a) on a call or short-term fixed deposit with any registered bank or
financial institution in the Republic; or

(b) in an investment account with the Corporation for Public Deposits
established by section 2 of the Corporation for Public Deposits Act,
1984 (Act nº 46 of 1984).

 

Reviews and reports to Minister

29S.

(1) The Minister may, at any time, conduct an audit review of the
performance by the Tribunal of its functions.

(2) In addition to any other reporting requirement set out in this Act or
any other legislation, the Tribunal must report to the Minister annually on
its performance and activities as required by the Public Finance Management
Act, 1999 (Act nº 1 of 1999).

(3) As soon as practicable after receiving a report of a review contemplated in subsection (1), or after receiving a report contemplated in subsection (2), the Minister must transmit and table a copy of the report in Parliament.’’.

 

Repeal of sections 30, 31, 32, 33 and 36 of Act 98 of 1978

31. Sections 30, 31, 32, 33 and 36 of the principal Act are hereby repealed.

 

Amendment of section 39 of Act 98 of 1978, as amended by section 4 of Act 9 of 2002 and section 5 of Act 28 of 2013

32. Section 39 of the principal Act is hereby amended:

(a) by the deletion of the word ‘‘and’’ at the end of paragraph (cD);

(b) by the insertion of the following paragraphs after paragraph (cE):
‘‘(cF) prescribing rules regulating the processes and proceedings of the
Tribunal;
(cG) prescribing compulsory and standard contractual terms to be included in agreements to be entered in terms of this Act;
(cH) prescribing permitted acts for circumvention of technological protection measures contemplated in section 28B after due consideration of the following factors:
(i) The availability for use of works protected by copyright;
(ii) the availability for use of works for non-profit archival and educational purposes;
(iii) the impact of the prohibition on the circumvention of technological protection measures applied to works or protected by copyright on criticism, comment, news reporting, teaching, scholarship or research; or
(iv) the effect of the circumvention of technological protection measures on the market for or value of works protected by copyright;
(cI) prescribing royalty rates or tariffs for various forms of use;
(cJ) prescribing the percentage and period within which distribution of
royalties must be made by Collecting Societies;
(cK) prescribing the terms and manner relating to the management of
unclaimed royalties, code of conduct and any other matter relating to the reporting, operations, activities and better collection processes
of royalties by a Collecting Society; and                                                         (cL) in consultation with the Minister responsible for communication,
prescribing the local music content for television and radio broadcasting;’’; and

(c) by the addition of the following subsection, the existing section becoming
subsection (1):
‘‘(2) Before making any regulations in terms of subsection (1), the
Minister must publish the proposed regulations for public comment for a
period of not less than 30 days.’’.

 

Insertion of section 39B in Act 98 of 1978

33. The following section is hereby inserted in the principal Act after section 39A:

 

‘‘Unenforceable contractual term

39B.

(1) To the extent that a term of a contract purports to prevent or restrict the doing of any act which by virtue of this Act would not infringe copyright or which purport to renounce a right or protection afforded by this Act, such term shall be unenforceable.

(2) This section does not prohibit or otherwise interfere with public and
open licences to do any act which is subject to copyright or moral rights,
settlement agreements, terms of service licences and the voluntary
dedication of a work to the public domain.’’

 

Insertion of Schedule 2 in Act 98 of 1978

34. The following Schedule is hereby added to the principal Act, the existing
Schedule becoming Schedule 1:

 

‘‘Schedule 2
(Section 22(3))

 

Part A.- Translation Licences

 

Application of provisions in Part A

1. The provisions in this Part apply to copyright works which have been
published in printed or analogous forms of reproduction.

 

Application for licence to translate copyrighted work

2.

(1) Any person may apply to the Commission for a licence to make a
translation of the work in order in printed or analogous forms of
reproduction, into any language that is an official language within the
Republic, or a foreign language that is regularly used in the Republic, for
use by readers located in the Republic.

(2) Any person may apply to the Commission for a licence to translate
copyrighted work in order to make the work into a usable or analogous form
of reproduction.

(3) No licence shall be granted until the expiration of the following
applicable periods:

(a) A period of one week from the date of the first publication of the original copyrighted work, where the application is for a licence for translation into specified languages;

(b) a period of three months from the date of the first publication of the
original copyrighted work, where the application is for a licence for
translation into specified languages in general use or any other language in general use; and

c) a period of one year from the date of the first publication of the of the
original copyrighted work, where the application is for a licence for
translation into any language that is not stipulated in this Act or
languages that are not generally used in the Republic covered in
subitem (1).

 

Granting of licence

3.

(1) Before granting a licence the Tribunal shall determine that:

(a) no translation of the work into the language in question of the
copyrighted work has been established in printed or analogous form of
reproduction by or with the authorisation of the user, performer,
owner, producer or author of the right of translation or any previous
editions in that language are out of print;

(b) the applicant for the licence has established that he or she has
requested and has been denied authorisation from the author of the
right of translation after due diligence on his or her part was unable to
find such user, performer, owner, producer or author;

(c) at the same time as addressing the request referred to in paragraphs (a)
and (b) with the user, performer, owner, producer or author, the
applicant for the licence has informed any organisation designated for
the purpose of his or her request in which the publisher of the work to
be translated is believed to have his or her principal place of business;

(d) if the applicant could not find the user, performer, owner, producer or
author of the copyrighted work requiring translation by registered mail
or electronic mail (with proof of service), a copy of his or her
application to the publisher whose name appears on the work and a
copy to any principal place of business referred to in paragraph (c);

(e) no licence shall be granted unless the user, performer, owner, producer
or author of the copyrighted work requiring translation is known or located and has been given an opportunity to be heard;

(f) no licence shall be granted until the expiration of:
(i) a further period of two days, where one week referred to in item 2(3)(a) applies;
(ii) a further period of two weeks, where three months referred to in item 2(3)(b) applies; or
(iii) a further period of three months, where one year referred to in item 2(3)(c) applies;

(g) such further period shall be computed from the date on which the
applicant complies with the requirements mentioned in paragraphs (a)
to (e) or where the identity or the address of the user, performer,
owner, producer or author of the copyright work requiring translation
is unknown from the date on which the applicant also complies with
the requirement mentioned in paragraphs (a) to (e); and

(h) if, during either of the said further periods, a translation into the
language in question of the copyright work has been published in
printed or analogous form of reproduction by or with the authorisation
of the user, performer, owner, producer or author of the translation
right, no licence shall be granted.

(2) For works composed mainly of illustrations, a licence shall be
granted only if the conditions stipulated in paragraphs (a) to (e) are also
fulfilled.

(3) No licence shall be granted when the user, performer, owner,
producer or author has withdrawn all copies of the work from circulation.

 

Scope and conditions of licence

4.

(1) Any licence granted under this Part shall:

(a) be for the purpose of teaching only;

(b) be for training, scholarship or research;

(c) be to allow publication in a printed or analogous form of reproduction
consistently with the conditions set out in item 3, if:
(i) the Tribunal certifies that facilities do not exist for such printing or reproduction or that existing facilities are incapable for economic or practical reasons of ensuring such reproduction, the preparation may be made outside the country and if:
(aa) all copies reproduced are sent to the licensee in one or more bulk shipments for distribution exclusively in the Republic and the contract between the licensee and the establishment doing the work of reproduction so requires;
(bb) the said contract provides that the establishment engaged for doing the work of reproduction guarantees that the work of reproduction is lawful in the country where it is done; and
(cc) the licensee does not entrust the work of reproduction to an establishment specially created for the purpose of having copies reproduced of works for a licence granted under this Part;
(ii) the publication does not extend to the export of copies made under the licence, except as provided in subparagraph (i);
(iii) the licence is non-exclusive; and
(iv) the licence is transferable.

(2) Copies of a translation published under a licence may be sent abroad
by the Government or other public entity if:                           .

(a) the translation is into a language other than the language used in the
Republic that will be of use;

(b) the recipients of the copies are individuals who are South African
nationals or are organisational groupings that are nationals in the
Republic;

(c) the recipients will use the copies only for the purposes of teaching,
scholarship or research;

(d) both the sending of the copies abroad and their subsequent distribution
to the recipients are without any commercial purposes; and

(e) the government of the foreign country to which the copies are sent, has
agreed to the receipt or distribution, or both, of the copies in that
country.

(3) The licence shall provide for just compensation in favour of the user,
performer, owner, producer or author of the right of translation that is
consistent with standards of royalties normally operating in the case of
licences freely negotiated between persons in the Republic and authors of
translation rights in the country of the author of the right of translation.

(4) If the licensee is unable to transmit the compensation to the user,
performer, owner, producer or author of the right of translation due to
conversion of currency, he or she shall report the fact to the Tribunal who
shall make all efforts, by the use of international machinery, to ensure that
such transmittal is in internationally convertible currency or its equivalent.

(5) As a condition of maintaining the validity of the licence, the
translation must be correct for such use and all published copies must
include the following:

(a) The original title and name of the user, performer, owner, producer or
author of the work;

(b) a notice in the language of the translation stating that the copy is
available for distribution only in the Republic; and

(c) if the work which is translated was published with a copyright notice,
a reprint of that notice.

(6) The licence shall terminate if:

(a) a translation of the work is in the same language of the copyrighted
work with substantially the same content as the original publication
under the licence; and

(b) a translation of the work is published in printed or analogous form of
reproduction in the country by or with the authorisation of the user,
performer, owner, producer or author at a price reasonably related to
the price normally charged in the country for comparable works.

(7) Any copies of the work already made before the licence terminates
may continue to be distributed until stocks are exhausted.

 

Licence for broadcasting organisation

5.

(1) A licence under this Part may also be granted to a domestic
broadcasting organisation if the following conditions are met:

(a) The translation is made from a copy made and acquired in accordance
with the laws of the country;

(b) the translation is for use in broadcasts intended exclusively for
teaching or for the dissemination of the results of specialised technical
or scientific research to experts in a particular profession only;

(c) the translation is used exclusively for the purpose specified in
paragraph (b) through broadcasts that are lawfully made and that are
intended for recipients in the Republic, including broadcasts made
through the medium of sound or visual recording that have been made
lawfully and for the sole purposes of such broadcasts;

(d) sound or visual recordings of the translation may not be used by
broadcasting organisations other than those having their headquarters
in the country; and

(e) all uses made of the translation are without commercial purpose.

(2) A licence may also be granted to a domestic broadcasting organisation under all of the conditions provided in subitem (1) to translate any text incorporated in an audiovisual fixation that was itself prepared and
published for the sole purpose of being used in connection with systematic
instructional activities.

 

Part B.- Reproduction Licences

 

Application of provisions in Part B

1. The provisions in this Part apply to works which have been published
in printed or analogous forms of reproduction.

 

Application for licence

2.

(1) Any person may apply to the Intellectual Property Tribunal for a
licence to reproduce and publish a particular edition of the work in printed
or analogous forms of reproduction (hereinafter referred to as ‘‘the
licence’’).

(2) No licence shall be granted until the expiration of the following
applicable periods, commencing from the date of first publication of the
particular edition of the work:

(a) Three years for works of technology and the natural and physical
sciences including mathematics;

(b) seven years for works of fiction, poetry, drama and music, and for art
books; and

(c) five years for all other works.

 

Grant of licence

3.

(1) Before the granting of a licence, the Tribunal shall determine
that:

(a) no distribution by, or without authorisation of, the user, performer,
owner, producer or author of the right of reproduction of copies in
printed or analogous forms of reproduction of that particular edition
has taken place in the country to the general public or in connection
with systematic activities at a price reasonably related to that normally
charged in the country or that, under the same conditions, such copies
have not been on sale in the country for a continuous period of at least
six months;

(b) the applicant for the licence has established that he or she either has
requested, and has been denied, authorisation from the user, performer,
owner, producer or author of the right of reproduction or that,
after due diligence on his or her part, he or she was unable to find such
user, performer, owner, producer or author;

(c) at the same time as addressing the request referred to in paragraph (b)
to the user, performer, owner, producer or author, the applicant for the
licence has informed any national or international organisation
designed for the purpose of his or her application in which the
publisher of the work to be reproduced is believed to have his or her
principal place of business; and

(d) if the applicant for the licence could not find the user, performer,
owner, producer or author of the right of reproduction, the applicant
has sent, by registered mail or electronic mail (with proof), a copy of
his or her application to the publisher whose name appears on the work
and a copy of his or her application to any principal place of business
referred to in paragraph (c).

(2) No licence shall be granted unless the user, performer, owner,
producer or author of the right of reproduction is known, located or has
been given an opportunity to be heard.

(3) Where the three-year period referred to in item 2(2)(a) applies, no
licence shall be granted until the expiration of six months calculated from
the date on which the applicant complies with the requirements mentioned
in subitem (2)(a) and (b) or, where the identity or the address of the user,
performer, owner, producer or author of the right of reproduction is
unknown, from the date on which the applicant also complies with the
requirements mentioned in this Part.

(4) Where the seven-year or five-year periods referred to in paragraphs
(b) and (c) of item 2(2) apply and where the identity or the address of the
user, performer, owner, producer or author of the right of reproduction is
unknown, no licence shall be granted until the expiration of six months
calculated from the date on which the copies referred to have been mailed.

(5) If, during the period of six or three months referred to in subitem (3)
or (4), a distribution or placing on sale has taken place, no licence shall be
granted.

(6) No licence shall be granted if the user, performer, owner, producer or
author has withdrawn from circulation all copies of the edition which is the
subject of the application.

(7) Where the edition which is the subject of an application for a licence
under this Part is a translation, the licence shall only be granted if the
translation is in a language required by, or with the authorisation of, the
user, performer, owner, producer or author of the right of translation.

 

Scope and condition of licence

4.

(1) Any licence under this Part shall:

(a) be for use in connection with systematic instructional activities only;

(b) allow publication only in a printed or analogous form of reproduction
at a price reasonably related to or lower than that normally charged in
the country for comparable work;

(c) allow publication within the country only and shall not extend to the
export of copies made under the licence;

(d) if the Tribunal certifies that facilities do not exist in the country and the
contract between the licensee and the establishment doing the work of
reproduction so requires, allow reproduction outside the country as
long as:
(i) all copies reproduced are sent to the licensee in one or more
bulk shipments for distribution exclusively in the country and
the contract between the licensee and the establishment doing
the work of reproduction so requires;
(ii) the said contract provides that the establishment engaged for
doing the work of reproduction guarantees that the work of
reproduction is lawful in the country where it is done;
(iii) the licensee does not entrust the work of reproduction to an
establishment created for the purpose of having copies
reproduced of works for which a licence has been granted under this Part;
(iv) the licence is non-exclusive; and
(v) the licence is transferable.

(2) The licence shall provide for just compensation in favour of the user,
performer, owner, producer or author of the right of reproduction that is
consistent with standards of royalties normally operating in the case of
licences freely negotiated between persons in the country and users,
performers, owners, producers or authors of reproduction rights in the
Republic.

(3) If the licensee is unable, by reason of currency regulations, to
transmit the compensation to the user, performer, owner, producer or author
of the right of reproduction, he or she shall report the fact to the Tribunal
who shall make all efforts, by the use of international machinery, to ensure
such transmittal in internationally convertible currency or its equivalent.

(4) As a condition of maintaining the validity of the licence, the
reproduction of that particular edition must be accurate and all published
copies must include the following:

(a) The title and name of the user, performer, owner, producer or author of
the work;

(b) a notice in the language of the publication stating that the copy is
available for distribution only in the Republic; and

(c) if the edition which is reproduced bears a copyright notice, a reprint of
that notice.

(5) The licence shall terminate if:

(a) copies of an edition of the work in printed or analogous form of
reproduction are distributed in the Republic, by or with the
authorisation of the user, performer, owner, producer or author of the
right of reproduction and in connection with systematic instructional
activities, at a price reasonably related to that normally charged in the
Republic; and

(b) such edition is in the same language and is substantially the same in
content as the edition which was published under the licence.

(6) Any copies of an edition of the work already made before the licence
terminates may continue to be distributed until stocks are exhausted.

 

Licence for audiovisual fixations

5. Under the conditions provided in this Part, a licence may also be
granted:

(a) to reproduce in audio-visual form a lawfully made audio-visual
fixation, including any protected work incorporated in it if that fixation
was prepared and published for the sole purpose of being used in
connection with systematic instructional activities; and

(b) to translate any text incorporated in that fixation into a language
generally used in the Republic.’’.

 

Short title and commencement

35. This Act is called the Copyright Amendment Act, 2017, and comes into operation on a date fixed by the President by proclamation in the Gazette.

 

MEMORANDUM ON THE OBJECTS OF THE COPYRIGHT AMENDMENT BILL

 

1. BACKGROUND

1.1 The Copyright Amendment Bill (‘‘the Bill’’) seeks to align copyright with the
digital era and developments at a multilateral level. The existing Copyright
Act, 1978 (Act nº 98 of 1978) (‘‘the Act’’), is outdated and has not been
effective in a number of areas. The creative industry is impacted upon;
educators are hampered in carrying out their duties; researchers are restricted
to further developing research; and people with disabilities are severely
disadvantaged by having limited access to copyright works. For this reason, a
need exists for Intellectual Property (‘‘IP’’) legislation to be consonant with
the ever evolving digital space; to allow reasonable access to education; to
ensure that access to information and resources are available for persons with
disabilities; and to ensure that artists do not die as paupers due to ineffective
protection. The latter is supported by the experience of the power imbalance,
vulnerabilities and abuse taking place in the music industry which Government
was called to address.

1.2 The Bill is consistent with the Draft National Policy as commented on and the recommendations of the Copyright Review Commission (‘‘the CRC’’)
chaired by retired judge Ian Farlam, and is linked to the National
Development Plan (‘‘NDP’’), in that it seeks to ensure consistency and
coherence in aligning the approach of various Government Departments to IP
matters. The proposed provisions in the Bill are strategically aligned with the
treaties that South Africa reviewed, amongst others, the World Intellectual
Property Organisation (‘‘WIPO’’) digital treaties namely the WIPO Copyright
Treaty (‘‘WCT’’); the WIPO Performance and Phonograms Treaty
(‘‘WPPT’’); the Beijing Treaty for the Protection of Audio Visual Performances;
and the Marrakesh Treaty to Facilitate Access to Published Works for
Persons Who Are Blind, Visually Impaired, or Otherwise Print Disabled. The
alignment is for purposes of ensuring effective governance, social protection,
employment creation and reduction of inequalities.

1.3 The amendment of the Act means that South Africa will be able to accede to international treaties and conventions which require domestic legislation to be consistent with international imperatives.

 

2. OVERVIEW OF BILL

2.1 The purpose of the proposed amendments to the Act is to protect the economic interests of authors and creators of work against infringement by promoting the progress of science and useful creative activities. It is also envisaged that the proposed legislation will reward and incentivise authors of knowledge and art. Various sectors within the South African Copyright regime are dissatis-fied. Ranking highest are local performers and composers, who have not benefitted due to the lack of access to the Copyright system. (CRC report 2011). Thus, the Bill aims to make copyright consistent with the digital era, developments at a multilateral level, international standards and introduce
improved exceptions and limitations into Copyright law. The Bill also aims to
enhance access to and use of copyright works, to promote access to
information for the advancement of education and research and payment of
royalties to alleviate the plight of the creative industry.

2.2 The objectives of the Bill are:

● to develop a legal framework on Copyright and related rights that will
promote accessibility to producers, users and consumers in a balanced
manner; this includes flexibilities and advancements in the digital space that
should empower all strata of the citizens of South Africa;

● to address the licensing of Copyright works or material in relation to
commissioned work to facilitate commercial exploitation by any person so
licensed.

2.3 The Bill introduces provisions which deal with matters pertaining to
Collective Management. Collecting Societies will only be allowed to collect
for their registered members, and all Collecting Societies have to be registered with the Companies and Intellectual Property Commission (‘‘CIPC’’). Collecting Societies will only be allowed to collect for one set of Copyright Rights (Performance, Mechanical and Needle time).

2.4 The Bill deals with the protection of works and rights of authors in the digital environment.

2.5 The Bill provides for the availability of accessible formats of a work to
accommodate persons with disabilities. This provision extends beyond
matters pertaining to the blind but to other disabilities such as learning
disabilities, dyslexia etc.

2.6 The Bill introduces an Artist Resale Royalty. This resale right means that an artist could be entitled to a royalty even when their work is resold.

2.7 Scope is left for the reproduction of copyright material for certain uses or
purposes without obtaining permission and without paying a fee and without
paying a royalty. Limited circumstances have been provided for in this regard.
Furthermore, this provision stipulates the factors that need to be considered in
determining whether the use of a copyright amounts to fair use.

2.8 The Bill proposes a new structure for the tribunal that will settle disputes in
the area of all domains of IP. The current Tribunal process takes long to settle
disputes and was found to be ineffective by the CRC in providing speedy
redress to rights holders. There is clear justification to follow the route taken
in respect of the Companies, Trade Marks and Competition Tribunals which
are good examples in this regard. This will be a Tribunal to deal with all IP
matters.

 

3. ANALYSIS OF BILL

3.1 Clause 1 of the Bill proposes the insertion into the Act of a range of new
definitions necessitated by certain amendments embodied in the Bill.

3.2 Clause 2 proposes the insertion of section 2A in the Act, circumscribing the extent of copyright protection.

3.3 Clause 3 of the Bill proposes an amendment to section 5 of the Act by
providing for State ownership of copyright funded by the State.

3.4 Clause 4 of the Bill proposes an amendment to section 6 of the Act by
providing for communication to the public of a musical work, by wire or
wireless means, including internet access and making available to the public
a work in such a way that members of the public may access such work from
a place and at a time individually chosen by them, whether interactively or
non-interactively.

3.5 Clause 5 of the Bill proposes an amendment to section 7 by providing for
communication to the public of an artistic work by wire or wireless means,
including internet access.

3.6 Clause 6 of the Bill proposes an amendment to section 8 of the Act by
providing for communication to the public of a cinematograph film or
audiovisual fixation by wire or wireless means, including internet access.

3.7 Clause 7 of the Bill proposes an amendment to section 9 of the Act providing for communication to the public of a sound recording by wire or wireless means, including internet access. Furthermore, by providing for a person who intends to broadcast, cause transmission of or make any work available to the public, to give the author, collecting society or indigenous community a notice in the prescribed manner of his or her intention to perform such acts, indicating where practicable, the date of the proposed performance, proposed terms and conditions for the payment of royalties and requires the copyright author, collecting society or indigenous community to sign the proposal attached thereto.

3.8 Clause 8 of the Bill proposes the substitution of section 9A of the Act. It
embodies a variety of additions and amendments pertaining to the payment of
royalties in respect of intellectual property rights.

3.9 Clause 9 of the Bill proposes the insertion into the Act of sections 9B to 9F,
providing for the resale, duration, assignment or waiver of royalty rights. It
also provides for authors to enjoy the inalienable resale royalty right on the
commercial resale of his or her work of art, subsequent to the first transfer by
the author of such work of art.

3.10 Clause 10 of the Bill proposes an amendment to section 12, providing for fair dealings and uses of copyright work.

3.11 Clause 11 of the Bill proposes the insertion of section 12A in the Act,
providing for the general exceptions from copyright protection and section
12B providing for the first sale or transfer of ownership of copyright to
exhaust the rights of distribution and importation locally and internationally in
respect of the transfer of the original or copy.

3.12 Clause 12 of the Bill proposes the insertion of sections 13A and 13B in the Act providing for the permission to make transient or incidental copies of a work, including reformatting, an integral and essential part of a technical process.

3.13 Clause 13 of the Bill proposes an amendment to section 16 of the Act,
providing for the deletion of subsection (1).

3.14 Clauses 14 and 15 proposes the repeal of sections 17 and 18 of the Act,
respectively.

3.15 Clause 16 of the Bill proposes the repeal of section 19A of the Act.

3.16 Clause 17 of the Bill proposes an amendment to section 19B of the Act by providing that the person having a right to use a copy of a computer program shall be entitled, without the authorisation of the rights holder, to observe, study or test the functioning of the program in order to determine the ideas and principles which underlie any element of the program, if he or she does so while performing any of the acts of loading, displaying, running, transmitting or storing the program which he or she is entitled to do.

3.17 Clause 18 of the Bill proposes the insertion of sections 19C and 19D into the Act by providing general exceptions regarding protection of copyright work
for archives, libraries, museums and galleries, also exceptions regarding
protection of copyright work for persons with disability.

3.18 Clause 19 of the Bill proposes an amendment to section 20 of the Act, thereby providing for an author to have the right to claim authorship of the work, and to object to any distortion, mutilation or other modification of the work where such action is or would be prejudicial to the honour or reputation of the author.

3.19 Clause 20 of the Bill proposes an amendment to section 21 of the Act by
providing for the ownership of any copyright subsisting in the work between the person commissioning the work and the author who executes the
commission.

3.20 Clause 21 of the Bill proposes an amendment to section 22 of the Act by
providing that copyright owned by, vesting in or under the custody of the State
may not be assigned.

3.21 Clause 22 of the Bill proposes the insertion into the Act of a new section 22A, making provision for assignment and licences in respect of orphan works.

3.22 Clause 23 of the Bill proposes the insertion of a new Chapter 1A into the Act and provides for the registration and regulation of Collecting Societies.

3.23 Clause 24 of the Bill proposes an amendment to section 23 of the Act by
providing for an offence if a person tampers with information managing
copyright, omits to pay the author of the copyright work a royalty fee as and
when the copyright work is used and omits to pay the author of artistic work
royalty fees as and when the artistic work is sold as prescribed by the Act.

3.24 Clause 25 of the Bill proposes an amendment to section 27 of the Act by
inserting a new subsection which provides for an offence if a person
unlawfully circumvents technological protection measures applied by the
author.

3.25 Clause 26 of the Bill proposes amendments to section 28 of the Act, which provides for the copying of a work to constitute an infringement of copyright, if such copying would have constituted infringement in the country in which the work was made.

3.26 Clause 27 of the Bill proposes the insertion of sections 28O, 28P, 28Q, 28R, 28S in the Bill providing for prohibited conduct in respect of technological
protection measures; exceptions in respect of technological protection
measures; and prohibited conduct in respect of copyright management
information and exceptions.

3.27 Clause 28 of the Bill proposes an amendment to the heading in Chapter 3 of the Act [Copyright Tribunal] by replacing it with the heading ‘‘Regulatory and Enforcement Agencies’’.

3.28 Clauses 29 and 30 of the Bill propose the insertion of sections 29A to 29S into the Act, which provide for, amongst others, the establishment of the
Intellectual Property Tribunal; its functions; appointment of its members;
qualifications for such appointment; term of office; removal and suspensions;
and procedural matters on the conduct of hearings of the Tribunal.

3.29 Clause 31 of the Bill proposes the repeal of sections 30, 31, 32, 33 and 36 of the Act.

3.30 Clause 32 of the Bill proposes an amendment to section 39 of the Act by
providing for ministerial powers to prescribe regulations relating amongst
others to the procedure for the conduct of Tribunal hearings and relating to
Collecting Societies.

3.31 Clause 33 of the Bill proposes a new section 39B, and provides that a term in a contract that purports to prevent or restrict any act which by virtue of the Act would not infringe copyright or which purport to renounce a right or
protection afforded by the Act will be unenforceable.

3.32 Clause 34 of the Bill proposes the insertion into the Act of a new Schedule 2, providing for ‘‘Translation Licences’’ and ‘‘Reproduction Licences’’.

3.33 Clause 35 of the Bill provides for the short title and commencement.

 

4. DEPARTMENTS/BODIES/PERSONS CONSULTED

The Department of Trade and Industry consulted various stakeholders in different sectors within the South African Copyright regime such as Departments and their agencies, local performers, composers, academics, non-government organisations, copyright consultants and the general public, through meetings and a conference.
The consultation took place pre- and post-Cabinet approval.

 

5. FINANCIAL IMPLICATIONS FOR STATE

Any financial requirement will accommodated within the existing budget.

 

7. PARLIAMENTARY PROCEDURE

Tagging

7.1 The Constitution of the Republic of South Africa, 1996 (‘‘the Constitution’’)
distinguishes between four categories of Bills: Bills amending the Constitution
(section 74); ordinary Bills not affecting provinces (section 75); ordinary
Bills affecting provinces (section 76); and money Bills (section 77). A Bill
must be correctly tagged otherwise it would be constitutionally invalid.

7.2. The Bill must be considered against the provisions of the Constitution relating to the tagging of Bills, and against the functional areas listed in Schedule 4 and Schedule 5 to the Constitution.

7.3 The crux of tagging has been explained by the courts, especially the
Constitutional Court in the case of Tongoane and Others v Minister of
Agriculture and Land Affairs and Others1. The Constitutional Court in its
judgment stated as follows:

‘‘[58] What matters for the purpose of tagging is not the substance or
the true purpose and effect of the Bill, rather, what matters is whether
the provisions of the Bill ‘in substantial measure fall within a
functional area listed in schedule 4’. This statement refers to the test to
be adopted when tagging Bills. This test for classification or tagging is
different from that used by this court to characterise a Bill in order to
determine legislative competence. This ‘involves the determination of
the subject matter or the substance of the legislation, its essence, or
true purpose and effect, that is, what the [legislation] is about.’’
(footnote omitted).

[60] The test for tagging must be informed by its purpose. Tagging is
not concerned with determining the sphere of government that has the
competence to legislate on a matter. Nor is the process concerned with
preventing interference in the legislative competence of another
sphere of government. The process is concerned with the question of
how the Bill should be considered by the provinces and in the NCOP,
and how a Bill must be considered by the provincial legislatures
depends on whether it affects the provinces. The more it affects the
interests, concerns and capacities of the provinces, the more say the
provinces should have on its content.’’

7.4 In light of what the Constitutional Court stated in the abovementioned case, the test essentially entails that ‘‘any Bill whose provisions in substantial
measure’’ fall within a specific Schedule must be classified in terms of that
Schedule

7.5 The Act regulates copyright. In terms of section 2 of the Act, and subject to the provisions of the Act, the following works, if they are original, are eligible for copyright, namely literary works, musical works, artistic works, cinematograph films, sound recordings, broadcasts, program-carrying signals,
published editions and computer programs.

7.6 The Bill, amongst others things, seeks to provide for certain exceptions in
respect of infringement of copyright for educational purposes, e.g. the new
section 13B [clause 12 of the Bill] which regulates the making of copies of
works, recordings of works and broadcasts in radio and television for the
purposes of educational and academic activities if the copying does not
exceed the extent justified by the purpose. ‘‘Education at all levels, excluding
tertiary education’’is a functional area listed in Schedule 4 to the Constitution.
The Bill also proposes general exceptions regarding protection of copyright
work for archives, libraries, museums and galleries. ‘‘Archives other than
national archives’’, ‘‘Libraries other that national libraries’’ and ‘‘Museums
other than national museums’’ are functional areas listed in Schedule 5 to the
Constitution. The question is whether or not the abovementioned provisions
of the Bill in substantial measure fall within a functional are listed in Schedule
4 or 5. The purpose of the Bill is to regulate copyright and not to regulate any
matter falling under the functional areas in question. The Constitutional
Court, in paragraph 71, stated the following with regard to the test for tagging:

‘‘[71] . . . the ‘substantial measure’ test permits a consideration of
the provisions of the Bill and their impact on matters that substantially
affect the provinces. This test ensures that legislation that affects the
provinces will be enacted in accordance with a procedure that allows
the provinces to fully and effectively play their role in the law-making
process. This test must therefore be endorsed.’’ (emphasis added).
The subject matter of the Bill is the regulation of copyright in the Republic
and does not impact on matters that substantially affect the provinces.

7.7 Since none of the provisions of the Bill in substantial measure fall within a
functional area listed in Schedule 4 or 5, the Bill must be dealt with in
accordance with the procedure set out in section 75 of the Constitution.

 

Referral of Bill to House of Traditional Leaders

7.8 According to section 18(1) of the Traditional Leadership and Governance
Framework Act, 2003 (Act nº 41 of 2003), ‘‘(a)ny parliamentary Bill
pertaining to customary law or customs of traditional communities must,
before it is passed by the house of Parliament where it was introduced, be
referred by the Secretary to Parliament to the National House of Traditional
Leaders for its comments.’’.

7.9 Indigenous works will in terms of the Act be eligible for the payment of
royalties. An ‘‘indigenous work’’ means a literary, artistic or musical work
with an indigenous or traditional origin, including indigenous cultural
expressions or knowledge which was created by persons who are or were
members, currently or historically, of an indigenous community and which
literary, artistic or musical work is regarded as part of the heritage of such
indigenous community. The Bill provides for the registration of collecting
societies to administer rights on behalf of copyright owners or authors. Since
the Bill pertains to ‘‘customs of traditional communities’’ it would be
necessary to refer the Bill to the House of Traditional Leaders.

 

08Sep/17

Telecommunications (Amendment) Act, 2012

A BILL

ENTITLED

AN ACT to Amend the Telecommunications Act.

24th, day of May, 2012

BE IT ENACTED by The Queen’s Most Excellent Majesty, by and with the advice and consent of the Senate and the House of Representatives of Jamaica, and by the authority of the same, as follows:­

 

 

1.- This Act may be cited as the Telecommunications (Amendment) Act, 2012 and shall be read and construed as one with the Telecommunications Act (hereinafter referred to as the Principal Act”) and all amendments thereto.

 

 

2.- Subsection (1) of section 2 of the principal Act is amended:

 

(a) by inserting next after the definition of”assign” the following definitions­

“Authority” means the Spectrum Management Authority established under section 21;

“authorized officer” means­:

a) for the purposes ofsection 4(1), a member of the Jamaica Constabulary Force or the Island Special Constabulary Force, member of staff of the office or any other authorized by the Office to assist it in the performance of its functions under this Act;

b) for the purposes of section 23A(9), a member of the Jamaica Constabulary Force or the Island Special Constabulary Force, and any member ofstaff of the office or any other person authorized by the Authority to assist it in the performance of its functions under this Act;

“Board” means the Board of Management of the Universal Service Fund established under section 38C;”;

 

(b) by deleting the definition of”customer” and substituting therefor the following definition:

“court” means the Supreme Court ofJudicature ofJamaica;

“customer” means a person who is provided with a facility or specified service by a service provider or carrier and includes the end user ofthat service or facility;”;

 

(c) in the definition of”interconnection”, by deleting the word”voice”;

 

(d) by deleting the definitions of”licence” and”licensee” and substituting therefor next after the definition of”internet access” the following definition:

“licence”, means a licence other than a spectrum licence granted under this Act and”licensee” shall be construed accordingly;”;

 

(e) by deleting the definitions of”subscriber television service” and”specified service” and substituting therefor the following:

“specified service” means a telecommunications service or such other service as may be prescribed;

“spectrum licence” means a licence granted under Part IV and ”spectrum licensee” shall be construed accordingly;

“subscriber television service” has the same meaning as in the· Broadcasting and Radio Rediffusion Act; and

 

(f) by inserting next after the definition of ”uncontrollable forces” the following definition:

“Universal Service Fund” or ”Fund” means the fund established under section 38A;”.

 

 

3.- Section 4 of the principal Act is amended:

 

(a) in subsection (1), by:

(i) renumbering paragraphs (c) to (i) as paragraphs (d) to U) respectively and inserting the following as paragraph (c):­

“(c) make such recommendations to the Minister as the Office considers necessary or desirable as to whether a licence should be suspended for such period as the Office considers appropriate or should be revoked;”;

(ii) deleting paragraph (e) as renumbered and substituting therefor the following:­

“(e) carry out, on its own initiative or at the request of any person, investigations in relation to a licensee’s conduct as will enable it to determine whether, and to what extent, the licensee is acting in contravention of this Act and in exercise of this function the Office may:­

(i) summon and examine witnesses

(ii) sununon the production by a licensee of equipment, records, documents or other information so maintained or stored, in whatever manner, as it considers necessary;

(iii) require that any equipment, record, document or other information so produced, be verified by affidavit;

(iv) enter and search, in the company ofan authorized officer, the premises or other property of a licensee, and inspect, or seal or remove, such equipment, records, documents or other information referred to in subparagraph (ii); and

(v) conduct or make any other necessary enquiries;”;

 

(b) by deleting subsection (4) and substituting therefor the following:­

“(4) The Office may, in the exercise ofits functions, in writing:­

(a) direct any licensee to maintain such records, documents or other information for such period as the Office may specify; and

(b) require a licensee to furnish, to the Office, such records, documents or other information in relation to that licensee’s operations, .within such reasonable time and for such reason, as the Office may specify.”; and

(c) in subsection (5), by deleting the words”subject to affirmative resolution”

 

 

4.- Section 7 of the principal Act is amended:

 

(a) in subsection (1), by inserting after the word” Licences” the words”or spectrum licences, as the case may be,” and inserting after the word”licensees” the words”or spectrum licensees, as the case may be,”;

 

(b) in subsection (2), by inserting next after the words” the Office” the words” or Authority. as the case may be”;

 

(c) in subsection (3):­

 

(i) in paragraph (a)­:

(A) by deleting sub-paragraph (iii) and substituting therefor the following as­

“(iii) to the Minister, an agent ofor consultant providing professional services to the Office or Authority, as the case may be, or the F airTrading Commission,”;

(B) in paragraph (iv), by inserting immediately after the word ”Office” the words”or the Authority, as the case may be,” and by inserting immediately after the semicolon appearing at the end of the paragraph the word”or”;

(C) by inserting next after sub-paragraph (iv) the following as sub-paragraph (v):­

“(v) to any person carrying out regulatory or other functions under this Act;”;

 

(ii) in paragraph (b), by inserting immediately after:­

(A) the word ”Office” wherever it appears, the words”or the Authority, as the case may be”; and;

(B) the word ”licensee” wherever it appears, the words”or spectrum licensee, as the case may be:’;

the word”Office” wherever it appears, the words” or the Authority, as the case may be”;

 

(iii) in paragraph (c), by deleting the full stop appearing at the end of the paragraph and substituting therefor the symbol and word”; or”; and

 

(iv) by inserting next after paragraph (c) the following as paragraph (d);­

“(d) disclosure is required under any other enactment.”; and

 

(d) by deleting subsection (6) and substituting therefor the following:­

“(6) Subject to section 7A, in this section”confidential information” means any information classified by the Office or the Authority, as the case may be, as confidential, in accordance with the following procedure:­

 

(a) any licensee or spectrum licensee or applicant for a licence or spectrum licence who submits information to the Office or the Authority, as the case may be ( hereinafter called”the submitting party”) may, in so doing, claim that the information is confidential for any of the following reasons, namely that:­

(i) the information is a trade secret;

(ii) the information is subject to a claim of legal professional privilege;

(iii) the disclosure of the information would or could reasonably be expected to:­

(A) result in significant financial loss or gain to any person;

(B) prejudice significantly the competitive position of any person; or

(C) affect contractual or other liabilities ofany person; or

(iv) the information relates to the private affairs of an individual and publication of that information would or might seriously and prejudicially affect the interests of that individual;

 

(b) where the submitting party makes a claim that any document or part thereof is confidential for the purposes of this section, and one of the reasons indicates that specific direct hann would be caused to the submitting party or will seriously and prejudicially affect the interests ofan individual, details shall be provided as to the nature and extent ofsuch hann or prejudice;

 

(c) where the Office or the Authority is of the opinion that, based on all the material before it,

(i) specific direct hann or prejudice would be likely to result and outweighs any public interest in disclosing the information, the Office or the Authority, as the case may be, shall classify the information as confidential;

(ii) no specific direct hann or prejudice would be likely to result from disclosure, or where any such specific direct hann or prejudice is shown but is not sufficient to outweigh the public interest in disclosing the information, the Office or the Authority, as the case may be, shall not classifY the information as confidential.

 

 

5.– The principal Act is amended by inserting next after section 7 the following as section 7 A:

7 A. For the purposes of section 7, the following information is not required to be regarded and dealt with as secret and confidential namely:­

(a) information that will facilitate customers in their choice of facilities or specified services and development of the telecommunications industry; and

(b) information relating to:­

(i) quality ofservice measurements;

(ii) prices charged to customers or other Licences;

(iii) network coverage of licensees;

(iv) the market share of licensees;

(v) the volume of services of licensees however measured;

(vi) the subscriber base of licensees; and

(vii) the capticity and usage of international submarine cables.”.

 

 

6.– Section 14 of the principal Act is amended:

 

(a) by deleting subsection (4) and substituting therefor the following­

“(4) Where a licensee fails to comply with any requirement of a notice under subsection (1), the Office may recommend to the Minister that the licence­:

(a) be suspended for such period as the Office considers appropriate; or

(b) be revoked.”; and

 

(b) in subsection (6) by deleting from:­

(i) paragraph (b) the word”would” and substituting therefor the word”may”

(ii) paragraphs (c) and (d) the word”wilfully” wherever it appears;

(iii) paragraph (e) the word”violated” and substituting therefor the word”contravened”;

(iv) paragraph (h) the word”obligation”; and

 

(c) in subsection (7) , by deleting the numeral”(1)” and substituting therefor the numeral”(6)”.

 

 

7.– Subsection (2) ofsection 20 of the principal Act is amended section 20 of by deleting paragraphs (c) and (d) and substituting therefor the principal Act. following­:

“(c) issue spectrum licences, authorizing the use ofspecified portions of the spectrum, on condition that the spectrum is to be used and operated­:

(i) in an efficient manner; and

(ii) in accordance with international best practices;

(d) institute procedures for ensuring the compliance by spectrum licensees with any obligation regarding the use and operation of the spectrum, imposed by or under the spectrum licence, any provisions of this Act or any regulations made hereunder.”.

 

 

8.– Subsection (1) of section 21 of the principal Act is amended by:

 

(a) inserting immediately after the word”establish” the words” a body to be known as the”;

 

(b) deleting the words” (hereinafter referred to as”the Authority”)”,

 

 

9.- Subsection (1) of section 23 of the principal Act is amended by deleting the words”licence (hereinafter referred to as a”spectrum licence”)” and substituting therefor the words”spectrum licence”,

 

 

10.– The principal Act is amended by inserting next after section 23 the following as section 23A:

23A.:

 

(1) Where the Authority has reason to believe that a spectrum licensee has contravened any term or condition of the spectrum licence or has failed to pay any amount required under section 23(7) or 26, the Authority shall give to that spectrum licensee notice in Writing:­

(a) specifying the particulars of the contravention; and

(b) requiring the spectrum licensee to justify its actions to the Authority, or otherwise, take such remedial action within such time as may be specified in the notice.

 

(2) Where the Authority gives any notice under subsection (1), the Authority shall send a copy thereof to the Minister, for his information.

 

(3) Where a spectrum licensee fails to justify its actions to the satisfaction of the Authority or fails or refuses to take any remedial action specified in the notice issued under subsection (I), the Authority shall notify the Minister, in writing, of the fact ofsuch failure or refusal.

 

(4) Where a spectrum licensee fails to comply with any requirements ofa notice under subsection (1), the Authority may recommend to the Minister that the spectrum licence­:

(a) be suspended for such period as the Authority considers appropriate; or

(b) be revoked.

 

(5) Before suspending orrevoking a spectrum licence, the Minister shall direct the Authority to notify the spectrum licensee accordingly and shall afford the spectrum licensee an opportunity to show cause why the spectrum licence should not be suspended or revoked.

 

(6) Subject to subsection (8), the Authority may recommend to the Minister that a spectrum licence be suspended or revoked, as the case may be, if, on its own initiative or on representations made by any other person, the Authority is satisfied that the spectrum licensee has:­

(a) knowingly made any false statement in an application for a spectrum licence or in any statement made to the Authority;

(b) knowingly failed to provide information or evidence that may have resulted in a refusal to grant a spectrum licence;

(c) failed to comply with the terms and conditions of the spectrum licence;

(d) contravened any provision of this Act or any rules or regulations made under this Act;

(e) contravened or failed to comply with a cease and desist order under this Act;

(f) provided services not authorized by its spectrum licence;

(g) failed to pay in a timely manner any fee determined or imposed pursuant to section 23(7) or 26;

(h) failed to utilize the spectrum efficiently at all.

 

(7) Where a licensee holds both a licence (in this section called a”telecommunications licence”) and a spectrum licence, the Minister may, upon the recommendation of the Authority, revoke the spectrum licence in any case where it has been proposed that the telecommunications licence be assigned or where the control of the licensee’s operations are being transferred (whether directly or indirectly).

 

(8) Before taking action under subsection (6), the Authority shall carry out such investigations as may be necessary and afford the spectrum licensee concerned an opportunity to be heard.

 

(9) For the purposes of this section, the Authority may:­

(a) summon and examine witnesses;

(b) summon the production by the spectrum licensee concerned ofequipment, records, documents or other information maintained or stored by the spectrum licensee in whatever manner;

(c) require that any equipment, record, document or information submitted be verified by affidavit;

(d) enter and search, in the company of an authorized officer, the premises or other property of a spectrum licensee and inspect, or seal or remove such equipment, records, documents or other information for the purpose of carrying out its investigations.

 

(l0) If a person fails or refuses without reasonable cause, to furnish any equipment, record, document or other information to the Authority when required to do so or obstructs the Authority in the exercise ofits functions under this section, the Authority may apply to the Court for an order to compel the person to comply with the requirements of the Authority.”

 

 

11.- Section 27 of the principal Act is amended:

 

(a) by deleting the definition of”dominant public voice carrier” and substituting therefor the following:­

“dominant public telecommunications carrier” means a public telecommunications carrier that holds a dominant position in the telecommunications market in Jamaica within the meaning ofsection 19 of the Fair Competition Act;”;

 

(b) in the definition of”interconnection provider”, by deleting the words”voice carrier” wherever they appear and substituting therefor, in each case, the words”telecommunications carrier”;

 

(c) in the definition of ”interconnection seeker”, by deleting the words”voice carrier” wherever they appear and substituting therefor, in each case, the words ”telecommunications carrier”;

 

(d) in the definition of ”point ofinterconnection”, by deleting the word”voice”;

 

(e) by deleting the definition of”public voice carrier”, and substituting therefor the following:­

“public telecommunications carrier” means a carrier who owns and operates a public network used to provide telecommunications service to the public;

 

(f) by deleting the definition of ”reference interconnection offer” and substituting therefor the following­

“reference interconnection offer” means an offer document setting out matters relating to the charges and terms and conditions under which a public telecommunications carrier will permit interconnection to its public network.”.

 

 

12.– Section 28 of the principal Act is amended by deleting from:

 

(a) subsection (1), the words ”voice carriers” and substituting therefor the words”telecommunications carriers”; and

 

(b) subsection (3), the words ”voice carrier” and substituting therefor the words ”telecommunications carrier”.

 

 

13.- Section 29 of the principal Act is amended­:

 

(a) in subsection (1), by deleting:

(i) the words ”public voice network” wherever they appear and substituting therefor. in each case, the words ”public network”; and

(ii) the words ”voice services” and substituting therefor the words”telecommunications services”;

 

(b) in subsection (2), by deleting:­

(i) the words”voice carrier” and substituting therefor the words”telecommunications carrier”; and

(ii) from paragraph (a), the words ”public voice network” wherever they appear and substituting therefor, in each case, the words ”public network”;

 

(c) by deleting subsections (4), (5) and (6) and substituting therefor the following:­

 

“(4) The Office may:­

(a) on its own initiative, in assessing an interconnection agreement, make a determination of the tenns and conditions, including charges; or

(b) resolve post–contract disputes; and in resolving such disputes brought by a licensee before the Office for resolution:­

(i) make such detennination as it thinks fit; and

(ii) the provisions ofsubsections (2) and (3) of section 34 apply, with such modifications as are appropriate, as they apply to pre-contract disputes.

 

(5) When making a detennination of an operator’s interconnection charges, the Office shall have regard to:­

(a) the principles of cost orientation or reciprocity;

(b) local or international benchmarks; or

(c) any other approach that is relevant to the detennination ofinterconnection charges.

 

(6) Any detennination of the Office made pursuant to subsection (4) shall be binding on the operator.

 

(7) For the purposes ofsubsections (4) and (5)­:

“reciprocity” means basing a carrier’s interconnection charges on the interconnection charges ofanother carrier; and

“post-contract dispute” means a dispute between the parties to an interconnection agreement arising out ofthat agreement.”.

 

 

 

  1. -The principal Act is amended by inserting next after section 29 the following as section 29A:

29A:

 

(1) Subject to subsection (3) the Office may:­

(a) impose an infrastructure sharing obligation on a licensee, where the Office considers it to be justified having regard to any of the following considerations:

(i) matters relating to public health or to the environment or town planning or other development considerations;

(ii) economic inefficiencies; or

(iii) physical or technical impracticability; and

(b) determine the terms and conditions ofany infrastructure sharing obligation imposed pursuant to paragraph (a); and

(c) hear and determine complaints made by licensees and disputes in respect of charges and other terms and conditions of the infrastructure sharing arrangement.

 

(2) All infrastructure sharing arrangements made by the Office shall include the making of rales, after consultation with the Minister, for the apportionment of the costs of sharing infrastructure; and the rules shall be made in accordance with the principles set out in section 33.

 

(3) In determming whether to impose an infrastructure sharing obligation on a licensee, or in determining the terms and conditions of an infrastructure sharing obligation imposed under subsection (1), the Office shall consult with licensees, the relevant environmental and planning authorities and the Authority.

 

(4) In this section:­

“infrastructure sharing” means the provision to licensees of access to tangibles used in connection with a public network or intangibles facilitating the utilization ofa public network;

“intangibles” includes agreements, arrangements, leases, licences, franchises, rightsof-way, easements and, other similar interests;

“tangibles” includes:­

(a) lines, cables and wires;

(b) equipment and apparatus;

(c) towers, risers and masts;

(d) conduits, tunnels and ducts;

(e) manholes and other holes and pits;

(f) poles and antennae;

(g) hats and landing stations; and

(h) land, building and other real property.”

 

 

15.- Section 30 of the principal Act is amended by deleting from:

 

(a) subsection (1):

(i) the words ”voice carrier” and substituting therefor the words”telecommunications carrier”; and

(ii) the words ”public voice network” and substituting therefor the words ”public network”; and

 

(b) subsection (2), the words ”voice carrier” and substituting therefor the words”telecommunications carrier”,

 

 

16.– Section 32 of the principal Act is amended:­

 

(a) in subsection (I), by deleting:­

(i) the words”public voice network” and substituting therefor the words”public network”; and

(ii) the words “’voice services” and substituting therefor the words ”telecommunications services”;

 

(b) in subsection (2), by deleting­:

(i) the words “voice carrier” and substitutlrig therefor the words”telecommunications carrier”; and

(ii) the words “voice services” and substituting therefor the words”telecommunications services”;

 

(c) in subsection (3), by deleting the word ”prescribed” and  substituting therefor the words ”specified by the Office and shall remain in force for a period not exceeding five years or such shorter period as the Office considers necessary having regard to technology and market developments”; and

 

(d) in subsection (4), by deleting the words”in the prescribed manner” and substituting therefor the words”and all existing interconnection agreements executed by the filing carrier shall be amended in accordance with the approved reference interconnection offer and until actually amended are deemed to be so amended”,

 

 

17.– Section 33 of the principal Act is amendecd:­

 

(a) in subsection (l):­

(i) by deleting the words”prices at which interconnection is to be provided” and . substituting therefor the words”charges for the provision ofinterconnection”;

(ii) by deleting from paragraph (e) the words”prices for interconnection” and substituting therefor the words”with the exception of interconnection charges for wholesale termination services, interconnection charges”;

(iii) by deleting the full stop appearing at the end of paragraph (f) and substituting therefor a semicolon; and

(iv) by inserting next after paragraph (f) the following as paragraph (g):­

“(g) in the case of charges for wholesale termination services, charges shall be calculated on the basis of forward looking long run incremental cost, whereby the relevant increment is the wholesale termination service and which includes only avoidable costs.”;

 

(b) by deleting subsection (2) and substituting therefor the following:­

“(2) Where the Office has been unable to obtain cost information that it is reasonably satisfied is relevant and reliable it may take into account local and international benchmarks, reciprocity and any other approach that in the opinion of the Office is relevant.”;

 

(c) by deleting subsection (3) and substituting therefor the following:­

“(3) In this section:­

(a)”access deficit” means the amount by which a carrier’s revenue from connection and line rental charges falls short of the cost ofproviding access lines due to regulatory constraints on those charges;

(b) ”avoidable costs” means the difference between:­

(i) the identified total long run costs of a carrier providing its full range of telecommunications services; and

(ii) the identified total long nut costs of the carrier providing its full range oftelecommunications services, except for the wholesale call termination service supplied to any third party (which costs exclude nontraffic-related costs).”

 

 

18.- Section 34 of the principal Act is amended:

 

(a) by deleting subsection (2) and substituting therefor the following:­

“(2) The Office may, after consultation with the Minister, make rules applicable to the arbitration ofpre-contract disputes.”; and

 

(b) in subsection (4), by deleting the words”voice carrier” and substituting therefor the words ”telecommunications carrier”.

 

 

19.– Section 35 of the principal Act is amended by deleting:

 

(a) from subsection (1)­ (i) the words ”subject to subsection (3), make rules subject to affinnative resolution” and substituting therefor the words”, after consultation with the Minister, make rules”; and (ii) the words ”voice carriers” and substituting therefor the words”telecommunications carriers”; and

 

(b) subsection (3).

 

 

20.- Section 36 of the principal Act is amended:­

 

(a) in subsection (1), by deleting:­

(i) the words”subject to affinnative resolution”; and

(ii) the words ”voice carrier” and substituting therefor the words ”tdecommunications carrier”; and

 

(b) by deleting subsection (2) and substituting therefor the following­:

(2) In this section:­

“calling platform” means an automated gateway which authenticates the caller for access, such as by way ofan access code, credit card number, prearranged billing based on the calling number.”.

“indirect access”:­

(a) means the method whereby customers of a particular carrier are able to access specified services provided by another carrier through the· telecommunications network and the telecommunications services of the first mentioned carrier With whom the customer is directly connected; but

(b) does not include two stage dialling, this being the method by which the customer of one licensee is able to dial a ITU-TEI64 number to reach a calling platfonn which facilitates the customer’s access to the specified services ofother licensees;

 

 

21.- Section 37 of the principal Act is amended by deleting by deleting subsection (1) and substituting therefor the following as subsection (1):

“(1) The Minister may after consulation with the office make rules imposing on any public telecommunications carrier the responsability to offer number portability.”

 

 

22.- ­The principal Act is amended by inserting next after section 37 the following as section 37A:

37A:

(1) Subject to subsection (2), the Office may set Interim interconnection charges and an interim Price cap for retail rates for telecommunications services.

(2) Interim interconnection charges and Interim Price caps for retail rates set pursuant to subsection (1) shall:

a) be applicable for a defined period, (being a period not exceeding twelve months);

b) be established, pending the completion of the process to determine interconnection charges or to make Price cap rules, as the case may be, in accordance with section 4(2), 33 and or 46.

(3) When setting an interim interconnection charge ora n interim Price cap for retail rates, the Office shall have regard to reciprocity, local or international benchmarks or such other relevant data or information as may be available to the Office, from time to time.

(4) In the event that the Office is unable to determine interconneclion charges or make price cap rules for retail rates before the expiration of the defined period; the Minister may extend the application of the interim interconnection charges or interim price caps for retail rates for a further period, being a period not exceeding six months.

(5) If, after the further period, the interconnection charges or price cap rules for retail rates are still not determined by the Office, the midpoint between the interconnection charges or price cap rules for retail rates that were applicable before and after the setting of the interim interconnection charges or interim price cap rules for retail rates shall apply until such determination is made by the Office, but shall not have retroactive effect.

(6) The power of the Office to set interim interconnection charges or price cap rules for retail rates under this section shall not be subject to the provisions of section 4(2),33,46,60 or 62.”.

 

 

23.- Section 38 of the principal Act is amended;

 

(a) by renumbering the section as subsection (1) of the section;

 

(b) in subsection (1), as renumbered, by­:

(i) deleting from paragraph (a) the word ”voice”;

(ii) renumbering paragraph (d) as paragraph (e); and

(iii) inserting next after paragraph (c), the following as paragraph (d):

“(d) there shall be a universal service levy that shall be imposed, by the Minister, on licensees, in support of universal service;”; and

 

(c) by inserting next after subsection (1), as renumbered, the following as subsection (2)­:

“(2) The Minister may, after consultation with the Office, make regulations, subject to affirmative resolution, in relation to the computation of the univerSal service levy.”.

 

 

 24.-

 

(1) The provisions of subsection (2) shall come into Insertion of operation on such date as the Minister may by order published the Gazette specify.

 

(2) The principal Act is amended by inserting next after section 38 the following as sections 38A, 38B, 38C, 38D, 38E, 38F, and 38G­“

 

38A:

(1) There is hereby established for the purposes of this Act, a body to be known as the Universal Service Fund which shall be a body corporate to which section 28 of the Interpretation Act shall apply

(2) The provisions of the Third Schedule Schedule shall have effect as to the constitution of the Fund and otherwise in relation thereto.

 

38B The objectives of the Fund shall be to support the implementation of the obligation to provide universal service, as approved by the Minister, in accordance with the principles set out in section 39(2) and the use specified in section 42A.

 

38C.-

(1) There shall be established for the purposes of this Act, a Board of Management of the Fund which shall, subject to the provisions of this Act, be responsible for­:

(a) the general management of the resources of the Fund within the guidelines established by the Minister;

(b) the policy and general administration of the affairs of the Fund;

(c) recommending to the Minister such projects and programmes to be financed from the Fund, the purposes of which fall within section 39(2) and 42(A);

(d) investing the moneys of the Fund;

(e) monitoring the implementation of projects financed by the Fund;

(f) doing or causing to be done such other things as are necessary or expedient for or in connection with the proper performance of the functions of the Fund.

(2) The provisions of the Third Schedule shall have effect as to the constitution of the Board of Management and otherwise in relation thereto.

 

38D:

(1) The funds and resources of the Fund shall consist of:

(a) the universal service levy imposed on licensees pursuant to this Act;

(b) all amounts which accrue from interest, realized gains on investments, loan repayments and other accretions to the Fund; and

(c) any other sum lawfully paid into, or credited to, the Fund.

(2) All moneys of the Fund not immediately required tobe expended in meeting any of its obligations or discharging any of, its functions may with due regard to the level ofinflows, be invested in such lnterest bearing securities in Jamaican currency local and foreign currency as may be approved either generally or specifically by the Minister responsible for finance, who shall (as regards any proposed investment in foreign securities or foreign currency instrwnents) act after consultation with the Bank of Jamaica.

(3) The expenses of the Fund shall be managed so as to maximize operational efficiency, and shall be paid out of the Fund.

 

38E:

(1) The Fund shall keep proper accounts and other records in relation to its business and shall prepare annually a statement ofaccounts in a fonn satisfactory to the Minister and confonning to established accounting principles.

(2) The accounts of the Fund shall be audited annually by an auditor appointed by the Board of Management of the Fund.

(3) The Auditor-General shall be entitled at all times to examine the accounts of the Fund.

 

38F:

(1) The Fund shall, within four months after the end ofeach financial year, cause to be made and shall transmit to the Minister a report dealing generally with the activities of the Fund during the preceding financial year.

(2) The Minister shall cause a copy of the report, together with the annual statement ofaccounts and the auditor’s report thereon to be laid in the House of Representatives and the Senate.

 

38G. The Fund shall furnish the Minister with such returns, accounts and other information as he may require with respect to the Fund, and shall afford to the Minister the facilities for verifying such information in such manner and at such times as he may reasonably require.”.

 

 

25.– Section 39 of the principal Act is amended:

 

(a) in subsection (1), by deleting the word ”and” appearing at the end ofparagraph (a} and substituting therefor the word ”or”;

 

(b) in subsection (2), by deleting paragraph (d) and substituting therefor the following­:

“(d) to the extent technically feasible, and insofar as the necessary resources are available, to:

(i) promote Internet access in educational institutions, public libraries and post offices throughout Jamaica;

(ii) pursue strategies to increase access to high capacity networks and the dissemination of information and communications technology services in un-served and under-served areas ofJamaica;

(iii) support information and communications technology programmes that specifically target vulnerable groups, including low-income households, the elderly, the youth and disabled persons;

(iv) provide access points and multifunction telecentres;

(v) fund connectivity services and support the provision of infrastructure to educational institutions, public libraries and post offices throughout Jamaica to facilitate the use of information and communications technology;

(vi) provide Internet access devices and applications for the training of students in the use of the Internet and other information and communications technology services to support Government’s plan of creating an information and knowledge-based society;”.

 

(c) by inserting next after subsection (6) the following as subsection (7):

­“(7) in this Part”eligible revenues” means revenues which form the basis of calculation of contributions by licensees, determined in the prescribed manner”.

 

 

26.- Section 42 of the principal Act is amended, by deleting:

 

(a) from subsection (2) (b), the words ”universal service obligation levy” and substituting therefor the words ”universal service levy”; and

 

(b) subsection (3).

 

 

27.- The principal Act is amended by inserting next after section 42 the following as section 42A:

 

42A.:

 

(1) The universal service levy shall utilized to fund the obligation to provide universal service as determined pursuant to section 39(2) and the following, namely­:

(a) the provision of loans or grants for information and communications· technology projects operated by local non-profit organizations and loans, grants or equity investment for information and communications technology projects operated by local micro, small and medium-sized-businesses (excluding domestic network operators) for the purpose of stimulating the expansion of information and communications technology access;

(b) the facilitation of lifelong learning and a knowledge-based society by providing universal access to information;

(c) the development oflocal content; and

(d) the promotion of information, and the enhanced development of local content; and

(e) the promotion of information and communications technology literacy through literacy programmes and the Government’s delivery of e-services.

 

(2) In this Part ”domestic network operator” means a domestic carrier that owns or operates a public netWork.

 

 

28.- Section 43 of the principal Act is amended by deleting the definition of”consumer” and substituting therefor the following­:

“consumer” means a person to whom facilities or specified services are provided or are intended to be provided in the course of a business carried on by a carrier or service provider;”.

 

 

29.– Section 44 of the principal Act is amended;

 

(a) in subsection (1), by deleting­:

(i) the words ”retail services” and SUbstituting therefor the words”facilities or specified services”;

(ii) the words ”those services” wherever they . appear and substituting therefor, in each case, the words ”those facilities or specified services”;

 

(b) in subsection (2), by deleting the word ”services” and substituting therefor the words”facilities or specified services”; and

 

(c) by deleting subsections (3) and (4) and substituting therefor the following as subsections (3), (4) and (5):

­“(3) The Office may:

(a) make rules prescribing quality standards for the provision offacilities or specified services in relation to all licensees, and relating to the administration and resolution ofcustomer complaints; and

(b) direct the licensees to conduct all required associated measurements and to report to the Office thereon in such manner and at such intervals. as the Office may determine.

(4) Rules made under subsection (3) regarding customer complaints shall be applicable to, and shall be observed by, all licensees.

(5) The Office may­:

(a) examine customer contracts in respect offacilities or specified services; and

(b) direct the modification ofany term ofsuch a contract which appears to the Office to be unreasonable or unfair.”.

 

 

30.– Section 45 of the principal Act is repealed and the following substituted therefor:

“45. A licensee may:

(a) refuse to provide facilities or specified services to consumers; or

(b) discontinue or interrupt the provision of such facilities or specified services to a customer pursuant to agreement with that customer, only on grounds which are reasonable and non-discriminatory and where any such action is taken, the licensee shall state the reasons therefor.”

 

 

31.– Section 46 of the principal Act is amended in subsection (2) by inserting immediately after the word” rules ” the words” after consultation with the Minister”.

 

 

32.– Section 48 of the principal Act is amended, in the marginal note thereto and in subsection (1), by deleting the words ”voice services” wherever they appear and substituting therefor, in each case, the words ”telecommunications services”.

 

 

33.– Section 57 of the principal Act is amended by deleting the words ”subject to affirmative resolution”.

 

 

34.– Section 60 of the principal Act is amended­ :

(a) by deleting from the inarginalnote the words ”or Office” and substituting therefor the words, ”Office or Authority”;

(b) in subsections (4), (5), (6) and (8) by inserting next after the word ”Office” wherever it, appears, the words ”or Authority, as the case may be,” in each case.

 

 

35.- Section 62 of the principal Act is amended­:

(a) in subsections (1) and (2) by inserting next after the word  ”Office” wherever it appears, the words”or Authority, as the case may be.” in each case;

(b) by deleting subsection (3) and substituting therefor the following­:

“(3) Except where the Office or the Authority. as the case may be, considers the circumstances of any appeal to be exceptional so as to justify its staying the decision to which the appeal relates. it is hereby declared that, until the determination of the appeal, the decision of the Office or the Authority, as the case may be, to which an appeal relates shall not be affected by the appeal proceedings.”; and

(c) in subsection (4), as renumbered, by inserting next after the word ”Office” the words”or Authority, as the case maybe”.

 

 

36.– Section 63 of the principal Act is amended:

 

(a) in the marginal note by inserting immediately after the word ”Power” the words” of the Office.”;

 

(b) by deleting subsections (1) and (2) and substituting therefor the following as subsections (1), (2), (3), (4) and (5)

 

­“(1) A person commits an offence if he­:

(a) provides false or misleading information to the Office;

(b) fails to furnish any equipment, record, document or other information requested by the Office; or

(c) destroys or alters or causes to be destroyed or altered, any equipment, record, document or other information required to be so furnished.

 

(2) A person commits an offence if he engages in any of the following conduct:

(a) operates or knowingly facilitates any bypass operation in contravention of this Act or regulations made under this Act;

(b) owns or operates an unlicensed facility;

(c) provides any specified services to the public without a licence issued under this Act;

(d) undertakes or embarks upon any course of action which could reasonably be expected to result in the disruption or interruption of the telecommunications industry; or

(e) breaches any order of the Office issued pursuant to subsection (3).

 

(3) The Office may, ort its own initiative or on the application ofany person, where it is satisfied that there are reasonable grounds for believing that any conduct specified in paragraphs:

(a) to (c) ofsubsection (2) or paragraph (a) of section 65 is being carried out by any person­ (a) issue to the person concerned­:

(i) a cease and desist order in accordance with section 64;

(ii) an order requiring a licensee to pay compensation to any person affected by any action of the licensee in contravention of this Act or any regulations made under this Act or any licence, determination, memorandum, order or directive of the Office;

(iii) an order requiring the licensee to take such steps as are necessary to remedy the effects of any harm caused by the conductof the licensee incontravention of this Act, any regulations made under this Act or any licence, determination, memorandum, order ordirective of the Office;

(iv) an order to tenninate, modify or nullify agreements activities or decisions of the licensee which are found to be in contravention of this Act or, any regulation made under this Act or any licence, detennination, memorandum, order or directive of the Office;

(b) apply to the court for an injunction against a licensee, whose actions, in the opinion of the Office, could cause severe disruption to the operations of another licensee or could cause irreparable damage.

(4) In a case where a court issues an interim injunction in response to an application under subsection (3)(2)(b), the court shall not require a financial undertaking by the Office.

(5) A person who commits an offence under subsection (1) or (2) shall be liable­:

(a) on summary conviction in a Resident Magistrate’s Court, to a fine not exceeding two million dollars or to imprisonment for a tenn not exceeding [six months], or to both such fine and imprisonment; or

(b) on conviction on indictment in a Circuit Court, to a fine not exceeding two years, or to both such fine and imprisonment.”;

(c) in subsection

(6), as renumbered, by deleting the words”subsection (1)” and substituting therefor the words”subsection (3)”;

( d) in subsection (7) as renumbered by deleting the numerals”(3)(a)” and substituting therefor the numerals”(6)(a)”;

(e) in subsection 8, as renumbered by deleting the numerals”(4)(b)” and substituting therefor the numerals”(7)(b)”.

 

 

37.– The principal Act is amended by inserting next after section new sections 63 the following as sections 63A and 63B:

 

63A.-

 

(l) A person commits an offence if he engages in any of the following conduct:

(a) provides false or misleading information to the Authority or to, the Minister whether in support of an application under or any other matter in relation to this ad;

(b) engagesinthe use of the spectnnn without first obtaining a spectrum licence;

(c) fails to furnish any equipment, record, document or other information requested by the Authority pursuant to this Act;

(d) destroys or alters or causes to be destroyed or altered, any equipment, record, document or other information required to be so furnished;

(e) being a spectrum licensee, utilizes frequencies other than those for which authorization was granted by the Authority or the Minister;

(f) fails to comply with a request or directive issued by the Authority or’ Minister in the manner and within the tiIneframe stipulated;

(g) being a spectrum licensee, fails to pay spectrwn licence fees and regulatory fees prior to the commencement of the relevant licensing period and in accordance with the terms and conditions of the spectrum licence;

(h) breaches orders, directives, determinations or memoranda issued by the Authority;

(i) behaves in a manner which contravenes the provisions of:

(i) this Act or any regulations made under the Act;

(ii) any spectrum licence; or

(iii) orders, directives, determinations or memoranda of the Authority;

(j) breaches any order of the Authority issued pursuant to subsection (2).

(k) obstructs, hinders or prevents any authorized officer from entering premises for the purposes of carrying out an investigation under this Act;

(l) wilfully uses any apparatus for the purpose ofcausing harmful interference.

 

(2) The Authority may, on its own initiative or on . the application ofany person, where it is satisfied that there are reasonable grounds for believing that any conduct specified in paragraphs [(a) to (I)] of subsection (l) is being carried out by any person:

 

(a) issue to the person concerned:­

(i) a cease and desist order in accordance with section 64;

(ii) an order requiring the spectrum licensee to take such steps as are necessary to remedy the effects of any harm caused by the conduct of the spectrum licensee in contravention of this Act, or regulation made under thisAct, or any licence, determination, memorandum, order or directive of the Authority;

(iii) an order to terminate, modify or nullify agreements activities or decisions of the spectrum licensee which are found to be in contravention of this Act or regulation made under this Act or any spectrum licence, determination, memorandum, order or directive of the Authority;

 

(b) apply to the court for an interim injunction against· a spectrum licensee, whose actions, inthe opinion of the Authority, could cause severe disruption to the operations of another spectrum licensee or could cause irreparable damage.

 

(3) Ina case where a court issues an interim injunction in response to an application under subsection (2)(b), the court shall not require a financial undertaking by the Authority.

 

(4) An order under subsection (2) shall­:

(a) state the facts constituting the alleged conduct and where appropriate, the name of the person against whom the allegation is made; and

(b) be accompanied by documents, ifany, insupport of the allegation.

 

(5) Before issuing a cease and desist order, the Authority shall cause to be served on the person concerned, a notice:

(a) containing a statement of the facts referred to in subsection (4)(a); and

(b) specifying the period within which and a place at which a hearing will be held to afford to the person concerned an opportunity to show cause why the order should not be made.

 

(6) Where at a hearing referred to in subsection (5) (b):

(a) the person concerned fails to show cause why the cease and desist order should not be made, the order shall be issued; or

(b) the Authority detennines that the alleged conduct has not occurred, a cease and desist order shall not be issued.

 

(7) A person who commits an offence under subsection (1) shall be liable on summary conviction in a Resident Magistrate’s Court, to a fine not exceeding three million dollars or to imprisonment for a tenn not exceeding one year, orto both such fme and imprisonment.

 

63B.:

(1) This section applies to an offence Offences against this Act and regulations made under this Act being a prescribed offence.

(2) Where the Office orAuthority, as the case may be, believes that a person has committed an offence in relation to its area ofregulation and to which this section applies, the Office or Authority may give that person the prescribed notice in writing offering the opportunity of the discharge ofliability to conviction for that offence by payment to the Office or Authority, as the case may be, in the manner specified in the notice, of the prescribed pecuniary penalty applicable.

(3) A person shall not be liable to be convicted ofany offence referred to in subsection (2) ifthe pecuniary penalty is paid in accordance with this section and any requirement in respect of which the offence was committed is complied with before the expiration of the period specjfied in the notice referred to in subsection (2) and shall be a date not less than twenty-one days following the issue of the notice.

(4) Where any person pays the pecuniary penalty in accordance with subsection (3) and complies with any other requirement specified in the notice, the Office or Authority, as the case may be, shall accept that amount as complete satisfaction ofany liability to conviction.

(5) Payment of a pecuniary penalty under this section shall be made to the Office or Authority, as the case may be, which shall cause it to be paid into the Consolidated Fund.

(6) In any proceedings for an offence to which this section applies, a certificate that payment of the pecuniary penalty was or was not made to the Office or Authority, as the case may be, by a date specified in the certificate shall, if the certificate purports to be signed by the Office or, as the case may be, the Authority, be sufficient evidence of the facts stated, unless the contrary is proved.

(7) Anotice under subsection (2) shall­:

(a) specify the offence alleged;

(b) give such particulars of the offence as are necessary forgiving reasonable information of the allesation; and

(c) state the period during which, by virtue of subsection (3), proceedings will not be taken for the offence, the amount of the pecuniary penalty, and the address at which the pecuniary penalty may be paid.

(8) In any proceedings for an offence to which sub-section (2) applies, no reference shall be made after the con-viction of the accused to the giving of any notice under this section or to the payment or non-payment ofa penalty there-under unless, in the course of the proceedings or in some document which is before the court in connection with the proceedings, reference has been made by or on behalf of the accused to the giving ofsuch a notice or, as the case may be, to such a payment or non-payment.

(9) The Minister may make regulations providing for any matter incidental to the operation of this section, and in particular:

(a) prescribing the offences to which this section applies;

(b) prescribing the form fo notice under subsection (2), and the place at which a pecuniary penalty is payable; and

(c) prescribing the duties of the Office and Authority and the information, with regard to any payment made pursuant to a notice under this section, to be supplied to the Office or Authority, as the case may require”

 

 

38.- Section 65 of the principal Act is repealed and the following substituted therefor:

  1. The Court may exercise any of the powers specified in section 66, ift he Court is satisfied:

 

(a) on an application by the Office, that a licensee has engaged in any of the following conduct­:

(i) breaches any order, directive, determination or memorandum of the office;

(ii) behaves in a manner which is inconsistent with or contravenes provisions of­:

  • this Act or any regulations made under this Act or the Office of Utilities Regulation Act or any regulations made thereunder;
  • any licence; or
  • any order, directive, determination or memorandum of the Office;

(iii) breaches any quality of service standards established or approved by the Office; or

(iv) undertakes or embarks upon any course of action which could reasonably be expected to result in the disruption or interruption of the telecommunication industry.

 

(b) on an application by the Authority that a spectrum licensee:

(i) has engaged in any of the conduct specified in section 63A(I);

(ii) has contravened any provision of this Act or any regulations made under this Act.”.

 

 

39.- Subsection (1) of section 66 of the principal Act is amended:

(a) by deleting paragraph (a) and inserting therefor the following as paragraph (a):

­“(a) order the offending licensee to pay to the Crown pecuniary penalty not exceeding two hundred million dollars or the offending spectrum licensee to pay to the Crown pecuniruy penalty not exceeding three million dollars”; and

(b) in paragraph (b) by:­

(i) inserting immediately after the word ”licensee” the words ”or spectrum licensee”; and

(ii) deleting the words ”subsection (1) (a) or (b) of”.

 

 

40.– Section 71 of the principal Act is amended:

(a) in subsection (1), by deleting the words ”The Office” and substituting therefor the words ”Unless otherwise specified in this Act, the Office”; and

(b) in subsection (2), by deleting the words ”five hundred thousand” and substituting therefor the words ”two million”.

 

 

41.- The principal Act is amended by inserting next after section 71 the following as section 71A­

 

71A. Notwithstanding the powers of the Office under this Act, the Office may forbear from enforcing any provision of this Act or any regulations made under this Act if the Office determines that­:

(a) enforcement of the provision or regulations is not necessary to ensure that the achievement of the objects of the Act;

(b) enforcement of the provision or regulations is not necessary for the protection of consumers;

(c) forbearance from applying the provision or regulations will not impede the administration of this Act; or

(d) forbearance from enforcing the provision orregulations is consistent with the public interest.” .

 

 

42.-Subsection (2) of section 72 of the principal Act is amended by deleting the words ”five hundred thousand” and substituting therefor the words ”three million”

 

 

  1. The principal Act is amended by inserting next after section 72 the following as section 72A­:

 

72A.-The Minister may, by order subject to Minister to affirmative resolución, amend the monetary penalties imposed by this Act.

 

 

44.- The principal Act is amended by inserting next after the Second Schedule the following as the Third Schedule:

 

THIRD SCHEDULE (Section 38A and 38C)

 

The Universal Service Fund

 

1

(1) The seal of the Fund shall be kept in the custody of the chairman or of any officer of the Fund authorized by the Board in that behalf, and shall be affixed to instruments pursuant to a motion of the Board in the presence of the chairman or any other member duly authorized to act in that behalf and the secretary.

(2) The seal of the Fund shal1 be authenticated by the signature of the secretary or any other member of the Board duly authorized to act in that behalf.

 

2

(l) Subject to sub-paragraph (2), the Fund shall appoint and employ at such remuneration and on such terms and conditions as it thinks fit a chief executive officer and such other officers and employees as it thinks necessary for the proper carrying out of the provisions of this Act.

(2) The Fund shall act in accordance with such guidelines in relation to emoluments payable to the staff of public bodies, as are issued from time to time by the Minister responsible for the public service.

 

  1. All documents, other than those required by law to be under seal, documents made by, and all decisions of the Fund may be signified under the hand of the chairman or any member of the Board authorized to act in that behalf or an officer of the Fund so authorized.

 

The Board of Management of the Fund

 

  1. The Board shall consist ofsuch number of members being not less than nine nor more than thirteen as the Minister may from time to time appoint including­

(a) the following persons who shall be ex-officio members:

(i) the Financial Secretary or his nominee;

(ii) the Director General of the Planning Institute ofJamaica or his nominee;

(iii) the Chief Executive Officer of the Fund.

(b) such other persons who appear to the Minister to have ability andexperience in matters relating to the activities of the Fund (hereinafterreferred to as ”selected members”).

 

5.-

(1) The Minister shall appoint:

(a) one of the members to be chairman of the Board; and

(b) a deputy chairman from among the other members.

(2) In the case of the absence or inability to act of the chainnan, the deputy chainnan shall exercise the functions of the chairman.

(3) In the case of the absence or inability to act at any meeting of both the chairman and the deputy chairman, the remaining members shall elect one of their number to act as chairman ofthat meeting.

 

  1. Subject to the provisions of this Schedule, a selected member of the Board shall hold office for a period not exceeding three years and each such member shall be eligible for re-appointment.

 

  1. The Minister may appoint any person to act in the place of any member of the Board in the case of the absence or inability to act of suchmember.

 

  1. A selected member of the Board may at any time resign his office by instrument in writing addressed to the Minister and transmitted through the chainnan; and from the date ofreceipt by the Minister ofsuch instrument, such member shall cease to be a member of the Board.

 

  1. The Minister may at any time revoke the appointment of a selected member if he considers it expedient so to do.

 

  1. The names of all members of the Board as first constituted and every change in membership thereof shall be published in the Gazette.

 

11.-

(1) The Minister may, on the application of any selected member of the Board, grant leave of absence to such member.

(2) The appointment of a selected member shall be regarded as terminated if, without the grant of leave of absence, that member is absent from three consecutive meetings of the Board.

 

12.-

(1) The Board shall meet at such times as may be necessary orexpedient for the transaction of business (but at least six meetings shall beheld within each financial year) and such meetings shaH be held at suchplaces and times and on such days as the Board shall determine.

(2) The chairman may at any time call a special meeting of the Boardto be held within [seven] days of a written request for the purpose addressed tohim by any two members of the Board.

(3) The chairman or, in the case of the absence or inability to act of the chairman, the deputy chairman or the person elected to act as chairman inaccordance with paragraph 5(3) shall preside at the meetings of the Board, and when so presiding the chairman, deputy chairman or the person elected to act as chairman, as the case may be, shall have an original and a casting vote.

(4) The quorum of the Board shall be the number rounded up that approximates to one-half the number of the membership.

(5) The decisions of the Board shall be by a majority ofvotes and, in addition to an original vote, the chairman or other member presiding at the meeting shall have a casting vote in any case in which the voting is equal.

(6) Minutes in proper form of each meeting of the Board shall be kept.

(7) Subject to the provisions of this Schedule the Board may regulate its own proceedings.

 

  1. A member of the Board who is directly or indirectly interested in any matter which is being dealt with by the Board shall of interest (a) disclose the natUre of his interest at a meeting of the Board; and (b) not take part in any deliberation or decision of the Board with respect to that matter.

 

14.-

(1) The Board may appoint such committees as it thinks fit, consisting wholly or partly of members of the Board and may delegate to such committees such of the Board’s functions as it thinks fit.

(2) A delegation under subparagraph (1) shall not prevent the exercise by the Board of any function so delegated.

 

  1. There shall be paid to the chairman and each member of the Board such remuneration, if any (whether by way ofhonorarium, salary or fees) and such allowances as the Minister may determine.

 

  1. No act done or proceeding taken under this Act by the Board shall be questioned on the ground of­:

(a) the existence ofany vacancy in the chairmanship of, or any defectin the constitution of, the Board; or

(b) any omission, defect or irregularity not affecting the merits of the case.

 

17.-

(1) No member of the Board shall be personally liable for any act or default of the Board done or omitted to be done in good faith in the course of the operation of the Board.

(2) Where any member of the Board is exempt from liability by reason only of the provisions of this paragraph, the Fund shall be liable to the extent that it would be ifthat member were an employee or agent of the Fund.

 

  1. The office ofa selected member of the Board shall not be a public office for the purposes of Chapter V of the Constitution of Jamaica.”.

 

 

45.-

(1) Any instrument which was issued, served or granted under any provision of the principal Act which is repealed, amended or which ceases to have effect by virtue of this Act shall, without prejudice to any power to amend such instrument, and subject to such modification as may be necessary to bring it in confonnity with the principal Act as amended by this Act, continue in force until superseded, evoked or otherwise terminated, and shall be deemed to have been issued, served or granted under the principal Act as amended by this Act.

(2) In this section”instrument” means any licence, notice, determination, order, declaration or other authority or any instrument or other requirement, as the circumstances may require that was issued, served or granted pursuant to the principal Act and was in operation prior to the coming into operation of this Act.

 

 

MEMORANDUM OF OBJECTS AND REASONS

 

An Information and Communications Teclmology (ICn Policy for Jamaica was tabled in Parliament in April, 2011. The Policy recognizes the inadequacy of current legislation to meetthe needs of a liberalized and converged ICT environment and, as such, inakes recommendations for the promulgation ofan leT Act to address these concerns.

In the interim, a decision has been taken to amend the Telecommunications Act to address inter alia some of the major concerns highlighted in the ICT Policy. Other provisions have been included for the purpoSes of facilitating the optirrialfunctioning of the Telecommunications Industry. Therefore, this Bill seeks to amend the Telecommunications Act to address:

(a) the sharing of telecommunications facilities and infrastructure, where feasible;

(b) allowing the Office of Utilities Regulation (O.U.R.) to take into account, when detennining rates, all relevant factors, including cost orientation and local and international bench marks;

(c) the granting to the O.U.R. of an express power to set interim rates for wholesale and retail services where there is a marked diversity in rates; and without the application ofsuch rates having retroactive effect;

(d) procedures regarding the use and operation of the spectrum, so as to ensure its efficient use and operation;

(e) provision for the O.U.R. and the Spectrum Management Authority (S.M.A) to be given direct enforcement powers, thereby enabling them to:

(i) impose remedies, including, inter alia, orders for compensation to persons adversely affected by any action by licensees, which contravene the Act, or any rules, regulations or directives of the O.U.R. and S.M.A, orders to terminate, modify or nullify agreements, activities or decisions of licensees, found to be in contravention of the Act, rules, regulations or directives of the O.U.R. and S.M.A;

(ii) petition the court for an interim injunction against any licensee whose actions, in the opinion of the O.U.R. or the S.M.A, may cause irreparable damage; and, in this regard, prevent the O.U.R and the S.M.A from having to first provide a financial undertaking;

(iii) impose fIXed pecuniary penalties giving offenders the opportunity to discharge liability and avoid court proceedings upon payment of the fixed penalties.

 

 

Additionally, the Bill seeks to expand the principles of universal service (beyond physical access) to encompass resource access and basic access. Further, the Bill also seeks to make the quantum of the universal service levy subject to affirmative resolution of the Houses of Parliament.

PHILLIP PAULWELL Minister of Science, Technology, Energy and Mining

06Sep/17

Ley sobre Comercio Electrónico de 24 de enero de 2015

Decreto nº 149-2014. Ley sobre Comercio Electrónico de 24 de enero de 2015. (La Gaceta nº 33.715 de 27 de abril de 2015)

EL CONGRESO NACIONAL,

CONSIDERANDO:

Que la fuerte irrupción de las tecnologías de la información y de la comunicación dentro del mundo industrial y empresarial y aún dentro del sector gubernamental, ha propiciado la aparición de nuevos modelos de contratos y por supuesto, de nuevas formas de contratación y de tramitación.

CONSIDERANDO: Que la contratación por medios electrónicos, es una incuestionable realidad y que la sustitución del papel por su equivalente funcional, el “mensaje de datos”, es cada día más frecuente.

 

LEY SOBRE COMERCIO ELECTRÓNICO

 

TÍTULO I.- GENERALIDADES

 

CAPÍTULO I.- DISPOSICIONES GENERALES

 

ARTÍCULO 1.- ÁMBITO DE APLICACIÓN.

La presente Ley regula todo tipo de información en forma de mensaje de datos, utilizada en el contexto de actividades comerciales, con excepción de las obligaciones asumidas por el Estado en virtud de convenios o tratados internacionales y sin perjuicio de lo dispuesto en otras normas que tengan como finalidad la protección de la salud y seguridad pública, incluida la salvaguarda de la defensa nacional, los intereses del consumidor, el régimen tributario y complementa la normativa reguladora de defensa de la competencia.

 

ARTÍCULO 2.- INTERPRETACIÓN.

En la interpretación de la presente Ley debe tenerse en cuenta su origen internacional, la necesidad de promover la uniformidad de su aplicación y la observancia de la buena fe. Las cuestiones relativas a materias que se rijan por la presente Ley y que no estén expresamente resueltas, deben ser dirimidas de conformidad con los principios generales en que se inspira.

 

ARTÍCULO 3.- MODIFICACIÓN MEDIANTE ACUERDO.

Salvo que se disponga otra cosa, en las relaciones entre las partes que generen, envíen, reciban, archiven o procesen de alguna otra forma mensajes de datos, las disposiciones del Capítulo IV “DE LA COMUNICACIÓN DE LOS MENSAJES DE DATOS DE ESTE TÍTULO”, pueden ser modificadas mediante acuerdo de las partes.

 

CAPÍTULO II- DEL COMERCIO ELECTRÓNICO EN GENERAL

 

ARTÍCULO 4.- DEFINICIONES.

Para los fines de la presente Ley se entiende por:

1) Mensaje de Datos: La información generada, enviada, recibida, archivada o comunicada por medios electrónicos, ópticos o similares, como pueden ser, entre otros, el Intercambio Electrónico de Datos (EDI), el correo electrónico y cualquier otra que consista en transmisión de señales a través de redes de comunicaciones electrónicas.

2) Actividad Comercial: Abarca las cuestiones suscitadas por toda relación de índole comercial, sea o no contractual, estructurada a partir de la utilización de uno o más mensajes de datos o de cualquier otro medio similar. Las relaciones de índole comercial comprenden, sin limitarse a ellas: Toda operación comercial de suministro o intercambio de bienes o servicios; todo acuerdo de distribución; toda operación de representación o mandato comercial; de adquisición de créditos con anticipos o facturas de arrendamiento de bienes de equipo con opción de compra, de construcción de obra; de consultoría, de ingeniería, de concesión de licencias de inversión de financiación; de banca, de empresa conjunta y otras formas de cooperación industrial o comercial, de transporte de mercancías o de pasajeros por vía aérea, terrestre o marítima.

3) Intercambio Electrónico de Datos (EDI). La transmisión electrónica de información de una computadora a otra, estando estructurada la información conforme a alguna norma técnica convenida al efecto.

4) Iniciador de un Mensaje de Datos: Toda persona que, al tenor del mensaje, haya actuado por su cuenta o en cuyo nombre se haya actuado para enviar o generar ese mensaje antes de ser archivado, si éste es el caso, pero que no haya actuado a título de intermediario con respecto a él.

5) Destinatario de un Mensaje de Datos: La persona designada por el iniciador para recibir el mensaje, pero que no está actuando a título de intermediario con respecto a él.

6) Intermediario en Relación con un Determinado Mensaje de Datos: Toda persona que, actuando por cuenta de otra, envíe, reciba o archive dicho mensaje o preste algún otro servicio con respecto a él; y,

7) Sistema de Información: Todo sistema utilizado para generar, enviar, recibir, archivar o procesar de alguna otra forma Mensajes de Datos.

 

CAPÍTULO III.- APLICACIÓN DE LOS REQUISITOS JURÍDICOS A LOS MENSAJES DE DATOS

 

ARTÍCULO 5.- RECONOCIMIENTO JURÍDICO DE LOS MENSAJES DE DATOS.

Se reconocen efectos jurídicos, validez o fuerza probatoria a la información que se envíe en forma de Mensaje de Datos, así como a la información que figure en el mensaje de datos en forma de remisión.

Los Mensajes de Datos, están sometidos a las disposiciones constitucionales y legales que garanticen el derecho a la privacidad de las comunicaciones y de acceso a la información personal.

 

ARTÍCULO 6.- MENSAJE ESCRITO.

Cuando la Ley requiera que la información conste por escrito, ese requisito se puede satisfacer con un Mensaje de Datos, si la información que éste contiene es accesible para su ulterior consulta.

Lo dispuesto en el párrafo anterior, es aplicable tanto si el requisito previsto en la Ley constituye una obligación como si simplemente, prevé consecuencias, en el caso de que la información no conste por escrito.

 

ARTÍCULO 7.- FIRMA.

Cuando la Ley requiera la firma de una persona, ese requisito se puede satisfacer en relación con un mensaje de datos:

1) Si se utiliza un método para identificar a esa persona y para indicar que esa persona aprueba la información que figura en el mensaje de datos; y,

2) Si ese método es fiable, como sea apropiado para los fines para los que se generó o comunicó el Mensaje de Datos, a la luz de todas las circunstancias del caso, incluido cualquier acuerdo pertinente.

Lo dispuesto en este Artículo es aplicable tanto si el requisito en el previsto, está expresado en forma de obligación, como si la Ley simplemente prevé consecuencias en el caso de que no exista una firma.

 

ARTÍCULO 8.- ORIGINAL.

Cuando la Ley requiera que la información sea presentada y conservada en su forma original, ese requisito se puede satisfacer con un Mensaje de Datos, sí:

1) Existe alguna garantía fidedigna de que se ha conservado la integridad de la información a partir del momento en que se generó por primera vez en su forma definitiva, como Mensaje de Datos o en alguna otra forma; y,

2) De requerirse que la información sea presentada, si dicha información puede ser mostrada a la persona a la que se deba presentar.

Lo dispuesto en el presente Artículo es aplicable, tanto si el requisito previsto en la Ley está expresado en forma de obligación, como si simplemente prevé consecuencias en el caso de que la información no sea presentada o conservada en su forma original.

 

ARTÍCULO 9.- INTEGRIDAD.

La integridad de la información debe ser evaluada conforme al criterio de que la misma haya permanecido completa e inalterada, salvo la adición de algún endoso o de algún cambio que sea inherente al proceso de su comunicación, archivo o presentación.

El grado de confiabilidad requerido, es determinado a la luz de los fines se generó la información y de todas las circunstancias del caso.

 

ARTÍCULO 10.- ADMISIBILIDAD Y FUERZA PROBATORIA.

Los mensajes de datos son admisibles como medios de prueba y tienen la misma fuerza probatoria que el ordenamiento jurídico atribuye a cualquier medio probatorio escrito.

En toda actuación administrativa o judicial la información presentada en forma de Mensaje de Datos goza de eficacia, validez, fuerza probatoria y no es admisible el invocar su improcedencia, por el solo hecho de no haber sido presentado en su forma original.

Al valorar la fuerza probatoria de un Mensaje de Datos, se debe de tener presente la confiabilidad de la forma en la que se haya generado, archivado o comunicado el mensaje, la confiabilidad de la forma en que se haya conservado la integridad de la información, la forma en la que se identifique a su iniciador y cualquier otro factor pertinente.

 

ARTÍCULO 11.- CONSERVACIÓN DE LOS MENSAJES DE DATOS.

Cuando la Ley, requiera que ciertos documentos, registros o informaciones sean conservados, ese requisito queda satisfecho, siempre y cuando se cumplan las condiciones siguientes:

1) Que la información que contengan sea accesible para su ulterior consulta;

2) Que el Mensaje de Datos, sea conservado en el formato en que se haya generado, enviado o recibido o en algún formato que sea demostrable que reproduce con exactitud la información generada, enviada o recibida; y,

3) Que se conserve, de haber alguno, todo dato o información que permita determinar el origen y el destino del mensaje y la fecha y la hora en que fue enviado o recibido.

La obligación de conservar ciertos documentos, registros o informaciones a que se refiere el presente Artículo, no es aplicable a aquellos datos que tengan por única finalidad facilitar el envío o recepción del mensaje.

Los libros y papeles del comerciante pueden ser conservados en cualquier medio técnico, siempre que garanticen su integridad y reproducción exacta y por el término exigido por la Ley; para tal efecto, se puede recurrir a los servicios de un tercero.

 

CAPÍTULO IV.- COMUNICACIÓN DE LOS MENSAJES DE DATOS

 

ARTÍCULO 12.- FORMACIÓN Y VALIDEZ DE LOS CONTRATOS.

En la formación de un contrato, salvo pacto en contrario, la oferta y su aceptación deben ser expresadas por medio de un Mensaje de Datos. Se reconoce la validez y fuerza probatoria de un contrato en cuya formación se haya utilizado uno o más mensajes de datos.

 

ARTÍCULO 13.- RECONOCIMIENTO DE LOS MENSAJES DE DATOS.

En las relaciones entre el iniciador y el destinatario de un mensaje de datos, se reconoce efectos jurídicos, validez o fuerza obligatoria a toda manifestación de voluntad u otra declaración expresada en forma de Mensaje de Datos.

 

ARTÍCULO 14.- ATRIBUCIÓN DE LOS MENSAJES DE DATOS.

Se debe entender que un Mensaje de Datos proviene del iniciador si ha sido enviado por:

1) El propio iniciador;

2) Por alguna persona facultada para actuar en nombre del iniciador respecto de ese mensaje; o,

3) Por un sistema de información programado por el iniciador o en su nombre para que opere automáticamente.

 

ARTÍCULO 15.- PRESUNCIÓN DEL ORIGEN.

En las relaciones entre el iniciador y el destinatario, el destinatario tiene derecho a considerar que un Mensaje de Datos proviene del iniciador y a actuar en consecuencia, cuando:

1) Haya aplicado adecuadamente un procedimiento aceptado previamente por el iniciador con ese fin; o,

2) El Mensaje de Datos que reciba el destinatario resulte de los actos de una persona cuya relación con el iniciador o con algún mandatario suyo, le haya dado acceso a algún método utilizado por el iniciador para identificar un mensaje de datos como propio.

Esta disposición no tiene aplicación cuando:

1) El destinatario haya sido informado por el iniciador, que el mensaje de datos no provenía de él y haya dispuesto un plazo razonable para actuar en consecuencia; y,

2) Desde el momento en que el destinatario sepa o debería saber, de haber actuado con la debida diligencia o de haber aplicado algún método convenido, que el Mensaje de Datos no provenía del iniciador.

 

ARTÍCULO 16.- CONCORDANCIA ENTRE MENSAJES.

Siempre que un Mensaje de Datos provenga del iniciador o que se entienda que proviene de él o siempre que el destinatario tenga derecho a actuar con arreglo a este supuesto, en las relaciones entre el iniciador y el destinatario tiene derecho a considerar que el Mensaje de Datos corresponde al que quería enviar el iniciador y puede actuar en consecuencia.

El destinatario no goza de este derecho si sabía o hubiere sabido, de haber actuado con la debida diligencia o de haber aplicado algún método convenido, que la transmisión había dado lugar a error en el mensaje de datos recibido.

 

ARTÍCULO 17.- MENSAJE DE DATOS DUPLICADO.

El destinatario tiene derecho a considerar, que cada Mensaje de Datos recibido es un Mensaje de Datos diferente y a actuar en consecuencia, salvo en la medida en que duplique otro Mensaje de Datos y que el destinatario sepa, o debería saberlo, de haber actuado con la debida diligencia o de haber aplicado algún método convenido, que era un duplicado.

 

ARTÍCULO 18.- ACUSE DE RECIBO.

Cuando al enviar o antes de enviar un Mensaje de Datos, el iniciador solicite o acuerde con el destinatario que acuse recibo del Mensaje de Datos, se puede acusar recibo mediante:

1) Toda comunicación del destinatario, automatizada o no; o,

2) Todo acto del destinatario que baste para indicar al iniciador que se ha recibido el mensaje de datos.

Cuando el iniciador haya indicado que los efectos del mensaje de datos están expresamente condicionados a la recepción de un acuse de recibo, se considera que el Mensaje de Datos no ha sido enviado, en tanto que no se haya recibido el acuse de recibo.

Cuando el iniciador no haya indicado, que los efectos del mensaje de datos están condicionados a la recepción de un acuse de recibo, si no ha recibido acuse en el plazo fijado o convenido o no se ha fijado o convenido ningún plazo, en un plazo razonable el iniciador puede:

1) Dar aviso al destinatario de que no ha recibido acuse de recibido y fijar un plazo razonable para su recepción; y,

2) De no recibirse acuse dentro del plazo fijado, puede, dando aviso de ello al destinatario, considerar que el mensaje de datos no ha sido enviado o ejercer cualquier otro derecho que pueda tener.

Cuando el iniciador reciba acuse de recibo del destinatario, se debe presumir que éste ha recibido el Mensaje de Datos correspondiente. Esa presunción no implica que el Mensaje de Datos corresponda al mensaje recibido.

 

ARTÍCULO 19.- TIEMPO DE ENVÍO Y RECEPCIÓN.

Salvo pacto en contrario entre el iniciador y el destinatario, el Mensaje de Datos se tiene por expedido cuando entre en un sistema de información, que no esté bajo el control del iniciador o de la persona que envió el Mensaje de Datos en nombre del iniciador.

Salvo pacto en contrario entre el iniciador y el destinatario, el momento de recepción del Mensaje de Datos se determina cuando la recepción se efectúa en el sistema designado o cuando no se ha designado un sistema de información, la recepción tiene lugar cuando entra al sistema del destinatario.

 

ARTÍCULO 20.- LUGAR DEL ENVÍO Y RECEPCIÓN. Salvo pacto en contrario entre el iniciador y el destinatario, el Mensaje de Datos se tiene por expedido en el lugar donde el iniciador tenga su establecimiento y por recibido en el lugar donde el destinatario tenga el suyo. Si el iniciador o el destinatario tienen más de un establecimiento, éste es el que guarde una relación más estrecha con la operación subyacente o accesoria y de no existir ésta, con el establecimiento principal. No teniendo el iniciador o el destinatario un establecimiento se debe tener como tal su residencia.

 

TÍTULO II.- COMERCIO ELECTRÓNICO EN MATERIAS ESPECIALES

 

CAPÍTULO I.- TRANSPORTE DE MERCANCÍAS

 

ARTÍCULO 21.- ACTOS RELACIONADOS CON LOS CONTRATOS DE TRANSPORTE DE MERCANCÍAS.

Sin perjuicio de lo dispuesto en el Título Primero de la presente Ley, este Capítulo es aplicable a cualquiera de los siguientes actos que guarden relación con un contrato de transporte de mercancías o con su cumplimiento, sin que la lista sea exhaustiva, así:

1) Indicación de las marcas, el número, la cantidad o el peso de las mercancías; declaración de la índole el valor de las mercancías; emisión de un recibo por las mercancías; confirmación de haberse completado la carga de las mercancías;

2) Notificación a alguna persona de las cláusulas y condiciones del contrato que implica comunicación de instrucciones al portador;

3) Reclamación de la entrega de las mercancías que comprende la autorización para proceder a la entrega de y la notificación de la pérdida de las mercancías o de los daños que hayan sufrido;

4) Cualquier otra notificación o declaración relativa al cumplimiento del contrato;

5) Promesa de hacer entrega de las mercancías a la persona designada o a una persona autorizada para reclamar esa entrega;

6) Concesión, adquisición, renuncia, restitución, transferencia o negociación de algún derecho sobre mercancías;

7) Adquisición o transferencia de derechos y obligaciones con arreglo al contrato; y,

8) Cabe cualquier otro con normativa análoga.

 

ARTÍCULO 22.- DOCUMENTOS DE TRANSPORTE.

Cuando la reclamación de la entrega de mercancías se lleve a cabo por escrito mediante un documento que conste en papel, ese requisito se satisface igualmente cuando se lleve a cabo por uno o más Mensajes de Datos.

Esta disposición es aplicable tanto si el requisito en el previsto está expresado en forma de obligación como si la Ley simplemente prevé consecuencias en el caso de que no se lleve a cabo el acto por escrito o mediante un documento.

 

ARTÍCULO 23.- CONCESIÓN DE DERECHOS.

Cuando se conceda algún derecho a una persona determinada y a ninguna otra, o ésta adquiera alguna obligación y la Ley requiera que, para que ese acto surta efecto, el derecho o la obligación hayan de transferirse a esa persona mediante el envío o la utilización, de un documento, ese requisito queda satisfecho si el derecho o la obligación se transfiere mediante la utilización de uno o más Mensajes de Datos, siempre que se emplee un método confiable para garantizar la singularidad de ese Mensaje de Datos.

 

ARTÍCULO 24.- NIVEL DE FIABILIDAD.

En el caso de la concesión u obligación a que se refiere el Artículo anterior, el nivel de fiabilidad requerido es determinado a la luz de los fines para los que se transfirió el derecho o la obligación y de todas las circunstancias del caso, incluido cualquier acuerdo pertinente.

 

ARTÍCULO 25.- SUSTITUCIÓN DE MENSAJES.

Cuando se utilicen uno o más Mensajes de Datos para llevar a cabo alguno de los actos enunciados de concesión, adquisición, renuncia, restitución o negociación de algún derecho o mercancía a que se refiere el Artículo 21 de esta Ley, no es válido ningún documento utilizado para celebrar cualquiera de esos actos, a menos que se haya puesto fin al uso de Mensajes de Datos para sustituirlo por el de documentos.

Todo documento que se emita en esas circunstancias debe contener una declaración a tal efecto. La sustitución de Mensajes de Datos por documentos no afecta a los derechos ni a las obligaciones de las partes.

 

ARTÍCULO 26.- APLICACIÓN O B L I G ATO R I A AL CONTRATO EN DOCUMENTO.

Cuando se aplique obligatoriamente una norma jurídica a un contrato de transporte de mercancías que esté consignado o del que se haya dejado constancia en un documento en papel, esa norma no deja de aplicarse a un contrato cuando conste en un Mensaje de Datos, por razón de que el contrato figure en el Mensaje de Datos en lugar del documento en papel.

 

TÍTULO III.-  DISPOSICIONES FINALES

 

ARTÍCULO 27.- PREMINENCIA DE LAS LEYES DE PROTECCIÓN AL CONSUMIDOR.

La presente Ley se aplica a las normas vigentes en materia de protección al consumidor.

 

ARTÍCULO 28.- VIGENCIA.

La presente Ley entra en vigencia veinte (20) días después de su publicación en el Diario Oficial “La Gaceta”.

Dado en la ciudad de Tegucigalpa, municipio del Distrito Central, en el Salón de Sesiones del Congreso Nacional, a los veinticuatro días del mes de enero del dos mil quince.

MAURICIO OLIVA HERRERA.- PRESIDENTE

MARIO ALONSO PÉREZ LÓPEZ.- SECRETARIO

ROMÁN VILLEDA AGUILAR.- SECRETARIO

 

POR TANTO:

EJECÚTESE.

TEGUCIGALPA, M.D.C., 02 de marzo de 2015.

JUAN ORLANDO HERNÁNDEZ ALVARADO.- PRESIDENTE DE LA REPÚBLICA

EL SECRETARIO DE ESTADO EN LOS DESPACHOS DE DERECHOS HUMANOS, JUSTICIA, GOBERNACIÓN Y DESCENTRALIZACIÓN.- RIGOBERTO CHANG CASTILLO

 

13Jul/17

Law of the Republic of Azerbaijan September 30, 2009, on approval of Convention “On Cybercrime”

Law of the Republic of Azerbaijan on approval of Convention “On Cybercrime”

 

The National Assembly of the Republic of Azerbaijan decides:

To approve the Convention “On Cybercrime” signed in the city of Budapest on November 23, 2001 with corresponding statements and reservations.

Ilham Aliyev,

President of the Republic of Azerbaijan

Baku city, September 30, 2009

 

Convention “On Cybercrime”

 

Budapest, 23 November 2001

 

Preamble

The member States of the Council of Europe and the other States signatory hereto,

Considering that the aim of the Council of Europe is to achieve a greater unity between its members;

Recognising the value of fostering co-operation with the other States parties to this Convention;

Convinced of the need to pursue, as a matter of priority, a common criminal policy aimed at the protection of society against cybercrime, inter alia, by adopting appropriate legislation and fostering international co-operation;

Conscious of the profound changes brought about by the digitalisation, convergence and continuing globalisation of computer networks;

Concerned by the risk that computer networks and electronic information may also be used for committing criminal offences and that evidence relating to such offences may be stored and transferred by these networks;

Recognising the need for co-operation between States and private industry in combating cybercrime and the need to protect legitimate interests in the use and development of information technologies;

Believing that an effective fight against cybercrime requires increased, rapid and well-functioning international co-operation in criminal matters;

Convinced that the present Convention is necessary to deter action directed against the confidentiality, integrity and availability of computer systems, networks and computer data as well as the misuse of such systems, networks and data by providing for the criminalisation of such conduct, as described in this Convention, and the adoption of powers sufficient for effectively combating such criminal offences, by facilitating their detection, investigation and prosecution at both the domestic and international levels and by providing arrangements for fast and reliable international co-operation;

Mindful of the need to ensure a proper balance between the interests of law enforcement and respect for fundamental human rights as enshrined in the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights and other applicable international human rights treaties, which reaffirm the right of everyone to hold opinions without interference, as well as the right to freedom of expression, including the freedom to seek, receive, and impart information and ideas of all kinds, regardless of frontiers, and the rights concerning the respect for privacy;

Mindful also of the right to the protection of personal data, as conferred, for example, by the 1981 Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data;

Considering the 1989 United Nations Convention on the Rights of the Child and the 1999 International Labour Organization Worst Forms of Child Labour Convention;

Taking into account the existing Council of Europe conventions on co-operation in the penal field, as well as similar treaties which exist between Council of Europe member States and other States, and stressing that the present Convention is intended to supplement those conventions in order to make criminal investigations and proceedings concerning criminal offences related to computer systems and data more effective and to enable the collection of evidence in electronic form of a criminal offence;

Welcoming recent developments which further advance international understanding and co-operation in combating cybercrime, including action taken by the United Nations, the OECD, the European Union and the G8;

Recalling Committee of Ministers Recommendations nº R (85) 10 concerning the practical application of the European Convention on Mutual Assistance in Criminal Matters in respect of letters rogatory for the interception of telecommunications, nº R (88) 2 on piracy in the field of copyright and neighbouring rights, nº R (87) 15 regulating the use of personal data in the police sector, nº R (95) 4 on the protection of personal data in the area of telecommunication services, with particular reference to telephone services, as well as nº R (89) 9 on computer-related crime providing guidelines for national legislatures concerning the definition of certain computer crimes and nº R (95) 13 concerning problems of criminal procedural law connected with information technology;

Having regard to Resolution nº 1 adopted by the European Ministers of Justice at their 21st Conference (Prague, 10 and 11 June 1997), which recommended that the Committee of Ministers support the work on cybercrime carried out by the European Committee on Crime Problems (CDPC) in order to bring domestic criminal law provisions closer to each other and enable the use of effective means of investigation into such offences, as well as to Resolution nº 3 adopted at the 23rd Conference of the European Ministers of Justice (London, 8 and 9 June 2000), which encouraged the negotiating parties to pursue their efforts with a view to finding appropriate solutions to enable the largest possible number of States to become parties to the Convention and acknowledged the need for a swift and efficient system of international co-operation, which duly takes into account the specific requirements of the fight against cybercrime;

Having also regard to the Action Plan adopted by the Heads of State and Government of the Council of Europe on the occasion of their Second Summit (Strasbourg, 10 and 11 October 1997), to seek common responses to the development of the new information technologies based on the standards and values of the Council of Europe;

Have agreed as follows:

 

Chapter I .- Use of terms

 

Article 1 .- Definitions

For the purposes of this Convention:

a    “computer system” means any device or a group of interconnected or related devices, one or more of which, pursuant to a program, performs automatic processing of data;

b    “computer data” means any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function;

c    “service provider” means:

i    any public or private entity that provides to users of its service the ability to communicate by means of a computer system, and

ii     any other entity that processes or stores computer data on behalf of such communication service or users of such service.

d    “traffic data” means any computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.

 

Chapter II .- Measures to be taken at the national level

 

Section 1 .- Substantive criminal law

 

Title 1 .- Offences against the confidentiality, integrity and availability of computer data and systems

 

Article 2 .- Illegal access

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system.

 

Article 3 .- Illegal interception

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system.

 

Article 4 .- Data interference

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the damaging, deletion, deterioration, alteration or suppression of computer data without right.

2    A Party may reserve the right to require that the conduct described in paragraph 1 result in serious harm.

 

Article 5 .- System interference

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data.

 

Article 6 .- Misuse of devices

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:

a     the production, sale, procurement for use, import, distribution or otherwise making available of:

i    a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Articles 2 through 5;

ii    a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5; and

b     the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used for the purpose of committing any of the offences established in Articles 2 through 5. A Party may require by law that a number of such items be possessed before criminal liability attaches.

2    This article shall not be interpreted as imposing criminal liability where the production, sale, procurement for use, import, distribution or otherwise making available or possession referred to in paragraph 1 of this article is not for the purpose of committing an offence established in accordance with Articles 2 through 5 of this Convention, such as for the authorised testing or protection of a computer system.

3    Each Party may reserve the right not to apply paragraph 1 of this article, provided that the reservation does not concern the sale, distribution or otherwise making available of the items referred to in paragraph 1 a.ii of this article.

 

Title 2 .- Computer-related offences

 

Article 7 .- Computer-related forgery

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible. A Party may require an intent to defraud, or similar dishonest intent, before criminal liability attaches.

 

Article 8 .- Computer-related fraud

Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the causing of a loss of property to another person by:

a     any input, alteration, deletion or suppression of computer data,

b     any interference with the functioning of a computer system, with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person.

 

Title 3 .- Content-related offences

 

Article 9 .- Offences related to child pornography

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the following conduct:

a     producing child pornography for the purpose of its distribution through a computer system;

b     offering or making available child pornography through a computer system;

c     distributing or transmitting child pornography through a computer system;

d     procuring child pornography through a computer system for oneself or for another person;

e     possessing child pornography in a computer system or on a computer-data storage medium.

2    For the purpose of paragraph 1 above, the term “child pornography” shall include pornographic material that visually depicts:

a     a minor engaged in sexually explicit conduct;

b     a person appearing to be a minor engaged in sexually explicit conduct;

c     realistic images representing a minor engaged in sexually explicit conduct.

3    For the purpose of paragraph 2 above, the term “minor” shall include all persons under 18 years of age. A Party may, however, require a lower age-limit, which shall be not less than 16 years.

4    Each Party may reserve the right not to apply, in whole or in part, paragraphs 1, sub-paragraphs d. and e, and 2, sub-paragraphs b. and c.

 

Title 4 .- Offences related to infringements of copyright and related rights

 

Article 10 .- Offences related to infringements of copyright and related rights

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of copyright, as defined under the law of that Party, pursuant to the obligations it has undertaken under the Paris Act of 24 July 1971 revising the Bern Convention for the Protection of Literary and Artistic Works, the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Copyright Treaty, with the exception of any moral rights conferred by such conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system.

2    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of related rights, as defined under the law of that Party, pursuant to the obligations it has undertaken under the International Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organisations (Rome Convention), the Agreement on Trade-Related Aspects of Intellectual Property Rights and the WIPO Performances and Phonograms Treaty, with the exception of any moral rights conferred by such conventions, where such acts are committed wilfully, on a commercial scale and by means of a computer system.

3    A Party may reserve the right not to impose criminal liability under paragraphs 1 and 2 of this article in limited circumstances, provided that other effective remedies are available and that such reservation does not derogate from the Party’s international obligations set forth in the international instruments referred to in paragraphs 1 and 2 of this article.

 

Title 5 .- Ancillary liability and sanctions

 

Article 11 .- Attempt and aiding or abetting

1    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, aiding or abetting the commission of any of the offences established in accordance with Articles 2 through 10 of the present Convention with intent that such offence be committed.

2    Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, an attempt to commit any of the offences established in accordance with Articles 3 through 5, 7, 8, and 9.1.a and c. of this Convention.

3    Each Party may reserve the right not to apply, in whole or in part, paragraph 2 of this article.

 

Article 12 .- Corporate liability

1    Each Party shall adopt such legislative and other measures as may be necessary to ensure that legal persons can be held liable for a criminal offence established in accordance with this Convention, committed for their benefit by any natural person, acting either individually or as part of an organ of the legal person, who has a leading position within it, based on:

a     a power of representation of the legal person;

b     an authority to take decisions on behalf of the legal person;

c     an authority to exercise control within the legal person.

2    In addition to the cases already provided for in paragraph 1 of this article, each Party shall take the measures necessary to ensure that a legal person can be held liable where the lack of supervision or control by a natural person referred to in paragraph 1 has made possible the commission of a criminal offence established in accordance with this Convention for the benefit of that legal person by a natural person acting under its authority.

3    Subject to the legal principles of the Party, the liability of a legal person may be criminal, civil or administrative.

4    Such liability shall be without prejudice to the criminal liability of the natural persons who have committed the offence.

 

Article 13 .- Sanctions and measures

1    Each Party shall adopt such legislative and other measures as may be necessary to ensure that the criminal offences established in accordance with Articles 2 through 11 are punishable by effective, proportionate and dissuasive sanctions, which include deprivation of liberty.

2    Each Party shall ensure that legal persons held liable in accordance with Article 12 shall be subject to effective, proportionate and dissuasive criminal or non-criminal sanctions or measures, including monetary sanctions.

 

Section 2 .- Procedural law

 

Title 1 .- Common provisions

 

Article 14 .- Scope of procedural provisions

1    Each Party shall adopt such legislative and other measures as may be necessary to establish the powers and procedures provided for in this section for the purpose of specific criminal investigations or proceedings.

2    Except as specifically provided otherwise in Article 21, each Party shall apply the powers and procedures referred to in paragraph 1 of this article to:

a    the criminal offences established in accordance with Articles 2 through 11 of this Convention;

b    other criminal offences committed by means of a computer system; and

c    the collection of evidence in electronic form of a criminal offence.

3

a.    Each Party may reserve the right to apply the measures referred to in Article 20 only to offences or categories of offences specified in the reservation, provided that the range of such offences or categories of offences is not more restricted than the range of offences to which it applies the measures referred to in Article 21. Each Party shall consider restricting such a reservation to enable the broadest application of the measure referred to in Article 20.

b    Where a Party, due to limitations in its legislation in force at the time of the adoption of the present Convention, is not able to apply the measures referred to in Articles 20 and 21 to communications being transmitted within a computer system of a service provider, which system:

i    is being operated for the benefit of a closed group of users, and

ii    does not employ public communications networks and is not connected with another computer system, whether public or private, that Party may reserve the right not to apply these measures to such communications. Each Party shall consider restricting such a reservation to enable the broadest application of the measures referred to in Articles 20 and 21.

 

Article 15 .- Conditions and safeguards

1    Each Party shall ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law, which shall provide for the adequate protection of human rights and liberties, including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights, and other applicable international human rights instruments, and which shall incorporate the principle of proportionality.

2    Such conditions and safeguards shall, as appropriate in view of the nature of the procedure or power concerned, inter alia, include judicial or other independent supervision, grounds justifying application, and limitation of the scope and the duration of such power or procedure.

3    To the extent that it is consistent with the public interest, in particular the sound administration of justice, each Party shall consider the impact of the powers and procedures in this section upon the rights, responsibilities and legitimate interests of third parties.

 

Title 2 .- Expedited preservation of stored computer data

 

Article 16 .- Expedited preservation of stored computer data

1    Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data, that has been stored by means of a computer system, in particular where there are grounds to believe that the computer data is particularly vulnerable to loss or modification.

2    Where a Party gives effect to paragraph 1 above by means of an order to a person to preserve specified stored computer data in the person’s possession or control, the Party shall adopt such legislative and other measures as may be necessary to oblige that person to preserve and maintain the integrity of that computer data for a period of time as long as necessary, up to a maximum of ninety days, to enable the competent authorities to seek its disclosure. A Party may provide for such an order to be subsequently renewed.

3    Each Party shall adopt such legislative and other measures as may be necessary to oblige the custodian or other person who is to preserve the computer data to keep confidential the undertaking of such procedures for the period of time provided for by its domestic law.

4    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

 

Article 17 .- Expedited preservation and partial disclosure of traffic data

1    Each Party shall adopt, in respect of traffic data that is to be preserved under Article 16, such legislative and other measures as may be necessary to:

a    ensure that such expeditious preservation of traffic data is available regardless of whether one or more service providers were involved in the transmission of that communication; and

b    ensure the expeditious disclosure to the Party’s competent authority, or a person designated by that authority, of a sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted.

2    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

 

Title 3 .- Production order

 

Article 18 .- Production order

1    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order:

a    a person in its territory to submit specified computer data in that person’s possession or control, which is stored in a computer system or a computer-data storage medium; and

b    a service provider offering its services in the territory of the Party to submit subscriber information relating to such services in that service provider’s possession or control.

2    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

3    For the purpose of this article, the term “subscriber information” means any information contained in the form of computer data or any other form that is held by a service provider, relating to subscribers of its services other than traffic or content data and by which can be established:

a    the type of communication service used, the technical provisions taken thereto and the period of service;

b    the subscriber’s identity, postal or geographic address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement;

c    any other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement.

 

Title 4 .- Search and seizure of stored computer data

 

Article 19 .- Search and seizure of stored computer data

1    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to search or similarly access:

a    a computer system or part of it and computer data stored therein; and

b    a computer-data storage medium in which computer data may be stored in its territory.

2    Each Party shall adopt such legislative and other measures as may be necessary to ensure that where its authorities search or similarly access a specific computer system or part of it, pursuant to paragraph 1.a, and have grounds to believe that the data sought is stored in another computer system or part of it in its territory, and such data is lawfully accessible from or available to the initial system, the authorities shall be able to expeditiously extend the search or similar accessing to the other system.

3    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to seize or similarly secure computer data accessed according to paragraphs 1 or 2. These measures shall include the power to:

a    seize or similarly secure a computer system or part of it or a computer-data storage medium;

b    make and retain a copy of those computer data;

c    maintain the integrity of the relevant stored computer data;

d    render inaccessible or remove those computer data in the accessed computer system.

4    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data therein to provide, as is reasonable, the necessary information, to enable the undertaking of the measures referred to in paragraphs 1 and 2.

5    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

 

Title 5 .- Real-time collection of computer data

 

Article 20 .- Real-time collection of traffic data

1    Each Party shall adopt such legislative and other measures as may be necessary to empower its competent authorities to:

a    collect or record through the application of technical means on the territory of that Party, and

b    compel a service provider, within its existing technical capability:

i    to collect or record through the application of technical means on the territory of that Party; or

ii    to co-operate and assist the competent authorities in the collection or recording of, traffic data, in real-time, associated with specified communications in its territory transmitted by means of a computer system.

2    Where a Party, due to the established principles of its domestic legal system, cannot adopt the measures referred to in paragraph 1.a, it may instead adopt legislative and other measures as may be necessary to ensure the real-time collection or recording of traffic data associated with specified communications transmitted in its territory, through the application of technical means on that territory.

3    Each Party shall adopt such legislative and other measures as may be necessary to oblige a service provider to keep confidential the fact of the execution of any power provided for in this article and any information relating to it.

4    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

 

Article 21 .- Interception of content data

1    Each Party shall adopt such legislative and other measures as may be necessary, in relation to a range of serious offences to be determined by domestic law, to empower its competent authorities to:

a    collect or record through the application of technical means on the territory of that Party, and

b    compel a service provider, within its existing technical capability:

i    to collect or record through the application of technical means on the territory of that Party, or

ii    to co-operate and assist the competent authorities in the collection or recording of, content data, in real-time, of specified communications in its territory transmitted by means of a computer system.

2    Where a Party, due to the established principles of its domestic legal system, cannot adopt the measures referred to in paragraph 1.a, it may instead adopt legislative and other measures as may be necessary to ensure the real-time collection or recording of content data on specified communications in its territory through the application of technical means on that territory.

3    Each Party shall adopt such legislative and other measures as may be necessary to oblige a service provider to keep confidential the fact of the execution of any power provided for in this article and any information relating to it.

4    The powers and procedures referred to in this article shall be subject to Articles 14 and 15.

Section 3 .- Jurisdiction

 

Article 22 .- Jurisdiction

1    Each Party shall adopt such legislative and other measures as may be necessary to establish jurisdiction over any offence established in accordance with Articles 2 through 11 of this Convention, when the offence is committed:

a    in its territory; or

b    on board a ship flying the flag of that Party; or

c    on board an aircraft registered under the laws of that Party; or

d    by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State.

2    Each Party may reserve the right not to apply or to apply only in specific cases or conditions the jurisdiction rules laid down in paragraphs 1.b through 1.d of this article or any part thereof.

3    Each Party shall adopt such measures as may be necessary to establish jurisdiction over the offences referred to in Article 24, paragraph 1, of this Convention, in cases where an alleged offender is present in its territory and it does not extradite him or her to another Party, solely on the basis of his or her nationality, after a request for extradition.

4    This Convention does not exclude any criminal jurisdiction exercised by a Party in accordance with its domestic law.

5    When more than one Party claims jurisdiction over an alleged offence established in accordance with this Convention, the Parties involved shall, where appropriate, consult with a view to determining the most appropriate jurisdiction for prosecution.

Chapter III .- International co-operation

 

Section 1 .- General principles

 

Title 1 .- General principles relating to international co-operation

 

Article 23 .- General principles relating to international co-operation

The Parties shall co-operate with each other, in accordance with the provisions of this chapter, and through the application of relevant international instruments on international co-operation in criminal matters, arrangements agreed on the basis of uniform or reciprocal legislation, and domestic laws, to the widest extent possible for the purposes of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.

 

Title 2 .- Principles relating to extradition

 

Article 24 .- Extradition

1

a.   This article applies to extradition between Parties for the criminal offences established in accordance with Articles 2 through 11 of this Convention, provided that they are punishable under the laws of both Parties concerned by deprivation of liberty for a maximum period of at least one year, or by a more severe penalty.

b.      Where a different minimum penalty is to be applied under an arrangement agreed on the basis of uniform or reciprocal legislation or an extradition treaty, including the European Convention on Extradition (ETS No. 24), applicable between two or more parties, the minimum penalty provided for under such arrangement or treaty shall apply.

2    The criminal offences described in paragraph 1 of this article shall be deemed to be included as extraditable offences in any extradition treaty existing between or among the Parties. The Parties undertake to include such offences as extraditable offences in any extradition treaty to be concluded between or among them.

3    If a Party that makes extradition conditional on the existence of a treaty receives a request for extradition from another Party with which it does not have an extradition treaty, it may consider this Convention as the legal basis for extradition with respect to any criminal offence referred to in paragraph 1 of this article.

4    Parties that do not make extradition conditional on the existence of a treaty shall recognise the criminal offences referred to in paragraph 1 of this article as extraditable offences between themselves.

5    Extradition shall be subject to the conditions provided for by the law of the requested Party or by applicable extradition treaties, including the grounds on which the requested Party may refuse extradition.

6    If extradition for a criminal offence referred to in paragraph 1 of this article is refused solely on the basis of the nationality of the person sought, or because the requested Party deems that it has jurisdiction over the offence, the requested Party shall submit the case at the request of the requesting Party to its competent authorities for the purpose of prosecution and shall report the final outcome to the requesting Party in due course. Those authorities shall take their decision and conduct their investigations and proceedings in the same manner as for any other offence of a comparable nature under the law of that Party.

7

a.   Each Party shall, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, communicate to the Secretary General of the Council of Europe the name and address of each authority responsible for making or receiving requests for extradition or provisional arrest in the absence of a treaty.

b.   The Secretary General of the Council of Europe shall set up and keep updated a register of authorities so designated by the Parties. Each Party shall ensure that the details held on the register are correct at all times.

 

Title 3 .- General principles relating to mutual assistance

 

Article 25 .- General principles relating to mutual assistance

1    The Parties shall afford one another mutual assistance to the widest extent possible for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence.

2    Each Party shall also adopt such legislative and other measures as may be necessary to carry out the obligations set forth in Articles 27 through 35.

3    Each Party may, in urgent circumstances, make requests for mutual assistance or communications related thereto by expedited means of communication, including fax or e-mail, to the extent that such means provide appropriate levels of security and authentication (including the use of encryption, where necessary), with formal confirmation to follow, where required by the requested Party. The requested Party shall accept and respond to the request by any such expedited means of communication.

4    Except as otherwise specifically provided in articles in this chapter, mutual assistance shall be subject to the conditions provided for by the law of the requested Party or by applicable mutual assistance treaties, including the grounds on which the requested Party may refuse co-operation. The requested Party shall not exercise the right to refuse mutual assistance in relation to the offences referred to in Articles 2 through 11 solely on the ground that the request concerns an offence which it considers a fiscal offence.

5    Where, in accordance with the provisions of this chapter, the requested Party is permitted to make mutual assistance conditional upon the existence of dual criminality, that condition shall be deemed fulfilled, irrespective of whether its laws place the offence within the same category of offence or denominate the offence by the same terminology as the requesting Party, if the conduct underlying the offence for which assistance is sought is a criminal offence under its laws.

 

Article 26 .- Spontaneous information

1    A Party may, within the limits of its domestic law and without prior request, forward to another Party information obtained within the framework of its own investigations when it considers that the disclosure of such information might assist the receiving Party in initiating or carrying out investigations or proceedings concerning criminal offences established in accordance with this Convention or might lead to a request for co-operation by that Party under this chapter.

2    Prior to providing such information, the providing Party may request that it be kept confidential or only used subject to conditions. If the receiving Party cannot comply with such request, it shall notify the providing Party, which shall then determine whether the information should nevertheless be provided. If the receiving Party accepts the information subject to the conditions, it shall be bound by them.

 

Title 4 .- Procedures pertaining to mutual assistance requests in the absence of applicable international agreements

 

Article 27 .- Procedures pertaining to mutual assistance requests in the absence of applicable international agreements

1    Where there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and requested Parties, the provisions of paragraphs 2 through 9 of this article shall apply. The provisions of this article shall not apply where such treaty, arrangement or legislation exists, unless the Parties concerned agree to apply any or all of the remainder of this article in lieu thereof.

2

a.   Each Party shall designate a central authority or authorities responsible for sending and answering requests for mutual assistance, the execution of such requests or their transmission to the authorities competent for their execution.

b.   The central authorities shall communicate directly with each other;

c.    Each Party shall, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, communicate to the Secretary General of the Council of Europe the names and addresses of the authorities designated in pursuance of this paragraph;

d.    The Secretary General of the Council of Europe shall set up and keep updated a register of central authorities designated by the Parties. Each Party shall ensure that the details held on the register are correct at all times.

3    Mutual assistance requests under this article shall be executed in accordance with the procedures specified by the requesting Party, except where incompatible with the law of the requested Party.

4    The requested Party may, in addition to the grounds for refusal established in Article 25, paragraph 4, refuse assistance if:

a    the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence, or

b    it considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

5    The requested Party may postpone action on a request if such action would prejudice criminal investigations or proceedings conducted by its authorities.

6    Before refusing or postponing assistance, the requested Party shall, where appropriate after having consulted with the requesting Party, consider whether the request may be granted partially or subject to such conditions as it deems necessary.

7    The requested Party shall promptly inform the requesting Party of the outcome of the execution of a request for assistance. Reasons shall be given for any refusal or postponement of the request. The requested Party shall also inform the requesting Party of any reasons that render impossible the execution of the request or are likely to delay it significantly.

8    The requesting Party may request that the requested Party keep confidential the fact of any request made under this chapter as well as its subject, except to the extent necessary for its execution. If the requested Party cannot comply with the request for confidentiality, it shall promptly inform the requesting Party, which shall then determine whether the request should nevertheless be executed.

9

a.   In the event of urgency, requests for mutual assistance or communications related thereto may be sent directly by judicial authorities of the requesting Party to such authorities of the requested Party. In any such cases, a copy shall be sent at the same time to the central authority of the requested Party through the central authority of the requesting Party.

b.   Any request or communication under this paragraph may be made through the International Criminal Police Organisation (Interpol).

c.    Where a request is made pursuant to sub-paragraph a. of this article and the authority is not competent to deal with the request, it shall refer the request to the competent national authority and inform directly the requesting Party that it has done so.

d.   Requests or communications made under this paragraph that do not involve coercive action may be directly transmitted by the competent authorities of the requesting Party to the competent authorities of the requested Party.

e.   Each Party may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, inform the Secretary General of the Council of Europe that, for reasons of efficiency, requests made under this paragraph are to be addressed to its central authority.

 

Article 28 .- Confidentiality and limitation on use

1    When there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and the requested Parties, the provisions of this article shall apply. The provisions of this article shall not apply where such treaty, arrangement or legislation exists, unless the Parties concerned agree to apply any or all of the remainder of this article in lieu thereof.

2    The requested Party may make the supply of information or material in response to a request dependent on the condition that it is:

a    kept confidential where the request for mutual legal assistance could not be complied with in the absence of such condition, or

b    not used for investigations or proceedings other than those stated in the request.

3    If the requesting Party cannot comply with a condition referred to in paragraph 2, it shall promptly inform the other Party, which shall then determine whether the information should nevertheless be provided. When the requesting Party accepts the condition, it shall be bound by it.

4    Any Party that supplies information or material subject to a condition referred to in paragraph 2 may require the other Party to explain, in relation to that condition, the use made of such information or material.

 

Section 2 .- Specific provisions

 

Title 1 .- Mutual assistance regarding provisional measures

 

Article 29 .- Expedited preservation of stored computer data

1    A Party may request another Party to order or otherwise obtain the expeditious preservation of data stored by means of a computer system, located within the territory of that other Party and in respect of which the requesting Party intends to submit a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of the data.

2    A request for preservation made under paragraph 1 shall specify:

a    the authority seeking the preservation;

b    the offence that is the subject of a criminal investigation or proceedings and a brief summary of the related facts;

c    the stored computer data to be preserved and its relationship to the offence;

d    any available information identifying the custodian of the stored computer data or the location of the computer system;

e    the necessity of the preservation; and

f    that the Party intends to submit a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of the stored computer data.

3    Upon receiving the request from another Party, the requested Party shall take all appropriate measures to preserve expeditiously the specified data in accordance with its domestic law. For the purposes of responding to a request, dual criminality shall not be required as a condition to providing such preservation.

4    A Party that requires dual criminality as a condition for responding to a request for mutual assistance for the search or similar access, seizure or similar securing, or disclosure of stored data may, in respect of offences other than those established in accordance with Articles 2 through 11 of this Convention, reserve the right to refuse the request for preservation under this article in cases where it has reasons to believe that at the time of disclosure the condition of dual criminality cannot be fulfilled.

5    In addition, a request for preservation may only be refused if:

a    the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence, or

b    the requested Party considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

6    Where the requested Party believes that preservation will not ensure the future availability of the data or will threaten the confidentiality of or otherwise prejudice the requesting Party’s investigation, it shall promptly so inform the requesting Party, which shall then determine whether the request should nevertheless be executed.

7    Any preservation effected in response to the request referred to in paragraph 1 shall be for a period not less than sixty days, in order to enable the requesting Party to submit a request for the search or similar access, seizure or similar securing, or disclosure of the data. Following the receipt of such a request, the data shall continue to be preserved pending a decision on that request.

 

Article 30 .- Expedited disclosure of preserved traffic data

1    Where, in the course of the execution of a request made pursuant to Article 29 to preserve traffic data concerning a specific communication, the requested Party discovers that a service provider in another State was involved in the transmission of the communication, the requested Party shall expeditiously disclose to the requesting Party a sufficient amount of traffic data to identify that service provider and the path through which the communication was transmitted.

2    Disclosure of traffic data under paragraph 1 may only be withheld if:

a    the request concerns an offence which the requested Party considers a political offence or an offence connected with a political offence; or

b    the requested Party considers that execution of the request is likely to prejudice its sovereignty, security, ordre public or other essential interests.

 

Title 2 .- Mutual assistance regarding investigative powers

 

Article 31 .- Mutual assistance regarding accessing of stored computer data

1    A Party may request another Party to search or similarly access, seize or similarly secure, and disclose data stored by means of a computer system located within the territory of the requested Party, including data that has been preserved pursuant to Article 29.

2    The requested Party shall respond to the request through the application of international instruments, arrangements and laws referred to in Article 23, and in accordance with other relevant provisions of this chapter.

3    The request shall be responded to on an expedited basis where:

a    there are grounds to believe that relevant data is particularly vulnerable to loss or modification; or

b    the instruments, arrangements and laws referred to in paragraph 2 otherwise provide for expedited co-operation.

 

Article 32 .- Trans-border access to stored computer data with consent or where publicly available

A Party may, without the authorisation of another Party:

a    access publicly available (open source) stored computer data, regardless of where the data is located geographically; or

b    access or receive, through a computer system in its territory, stored computer data located in another Party, if the Party obtains the lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system.

 

Article 33 .- Mutual assistance regarding the real-time collection of traffic data

1    The Parties shall provide mutual assistance to each other in the real-time collection of traffic data associated with specified communications in their territory transmitted by means of a computer system. Subject to the provisions of paragraph 2, this assistance shall be governed by the conditions and procedures provided for under domestic law.

2    Each Party shall provide such assistance at least with respect to criminal offences for which real-time collection of traffic data would be available in a similar domestic case.

 

Article 34 .- Mutual assistance regarding the interception of content data

The Parties shall provide mutual assistance to each other in the real-time collection or recording of content data of specified communications transmitted by means of a computer system to the extent permitted under their applicable treaties and domestic laws.

 

Title 3 .- 24/7 Network

 

Article 35 .- 24/7 Network

1    Each Party shall designate a point of contact available on a twenty-four hour, seven-day-a-week basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence. Such assistance shall include facilitating, or, if permitted by its domestic law and practice, directly carrying out the following measures:

a    the provision of technical advice;

b    the preservation of data pursuant to Articles 29 and 30;

c    the collection of evidence, the provision of legal information, and locating of suspects.

2

a.    A Party’s point of contact shall have the capacity to carry out communications with the point of contact of another Party on an expedited basis.

b.    If the point of contact designated by a Party is not part of that Party’s authority or authorities responsible for international mutual assistance or extradition, the point of contact shall ensure that it is able to co-ordinate with such authority or authorities on an expedited basis.

3    Each Party shall ensure that trained and equipped personnel are available, in order to facilitate the operation of the network.

 

Chapter IV .- Final provisions

 

Article 36 .- Signature and entry into force

1    This Convention shall be open for signature by the member States of the Council of Europe and by non-member States which have participated in its elaboration.

2    This Convention is subject to ratification, acceptance or approval. Instruments of ratification, acceptance or approval shall be deposited with the Secretary General of the Council of Europe.

3    This Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date on which five States, including at least three member States of the Council of Europe, have expressed their consent to be bound by the Convention in accordance with the provisions of paragraphs 1 and 2.

4    In respect of any signatory State which subsequently expresses its consent to be bound by it, the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of the expression of its consent to be bound by the Convention in accordance with the provisions of paragraphs 1 and 2.

 

Article 37 .- Accession to the Convention

1    After the entry into force of this Convention, the Committee of Ministers of the Council of Europe, after consulting with and obtaining the unanimous consent of the Contracting States to the Convention, may invite any State which is not a member of the Council and which has not participated in its elaboration to accede to this Convention. The decision shall be taken by the majority provided for in Article 20.d. of the Statute of the Council of Europe and by the unanimous vote of the representatives of the Contracting States entitled to sit on the Committee of Ministers.

2    In respect of any State acceding to the Convention under paragraph 1 above, the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of deposit of the instrument of accession with the Secretary General of the Council of Europe.

 

Article 38 .- Territorial application

1    Any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, specify the territory or territories to which this Convention shall apply.

2    Any State may, at any later date, by a declaration addressed to the Secretary General of the Council of Europe, extend the application of this Convention to any other territory specified in the declaration. In respect of such territory the Convention shall enter into force on the first day of the month following the expiration of a period of three months after the date of receipt of the declaration by the Secretary General.

3    Any declaration made under the two preceding paragraphs may, in respect of any territory specified in such declaration, be withdrawn by a notification addressed to the Secretary General of the Council of Europe. The withdrawal shall become effective on the first day of the month following the expiration of a period of three months after the date of receipt of such notification by the Secretary General.

 

Article 39 .- Effects of the Convention

1    The purpose of the present Convention is to supplement applicable multilateral or bilateral treaties or arrangements as between the Parties, including the provisions of:

– the European Convention on Extradition, opened for signature in Paris, on 13 December 1957 (ETS No. 24);

– the European Convention on Mutual Assistance in Criminal Matters, opened for signature in Strasbourg, on 20 April 1959 (ETS No. 30);

– the Additional Protocol to the European Convention on Mutual Assistance in Criminal Matters, opened for signature in Strasbourg, on 17 March 1978 (ETS No. 99).

2    If two or more Parties have already concluded an agreement or treaty on the matters dealt with in this Convention or have otherwise established their relations on such matters, or should they in future do so, they shall also be entitled to apply that agreement or treaty or to regulate those relations accordingly. However, where Parties establish their relations in respect of the matters dealt with in the present Convention other than as regulated therein, they shall do so in a manner that is not inconsistent with the Convention’s objectives and principles.

3    Nothing in this Convention shall affect other rights, restrictions, obligations and responsibilities of a Party.

 

Article 40 .- Declarations

By a written notification addressed to the Secretary General of the Council of Europe, any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, declare that it avails itself of the possibility of requiring additional elements as provided for under Articles 2, 3, 6 paragraph 1.b, 7, 9 paragraph 3, and 27, paragraph 9.e.

 

Article 41 .- Federal clause

1    A federal State may reserve the right to assume obligations under Chapter II of this Convention consistent with its fundamental principles governing the relationship between its central government and constituent States or other similar territorial entities provided that it is still able to co-operate under Chapter III.

2    When making a reservation under paragraph 1, a federal State may not apply the terms of such reservation to exclude or substantially diminish its obligations to provide for measures set forth in Chapter II. Overall, it shall provide for a broad and effective law enforcement capability with respect to those measures.

3    With regard to the provisions of this Convention, the application of which comes under the jurisdiction of constituent States or other similar territorial entities, that are not obliged by the constitutional system of the federation to take legislative measures, the federal government shall inform the competent authorities of such States of the said provisions with its favourable opinion, encouraging them to take appropriate action to give them effect.

 

Article 42 .- Reservations

By a written notification addressed to the Secretary General of the Council of Europe, any State may, at the time of signature or when depositing its instrument of ratification, acceptance, approval or accession, declare that it avails itself of the reservation(s) provided for in Article 4, paragraph 2, Article 6, paragraph 3, Article 9, paragraph 4, Article 10, paragraph 3, Article 11, paragraph 3, Article 14, paragraph 3, Article 22, paragraph 2, Article 29, paragraph 4, and Article 41, paragraph 1. No other reservation may be made.

 

Article 43 .- Status and withdrawal of reservations

1    A Party that has made a reservation in accordance with Article 42 may wholly or partially withdraw it by means of a notification addressed to the Secretary General of the Council of Europe. Such withdrawal shall take effect on the date of receipt of such notification by the Secretary General. If the notification states that the withdrawal of a reservation is to take effect on a date specified therein, and such date is later than the date on which the notification is received by the Secretary General, the withdrawal shall take effect on such a later date.

2    A Party that has made a reservation as referred to in Article 42 shall withdraw such reservation, in whole or in part, as soon as circumstances so permit.

3    The Secretary General of the Council of Europe may periodically enquire with Parties that have made one or more reservations as referred to in Article 42 as to the prospects for withdrawing such reservation(s).

 

Article 44.-– Amendments

1    Amendments to this Convention may be proposed by any Party, and shall be communicated by the Secretary General of the Council of Europe to the member States of the Council of Europe, to the non-member States which have participated in the elaboration of this Convention as well as to any State which has acceded to, or has been invited to accede to, this Convention in accordance with the provisions of Article 37.

2    Any amendment proposed by a Party shall be communicated to the European Committee on Crime Problems (CDPC), which shall submit to the Committee of Ministers its opinion on that proposed amendment.

3    The Committee of Ministers shall consider the proposed amendment and the opinion submitted by the CDPC and, following consultation with the non-member States Parties to this Convention, may adopt the amendment.

4    The text of any amendment adopted by the Committee of Ministers in accordance with paragraph 3 of this article shall be forwarded to the Parties for acceptance.

5    Any amendment adopted in accordance with paragraph 3 of this article shall come into force on the thirtieth day after all Parties have informed the Secretary General of their acceptance thereof.

 

Article 45 .- Settlement of disputes

1    The European Committee on Crime Problems (CDPC) shall be kept informed regarding the interpretation and application of this Convention.

2    In case of a dispute between Parties as to the interpretation or application of this Convention, they shall seek a settlement of the dispute through negotiation or any other peaceful means of their choice, including submission of the dispute to the CDPC, to an arbitral tribunal whose decisions shall be binding upon the Parties, or to the International Court of Justice, as agreed upon by the Parties concerned.

 

Article 46 .- Consultations of the Parties

1    The Parties shall, as appropriate, consult periodically with a view to facilitating:

a    the effective use and implementation of this Convention, including the identification of any problems thereof, as well as the effects of any declaration or reservation made under this Convention;

b    the exchange of information on significant legal, policy or technological developments pertaining to cybercrime and the collection of evidence in electronic form;

c    consideration of possible supplementation or amendment of the Convention.

2    The European Committee on Crime Problems (CDPC) shall be kept periodically informed regarding the result of consultations referred to in paragraph 1.

3    The CDPC shall, as appropriate, facilitate the consultations referred to in paragraph 1 and take the measures necessary to assist the Parties in their efforts to supplement or amend the Convention. At the latest three years after the present Convention enters into force, the European Committee on Crime Problems (CDPC) shall, in co-operation with the Parties, conduct a review of all of the Convention’s provisions and, if necessary, recommend any appropriate amendments.

4    Except where assumed by the Council of Europe, expenses incurred in carrying out the provisions of paragraph 1 shall be borne by the Parties in the manner to be determined by them.

5    The Parties shall be assisted by the Secretariat of the Council of Europe in carrying out their functions pursuant to this article.

 

Article 47 .- Denunciation

1    Any Party may, at any time, denounce this Convention by means of a notification addressed to the Secretary General of the Council of Europe.

2    Such denunciation shall become effective on the first day of the month following the expiration of a period of three months after the date of receipt of the notification by the Secretary General.

 

Article 48 .- Notification

The Secretary General of the Council of Europe shall notify the member States of the Council of Europe, the non-member States which have participated in the elaboration of this Convention as well as any State which has acceded to, or has been invited to accede to, this Convention of:

a    any signature;

b    the deposit of any instrument of ratification, acceptance, approval or accession;

c    any date of entry into force of this Convention in accordance with Articles 36 and 37;

d    any declaration made under Article 40 or reservation made in accordance with Article 42;

e    any other act, notification or communication relating to this Convention.

In witness whereof  the undersigned, being duly authorised thereto, have signed this Convention.

Done at Budapest, this 23rd day of November 2001, in English and in French, both texts being equally authentic, in a single copy which shall be deposited in the archives of the Council of Europe. The Secretary General of the Council of Europe shall transmit certified copies to each member State of the Council of Europe, to the non-member States which have participated in the elaboration of this Convention, and to any State invited to accede to it.

 

Statement of the Republic of Azerbaijan on semi paragraph “a” of paragraph 7 of Article 24 of the Convention “On Cybercrime”

According to subparagraph “a” of paragraph 7 of Article 24 of the Convention, in case of the absence of an extradition treaty, the Republic of Azerbaijan designates the Ministry of Justice as a responsible authority for receiving inquiries regarding extradition and temporary arrest.

 

Statement of the Republic of Azerbaijan on semi paragraph “c” of paragraph 2 of Article 27 of the Convention “On Cybercrime”

According to subparagraph “c” of paragraph 2 of Article 27 of the Convention, the Republic of Azerbaijan designates the Ministry of National Security  as a responsible authority for sending and answering requests for mutual assistance and the execution of such requests.

 

Statement of the Republic of Azerbaijan on semi paragraph “e” of paragraph 9 of Article 27 of the Convention “On Cybercrime”

According to subparagraph “e” of paragraph 9 of Article 27 of the Convention, the Republic of Azerbaijan informs the Secretary General that, for reasons of efficiency, requests made under this paragraph are to be addressed to its central authority.

 

Statement of the Republic of Azerbaijan on paragraph 1 of Article 35 of the Convention “On Cybercrime”

According to paragraph 1 of Article 35 of the Convention, the Republic of Azerbaijan designates the Ministry of National Security as a point of contact available on a twenty-four hour, seven-day-a-week basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or collection of evidence in electronic form of a criminal offence.

 

Statement of the Republic of Azerbaijan on Article 38 of the Convention “On Cybercrime”

According to Article 38 of the Convention, the Republic of Azerbaijan declares that it is unable to guarantee implementation of the Convention in the territories of the Republic of Azerbaijan, which have been occupied by the Republic of Armenia, until the liberation of those territories from occupation.

 

Reservation of the Republic of Azerbaijan on semi paragraph “b” of paragraph 1 of Article 6 of the Convention “On Cybercrime”

In accordance with subparagraph “b” of paragraph 1 of Article 6 of the Convention, the Republic of Azerbaijan declares that when acts are not considered dangerous crimes for the general public, they will be evaluated not as criminal offences, but as punishable acts regarded as a breach of law. In case the deliberate perpetration of acts subject to the penalty risk which are not treated as dangerous crimes for the general public (action or inaction) generates a serious harm, then they are treated as crime.

 

Reservation of the Republic of Azerbaijan on paragraph 3 of Article 6 of the Convention “On Cybercrime”

In relation to paragraph 3 of Article 6 of the Convention, the Republic of Azerbaijan appraises the acts indicated in paragraph 1 of Article 6 of the Convention not as criminal offences, but as punishable acts regarded as a breach of law in case these acts are not considered dangerous crimes for general public and stipulates that the given acts be subjected to criminal charge only at the event of incurrence of serious harm.

 

Reservations of the Republic of Azerbaijan on Article 42 and paragraph 2 of Article 4 of the Convention “on Cybercrime”

In accordance with Article 42 and Article 4, paragraph 2, of the Convention, the Republic of Azerbaijan declares that criminal liability occurs if the acts described in Article 4 of the Convention result in serious harm.

 

Reservations of the Republic of Azerbaijan on Article 42 and paragraph 4 of Article 29 of the Convention “on Cybercrime”

In accordance with Article 42 and Article 29, paragraph 4, of the Convention, the Republic of Azerbaijan reserves the right to refuse the request for preservation under this article in cases where it has reasons to believe that at the time of disclosure the condition of dual criminality cannot be fulfilled.

13Jul/17

The Law of the Azerbaijan Republic, 9 march 2004, on Digital Electronic Signature

The Law of the Azerbaijan Republic, 9 march 2004, on Digital Electronic Signature.

This law sets organizational, legal grounds for use of Electronic signature and Electronic document, their application in Electronic document circulation and rights of related subjects, regulates disputes among them.

 

Chapter I.- General provisions

 

Article 1.- Main ideas

1.1.- The following main ideas have been used in this law:

1.1.1.- Data .- information available for development by information technology means;

1.1.2.- Database .- material object set for storage and use of data;

1.1.3.- Information notice .- form of information written in database;

1.1.4.- Electronic signature .- data added to another data or logically linked to them, admitting identification of signature holder;

1.1.5.- Strengthened Electronic signature (hereinafter – strengthened signature) .- Electronic signature created by Electronic signature means controlled by signature holder and belonging only to signature holder, identifying it, admitting to identify the information notice to which it is linked is integral, stable, not distorted and faked;

1.1.6.- Electronic signature holder (hereinafter signature holder).- physical person speaking on behalf of itself or person empowering it in legal manner;

1.1.7.- Electronic signature means (hereinafter – signature means) .- programs and technical means used for creation and verification of Electronic signature, creating signature and verification information;

1.1.8.- Electronic signature creation information .- unrepeatable data consisted of code or cryptographic key known by signature holder only and used to create Electronic signature;

1.1.9.- Electronic signature verification information .- unrepeatable data consisted of code or cryptographic key, fitting Electronic signature creation information and used to verify Electronic signature authenticity;

1.1.10.- Electronic signature authenticity .- confirming that Electronic signature verified by Electronic signature verification information belongs to Electronic signature holder, information notice linked to signature is integral, not
changed and distorted;

1.1.11.- Certificate .- paper or Electronic document for identification of signature holder, granted by certificate services center on relationship of Electronic signature verification information to signature holder;

1.1.12.- Perfect certificate .- certificate granted by certificate services center accredited on strengthened signature verification information;

1.1.13.- Certificate services center (hereinafter – center) .- legal person granting certificate for Electronic signature and doing other services set by this law on use of signatures, or physical person dealing with entrepreneurship not founding legal person;

1.1.14.- Accredited certificate services center (hereinafter – accredited center) .- certificate services center right of which to grant perfect certificate has been approved by corresponding executive power body;

1.1.15.- Electronic document .- document submitted in Electronic version for use in information system and confirmed by Electronic signature;

1.1.16.- Electronic document circulation .- information processes linked to signed traffic of Electronic document in information system;

1.1.17.- Electronic document circulation means .- programs, technical means and techs used in Electronic document circulation;

1.1.18.- Certified Electronic signature means .- Electronic signature means compliance of which with requirements set is confirmed upon certification rules;

1.1.19.- Certified Electronic document circulation means .- Electronic document circulation means compliance of which with requirements set is confirmed upon certification rules;

1.1.20.- Electronic document sender (hereinafter – sender) .- except Electronic document circulation mediator, physical or legal person by which or on behalf of which Electronic document is sent;

1.1.21.- Electronic document receiver (hereinafter – receiver) .- except Electronic document circulation mediator, physical or legal person to which Electronic document is addressed;

1.1.22.- Electronic document circulation mediator (hereinafter – mediator) .- physical or legal person doing Electronic document circulation services between sender and receiver;

1.1.23.- Electronic document authenticity .- confirmation of integrity (possession of necessary details) and entirety (lack of technical faults and distortions during transmission) of Electronic document via Electronic signature authenticity verification;

1.1.24.- Corporate information  system .- information system set by owner or agreed among participants upon contract with limited users;

1.1.25.- Information on signature holder .- information stated by signature holder while getting certificate and collected on it during operation of system;

1.1.26.- Time indicator .- Electronic note of accredited center on receiving the information notice in certain time.

1.2.- Notion ‘centers’ that will further be used in this law will reflect the certificate services center and accredited center, and ‘signatures’ Electronic signature and strengthened signature.

 

Article 2.- Areas of use of Electronic signature and Electronic document
Except cases set by legislation of the Republic of Azerbaijan, Electronic signature and Electronic document can be used in all fields of activity where corresponding means are applied. Via Electronic document official and unofficial correspondences, exchange of documents and information causing legal responsibility and liabilities can be implemented.

 

Article 3.- Validity of Electronic signature and Electronic document

3.1.- Electronic signature cannot be considered invalid because it is in Electronic version or has no certificate, created by signature means nor certified.

3.2.- Except cases set by legislation of the Republic of Azerbaijan, signature created by certified signature means with strengthened perfect valid certificate is equal to the manual signature.

3.3.- If information on authorities of signature holder is shown in perfect certificate, strengthened signature according to Article 3.2 of this law is equal to manual signature on paper, confirmed with seal.

3.4.- If written form of document is required by legislation of the Republic of Azerbaijan, Electronic document signed according to Articles 3.2, 3.3 of this law is considered the one meeting these terms.

3.5.- Except cases when notarized confirmation and (or) state registration of the document is required by legislation of the Republic of Azerbaijan, Electronic document is equal to one on paper.

3.6.- If notarized confirmation or state registration of the document is required by legislation of the Republic of Azerbaijan, Electronic document or its copy meeting requirements of Article 25.1 of this law is registered or confirmed by legislation of the Republic of Azerbaijan.

3.7.- Use of information notice and Electronic document is regulated by this law and other legal acts.

 

Article 4.- Legislation of the Republic of Azerbaijan on Electronic signature and Electronic document

Legislation of the Republic of Azerbaijan on Electronic signature and Electronic document consists of Constitution of the Republic of Azerbaijan, international treaties supported by of the Republic of Azerbaijan, Civil Code of the Republic of Azerbaijan, this law, laws of the Republic of Azerbaijan ‘On state secret’, ‘On information and protection of information’ and other legal acts.

 

Chapter II.- Electronic signature

 

Article 5.- Use of Electronic signature

5.1.- Electronic signature created by signature means using Electronic signature creation information belongs to its holder only.

5.2.- Signature holder can have a few signature creation information and they are used in relations stated in certificates.

5.3.- Signature is verified to confirm authenticity of Electronic signature and Electronic document and identify signature holder. Verification is implemented in base of Electronic signature verification information using signature means.

5.4.- Rule of verification of Electronic signature is set by corresponding executive power body.

5.5.- Using Electronic signature not certified the signature holder must warn the opposite side.

 

Article 6.- Use of Electronic signature in state management

6.1.- Only strengthened signature and certified signature means are used for Electronic document exchange in information systems of state power and local self governing bodies.

6.2.- State power and local self governing bodies must use services of center accredited for the field.

6.3.- Information notice sent by physical or legal person to the state power or local self governing bodies must be confirmed with its strengthened signature.

6.4.- Rule of use of Electronic signature by state power and local self governing bodies is set by corresponding executive power body.

 

Article 7.- Use of Electronic signature in corporate information system

7.1.- Use of Electronic signature in corporate information system is regulated upon internal normative acts of system or contract among participants.

7.2.- Internal normative acts of corporate information system or contract among its participants must include rights and duties of persons while using signature, as well provisions on regulation of damage caused to participants
because of disobedience to rules of use of signature.

7.3.- Centers serving the corporate information system are formed upon decision of the system owner or agreement of participants.

7.4.- Activity of centers serving the corporate information system, contents of certificates, doing certificate services, implementation of certificate register, rules of storage of certificate is regulated by internal normative acts of
system.

7.5.- If certificate system center of corporate information system serves users of information system beyond the system the center must comply with and function according to the provisions of this law.

 

Chapter III.- Certificate services, certification

 

Article 8.- Electronic signature services subjects

Legal relations between signature holder, certificate services center or accredited center and corresponding executive power body during use of Electronic signature are regulated upon legislation of the Republic of Azerbaijan, this law and contract signed between parts.

 

Article 9.- Registration and accreditation of certificate services center

9.1.- 30 days before starting to function the center must inform corresponding executive power body and be registered.

9.2.- Information must contain address, legal status, financial, technical, personnel possibilities and features of activity of the person claiming to function as center.

Legal person must add to this information the state registration certificate and copy of charter, and physical person documents on its entrepreneurship activity by not creating legal person. List of documents submitted is set by
registration rules.

9.3.- Corresponding executive power body within 30 days verifies documents submitted by the center and makes decision on its registration.

9.4.- To do perfect certificate services the center is accredited at corresponding executive power body and perfect certificate is granted that.

9.5.- Number of accredited centers is not limited.

9.6.- Center can start to function only after inclusion of registration information in register of certificate services center by corresponding executive power body.

9.7.- Corresponding executive power body can deny registering the center in following cases:

9.7.1.- if applicant does not meet requirements of this law;

9.7.2.- if information and documents do not meet requirements of this law;

9.7.3.- if false information is submitted by applicant;

9.7.4.- if upon results of audit of information system security functioning of applicant as center is impossible;

9.7.5.- if activity considered by applicant on certification or registration of time indicators does not meet requirements of this law and other legal acts;

9.7.6.- if applicant has tax debt to state;

9.7.7.- other cases set by legislation of the Republic of Azerbaijan.

9.8.- Rules of registration and accreditation of the center are set by corresponding executive power body.

 

Article 10.- Certificate services

10.1.- Concerning use of signature centers can do following services:

10.1.1.- granting certificate;

10.1.2.- stopping, restoring validity of certificate and annulling certificate;

10.1.3.- upon queries, providing information set on certificate by this law and legislation of the Republic of Azerbaijan;

10.1.4.- noting time indicators;

10.1.5.- creating Electronic signature;

10.1.6.- providing advices on use of signature;

10.2.- Rules of doing certificate services are set by corresponding executive power body.

 

Article 11.- Granting the certificate

11.1.- Certificate is granted in base of written contract concluded between applicant and center.

11.2.- Physical person wanting to get certificate must submit its ID card and other documents set by rules.

11.3.- The accredited center is applied to get perfect certificate.

11.4.- After granting the certificate the center can according to this law stop, restore and annul its validity.

11.5.- Until certificate comes into force the center includes information on that in register and records in register next changes in state of certificate.

11.6.- Rules to grant certificate and conduct registration, contents of information inserted in that is set by corresponding executive power body.

 

Article 12.- Contents of certificate

12.1.- Following information is mainly included in certificate:

12.1.1.- title and address of center granting certificate (country);

12.1.2.- serial number of certificate;

12.1.3.- name, patronymic, surname of signature holder or its pseudonym shown for use;

12.1.4.- validity of certificate (time, date of beginning and ending of term);

12.1.5.- signature verification information of signature holder;

12.1.6.- title of signature means in which signature verification information will be used.

12.2.- If certificate is granted on paper it is made in official form of center, confirmed by manual signature of authorized person and seal. If certificate is granted on Electronic version it is confirmed by strengthened signature
of the body granting that.

12.3.- If the information submitted admits exact identification of signature holder, pseudonym can be used as person indicator. In this case use of pseudonym by the signature holder is clearly noted in the certificate.

12.4.- Perfect certificate granted to physical persons contain the following additionally:

12.4.1.- title and address of accredited center granting certificate (country);

12.4.2.- note on existence of perfect certificate;

12.4.3.- certificate use fields and limits;

12.5.- Perfect certificate granted to physical persons is confirmed by strengthened signature of accredited center granting that.

12.6.- Perfect certificate granted to accredited center must contain the following:

12.6.1.- title and address of body granting certificate (country);

12.6.2.- note on existence of perfect certificate;

12.6.3 certificate use fields and limits;

12.7.- Perfect certificate granted to accredited center is confirmed by strengthened signature of body granting that.

12.8.- Other information included in certificate is stated in contract signed between center and signature holder.

12.9.- In following cases certificate is invalid:

12.9.1.- if it is not granted in legal manner;

12.9.2.- if validity term is over;

12.9.3.- if strengthened signature of center granting certificate is not authentic;

12.9.4.- if validity of certificate is ceased or annulled;

12.9.5.- if it is not used in relations stated in that.

 

Article 13.- Stopping and restoring validity of certificate

13.1.- Validity of certificate is stopped by center in following cases:

13.1.1.- if signature holder applies;

13.1.2.- if authorized person (body) applies according to legislation or contract;

13.1.3.- if center has valid doubts in correctness of information that is base for granting certificate or in security of signature creation information of signature holder.

13.2.- Center immediately informs signature holder, authorized person (body) applying on stopping validity of certificate and conducts registration in register of certificates.

13.3.- In the event stated in Article 13.1.3 of this law validity of certificate cannot be stopped for more than 48 hours.

13.4.- Validity of certificate is restored in following cases:

13.4.1.- if signature holder demanding to stop validity of certificate applies or authorized person (body) applying gives permission;

13.4.2.- if valid doubts are removed as a result of actions taken by center;

13.4.3.- if term for stopping validity of certificate is over.

13.5.- Appeals for stopping or restoring validity of certificate must be in written form and well-established with corresponding documents.

13.6.- Disputes connected with stopping or restoring validity of certificate are regulated by legislation of the Republic of Azerbaijan.

 

Article 14.- Annulment of certificate

14.1.- Certificate can be annulled by center in following cases:

14.1.1.- upon appeal of signature holder;

14.1.2.- if validity term of certificate is over;

14.1.3.- upon decision or appeal of authorized person (body);

14.1.4.- if signature holder dies or considered disabled in legal manner;

14.1.5.- if documents and information submitted to center for granting certificate are fake, incorrect or invalid;

14.1.6.- if center finds out that signature holder has lost control on signature creation information;

14.1.7.- if not used in relations stated in that;

14.1.8.- if signature holder breaks requirements of legal acts regulating use of signature or contract signed with center;

14.1.9.- if certificate of signature means used has lost validity;

14.1.10.- in other cases set by legislation.

14.2.- Center informs signature holder, authorized person (body) applying on annulment of validity of certificate and conducts registration in register of certificates on amendments.

14.3.- Disputes because of annulment of certificate are settled by court.

 

Article 15.- Storage of documents on certificate services

15.1.- Certificates that are valid within time set by legislation of the Republic of Azerbaijan on fields of use given, validity of which is stopped or annulled, as well other documents and information related to that are stored at center.

15.2.- While certificate is stored the center assures free and permanent appeal of information system users to certificate, replies to inquiries related to that.

15.3.- Center assures storage of following documents:

15.3.1.- documents on assurance of security of certificate services;

15.3.2.- contracts signed with signature holders;

15.3.3.- copies of documents given upon certificates of center;

15.3.4.- documents of signature holder confirming its instruction;

15.3.5.- documents on stopping, restoring and annulling validity of certificate.

15.4.- After term for storage at center is over certificate is removed from register and given to archive. Term for storage in archive, rule of giving copies of certificates and other information on them within this time is regulated by
legislation of the Republic of Azerbaijan.

 

Article 16.- Recognition of certificates given in foreign countries

16.0.- Certificates given in foreign countries are valid in the Republic of Azerbaijan in following cases:

16.0.1.- if center granting certificate has undertaken accreditation in the Republic of Azerbaijan;

16.0.2.- if certificate meets security requirements set by this law and other legal acts of the Republic of Azerbaijan;

16.0.3.- if certificate is guaranteed by center accredited in the Republic of Azerbaijan or corresponding executive power body;

16.0.4.- if certificate has been granted by foreign centers stated in interstate contracts supported by the Republic of Azerbaijan.

 

Article 17.- Rights, duties and responsibilities of centers

17.1.- Centers are entitled to the following:

17.1.1.- to assure and regulate its activity according to legislation of the Republic of Azerbaijan;

17.1.2.- to do certificate services stated in this law;

17.1.3.- to undertake accreditation in corresponding executive power body for doing services related to perfect certificates;

17.1.4.- to apply to corresponding state bodies related to is activity;

17.1.5.- to put an end to its activity according to legislation of the Republic of Azerbaijan;

17.1.6.- to complain according to legislation of the Republic of Azerbaijan to the court from decisions on annulment of registration or accreditation of center, stopping or annulling validity of certificate;

17.1.7.- to do paid certificate services;

17.1.8.- to set fields and limits for use of certificates according to legislation of the Republic of Azerbaijan;

17.2.- Before signing contract with signature holder to give certificate center must inform it of rules of use of certificate and signature means, center’s legal status and state of accreditation.

17.3.- Centers fulfill following duties:

17.3.1.- assures security of activity and protection of information on signature holder;

17.3.2.- studies documents submitted by signature holder and in necessary cases applies to corresponding state body for verification of them;

17.3.3.- conducts registration of certificates, assures its importance and necessary conditions to provide free and permanent appeal to that;

17.3.4.- gives information on certificates;

17.3.5.- stores documents and information on certificate services;

17.3.6.- in cases stated in Articles 13 and 14 of this law stops, restores or annuls validity of certificates, informs signature holder and authorized person (body) on this.

17.3.7.- submits information on its activity to corresponding executive power body and replies to its queries;

17.3.8.- considering the term of start of activity, assures yearly audit of information system security and submits the result to corresponding executive power body within 30 days;

17.3.9.- promotes control on its activity by corresponding executive power body;

17.3.10.- implements other duties stated in legislation of the Republic of Azerbaijan and contract between parts.

17.4.- Centers bear responsibility for the following:

17.4.1.- security of its activity, protection of signature creation information and information on signature holder;

17.4.2.- entirety and correctness of information in certificate;

17.4.3.- quality and exactness of certificate services;

17.4.4.- illegal stopping or annulling validity of certificate;

17.4.5.- causing financial damage to signature holder by activity of center;

17.4.6.- delay in delivery of information to affect use of certificate to the signature holder.

17.5.- Accredited center implements granting the perfect certificates according to legislation of the Republic of Azerbaijan, this law and rules set by corresponding executive power body, and shows in certificate fields and limits
for its use.

17.6.- Accredited center guaranteeing certificate of perfect certificate and foreign certificate centers bears responsibility by legislation of the Republic of Azerbaijan for damage caused to signature user.

17.7.- Centers bear no responsibility for damage caused to signature user by violation of contract terms by signature holder, disobedience to purpose of certificate.

 

Article 18.- Requirements for certificate services

18.1.- While functioning centers must possess technical, personnel and financial opportunities, as well financial opportunities to reimburse damage that can be caused to users, do reliable and uninterrupted service.

18.2.- Centers must use certified signature means to give certificates, Electronic signature creation and verification information.

18.3.- Before starting to operate and yearly after registration centers must audit information system, apply technique and techs ensuring reliable use of system.

18.4.- Centers must possess educated, experienced and competent personnel to assure activity.

 

Article 19.- Putting an end to activity of certificate services center

19.1.- Putting an end to activity of center is implemented by civil legislation of the Republic of Azerbaijan.

19.2.- At least 30 days before putting an end to activity the center posts notices on mass media and other means, warns signature holders possessing valid certificates, certificate services centers certificates of which are guaranteed by that and with which guarantee contracts are signed, and corresponding executive power body.

19.3.- 30 days after the notice is given the centers implements annulment of valid certificates.

19.4.- 30 days after the notice is given on putting an end to activity of accredited center it must hand upon consent of signature holder the perfect certificates, information on them and inquires of signature users to another accredited center or corresponding executive power body. Certificates not handed are annulled and according to Article 15 of this law given to corresponding executive power body to be stored.

19.5.- In following cases corresponding executive power body can by legislation of the Republic of Azerbaijan annul registration, accreditation of centers and make a suit on putting an end to their activity:

19.5.1.- if documents and information submitted for registration are incorrect or invalid;

19.5.2.- if offences are regularly admitted in activity.

19.6.- Activity of center serving corporate information system can be ended upon decision of system owner or agreement of participants.

 

Article 20.- Rights, duties and responsibilities of signature holder

20.1.- Signature holder has following rights:

20.1.1.- to get detailed information on centers, their services, signatures, use of signature means and security rules;

20.1.2.- to be familiarized with information on that collected at centers;

20.1.3.- to complain by legislation of the Republic of Azerbaijan on decisions on stopping, restoring or annulling validity of certificate, other issues concerning activity of centers.

20.2.- Signature holder must be capable to create signature and use corresponding means.

20.3.- Signature holder bears responsibility for protection of signature creation information and signature means and must not admit use of them by another person. If control on these is lost or there is danger to this, signature holder
must immediately inform the respective center and demand to stop validity of certificate.

20.4.- While using strengthened signature the signature holder must obey the relations of use stated in perfect certificate.

20.5.- Applying to centers to sign contract the signature holder bears responsibility for integrity and correctness of information it submits.

20.6.- Signature holder bears responsibility by legislation of the Republic of Azerbaijan for damage caused by disobedience to terms stated in Article 20 of this law.

 

Chapter IV.- Electronic document

 

Article 21.- Requirements for Electronic document

21.1.- Electronic document must meet the following requirements:

21.1.1.- must be created, stored, developed, transmitted and received due to support of technical and program means;

21.1.2.- must have structure stated in Article 22 of this law;

21.1.3.- must have details promoting identification;

21.1.4.- must be submitted due to support of technical and program means in visual form.

21.2.- List of necessary details for identification of Electronic document and its authenticity is set by legislation of the Republic of Azerbaijan.

 

Article 22.- Structure of Electronic document

22.1.- Electronic document has structure consisted of general and special segments.

22.2.- Information on contents of Electronic document and the person it is addressed is stated in general segment of that.

22.3.- Electronic signature (signatures) and time indicator (indicators) enclosed to Electronic document are noted in special segment of Electronic document.

 

Article 23.- Forms of submission of Electronic document

23.1.- Electronic document has internal and external forms of submission.

23.2.- Image of Electronic document recorded in database is its internal form of submission.

23.3.- Reflection of Electronic document in visual form in another material object (display, paper etc) differed from database is its external form of submission.

 

Article 24.- Original of Electronic document

24.1.- Original of Electronic document is possible in internal form of submission only.

24.2.- All the same copies of Electronic document in its internal form of submission are considered original and equal.

24.3.- Electronic document can have no copy in Electronic version.

24.4.- Each of documents of the same contents made by the same person in paper and Electronic version is independent and has equal right. In this case document on paper is not copy of the one in Electronic version.

 

Article 25.- Copy of Electronic document and rule to confirm that

25.1.- Copy of Electronic document is made by confirmation of its external form of submission reflected on paper in a manner set by legislation of the Republic of Azerbaijan.

25.2.- There must be note in copy of Electronic document on paper that it is copy of corresponding Electronic document.

25.3.- Copy of Electronic document in another material object differed from paper or on paper but not confirmed properly is not considered its copy.

25.4.- Origin of Electronic document and its copy on paper meeting requirements of Article 25.1 of this law have equal validity.

 

Chapter V.- Electronic document circulation

 

Article 26.- Bases of formation of Electronic document circulation

26.1.- Use and circulation of Electronic document is implemented upon legislation of the Republic of Azerbaijan or contracts signed between Electronic document circulation subjects.

26.2.- Legislation of the Republic of Azerbaijan or contract signed set rule of exchange of Electronic documents and technical and organizational requirements (form of exchange of documents, procedure of verification of them, time, form etc considered acceptable for confirming the acceptance of document) related to that.

26.3.- Documentation of Electronic document circulation is implemented upon clerical standards and rules set by legislation of the Republic of Azerbaijan.

26.4.- Use and circulation of Electronic document in corporate information system is regulated by internal normative acts of the system.

 

Article 27.- Sending and receiving Electronic document

27.1.- Electronic document sent personally, as well by person empowered to act on behalf of another person or automatically transmitted by information system operating on self-programmed manner is considered sent by
sender.

27.2.- If contract between parts does not set other cases, as a result of confirmation of authenticity of Electronic document received the receiver makes sure that it is sent by sender and informs the sender in a way unambiguously confirming the acceptance by any means, including automatically.

27.3.- In following cases receiver must consider Electronic document not sent by sender:

27.3.1.- if it receives notice that Electronic document has not been sent;

27.3.2.- if Electronic document authenticity is not confirmed;

27.3.3.- as a result of verification of Electronic document authenticity the receiver knew or had to know that Electronic document received is automatic repeat of another document.

27.4.- If contract between parts does not set other cases, Electronic document is considered not received until sender receives confirmation by receiver. Confirmation must include note on compliance of Electronic document with
technical requirements agreed between parts.

27.5.- If confirmation is not received within time shown by sender or set by contract signed between parts, sender informs receivers of this and sets time for sending confirmation.

27.6.- Article 27 of this law does not regulate relations linked to contents of Electronic document and confirmation of acceptance, except relations concerning sending or receiving Electronic document.

 

Article 28.- Time of sending and receiving the Electronic document

28.1.- If contract between parts does not set other cases, the moment when Electronic document enters the information system out of control of sender or person acting on behalf of that is the time (date and time) of sending the Electronic document.

28.2.- If contract between parts does not set other cases, the moment when Electronic document enters the information system shown by receiver is the time (date and time) of sending the Electronic document.

28.3.- Time indicator registration services may be used if time of sending and receiving causes dispute.

 

Article 29.- Storage of Electronic document

29.1.- Rule of storage of Electronic document is set by legislation of the Republic of Azerbaijan considering following terms:

29.1.1.- Electronic document must keep structure that it was created, transmitted or received;

29.1.2.- Electronic document must be available for identification of its sender, receiver, time of sending and receiving;

29.1.3.- information in Electronic document must be available for use in next reference;

29.1.4.- term for storage of Electronic document must not be less than term for storage of paper document;

29.1.5.- must comply with other terms set by legislation and upon agreement of parts.

29.2.- Article 29.1 of this law does not concern the Electronic documents storage of which is not necessary.

29.3.- Services of other legal and physical persons can be used by legislation of the Republic of Azerbaijan for storage of Electronic documents.

 

Article 30.- Protection of Electronic document

30.1.- Programs and technical means must be used by legislation of the Republic of Azerbaijan to protect Electronic document during circulation of Electronic document.

30.2.- Required level of protection actions in information systems and nets used in Electronic document circulation is assured by owner of these systems and nets.

30.3.- Required level of protection actions in corporate information systems is assured by owner of this system by legislation of the Republic of Azerbaijan or upon agreement of participants.

 

Article 31.- Rights, duties and responsibilities of mediator

31.1.- Services of mediator can be used while storing, transmitting and receiving Electronic documents.

31.2.- To ensure its activity mediator must have the following:

31.2.1.- technique and techs assuring reliable use of system;

31.2.2.- educated, experienced and competent personnel;

31.2.3.- facilities admitting identification of time and source of Electronic documents served;

31.2.4.- reliable system to store information stated in Article 31.2.3 of this law.

31.3.- Mediator must assure storage of information stated in Article 31.2.3 of this law for 6 months.

31.4.- Mediator must be registered in corresponding executive power body to function.

31.5.- Mediator serves users upon contract.

31.6.- Mediator that violates requirements of Article 31.2 of this law bears responsibility by legislation of the Republic of Azerbaijan.

31.7.- Mediator assures security of its activity and bears no responsibility for contents of documents stored, transmitted and received.

 

Article 32.- Electronic documents containing confidential information

32.1.- Rule of use and actions of protection of Electronic documents containing state, commercial, bank secrets and other confidential information is set by legislation of the Republic of Azerbaijan.

32.2.- For exchange of Electronic documents containing state secret only certified Electronic signature and Electronic document circulation means must be used.

32.3.- Expertise of information systems used for making, development and exchange of Electronic documents containing state secret is carried out in the way set by corresponding executive power body.

32.4.- Persons with access to work with Electronic documents stated in Article 32.1 of this law must assure implementation of actions required for protection of these documents by legislation of the Republic of Azerbaijan.

32.5.- Subjects implementing Electronic document circulation upon contract signed between parts set by themselves ways of appeal to Electronic documents containing confidential information and their protection by legislation of the Republic of Azerbaijan.

 

Chapter VI.- Special provisions

 

Article 33.- Implementation of state regulation

33.1.- Regulation of Electronic signature application and use processes, activity of certificate services centers and control on that is realized by corresponding executive power body.

33.2.- Corresponding executive power bodies fulfill following duties in field of regulation of Electronic signature use:

33.2.1.- sets rules of creation and verification of signature;

33.2.2.- makes rules of use of Electronic signature and Electronic document;

33.2.3.- makes rules of granting the certificate and conducting registration, sets contents of information included in that and list of other information;

33.2.4.- makes requirements and standards for Electronic signature, signature means and Electronic document circulation;

33.2.5.- sets requirements and rules for registration of centers, mediators and formation  of their activity;

33.2.6.- registers centers, mediators and annuls registration;

33.2.7.- sets rule of accreditation of center;

33.2.8.- carries out accreditation of centers, as well of foreign certificate services centers in the Republic of Azerbaijan and annulment of accreditation;

33.2.9.- records registered centers and perfect certificates granted to them;

33.2.10.- assures informing the public of list of centers, as well of foreign centers registered in the Republic of Azerbaijan;

33.2.11.- makes general rules and requirements, recommendations and gives advices on doing the certificate services;

33.2.12.- implements by legislation of the Republic of Azerbaijan contacts with foreign organizations concerning use of signatures;

33.2.13.- replies to inquires on certificates given to registered centers;

33.2.14.- sets rule of expertise of information systems.

33.3.- Corresponding executive power bodies has following rights in field of supervision on activity of certificate services centers:

33.3.1.- to get information from centers on their activity;

33.3.2.- to get exact information on centers, get direct familiarization with their activity in necessary cases;

33.3.3.- to monitor observation of technical security and certification rules by centers;

33.3.4.- if illegalities are found out in centers’ activities, to take administrative actions stated in this law on them, make a suit on putting an end to their activity.

 

Article 34.- Requirements for Electronic signature and Electronic document circulation means

34.1.- In order to carry out safe Electronic document circulation via information systems owned or used by state bodies, expertise of these systems must be implemented according to the rule set by the corresponding executive
power body.

34.2.- Certified protection means containing state secret and other confidential information are used in Electronic document circulation according to the rule set by the corresponding executive power body.

34.3.- Electronic signature and Electronic document circulation means in use are certified according to legislation of the Republic of Azerbaijan on certification.

 

Article 35.- Protection of information on signature holder

35.1.- While operating the centers, mediators cannot use information they possess, also information on signature holder for goals not linked to fulfillment of their duties.

35.2.- Centers can give the users only the information included in certificate and concerning that.

35.3.- Employees of the centers, mediators or other related persons must protect information on signature holder and signature creation information they know during their activity.

 

Chapter VII.- Final provisions

 

Article 36.- Responsibility for violation of legislation on Electronic signature and document

36.1.- Persons accused of violation of this law bear responsibility in the manner set by legislation of the Republic of Azerbaijan.

36.2.- Users bear individual responsibility for using Electronic signature and Electronic document circulation means not certified.

36.3.- Owner of information system bears responsibility for assurance of security of this system, conducting expertise in the manner set.

 

Article 37.- Validation of law

This law comes into force from the day of publication.

 

Ilham Aliyev, President of the Republic of Azerbaijan.
Baku city, 9 March 2004.

 

 

12Jul/17

Act nº 8, 2015. Intellectual Property Laws Amendment Act 2015

Act nº 8, 2015. Intellectual Property Laws Amendment Act 2015

An Act to amend legislation relating to intellectual property, and for related purposes (Assented to 25 February 2015)

The Parliament of Australia enacts:

 

1.- Short title

This Act may be cited as the Intellectual Property Laws Amendment Act 2015.

 

2.- Commencement

(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in acordance with column 2 of the table. Any other statment in column 2 has effect according to its terms.

Commencement Information

Column 1—————-Column 2—————————–Column 3

Provision(s)————-Commencement——————–Date/Details

1.- Section 1 to———The day this Act receives——–25 February 2015

3 and anything in——the Royal Assent

this Act not

elsewhere covered

by this table

 

2.- Schedule 1———–The start of the day—————-25 August 2015

——————————-after the end of the period

——————————-of 6 month beginning on

——————————-the day this Act receives the

——————————-Royal Assent

 

3.- Schedule 2———–The later of:————————–23 January 2017

——————————a) inmediately after the———–(F201 7N000010)

——————————end of the period of 6————-(paragraph (b)

——————————months begining  on the———-applies)

——————————day this Act receives the

——————————Royal Assent; and

——————————b) inmediately after Article

——————————31 bis of the Agreement

——————————on Trade-Related Aspects

——————————of Intellectual Property

——————————Rights set our in Annex

——————————IC to the Marrakesh

——————————Agreement Establising the

——————————World Trade Organization,

——————————done at Marrakesh on 15

——————————April 1994, comes into force

——————————for Australia.

—————————–However, the provision(s) do

—————————–not commence at all if the

—————————–event mentioned in paragraph

—————————–(b) does not occur.

—————————–The Minister administering the

—————————–Patents Act 1990 must announce

—————————–by notice in the Gazete the day the

—————————–event mentioned in paragraph (b)

—————————–occurs.

 

4.- Schedule 3 ——-The day after the end of the period——25 August 2015

—————————of 6 months beginning on the day

—————————this Act receives the Royal Assent.

 

5.- Schedule 4——A single day to be fixed by——————–24 February 2017

————————-Proclamation. However, if the provisin(s)—(F2016N00044)

————————-do not commence within the period of

————————-24 months beginning on the day this

————————-Act receives the Royal Assent, the

————————-provision(s) are repealed on the day

————————-after the end of the period.

 

6.- Schedule 5—–The day after this Act receives—————26 February 2015

Part 1—————-the Royal Assent.

 

7.- Schedule 5,—-Inmediately after the commencement——-15 April 2013

item 8—————-of item 32 of Schedule 6 to the

————————Intellectual Property Laws Amendment

————————(Raising the Bar) Act 2012.

 

8.- Schedule 5,—-A single day to be fixed by   Proclamation.- 25 August 2015

items 9 to 17——However, if the provision(s) do not

———————–commence within the period of 6 month

———————–begining on the day this Act receives

———————–the Royal Assent, they commence

———————–on the day after the end of that period.

 

9.- Schedule 5,–Inmediately after the commencemet———–15 April 2013

items 18———–of item 32 of Schedule 6 to the Intellectual

———————-Property Laws Amendment (Raising the Bar)

———————-Act 2012

 

10.- Schedule 5,-A single day to be fixed by Proclamation.

items 19 to 21—-However, if the provison(s) do not commence

———————–within the period of 6 months begining on

———————–the day this Act receives the Royal Assent,

———————–they commence on the day after the end of

———————–that period.

 

11.-Schedule 5,–The day this Act receives the Royal ———25 February 2015

———————-Assent

 

Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.

 

(2)  Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.

 

3.-  Schedule(s)
Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.

 

Schedule 1.- TRIPS Protocol interim waiver

 

Part 1.- Amendments

 

Patents Act 1990

 

1 Section 3 (list of definitions)

Omit “compulsory licence”.

 

2 Section 3 (list of definitions)

Insert “eligible importing country”.

 

3 Section 3 (list of definitions)

Insert “patented pharmaceutical invention”.

 

4 Section 3 (list of definitions)

Insert “pharmaceutical product”.

 

5 Section 3 (list of definitions)

Insert “PPI”.

 

6 Section 3 (list of definitions)

Insert “PPI compulsory licence”.

 

7 Section 3 (list of definitions)

Insert “PPI order”.

 

8 Section 3 (list of definitions)

Insert “PPI order applicant”.

 

9 Section 3 (list of definitions)

Insert “TRIPS Agreement”.

 

10 Section 3 (list of definitions)

Insert “WTO General Council decision of 30 August 2003”.

 

11 Before subsection 70(5)

Insert:

Meaning of first regulatory approval date

 

12 After subsection 70(5)

Insert:

(5A) For the purposes of paragraph (5)(a), disregard an inclusion in the
Australian Register of Therapeutic Goods of goods that contain, or consist of, a pharmaceutical substance if the inclusion was sought for the sole purpose of exporting the goods from Australia to address a public health problem in an eligible importing country:

(a) in circumstances of national emergency or other circumstances of extreme urgency; or

(b) by the public non-commercial use of the goods.

Note: This subsection also applies in relation to an application for an  extension of the term of a standard patent (see paragraph 71(2)(b)).

Meaning of pre-TGA marketing approval

 

13 At the end of paragraph 71(2)(b)

Add “, as worked out under subsection 70(5A) (if applicable)”.

 

14 Before section 133

Insert:

 

Part 1.- Introduction

 

132A Simplified outline of this Chapter

This Chapter provides for court orders requiring the grant of compulsory licences in respect of patented inventions.

Special provision is made for compulsory licences to exploit patented pharmaceutical inventions. This is to enable the manufacture of a pharmaceutical product in Australia for export to an eligible importing country, to address public health problems in that country.

This Chapter also provides generally for the surrender of patents, and for court orders revoking patents.

 

Part 2.- Compulsory licences (general)

 

132B  Simplified outline of this Part

The Federal Court may make an order under this Part requiring the grant of a compulsory licence to work a patented invention.

The court may order a compulsory licence to be granted if the reasonable requirements of the public are not being met with respect to a patented invention.

The reasonable requirements of the public relate, broadly speaking, to whether Australian trade or industry is unreasonably affected by the actions of the patentee in relation to the manufacture or licensing of the invention (or the carrying on of a patented process).

The court may also order a compulsory licence to be granted if the patentee has engaged in restrictive trade practices in connection with the patent under the Competition and Consumer Act 2010 or under an application law (within the meaning of that Act).

The court may order a patent to be revoked after an order for a compulsory licence has been made (on the same grounds that apply to an order for a compulsory licence).

The patentee must be paid an agreed amount of remuneration, or an amount of remuneration determined by the court.

 

15  Section 133 (heading)

Repeal the heading, substitute:

 

133  Compulsory licences.- general

 

16  At the end of subsection 133(1)

Add:

Note: For compulsory licences for the manufacture and export of patented pharmaceutical inventions to eligible importing countries, see Part 3. However, Part 3 does not prevent a compulsory licence from being ordered under this Part in relation to such an invention (see section 136C).

 

17  Section 134 (heading)

Repeal the heading, substitute:

 

134  Revocation of patent after grant of compulsory licence under section 133

 

18  Subsection 134(1)

After “compulsory licence”, insert “ordered under section 133”.

 

19  After section 136A

Insert:

 

Part 3.- Patented pharmaceutical invention compulsory licences (for manufacture and export to eligible importing countries)

 

Division 1.- Introduction

 

136B  Simplified outline of this Part

The Federal Court may make an order under this Part requiring the grant of a compulsory licence to exploit a patented pharmaceutical invention for manufacture and export to an eligible importing country.

The court may order a compulsory licence to be granted if the proposed use of the pharmaceutical product is to address a public health issue in the eligible importing country:

(a) in a national emergency (or other extremely urgent circumstances); or

(b) by the public non‑commercial use of the product.

The order may be amended or revoked by another order of the court.

The patentee must be paid an agreed amount of remuneration, or an amount of remuneration determined by the court.

 

136C  Relationship between Parts 2 and 3

This Part does not prevent a compulsory licence from being ordered under Part 2 in relation to a patented pharmaceutical invention.

 

Division 2.- Patented pharmaceutical invention compulsory licences

 

136D  PPI compulsory licences—applications for orders

Application for order

(1)  A person (the PPI order applicant) may apply to the Federal Court for an order (the PPI order) under section 136E requiring the patentee of a patented pharmaceutical invention to grant the PPI order applicant a licence (a PPI compulsory licence) to exploit the invention to the extent necessary for the purposes of manufacturing a pharmaceutical product in Australia for export to an eligible importing country.

Note 1: A patented pharmaceutical invention may be a patented product or a patented process: see the definition of patented pharmaceutical invention in Schedule 1.

Note 2: For remuneration in respect of a licence, see section 136J.

(2)  However, a person cannot apply for an order in respect of an innovation patent unless the patent has been certified.

Statement—eligible importing country

(3)  An application must include a copy of a statement made by or on behalf of, and with the authorisation of, the eligible importing country to the effect that it will take reasonable measures within its means, proportionate to its administrative capacities and to the risk of trade diversion, to prevent re‑exportation from its territory of a pharmaceutical product imported into its territory in accordance with a PPI compulsory licence.

Statement—importer

(4)  If the pharmaceutical product is to be imported on behalf of, and with the authorisation of, the eligible importing country, an application must also include a copy of a statement made by the importer to the effect that it will take reasonable measures within its means to prevent the pharmaceutical product from being used other than in accordance with a PPI compulsory licence.

Parties

(5)  The following are parties to proceedings on an application under this section:

(a)  the PPI order applicant;

(b)  the patentee;

(c)  any person claiming an interest in the patent as exclusive licensee or otherwise;

(d)  at the option of the eligible importing country—that country.

 

136E  PPI compulsory licences—orders

(1)  After hearing an application for a PPI order under section 136D, the Federal Court may, subject to this Part, make the order sought if the court is satisfied of all of the following matters:

(a)  the application is made in good faith;

(b)  the pharmaceutical product is to be imported:

(i)  by the eligible importing country; or

(ii)  by a person (the third party importer) on behalf of, and with the authorisation of, the eligible importing country;

(c)  the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country:

(i)  in circumstances of national emergency or other circumstances of extreme urgency; or

(ii)  in other circumstances—by the public non‑commercial use of the pharmaceutical product;

(d)  exploiting the patented pharmaceutical invention is necessary to enable the import and proposed use of the pharmaceutical product as mentioned in paragraphs (b) and (c);

(e)  if subparagraph (c)(ii) applies:

(i)  the PPI order applicant has given the patentee a notice in the approved form seeking from the patentee an authorisation to exploit the patented pharmaceutical invention for public non‑commercial use; and

(ii)  during the 30 days beginning when the notice was given, the PPI order applicant has tried, without success, to obtain such an authorisation from the patentee on reasonable terms and conditions;

(f)  the notification requirements prescribed by regulation in relation to the importation of the pharmaceutical product into the eligible importing country have been complied with;

(g)  the PPI order applicant, the eligible importing country and, if there is a third party importer, that importer, will take reasonable measures to prevent a pharmaceutical product that is exported from Australia in accordance with a PPI compulsory licence from being used for a purpose other than the purpose of addressing the public health problem mentioned in paragraph (c).

(2)  Without limiting the matters that the court may take into account in deciding whether it is satisfied of a matter mentioned in subsection (1), the court must take into account any matters prescribed by regulation.

(3)  A regulation made for the purposes of paragraph (1)(f) may:

(a)  without limiting subsection 33(3A) of the Acts Interpretation Act 1901, prescribe different notification requirements for the importation of pharmaceutical products into eligible importing countries of different kinds; and

(b)  despite subsection 14(2) of the Legislative Instruments Act 2003, refer to eligible importing countries (or different kinds of eligible importing countries) by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time.

 

136F  PPI compulsory licences – terms

(1)  A PPI order must direct that the PPI compulsory licence is granted on the following terms:

(a)  no more than the quantity of the pharmaceutical product that is determined by the Federal Court to be necessary to meet the needs of the eligible importing country is manufactured;

(b)  the entirety of the pharmaceutical product manufactured for that purpose is exported to that country;

(c)  the pharmaceutical product is labelled and marked in accordance with the regulations;

(d)  before shipment of the pharmaceutical product begins, the shipment information prescribed by regulation is made available on a website by, or on behalf of, the licensee for a minimum period prescribed by regulation;

(e)  the duration of the licence is only for the period of time determined by the Federal Court to be necessary to address the public health problem concerned;

(f)  the licence does not give the licensee, or a person authorised by the licensee, the exclusive right to exploit the patented pharmaceutical invention;

(g)  the licence is to be assignable only in connection with an enterprise or goodwill in connection with which the licence is used;

(h)  the licensee must give the Commissioner the information prescribed by regulation in relation to the licence in accordance with the regulations.

(2)  A PPI order may also direct that the licence is to be granted on any other terms specified in the order, including terms covering:

(a)  other requirements relating to the labelling and marking of the pharmaceutical product; and

(b)  other information to be made available by the licensee and the way in which it is to be made available.

(3)  However, a term specified in a PPI order must not be inconsistent with any regulations prescribed for the purposes of paragraph (1)(c), (d) or (h).

 

136G  PPI compulsory licences- amendment

Application for order

(1)  A person may apply to the Federal Court for an order amending any of the following terms of a PPI compulsory licence:

(a)  the quantity of the pharmaceutical product concerned;

(b)  how the pharmaceutical product is labelled and marked;

(c)  the duration of the licence;

(d)  the information that is to be made available by the licensee and the way it is to be made available.

Note: For remuneration in respect of the licence as amended, see section 136J.

Order

(2)  The court may make the order sought in relation to a term if it is satisfied that:

(a)  it is just to do so in all the circumstances; and

(b)  the legitimate interests of the following are not likely to be adversely affected by the amendment of the term:

(i)  the patentee;

(ii)  any person claiming an interest in the patent as exclusive licensee or otherwise;

(iii)  the licensee;

(iv)  the eligible importing country.

(3)  However, an amended term must not be inconsistent with any regulations prescribed for the purposes of paragraph 136F(1)(c), (d) or (h).

Parties

(4)  The following are parties to any proceedings under this section:

(a)  the applicant under subsection (1);

(b)  the patentee;

(c)  any person claiming an interest in the patent as exclusive licensee or otherwise;

(d)  the licensee;

(e)  at the option of the eligible importing country—that country.

 

136H  PPI compulsory licences -revocation

Application

(1)  A person may apply to the Federal Court for an order revoking a PPI compulsory licence.

Note: For remuneration in respect of the use of a PPI compulsory licence while it is in force, see section 136J.

Federal Court may revoke licence

(2)  The Federal Court may make the order sought if the court is satisfied that:

(a)  one or more of the following applies:

(i)  the substantive circumstances that justified the grant of the licence have ceased to exist and are unlikely to recur;

(ii)  the licensee has not complied with the terms of the licence;

(iii)  if an amount of remuneration has been agreed or determined under section 136J—the amount has not been paid within the time agreed or determined; and

(b)  the legitimate interests of the licensee or the eligible importing country are not likely to be adversely affected by the revocation.

Parties

(3)  The following are parties to any proceedings under this section:

(a)  the applicant for revocation;

(b)  the licensee;

(c)  at the option of the eligible importing country—that country.

 

Division 3.- Remuneration

 

136J  PPI compulsory licences -remuneration

Working out amount of remuneration

(1)  The patentee is to be paid an amount agreed or determined under subsection (3) in respect of the use of a patented pharmaceutical invention authorised by a PPI compulsory licence.

(2)  For the purposes of subsection (1), the use of a patented pharmaceutical invention authorised by the PPI compulsory licence is:

(a)  while it is in force.- the use authorised by the licence as granted and as amended (from time to time) under section 136G; or

(b)  if it has ceased to be in force (whether because it was revoked or otherwise).- the actual use of the patented pharmaceutical invention under the licence while it was in force.

(3)  For the purposes of subsection (1), the amount is:

(a)  an amount agreed between the patentee and the PPI order applicant, licensee or former licensee (as the case requires); or

(b)  if paragraph (a) does not apply.- an amount determined by the Federal Court to be adequate remuneration taking into account the economic value to the eligible importing country of the use of the patented pharmaceutical invention authorised by the PPI compulsory licence.

Application to make or amend a determination

(4)  A person may apply to the Federal Court:

(a)  to make a determination under paragraph (3)(b); or

(b)  to amend a determination made under that paragraph.

Note: Grounds for an application under paragraph (b) may include the fact that the terms of the PPI compulsory licence have been amended, or the licence has been revoked.

Parties

(5)  The following are parties to any proceedings under this section:

(a)  the applicant for the determination or the amendment of the determination;

(b)  the PPI order applicant;

(c)  the licensee;

(d)  the patentee of the patented pharmaceutical invention;

(e)  any person claiming an interest in the patent as exclusive licensee or otherwise.

Can PPI be exploited if remuneration is not agreed or determined?

(6)  To avoid doubt, if the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country in circumstances of national emergency or other circumstances of extreme urgency, the licensee may exploit a patented pharmaceutical invention under a PPI compulsory licence, as granted or amended (as the case may be), whether or not an amount has been agreed or determined under this section.

(7)  However, if the proposed use of the pharmaceutical product is to address a public health problem in the eligible importing country in other circumstances, by the public non‑commercial use of the pharmaceutical product, the licensee must not exploit a patented pharmaceutical invention under a PPI compulsory licence unless an amount has been agreed or determined under this section.

Can PPI compulsory licence be revoked if remuneration is not agreed or determined?

(8)  To avoid doubt, a PPI compulsory licence may be revoked whether or not an amount has been agreed or determined under this section.

 

Division 4.- General

 

136K  PPI compulsory licences.- nature of orders

Without prejudice to any other method of enforcement, a PPI order operates as if it were embodied in a deed granting or amending a licence and executed by the patentee and all other necessary parties.

 

136L  PPI compulsory licences.- consistency of orders with international agreements

A PPI order must not be made that is inconsistent with a treaty between the Commonwealth and a foreign country.

 

136M  PPI compulsory licences.- applications heard together

Nothing in this Part prevents the Federal Court from dealing with the following applications together:

(a)  applications for different PPI orders, or for the amendment or revocation of such orders;

(b)  applications for determinations under paragraph 136J(3)(b) for remuneration in relation to different PPI compulsory licences, or for the amendment of such determinations.

 

Part 4.- Surrender and revocation of patents

 

136N  Simplified outline of this Part

A patentee may offer to surrender a patent by giving the Commissioner written notice.

The Commissioner may accept the offer of surrender, and revoke the patent, after hearing all interested parties. If court proceedings are pending in relation to the patent, leave of the court, or the consent of the parties, is required. The Commissioner must not accept the offer if a compulsory licence ordered under Part 2 is in force in relation to the patent.

In addition, a court may revoke a patent on the following grounds:

(a)     the patentee is not entitled to the patent;

(b)     the invention is not a patentable invention;

(c)     the patent was (broadly speaking) improperly obtained;

(d)     the patent was (broadly speaking) obtained on the basis of a non‑compliant specification.

 

20  Subsection 137(5)

Omit “compulsory licence”, substitute “licence ordered under Part 2”.

 

21  After section 138

Insert:

 

Part 5.- Other matters

 

138A  Simplified outline of this Part

This Part deals with the parties to proceedings under this Chapter (other than proceedings under Part 3).

This Part also enables the Commissioner to appear and be heard in all proceedings under this Chapter.

 

22  At the end of subsection 139(1)

Add:

Note: See Part 3 for details of parties to proceedings under that Part.

 

23  Subsection 139(2)

Omit “section 133, 134 or 138”, substitute “this Chapter”.

 

24  At the end of subsection 228(1)

Add:

; and (f)  for the purpose of carrying out or giving effect to the WTO General Council decision of 30 August 2003.

 

25  After subsection 228(4)

Insert:

(5)  Despite subsection 14(2) of the Legislative Instruments Act 2003, regulations made for the purposes of the definition of eligible importing country in Schedule 1 may make provision in relation to a matter by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time.

 

26  Schedule 1 (definition of compulsory licence)

Repeal the definition.

 

27  Schedule 1

Insert:

eligible importing country means a foreign country of a kind prescribed by regulation.

Note: A regulation made for the purposes of this definition may make provision in relation to a matter by applying, adopting or incorporating, with or without modification, any matter contained in any other instrument or other writing as in force or existing from time to time (see subsection 228(5)).

 

28  Schedule 1

Insert:

patented pharmaceutical invention, in relation to a pharmaceutical product, means:

(a)  if the product is a patented product—the patented product; or

(b)  if the product results from the use of a patented process—the patented process.

 

29  Schedule 1

Insert:

pharmaceutical product means any patented product, or product manufactured through a patented process, of the pharmaceutical sector.

Example: Examples of a pharmaceutical product include:

(a)    active ingredients necessary for manufacturing such a product; and

(b)    diagnostic kits needed for using such a product.

 

30  Schedule 1

Insert:

PPI is short for patented pharmaceutical invention.

 

31  Schedule 1

Insert:

PPI compulsory licence has the meaning given by section 136D.

 

32  Schedule 1

Insert:

PPI order has the meaning given by section 136D.

 

33  Schedule 1

Insert:

PPI order applicant has the meaning given by section 136D.

 

34  Schedule 1

Insert:

TRIPS Agreement means the Agreement on Trade‑Related Aspects of Intellectual Property Rights set out in Annex 1C to the Marrakesh Agreement establishing the World Trade Organization, done at Marrakesh on 15 April 1994, as Annex 1C is in force for Australia from time to time.

Note: The WTO Agreement is in Australian Treaty Series 1995 No. 8 ([1995] ATS 8) and could in 2015 be viewed in the Australian Treaties Library on the AustLII website (http://www.austlii.edu.au).

 

35  Schedule 1

Insert:

WTO General Council decision of 30 August 2003 means the decision of the World Trade Organization General Council of 30 August 2003 (including the Annex to the decision) on the implementation of paragraph 6 of the Doha Declaration on the TRIPS Agreement and public health.

Note: The decision could in 2015 be viewed on the World Trade Organization website (http://www.wto.org).

 

Part 2.- Application

 

36  Application of amendments

(1)       The amendments of the Patents Act 1990 made by this Schedule apply in relation to patents granted before, on and after the commencement of this Schedule.

(2)       The amendments of sections 70 and 71 of the Patents Act 1990 made by this Schedule apply in relation to an application that is made on or after the commencement of this Schedule to include a pharmaceutical substance in the Australian Register of Therapeutic Goods.

 

Schedule 2.-TRIPS Protocol: later commencing amendments

 

Patents Act 1990

 

1  Section 3 (list of definitions)

Omit “WTO General Council decision of 30 August 2003”.

 

2  Paragraph 228(1)(f)

Omit “WTO General Council decision of 30 August 2003”, substitute “TRIPS Agreement”.

 

3  Schedule 1 (definition of WTO General Council decision of 30 August 2003)

Repeal the definition.

 

Schedule 3.- Plant Breeder’s Rights Act 1994: Federal Circuit Court

 

Plant Breeder’s Rights Act 1994

 

1  Subsection 3(1) (definition of Court)

Repeal the definition.

 

2  Subsection 3(1)

Insert:

Federal Circuit Court means the Federal Circuit Court of Australia.

 

3  Subsection 3(1)

Insert:

Federal Court means the Federal Court of Australia.

 

4  Subsection 39(5)

Repeal the subsection, substitute:

(5)  Nothing in this section affects the power of:

(a)  the Federal Court, or a Judge of that Court, under subsection 44A(2) of the AAT Act; or

(b)  the Federal Circuit Court, or a Judge of that Court, under subsection 44A(2A) of that Act;

where an appeal is begun in that court from a decision of the AAT.

 

5  Subsection 50(7)

Repeal the subsection, substitute:

(7)  Nothing in this section affects the power of:

(a)  the Federal Court, or a Judge of that Court, under subsection 44A(2) of the AAT Act; or

(b)  the Federal Circuit Court, or a Judge of that Court, under subsection 44A(2A) of that Act.

 

6  Subsection 54(1)

Omit “Court”, substitute “Federal Court or the Federal Circuit Court”.

 

7  Subsections 54(3) and (4)

Omit “Court” (wherever occurring), substitute “court”.

 

8  Subsection 55(1)

Omit “Court”, substitute “Federal Court or the Federal Circuit Court”.

 

9  Subsections 55(3) and (4)

Omit “Court”, substitute “court”.

 

10  Section 56 (heading)

Repeal the heading, substitute:

 

56  Jurisdiction of the Federal Court

 

11  Subsection 56(1)

Omit “Court” (wherever occurring), substitute “Federal Court”.

 

12  At the end of subsection 56(1)

Add:

Note: A matter may also be transferred to the Federal Court from the Federal Circuit Court: see section 39 of the Federal Circuit Court of Australia Act 1999.

 

13  Subsection 56(2)

Repeal the subsection, substitute:

(2)  That jurisdiction is exclusive of the jurisdiction of all other courts other than the jurisdiction of:

(a)  the Federal Circuit Court under subsection 56A(2); and

(b)  the High Court under section 75 of the Constitution.

 

14  Subsection 56(3)

Omit “Court” (wherever occurring), substitute “Federal Court”.

 

15  Subsection 56(4)

Omit “Court”, substitute “Federal Court”.

 

16  Subsection 56(5)

Omit “the Court”, substitute “the Federal Court”.

 

17  Subsection 56(5)

Omit “rules”, substitute “Rules”.

Note: This item fixes a typographical error.

 

18  After section 56

Insert:

 

56A  Jurisdiction of Federal Circuit Court

(1)  The Federal Circuit Court has jurisdiction with respect to matters in which actions may, under this Part, be begun in the Federal Circuit Court.

Note: A matter may also be transferred to the Federal Circuit Court from the Federal Court: see section 32AB of the Federal Court of Australia Act 1976.

(2)  That jurisdiction is exclusive of the jurisdiction of all other courts, other than the jurisdiction of:

(a)  the Federal Court under subsection 56(2) of this Act; and

(b)  the High Court under section 75 of the Constitution.

(3)  The relief that the Federal Circuit Court may grant in an action or proceeding for infringement of PBR includes an injunction (subject to such terms, if any, as the Federal Circuit Court thinks fit) and, at the option of the plaintiff, either damages or an account of profits.

(4)  The regulations may make provision in relation to the practice and procedure of the Federal Circuit Court in actions under this Act, including provision prescribing the time within which any action may be begun, or any other act or thing may be done, and providing for the extension of any such time.

(5)  Subsection (4) does not limit the power of the Judges of the Federal Circuit Court, or a majority of them, to make Rules of Court under section 81 of the Federal Circuit Court of Australia Act 1999 that are consistent with the regulations referred to in that subsection.

 

19  Subsection 57(1)

Omit “The Court”, substitute “A court”.

 

20  Subsection 57(1)

Omit “the Court”, substitute “the court”.

 

21  Section 72

Omit “the High Court Rules and the Federal Court Rules”, substitute “Rules of Court of the High Court, the Federal Court or the Federal Circuit Court”.

 

Schedule 4.- Australia New Zealand Single Economic Market

 

Part 1.- Amendments

 

Designs Act 2003

 

1  Section 145

Before “Where”, insert “(1)”.

 

2  Section 145

After “Australia”, insert “or New Zealand”.

 

3  Section 145

Omit “post”, substitute “a prescribed means”.

 

4  At the end of section 145

Add:

(2)  After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(3)  The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4)  For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(5)  For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

 

Patents Act 1990

 

5  Section 3 (list of definitions)

Insert “Board”.

 

6  Section 3 (list of definitions)

Insert “Director‑General of IP Australia”.

 

7  Section 3 (list of definitions)

Insert “New Zealand Assistant Commissioner of Patents”.

 

8  Section 3 (list of definitions)

Insert “New Zealand Commissioner of Patents”.

 

9  Section 3 (list of definitions)

Insert “New Zealand delegate”.

 

10  Section 3 (list of definitions)

Insert “New Zealand Patents Minister”.

 

11  Section 3 (list of definitions)

Insert “New Zealand patents official”.

 

12  Section 3 (list of definitions)

Omit “Professional Standards Board”.

 

13  Section 3 (list of definitions)

Insert “Registrar of Companies of New Zealand”.

 

14  Subsection 20(2)

Omit “or an employee,”, substitute “an employee, or a New Zealand delegate,”.

 

15  At the end of section 20

Add:

(3)  For the purposes of this section, it is immaterial whether an act was done in New Zealand.

 

16  At the end of section 183

Add:

(3)  The Designated Manager may disclose to the Registrar of Companies of New Zealand information (including personal information within the meaning of the Privacy Act 1988) that is:

(a)  relevant to the functions conferred on the Registrar of Companies of New Zealand by or under the Companies Act 1993 of New Zealand; and

(b)  obtained by the Designated Manager as a result of the performance of functions and duties, or the exercise of powers, in relation to incorporated patent attorneys.

(4)  For the purposes of subsection (3), it is immaterial whether the disclosure takes place in New Zealand.

(5)  The Commissioner may disclose to a New Zealand delegate information (including personal information within the meaning of the Privacy Act 1988) that is relevant to the exercise of the powers, or the performance of the functions, delegated to the New Zealand delegate under subsection 209(1A).

(6)  For the purposes of subsection (5), it is immaterial whether the disclosure takes place in New Zealand.

 

17  Paragraph 198(4)(a)

Repeal the paragraph.

 

18  Subsection 198(5)

Omit “Professional Standards Board”, substitute “Board”.

 

19  Subsections 198(7) and (8)

Repeal the subsections, substitute:

(7)  A reference in this section to conviction of an offence includes a reference to:

(a)  the making of an order under section 19B of the Crimes Act 1914 in relation to the offence; or

(b)  the making of an order under a corresponding provision of a law of:

(i)  a State; or

(ii)  a Territory; or

(iii)  New Zealand;

in relation to the offence.

 

20  At the end of section 198

Add:

New Zealand

(12)  It is immaterial whether a matter mentioned in:

(a)  paragraph (4)(b), (c), (d), (e), (f) or (g); or

(b)  subsection (5); or

(c)  paragraph (9)(a), (b) or (c); or

(d)  paragraph (11)(b);

concerns something that happened in New Zealand.

 

21  Section 199

Before “The name”, insert “(1)”.

 

22  At the end of section 199

Add:

(2)  It is immaterial whether the prescribed grounds concern something that happened in New Zealand.

 

23  Before subsection 209(1)

Insert:

Delegation to employees

 

24  After subsection 209(1)

Insert:

Delegation to New Zealand patents officials

(1A)  The Commissioner may, by instrument, signed by him or her, delegate all or any of the Commissioner’s powers or functions under this Act to a New Zealand patents official.

(1B)  A function or power delegated under subsection (1A) may be performed or exercised by the delegate in New Zealand.

 

25  Before subsection 209(2)

Insert:

Direction or supervision

 

26  Section 214

Before “A document”, insert “(1)”.

 

27  At the end of section 214

Add:

(2)  For the purposes of this Act, a prescribed document is taken to have been filed with the Patent Office if the document is delivered or given to:

(a)  the New Zealand Commissioner of Patents; or

(b)  a New Zealand Assistant Commissioner of Patents; or

(c)  a person who, under a law of New Zealand, is a delegate of the New Zealand Commissioner of Patents;

in a prescribed manner.

(3)  The regulations may provide that a document filed with the Patent Office because of subsection (2) is taken to have been so filed at the time ascertained in accordance with the regulations.

 

28  Section 221

Before “Where”, insert “(1)”.

 

29  Section 221

After “Australia”, insert “or New Zealand”.

 

30  Section 221

Omit “post”, substitute “a prescribed means”.

 

31  At the end of section 221

Add:

(2)  After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(3)  The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4)  For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(5)  For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

 

32  After paragraph 223(1)(b)

Insert:

(ba)  a New Zealand delegate; or

 

33  After subsection 223(1)

Insert:

(1A)  For the purposes of subsection (1), it is immaterial whether a relevant act took place, or is to take place, in New Zealand.

(1B)  For the purposes of subsection (1), it is immaterial whether an error or omission took place in New Zealand.

 

34  After subsection 224(3)

Insert:

(3A)  For the purposes of this section, it is immaterial whether a decision was made in New Zealand.

 

35  Section 227 (heading)

Repeal the heading, substitute:

 

227  Fees payable under this Act

 

36  At the end of section 227

Add:

(6)  For the purposes of this Act, if:

(a)  a fee is declared by the regulations to be a fee to which this subsection applies; and

(b)  the fee is paid to:

(i)  the New Zealand Commissioner of Patents; or

(ii)  a New Zealand Assistant Commissioner of Patents; or

(iii)  a person who, under a law of New Zealand, is a delegate of the New Zealand Commissioner of Patents; and

(c)  the New Zealand Commissioner of Patents, the New Zealand Assistant Commissioner of Patents, or the delegate, as the case may be, is authorised to receive the fee on behalf of the Commonwealth; and

(d)  the fee is paid in New Zealand currency;

then:

(e)  the liability to pay the fee is discharged; and

(f)  this Act has effect as if the fee had been paid in accordance with the regulations.

(7)  For the purposes of subsection (6), the amount of the fee in New Zealand currency is to be ascertained in accordance with the regulations.

 

37  After section 227

Insert:

 

227AA  Receipt of fees payable under New Zealand law

The regulations may make provision for and in relation to authorising:

(a)  the Commissioner; or

(b)  a Deputy Commissioner; or

(c)  an employee;

to receive, on behalf of New Zealand, a specified fee payable under a specified law of New Zealand that relates to patents for inventions, so long as:

(d)  the fee is paid in Australian currency; and

(e)  the amount of the fee in Australian currency is ascertained in accordance with the regulations.

 

227AB  Application of administrative law regime to decisions made in New Zealand

Judicial review

(1)  For the purposes of the application of the Administrative Decisions (Judicial Review) Act 1977 to a decision under this Act, it is immaterial whether the decision was made in New Zealand.

Note: See also the Trans‑Tasman Proceedings Act 2010.

(2)  For the purposes of subsection (1), decision has the same meaning as in the Administrative Decisions (Judicial Review) Act 1977.

Merits review

(3)  For the purposes of the application of the Administrative Appeals Tribunal Act 1975 to a decision under this Act, it is immaterial whether the decision was made in New Zealand.

Note: See also the Trans‑Tasman Proceedings Act 2010.

(4)  For the purposes of subsection (3), decision has the same meaning as in the Administrative Appeals Tribunal Act 1975.

 

38  Section 227A (heading)

Repeal the heading, substitute:

 

227A  Trans‑Tasman IP Attorneys Board

 

39  Subsection 227A(1)

Repeal the subsection, substitute:

(1)  The body known immediately before the commencement of this subsection as the Professional Standards Board for Patent and Trade Marks Attorneys is continued in existence as the Trans‑Tasman IP Attorneys Board.

Note 1: In this Act, Board means the Trans‑Tasman IP Attorneys Board—see Schedule 1.

Note 2: See also section 25B of the Acts Interpretation Act 1901.

 

40  Subsection 227A(2)

Omit “Professional Standards Board” (wherever occurring), substitute “Board”.

 

41  After subsection 227A(2)

Insert:

Membership of the Board

(2A)  The Board consists of the following members:

(a)  a Chair;

(b)  the Director‑General of IP Australia;

(c)  the New Zealand Commissioner of Patents;

(d)  at least 2 members nominated by the New Zealand Patents Minister to represent the New Zealand patent attorney profession;

(e)  at least 2 other members.

(2B)  The total number of members of the Board must not exceed 10.

Appointment of members of the Board

(2C)  Each member of the Board mentioned in paragraph (2A)(a), (d) or (e) is to be appointed by the Minister by written instrument.

Note: For reappointment, see the Acts Interpretation Act 1901.

(2D)  A person is not eligible for appointment as a member of the Board mentioned in paragraph (2A)(a), (d) or (e) unless the Minister is satisfied that the person has:

(a)  substantial experience or knowledge; and

(b)  significant standing;

in at least one of the following fields:

(c)  Australian patent attorney practice;

(d)  New Zealand patent attorney practice;

(e)  Australian trade mark attorney practice;

(f)  the regulation of persons engaged in a prescribed occupation;

(g)  public administration;

(h)  academia.

(2E)  A member of the Board holds office on a part‑time basis.

Period of appointment for members of the Board

(2F)  A member of the Board mentioned in paragraph (2A)(a), (d) or (e) holds office for the period specified in the instrument of appointment. The period must not exceed:

(a)  in the case of the member mentioned in paragraph (2A)(a)—3 years; or

(b)  otherwise—5 years.

Note: For reappointment, see the Acts Interpretation Act 1901.

Appointment of deputy of Director‑General of IP Australia

(2G)  The Director‑General of IP Australia may appoint an APS employee to be his or her deputy for the purpose of attendance at one or more specified meetings of the Board.

(2H)  If:

(a)  a person is the deputy of the Director‑General of IP Australia for the purpose of attendance at a particular meeting of the Board; and

(b)  the Director‑General of IP Australia is absent from the meeting;

the person is entitled to attend the meeting and, when so attending, is taken to be a member of the Board.

(2J)  A deputy of the Director‑General of IP Australia is not entitled to any remuneration or allowances for attending a meeting of the Board (other than remuneration or allowances payable to the deputy in his or her capacity as an APS employee).

Appointment of deputy of New Zealand Commissioner of Patents

(2K)  The New Zealand Commissioner of Patents may appoint a New Zealand patents official to be his or her deputy for the purpose of attendance at one or more specified meetings of the Board.

(2L)  If:

(a)  a person is the deputy of the New Zealand Commissioner of Patents for the purpose of attendance at a particular meeting of the Board; and

(b)  the New Zealand Commissioner of Patents is absent from the meeting;

the person is entitled to attend the meeting and, when so attending, is taken to be a member of the Board.

(2M)  A deputy of the New Zealand Commissioner of Patents is not entitled to any remuneration or allowances for attending a meeting of the Board (other than remuneration or allowances payable to the deputy in his or her capacity as a New Zealand patents official).

 

42  Paragraph 227A(3)(a)

Repeal the paragraph, substitute:

(a)  the terms and conditions on which members of the Board mentioned in paragraph (2A)(a), (d) or (e) hold office; and

(aa)  the manner in which members of the Board mentioned in paragraph (2A)(a), (d) or (e) may resign their appointments; and

(ab)  the termination of the appointment of members of the Board mentioned in paragraph (2A)(a), (d) or (e); and

 

43  Paragraphs 227A(3)(b) and (c)

Omit “Professional Standards Board”, substitute “Board”.

 

44  Subsections 227A(4) and (5)

Omit “Professional Standards Board”, substitute “Board”.

 

45  At the end of section 227A

Add:

(7)  The Board may perform its functions in Australia or New Zealand.

 

46  Subparagraph 228(2)(r)(ia)

Omit “Professional Standards Board”, substitute “Board”.

 

47  After subsection 228(4)

Insert:

(4A)  If the regulations confer a function on a person or body, the regulations may provide that the function may be performed in Australia or New Zealand.

(4B)  If the regulations confer a power on a person or body, the regulations may provide that the power may be exercised in Australia or New Zealand.

(4C)  If the regulations provide that application may be made to the Administrative Appeals Tribunal for review of a decision, the regulations may provide that it is immaterial whether the decision was made in New Zealand.

(4D)  The regulations may provide that it is immaterial whether an act or omission mentioned in the regulations took place in New Zealand.

(4E)  The regulations may provide that it is immaterial whether a matter mentioned in the regulations concerns something that took place in New Zealand.

 

48  Schedule 1

Insert:

Board means the Trans‑Tasman IP Attorneys Board continued in existence by section 227A.

 

49  Schedule 1 (definition of company)

Repeal the definition, substitute:

company means:

(a)  a company registered under the Corporations Act 2001; or

(b)  a company registered under the Companies Act 1993 of New Zealand.

 

50  Schedule 1

Insert:

Director‑General of IP Australia means the SES employee who holds or performs the duties of the position of Director‑General of IP Australia.

 

51  Schedule 1 (at the end of the definition of file)

Add:

Note: See also section 214.

 

52  Schedule 1

Insert:

New Zealand Assistant Commissioner of Patents means a person who holds or performs the duties of an office or position of Assistant Commissioner of Patents under or in accordance with a law of New Zealand.

 

53  Schedule 1

Insert:

New Zealand Commissioner of Patents means the person who holds or performs the duties of the office or position of Commissioner of Patents under or in accordance with a law of New Zealand.

 

54  Schedule 1

Insert:

New Zealand delegate means a New Zealand patents official who is a delegate under subsection 209(1A).

 

55  Schedule 1

Insert:

New Zealand Patents Minister means the Minister of New Zealand who:

(a)  under the authority of a warrant; or

(b)  with the authority of the Prime Minister of New Zealand;

is responsible for the administration of a law of New Zealand relating to the regulation of patent attorneys.

 

56  Schedule 1

Insert:

New Zealand patents official means a person:

(a)  who is an employee in any part of the State services of New Zealand; and

(b)  whose functions or duties relate to the administration of a law of New Zealand relating to patents for inventions.

 

57  Schedule 1 (definition of Professional Standards Board)

Repeal the definition.

 

58  Schedule 1

Insert:

Registrar of Companies of New Zealand means the person who holds or performs the duties of the office or position of Registrar of Companies under or in accordance with the Companies Act 1993 of New Zealand.

 

Plant Breeder’s Rights Act 1994

 

59  Subsection 3(1)

Insert:

address has a meaning affected by subsection (2).

 

60  Subsection 3(2)

Repeal the subsection, substitute:

Electronic address

(2)  After the time specified in the regulations, a reference in this Act to an address includes a reference to an electronic address.

(3)  The time specified under subsection (2) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(4)  Subsection (2) of this section does not apply to the following references to an address:

(a)  a reference in subsection 26(2);

(b)  the first reference in subsection 26(3).

(5)  For the purposes of this Act, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(6)  For the purposes of this Act, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

 

61  After subsection 19(5)

Insert:

(5A)  An address given under paragraph (5)(c) must be an address in Australia or New Zealand.

 

62  Subsection 21(5)

After “Australia”, insert “or New Zealand”.

 

63  Subsection 26(3)

After “overseas”, insert “in a country other than New Zealand”.

 

64  Subsection 26(3)

After “Australia” (first occurring), insert “or New Zealand”.

 

65  Subsection 26(3)

Omit “a postal address in Australia”, substitute “an address in Australia or New Zealand”.

 

66  Subsection 31(3)

After “Australia”, insert “or New Zealand”.

 

67  Section 73

Repeal the section, substitute:

 

73  Service of documents

If:

(a)  this Act provides for a document to be served on, or given or sent to, a person; and

(b)  the person has given the Secretary or the Registrar an address in Australia or New Zealand for service;

the document may be served on, or given or sent to, the person by a prescribed means to that address.

 

Trade Marks Act 1995

 

68  Readers guide (list of terms defined in section 6)

Insert the following term in its appropriate alphabetical position:

“Board”.

 

69  Readers guide (list of terms defined in section 6)

Omit “Professional Standards Board”.

 

70  Subsection 6(1)

Insert:

Board has the same meaning as in the Patents Act 1990.

 

71  Subsection 6(1) (definition of Professional Standards Board)

Repeal the definition.

 

72  At the end of subsection 215(5)

Add “or New Zealand”.

 

73  Paragraph 215(6)(a)

Repeal the paragraph, substitute:

(a)  if the person has an address for service .-the document may be served on, or given or sent to, the person by a prescribed means to that address; or

 

74  Paragraph 215(6)(b)

After “Australia” (first occurring), insert “or New Zealand”.

 

75  Paragraph 215(6)(b)

Omit “post”, substitute “a prescribed means”.

 

76  Paragraph 215(6)(b)

After “Australia” (second occurring), insert “or New Zealand”.

 

77  At the end of section 215

Add:

(8)  After the time specified in the regulations, a reference in this section to an addressincludes a reference to an electronic address.

(9)  The time specified under subsection (8) must be later than the day on which the regulations are registered under the Legislative Instruments Act 2003.

(10)  For the purposes of this section, the question of whether an electronic address is in Australia is to be determined in accordance with the regulations.

(11)  For the purposes of this section, the question of whether an electronic address is in New Zealand is to be determined in accordance with the regulations.

 

78  Subsection 228A(5)

Omit “the Professional Standards Board”, substitute “the Board”.

 

79  Subsection 228A(5) (note)

Omit “Professional Standards Board”, substitute “Board”.

 

80  Subparagraph 231(2)(ha)(ia)

Omit “Professional Standards Board”, substitute “Board”.

 

Part 2.- Transitional provisions

 

81  Transitional.- registration as a patent attorney

(1)       The Designated Manager must:

(a)  register as a patent attorney an individual who, immediately before the commencement of this item:

(i)  was registered as a patent attorney under a law of New Zealand; and

(ii)  was not a registered patent attorney (within the meaning of the Patents Act 1990); and

(b)  do so as soon as practicable after the commencement of this item.

(2)  The registration is to consist of entering the individual’s name in the Register of Patent Attorneys.

(3)  For the purposes of the Patents Act 1990, the registration is taken to be under that Act.

 

82  Transitional.- qualification for registration as a patent attorney

(1) A qualification specified in, or ascertained in accordance with, regulations made for the purposes of paragraph 198(4)(b) of the Patents Act 1990 may consist of passing examinations conducted in New Zealand, so long as:

(a)  the examinations are specified in those regulations; and

(b)  at least one of those examinations was passed before the commencement of this item; and

(c)  the remaining examinations are passed before the end of the 4‑year period beginning at the commencement of this item.

(2)  Regulations authorised by subitem (1) do not apply to examinations passed by an individual unless the individual applies for registration as a patent attorney under section 198 of the Patents Act 1990 within 6 months after the completion of the last of those examinations.

(3)  Subitem (1) does not limit paragraph 198(4)(b) of the Patents Act 1990.

 

83  Transitional.- conduct of patent attorneys

(1) Grounds prescribed for the purposes of section 199 of the Patents Act 1990 may relate to conduct that took place in New Zealand before the commencement of this item.

(2) Subitem (1) does not limit section 199 of the Patents Act 1990.

 

84  Transitional.- registration as a trade marks attorney

(1)  If:

(a)  immediately before the commencement of this item, an individual:

(i)  was registered as a patent attorney under a law of New Zealand; and

(ii)  was not a registered trade marks attorney (within the meaning of the Trade Marks Act 1995); and

(b)  within 12 months after the commencement of this item, the individual applies to the Designated Manager to be registered as a trade marks attorney; and

(c)  the application is in accordance with the regulations; and

(d)  the individual satisfies the Designated Manager, in accordance with the regulations, that the individual’s level of competency in trade marks law and practice is sufficient to warrant the individual becoming a registered trade marks attorney; and

(e)  the individual has not been convicted of a prescribed offence during the 5‑year period ending when the application was made; and

(f)  the individual is not under sentence of imprisonment for a prescribed offence;

the Designated Manager must register the individual as a trade marks attorney.

(2) The registration is to consist of entering the individual’s name in the Register of Trade Marks Attorneys.

(3)  For the purposes of the Trade Marks Act 1995, the registration is taken to be under that Act.

(4) The Governor‑General may make regulations for the purposes of this item.

(5) It is immaterial whether a matter mentioned in paragraph (1)(d), (e) or (f) concerns something that happened in New Zealand.

(6) A reference in this item to conviction of an offence includes a reference to:

(a)  the making of an order under section 19B of the Crimes Act 1914 in relation to the offence; or

(b)  the making of an order under a corresponding provision of a law of:

(i)  a State; or

(ii)  a Territory; or

(iii)  New Zealand;

in relation to the offence.

 

Schedule 5.- Other amendments

 

Part 1.- Document retention

 

Division 1.- Amendments

 

Designs Act 2003

 

1  Paragraph 69(3)(b)

Omit “design; and”, substitute “design.”

 

2  Paragraph 69(3)(c)

Repeal the paragraph.

 

3  Paragraph 149(2)(o)

Omit “fit; and”, substitute “fit.”.

 

4  Paragraph 149(2)(p)

Repeal the paragraph.

 

Patents Act 1990

 

5  Paragraph 228(2)(u)

Repeal the paragraph.

 

Trade Marks Act 1995

 

6  Paragraph 231(2)(h)

Repeal the paragraph.

 

Division 2.- Application of amendments

 

7  Application of amendments

The amendments made by this Part apply in relation to material and documents provided or filed before, on or after the commencement of this Part.

 

Part 2.- Technical amendments

 

Division 1.- Amendments

 

Patents Act 1990

 

8  Section 24 (heading)

Repeal the heading, substitute:

 

24.- Validity not affected by making information available in certain circumstances

 

9  Section 29A (note)

Repeal the note.

 

10  At the end of section 29A

Add:

(6)  An applicant is not entitled to ask that any action be taken, or that he or she be allowed to take any action, under this Act in relation to a PCT application unless the following requirements of subsection (5) have been met (if applicable):

(a)  a translation of the application into English has been filed;

(b)  the prescribed documents have been filed;

(c)  the prescribed fees have been paid.

Note: A failure to comply with subsection (5) may also result in the PCT application lapsing: see paragraph 142(2)(f).

 

11  Subsection 29B(2)

Omit “within the prescribed period”.

 

12  Subsection 29B(6)

Omit “subsection (1)”, substitute “the definition of Convention country in subsection (5)”.

 

13  Before subsection 40(2)

Insert:

Requirements relating to complete specifications

 

14  Before subsection 41(1)

Insert:

Provisional specifications

(1A)  A specification is taken to comply with subsection 40(1), so far as it requires a description of a micro‑organism, if:

(a)  the micro‑organism is deposited with a prescribed depository institution in accordance with such provisions of the Budapest Treaty as are applicable; and

(b)  the prescribed circumstances apply.

Complete specifications

 

15  Paragraph 43(2A)(b)

After “discloses”, insert “, or a prescribed set of prescribed documents considered together disclose”.

 

16  After subsection 43(2A)

Insert:

(2B)  A prescribed document, or a prescribed set of prescribed documents considered together, is taken to disclose the invention in a claim as mentioned in paragraph (2A)(b) so far as such disclosure requires a description of a micro‑organism, if:

(a)  the micro‑organism is deposited with a prescribed depository institution in accordance with such provisions of the Budapest Treaty as are applicable; and

(b)  the prescribed circumstances apply.

 

17  At the end of subparagraph 101E(1)(a)(ix)

Add “and”.

 

18  Paragraph 119(3)(b)

Omit “through any publication or use of the invention”.

 

19  Subsection 178(4)

Omit “subsection (1) or (2)”, substitute “this section”.

 

20  Subsection 191A(4)

Omit “a declaration, or rectify the Register, under this section”, substitute “a declaration under subsection (2), or rectify the Register under subsection (3)”.

 

21  Paragraph 224(1)(a)

Omit “or 142(2)(b)”.

 

Division 2.- Application of amendments

 

22  Application of amendments

(1) The amendments made by items 8 and 18 apply in relation to information that is made publicly available at or after the time those items commence.

(2) The amendments made by items 9, 10 and 11 apply in relation to applications made at or after the time those items commence.

(3) The amendment made by item 14 applies in relation to provisional applications made at or after the time that item commences.

(4) The amendments made by items 15 and 16 apply in relation to:

(a)  patents for which the complete application is made at or after the time those items commence; and

(b)  standard patents for which the application had been made before the time those items commence, if the applicant had not asked for an examination of the patent request and specification for the application under section 44 of the Patents Act 1990 before that time; and

(c)  innovation patents granted at or after the time those items commence, if the complete application to which the patent relates had been made before that time; and

(d)  complete patent applications made at or after the time those items commence; and

(e)  complete applications for standard patents made before the time those items commence, if the applicant had not asked for an examination of the patent request and specification for the application under section 44 of the Patents Act 1990before that time; and

(f)  complete applications for innovation patents made before the time those items commence, if a patent had not been granted in relation to the application on or before that time; and

(g)  innovation patents granted before the time those items commence, if:

(i)  the Commissioner had not decided to examine the complete specification relating to the patent under section 101A of the Patents Act 1990 before that time; and

(ii)  the patentee or any other person had not asked the Commissioner to examine the complete specification relating to the patent under section 101A of the Patents Act 1990 before that time.

(5) The amendment made by item 20 applies on and after the day that item commences in relation to patents granted before, on or after that commencement.

 

 

 

 

(Minister’s second reading speech made in House of Representatives on 19 March 2014, Senate on 25 November 2014)

12Jul/17

Act. nº 101 of April 4, 2000, on the Protection of Personal Data and on Amendent to Some Acts

Act. nº 101 of April 4, 2000, on the Protection of Personal Data and on Amendent to Some Acts.  As amended by the Act nº 227/2000 Coll., Act nº 177/2001 Coll., Act nº 450/2001 Coll., Act nº 107/2002 Coll., Act nº 310/2002 Coll., Act nº 517/2002 Coll., Act nº 439/2004 Coll., Act nº 480/2004 Coll., Act nº 626/2004 Coll., Act nº 413/2005 Coll., Act nº 444/2005 Coll., Act nº 109/2006 Coll., Act nº 112/2006 Coll., Act. nº 267/2006 Coll., Act nº 342/2006 Coll., Act nº 170/2007 Coll., Act nº 41/2009 Coll., Act nº 52/2009 Coll., Act nº 227/2009 Coll., Act. nº 281/2009 Coll., Act nº 375/2011 Coll., Act nº 468/2011 Coll., Act nº 64/2014 Coll., Act nº 250/2014 Coll. and nº 301/2016 Coll.

 

The Parliament has enacted the following Act of the Czech Republic:

 

Part One.- Personal Data Protection

 

Chapter I.- Introductory Provisions

 

Article 1.- Subject of the Act

This Act, in accordance with the law of the European Union, international agreements binding the Czech Republic, and to exercise everyone’s right to the protection from unauthorised interference with privacy, regulates the rights and obligations in processing of personal data and specifies the conditions under which personal data may be transferred to other countries.

 

Article 2

(1) The Office for Personal Data Protection is hereby established with seat in Prague (hereinafter referred to as the “Office”).

(2) The Office is a central administrative authority in the area of personal data protection in the scope provided by this Act, special legal regulation, international treaties which form part of the legal order, and directly applicable law of the European Union.

(3) The Office exercises the competence of a supervisory authority for the area of personal data protection following from international treaties which form part of the legal order.

 

Article 3.- Scope of the Act

(1) This Act shall apply to personal data that are processed by state authorities, territorial self-administration bodies, other public authority bodies, as well as natural and legal persons.

(2) This Act shall apply to all personal data processing, both by automatic or other means.

(3) This Act shall not apply to personal data processing carried out by a natural person for personal needs exclusively.

(4) This Act shall not apply to accidental personal data collection, unless these data are subject to further processing.

(5) Furthermore, this Act shall apply to personal data processing:

(a) if the law of the Czech Republic is applicable preferentially on the basis of the international public law, even if the controller is not established on the territory of the Czech Republic,

(b) if the controller who is established outside the territory of the European Union carries out processing on the territory of the Czech Republic, unless it is only a personal data transfer over the territory of the European Union. In this case the controller shall be obliged to authorize the processor on the territory of the Czech Republic  by way of the procedure laid down in Article 6.

If the controller carries out processing through its organization units established on the territory of the European Union, he must ensure that those organization units will process personal data in accordance with national law of the respective member state of the European Union.

(6) The provisions of Article 5(1) and Articles 11 and 12 of this Act shall not apply to processing of personal data necessary to fulfil obligations of the controller provided by special Acts to ensure:

(a) security of the Czech Republic,

(b) defence of the Czech Republic,

(c) public order and internal security,

(d) prevention, investigation, detection and prosecution of criminal offences,

(e) important economic interest of the Czech Republic or of the European Union,

(f) important financial interest of the Czech Republic or of the European Union, in particular the stability of financial market and currency, functioning of currency circulation and system of payments as well as budgetary and taxation measures,

(g) exercise of control, supervision, surveillance and regulation related to exercise of public authority in the cases under (c), (d), (e) and (f),

(h) activities related to disclosure of files of the former State Security, or

(i) activities related to keeping a central registry of accounts.

 

Article 4.- Definitions

For the purposes of this Act:

(a) “personal data” shall mean any information relating to an identified or identifiable data subject. A data subject shall be considered identified or identifiable if it is possible to identify the data subject directly or indirectly in particular on the basis of a number, code or one or more factors specific to his/her physical, physiological, psychical, economic, cultural or social identity;

(b) “sensitive data” shall mean personal data revealing nationality, racial or ethnic origin, political attitudes, trade-union membership, religious and philosophical beliefs, conviction of a criminal act, state of health and sexual life of the data subject and genetic data of the data subject; sensitive data shall also mean a biometric data permitting direct identification or authentication of the data subject;

(c) “anonymous data” shall mean such data that cannot be linked to an identified or identifiable data subject in their original form or following processing thereof;

(d) “data subject” shall mean a natural person to whom the personal data pertain;

(e) “personal data processing” shall mean any operation or set of operations that is systematically performed by a controller or a processor upon personal data by automatic or other means. Personal data processing shall mean, in particular, the collection of data, their storage on data carriers, disclosure, modification or alteration, retrieval, use, transfer, dissemination, publishing, preservation, exchange, sorting or combination, blocking and liquidation;

(f) “personal data collection” shall mean a systematic procedure or set of procedures, which aim is to obtain personal data for the purpose of their further storage on a data carrier for their immediate or subsequent processing;

(g) “personal data storage” shall mean keeping data in a manner that permits their further processing;

(h) “blocking” shall mean any operation or set of operations restricting the manner or means of personal data processing for a specified period of time, except for the necessary interventions;

(i) “personal data liquidation” shall mean physical destruction of the data carrier, physical deletion of data or their permanent exclusion from further processing;

(j) “controller” shall mean any entity that determines the purpose and means of personal data processing, carries out such processing and is responsible for such processing. The controller may empower or charge a processor to process personal data, unless a special Act provides otherwise;

(k) “processor” shall mean any entity processing personal data on the basis of a special Act or on behalf of the controller;

(l) “published personal data” shall mean personal data that are disclosed, in particular, by mass media, via other form of public communication, or as a part of a public list;

(m) “register or personal data file” (hereinafter referred to as “data file”) shall mean any set of personal data that is structured or can be made available according to common or specific criteria;

(n) “consent of data subject” shall mean a free and informed manifestation by which will of the data subject signifies his assent to personal data processing;

(o) “recipient” shall mean each subject to whom the personal data are disclosed. The entity processing personal data pursuant to Article 3(6)(g) is not considered a recipient.

 

Chapter II.- Rights and obligations in processing of personal data

 

Article 5

(1) The controller shall be obliged to:

(a) specify the purpose for which personal data are to be processed;

(b) specify the means and manner of personal data processing;

(c) process only accurate personal data, which he obtained in accordance with this Act. If necessary, the controller is obliged to update the data. If the controller finds that the processed data are not accurate as to the specified purpose, shall he take adequate measures without undue delay, in particular shall he block the processing and rectify or supplement the personal data, or liquidate them otherwise. Inaccurate personal data may be processed only within the limits of the provisions of Article 3(6) of this Act. Inaccurate personal data must be branded. The controller is obliged to provide all the recipients with the information about blocking, correction, supplementing or liquidation of personal data without undue delay;

(d) collect personal data corresponding exclusively to the specified purpose and in extent necessary to accomplish the specified purpose;

(e) store personal data only for a period necessary for the purpose of their processing. After expiry of this period, personal data may be retained only for purposes of the state statistical service, and for scientific and archival needs. When using personal data for these purposes, it is necessary to respect the right to protection of private and personal lives of the data subject from unauthorised interference and to make personal data anonymous as soon as possible;

(f) process personal data only in accordance with the purpose for which the data were collected. Personal data may be processed for some other purpose only within the limits of the provisions of Article 3(6) or if the data subject granted his consent herewith in advance;

(g) collect personal data only in an open manner. Collecting data under the pretext of some other purpose or activity shall be prohibited;

(h) ensure that personal data that were obtained for different purposes are not grouped.

(2) The controller may process personal data only with the consent of data subject. Without such consent, the controller may process the data:

(a) if he is carrying out processing which is essential to comply with legal obligation of the controller;

(b) if the processing is essential for fulfilment of a contract to which the data subject is a contracting party or for negotiations on conclusion or alteration of a contract negotiated on the data subject´s proposal;

(c) if it is essential for the protection of vitally important interests of the data subject. In this case, the consent of data subject must be obtained without undue delay. If the consent is not granted, the controller must terminate the processing and liquidate the data;

(d) if they were lawfully published in accordance with special legislation. However, this shall not prejudice the right to the protection of private and personal lives of the data subject, or

(e) if it is essential for the protection of rights and legitimate interests of the controller, recipient or other person concerned. However, such personal data processing may not be in contradiction with the data subject´s right to protection of his private and personal lives.

(f) if he provides personal data on a public figure, official or employee of public administration that reveals information on their public or administrative activity, their functional or working position, or

(g) if the processing relates exclusively to archival purposes pursuant to a special Act.

(3) If the controller processes personal data on the basis of a special Act, he shall be obliged to respect the right to protection of private and personal lives of the data subject.

(4) When giving his consent the data subject must be provided with the information about what purpose of processing, what personal data, which controller and what period of time the consent is being given for. The controller must be able to prove the consent of data subject to personal data processing during the whole period of processing.

(5) If the controller or processor carries out personal data processing for the purpose of offering business or services to the data subject, the data subject’s name, surname and address may be used for this purpose provided that the data were acquired from a public list or in relation to his activity of controller or processor. The controller or processor, however, may not further process the data specified above if the data subject has expressed his disagreement therewith. The disagreement with processing must be expressed in writing. No additional personal data may be added to the data specified above without the consent of data subject.

(6) The controller who processes personal data pursuant to paragraph 5 may transfer these data to other controller only under the following conditions:

(a) the data on the data subject were obtained in relation to activities of the controller or the personal data in question were made public;

(b) the data shall be used exclusively for the purpose of offering business and services;

(c) the data subject has been notified in advance of this procedure of the controller and the data subject has not expressed disagreement with this procedure.

(7) Other controller to whom data pursuant to paragraph 6 have been transferred may not transfer these data to any other person.

(8) Disagreement with processing pursuant to paragraph 6(c) must be expressed by the data subject in writing. The controller shall be obliged to notify each controller to whom he has transferred the name, surname and address of the data subject of the fact that the data subject has expressed disagreement with the processing.

(9) To eliminate the possibility that the name, surname and address of the data subject are repeatedly used for offering business and services, the controller shall be entitled to further process the subject’s name, surname and address in spite of the fact that the data subject expressed his/her disagreement therewith in accordance with paragraph 5.

 

Article 6

Where authorization does not follow from a legal regulation, the controller must conclude with the processor an agreement on personal data processing. The agreement must be made in writing. In particular, the agreement shall explicitly stipulate the scope, purpose and period of time for which it is concluded and must contain guarantees by the processor related to technical and organisational securing of the protection of personal data.

 

Article 7

The obligations specified in Article 5 shall similarly apply to the processor.

 

Article 8

If the processor finds out that the controller breaches the obligations provided by this Act, the processor shall be obliged to notify the controller of this fact without delay and to terminate personal data processing. If he fails to do so, the processor and the data controller shall be liable jointly and severally for any damage caused to the data subject. This shall in no way prejudice his responsibility pursuant to this Act.

 

Article 9.- Sensitive Data

Sensitive data may be processed only:

(a) if the data subject has given his express consent to the processing. When giving his consent, the data subject must be provided with the information about what purpose of processing, what personal data, which controller and what period of time the consent is being given for. The controller must be able to prove the existence of the consent of data subject to personal data processing during the whole period of processing. The controller is obliged to instruct in advance the data subject of his rights pursuant to Articles 12 and 21,

(b) if it is necessary in order to preserve life or health of the data subject or some other person or to eliminate imminent serious danger to their property, if his consent cannot be obtained, in particular, due to physical, mental or legal incapacity, or if the data subject is missing or for similar reasons. The controller shall be obliged to terminate data processing as soon as the above mentioned reasons cease to exist and must liquidate the data, unless the data subject gives his consent to further processing.

(c) if the processing in question is in relation with ensuring health services, public health protection, health insurance, and the exercise of public administration in the field of health sector pursuant to a special Act, or it is related to assessment of health in other cases provided by a special Act,

(d) if the processing is necessary to keep the obligations and rights of the controller responsible for processing in the field of labour law and employment provided by a special Act,

(e) if the processing pursue political, philosophical, religious or trade-union aims and is carried out within the scope of legitimate activity of a civil association, foundation or other legal person of non-profit nature (hereinafter referred to as the “association”), and which relates only to members of the association or persons with whom the association is in recurrent contact related to legitimate activity of the association, and the personal data are not disclosed without the consent of data subject,

(f) if the data processed pursuant to a special Act are necessary to employ sickness insurance, pension insurance (security), state social support and other state social security benefits, social services, social care, assistance in material need and social and legal protection of children, and if, at the same time, the protection of these data is ensured in accordance with the law,

(g) if the processing concerns personal data published by the data subject,

(h) if the processing is necessary to secure and exercise legal claims,

(ch) if they are processed exclusively for archival purposes pursuant to a special Act, or

(i) if it is the processing under special acts regulating prevention, investigation, detection of criminal activities, prosecution of criminal offences and search for persons.

 

Article 10

In personal data processing, the controller and processor shall ensure that the rights of the data subject are not infringed, in particular, the right to preservation of human dignity, and shall also ensure that the private and personal lives of the data subject are protected against unauthorized interference.

 

Article 11

(1) In collecting personal data the controller shall be obliged to inform the data subject of the scope in which and the purpose for which the personal data shall be processed, who and in what manner will process the personal data and to whom the personal data may be disclosed, unless the data subject is already aware of this information. The controller must inform the data subject about his right of access to personal data, the right to have his personal data rectified as well as other rights provided for in Article 21.

(2) In case when the controller processes personal data obtained from the data subject, he is obliged to instruct the data subject on whether the provision of the personal data is obligatory or voluntary. If the data subject is obliged pursuant to a special Act to provide personal data for the processing, the controller shall instruct him on this fact as well as on the consequences of refusal to provide the personal data.

(3) The controller shall not be obliged to provide the information and instruction pursuant to paragraph 1 in cases where the personal data were not obtained from the data subject, if

(a) he is processing personal data exclusively for the purposes of state statistical service, scientific or archival purposes and the provision of such information would involve a disproportionate effort or inadequately high costs; or if storage on data carriers or disclosure is expressly provided by a special Act. In these cases the controller shall be obliged to take all necessary measures against unauthorised interference with the data subject’s private and personal lives.

(b) the personal data processing is imposed on him by a special Act or such data are necessary to exercise the rights and obligations ensuing from special Acts.

(c) he is processing exclusively lawfully published personal data, or

(d) he is processing personal data obtained with the consent of data subject.

(4) The above provisions shall be without prejudice to the rights of the data subject to request information pursuant to special Acts.

(5) In processing the personal data pursuant to Article 5(2)(e) and Article 9(h), the controller shall be obliged to inform without undue delay the data subject about processing of his personal data.

(6) No decision of the controller or processor in consequence of which is an interference with the legal and legally protected interests of the data subject, may not be issued or made without verification solely on the basis of automated personal data processing. This shall not apply where such decision was made in favour of the data subject and upon his request.

(7) The information obligation regulated by Article 11 may be performed by the processor on behalf of the controller.

 

Article 12.- Data subject’s access to information

(1) If the data subject requests information on the processing of his personal data, the controller shall be obliged to provide him with this information without undue delay.

(2) The contents of the information shall always report on:

(a) the purpose of personal data processing;

(b) the personal data or categories of personal data that are subject of processing including all available information on their source;

(c) the character of the automated processing in relation to its use for decision-making, if acts or decisions are taken on the basis of this processing the content of which is an interference with the data subject’s rights and legitimate interests;

(d) the recipients or categories of recipients.

(3) For provision of this information the controller shall be entitled to require a reasonable reimbursement not exceeding the costs necessary for provision of information.

(4) The controller’s obligation to provide the data subject with information pursuant to Article 12 may be met by a processor on behalf of the controller.

 

Article 13.- Obligations of Persons concerning Personal Data Security

(1) The controller and the processor shall be obliged to adopt measures preventing unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transmission, other unauthorised processing, as well as other misuse of personal data. This obligation shall remain valid even after terminating personal data processing.

(2) The controller or the processor shall be obliged to develop and to document the technical and organisational measures adopted and implemented to ensure the personal data protection in accordance with the law and other legal regulations.

(3) In the framework of measures pursuant to paragraph 1, the controller or the processor shall perform a risk assessment concerning

(a) fulfilment of instructions for personal data processing by persons who have immediate access to the personal data,

(b) prevention of unauthorized persons’ access to personal data and to the means of their processing,

(c) prevention of unauthorized reading, creating, copying, transferring, modifying or deleting of records containing personal data, and

(d) measures enabling to determine and verify to whom the personal data were transferred.

(4) In the area of automatic processing of personal data, the controller or processor shall, in the framework of measures under paragraph 1, be obliged to

(a) ensure that the systems for automatic processing of personal data are used only by authorized persons,

(b) ensure that the natural persons authorized to use systems for automatic processing of personal data have access only to the personal data corresponding to their authorization, and this on the basis of specific user authorizations established exclusively for these persons,

(c) make electronic records enabling to identify and verify when, by whom and for what reason the personal data were recorded or otherwise processed, and

(d) prevent any unauthorized access to data carriers.

 

Article 14

Employees of the controller or processor and other persons who process personal data on the basis of an agreement with the controller or processor, may process personal data only under the conditions and in the scope specified by the controller or the processor.

 

Article 15

(1) Employees of the controller or processor, other natural persons who process personal data on the basis of an agreement concluded with the controller or processor and other persons who, in the scope of fulfilling rights and obligations provided by law, come into contact with personal data at the premises of the controller or processor, shall be obliged to maintain confidentiality of personal data and security measures whose publishing would endanger the security of personal data. The obligation to maintain confidentiality shall survive termination of employment or the relevant work.

(2) The provisions of the previous paragraph shall in no way prejudice the obligation to maintain confidentiality pursuant to special Acts.

(3) The obligation to maintain confidentiality shall not apply to information obligation pursuant to special Acts.

 

Article 16.- Notification Obligation

(1) Whoever intends to process personal data as a controller or alter the registered processing pursuant to this Act, with the exception of the processing mentioned pursuant to Article 18, shall be obliged to notify in writing the Office of this fact before carring out the personal data processing.

(2) The notification must include the following information:

(a) the identification data of the controller, i.e. in case of natural person who is not an entrepreneur his first name or names, surname, date of birth and address of permanent residence; in case of other subjects their trade, corporate or other name, seat and identification number if assigned, and name, eventually first names and surnames of persons that are their statutory representatives;

(b) the purpose or purposes of processing;

(c) the categories of data subjects and of personal data pertaining to these subjects;

(d) the sources of personal data;

(e) a description of the manner of personal data processing;

(f) the location or locations of personal data processing;

(g) the recipient or category of recipients;

(h) the anticipated personal data transfers to other countries;

(i) the description of measures adopted to ensure the protection of personal data pursuant to Article 13;

(3) If the notification includes all essentials pursuant to paragraph 2 and no proceeding pursuant to Article 17(1) has been initiated, the personal data processing may start after the expiration of 30 days from the delivery of the notification. In such case the Office records the information stated in the notification into the register.

(4) If the notification does not include all essentials pursuant to paragraph 2, the Office shall send without delay a reminder to the notifying subject in which he shall make reference to the missing or insufficient information and set a deadline for supplementing the notification. In case the notification is being supplemented, running out the time limit pursuant to paragraph 3 shall begin as of the day of delivery of the notification supplement. If the Office does not receive the notification supplement within the set deadline, the notification shall be regarded as if it has not been submitted.

(5) Upon the request from the controller the Office shall issue a certificate which includes date of issuance, reference number, first name, surname and signature of the person by whom the certificate has been issued, official stamp, identification data of the controller and purpose of processing.

(6) If, pursuant paragraph 1, the notification concerns a processing subjected to investigation, the Office refuses to enter it into the register. The Office shall do the entry as soon as the investigation is closed.

 

Article 17

(1) If a justified concern arises from the notification that this Act might be breached in processing of personal data, the Office shall initiate proceedings at its own instigation.

(2) If the Office finds that the controller does not breach by his notified processing the conditions specified by this Act, he shall suspend the proceedings and make a record pursuant to Article 16(3). The processing of personal data may start not earlier than the day following the day when the record was made. In case the notified processing does not meet conditions specified by this Act, the Office shall not permit the processing of personal data.

 

Article 17a

(1) If the Office finds that the controller whose notification has been registered breaches the conditions provided by this Act, it shall decide on revocation of the registration.

(2) If the purpose for which the processing was registered ceases to exist, the Office shall decide on revocation of the registration either on its own instigation or on the controller´s request.

 

Article 18

(1) The notification obligation pursuant to Article 16 shall not apply to processing of personal data:

(a) that are part of data files publicly accessible on the basis of a special Act,

(b) imposed on the controller by a special Act or when such personal data are needed for exercising rights and obligations following from a special Act, or

(c) in case of processing that pursues political, philosophical, religious or trade- union aims carried out within the scope of legitimate activity of an association and which relates only to members of the association or persons with whom the association is in recurrent contact related to legitimate activity of the association, and the personal data are not disclosed without the consent of data subject.

(2) The controller, who carries out processing pursuant to Article 18(1)(b), shall be obliged to ensure that the information concerning in particular the purpose of the processing, categories of personal data, categories of data subjects, categories of recipients and the period of preservation, which would otherwise be accessible by means of the register maintained by the Office pursuant to Article 35, is disclosed also through remote access or in other appropriate form.

 

Article 19

If the controller intends to terminate his activities, he shall be obliged to announce to the Office without delay how he handled personal data, if their processing was subject to the notification obligation.

 

Article 20.- Liquidation of Personal Data

(1) The controller or, on the basis of his instructions, the processor shall be obliged to carry out liquidation of personal data as soon as the purpose for which personal data were processed ceases to exist or on the basis of a request by the data subject pursuant to Article 21.

(2) A special Act shall provide exceptions relating to the preservation of personal data for archival purposes and to the exercising of rights in civil judicial proceedings, criminal proceedings and administrative proceedings.

 

Article 21.- Protection of Data Subjects’ Rights

(1) Each data subject who finds or presumes that the controller or the processor is carrying out processing of his personal data which is in contradiction with the protection of private and personal life of the data subject or in contradiction with the law, in particular if the personal data are inaccurate regarding the purpose of their processing, he may:

(a) ask the controller or processor for explanation;

(b) require from the controller or processor to remedy the arisen state of affairs. It can mean in particular blocking, correction, supplementing or liquidation of personal data.

(2) If the requirement of the data subject pursuant to paragraph 1 is found justified, the controller or processor is obliged to remove without delay the improper state of affairs.

(3) If the data subject incurred other than property damage as a result of personal data processing, the procedure pursuant to a special Act shall be followed when lodging a claim.

(4) If a breach of obligations provided by law occurs in the course of processing of personal data by the controller or by the processor, they shall be liable jointly and severally.

(5) The controller shall be obliged to inform without undue delay the recipient on the requirement of the data subject pursuant to paragraph 1 and on the blocking, correction, supplementing or liquidation of personal data. This shall not apply where informing the recipient is impossible or would involve disproportionate effort.

 

Article 22.- Repealed.

 

Article 23.- Repealed.

 

Article 24.- Repealed.

 

Article 25.- Indemnification

General regulation of liability for damage shall apply to matters not specified by this Act.

 

Article 26

The obligations pursuant to Articles 21 to 25 shall similarly apply to persons who have collected personal data without authorisation.

 

Chapter III.- TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES

 

Article 27

(1) Free flow of personal data shall not be restricted if data are transferred to a member state of the European Union.

(2) Personal data may be transferred to third countries if the prohibition to restrict the free movement of personal data is ensuing from an international treaty to the ratification of which the Parliament has given his assent and which is binding the Czech Republic, or if the personal data are transferred on the basis of decision of an institution of the European Union. The Office in the Official Journal publishes information about such decisions in the Official Journal.

(3) Where the condition pursuant to paragraphs 1 and 2 is not met, the transfer of personal data may be carried out if the controller proves that:

(a) the data transfer takes place with the consent of, or on the basis of an instruction by the data subject;

(b) in a third country, where personal data are to be processed, has been created sufficient specific guarantees for personal data protection, e.g. by other legal or professional regulations and security measures. Such guarantees may be specified in particular by a contract concluded between the controller and the recipient, if this contract ensures application of these requirements, or if the contract contains contractual clauses for personal data transfer to third countries published in the Official Journal of the Office;

(c) the personal data concerned are part of publicly accessible data files on the basis of a special Act or are, on the basis of a special Act accessible to someone who proves legal interest; in such case the personal data may be disclosed only in the scope and under conditions provided by a special Act;

(d) the transfer is necessary to exercise an important public interest following from a special Act or from an international treaty binding the Czech Republic;

(e) the transfer is necessary for negotiating the conclusion or change of a contract, carried out on the data subject´s incentive, or for the performance of a contract to which the data subject is a contracting party;

(f) the transfer is necessary to perform a contract between the controller and a third party, concluded in the interest of the data subject, or to exercise other legal claims, or

(g) the transfer is necessary for the protection of rights or important vital interests of the data subject, in particular for rescuing life or providing health services.

(4) Prior to the transfer of personal data to third countries pursuant to paragraph 3, the controller shall be obliged to apply to the Office for authorization to the transfer, unless provided otherwise by a special Act. When considering the application, the Office shall examine all circumstances related to the transfer of personal data, in particular the source, final destination and categories of personal data which are to be transferred, the purpose and period of the processing, with regard to available information about legal or other regulations governing the personal data processing in a third country. In the authorization to the transfer, the Office shall specify the period of time over which the controller may perform the data transfers. If a change of the conditions under which the authorization was issued occurs, in particular on the basis of a decision of an institution of the European Union, the Office shall alter or revoke this authorization.

 

Chapter IV.- POSITION AND COMPETENCE OF THE OFFICE

 

Article 28

(1) The Office is an independent body. In its activities, it shall act independently and shall observe only the laws and other legal regulations.

(2) The activities of the Office may be intervened on the basis of law only.

(3) The activities of the Office shall be covered from a special chapter of the state budget of the Czech Republic.

 

Article 29

(1) The Office shall:

(a) perform supervision over the observance of the obligations provided by law in personal data processing;

(b) keep the register of personal data processing operations;

(c) accept incentives and complaints concerning breach of obligations provided by law in personal data processing and inform of their settlement;

(d) compile and publish an annual report on its activities;

(e) exercise other competence specified by law;

(f) discuss misdemeanours and other administrative offences and impose fines pursuant to this Act;

(g) ensure fulfilment of requirements following from international treaties binding the Czech Republic, and from directly applicable law of the European Union,

(h) provide consultations in the area of personal data protection,

(i) co-operate with similar authorities in other countries, with institutions of the European Union and with bodies of international organizations operating in the area of personal data protection. In accordance with the law of the European Union the Office meets the obligation of notification towards the institutions of the European Union.

(2) Supervision in the form of inspection shall be performed pursuant to a special Act.

(3) Supervision over personal data processing performed by intelligence services shall be regulated by a special Act.

 

Article 29a

(1) The Ministry of Interior or the Police of the Czech Republic shall provide the Office for executing its competence pursuant to this Act and other legal regulations

  1. a) reference data from the basic register of population,
  2. b) data from the service-related population information system
  3. c) data from the service-related foreigners information system

(2) Data provided pursuant to paragraph (1)(a) are:

  1. a) surname,
  2. b) name or names,
  3. c) address of residence,
  4. d) date of birth.

(3)Data provided pursuant to paragraph (1)(b) are

  1. a) name or names, surname and name at birth if applicable,
  2. b) date of birth,
  3. c) address of permanent residence including previous addresses of permanent residence,d) commencement of permanent residence or date of annulment of permanent residence, or date of termination of permanent residence on the territory of the Czech Republic.

(4) Data provided pursuant to paragraph (1)(c) are

  1. a) name or names, surname and name at birth if applicable,
  2. b) date of birth,
  3. c) type of residence and address of residence,
  4. d) number and validity of the residence permit,
  5. e) commencement of residence or date of its termination if applicable.

(5) Data kept as reference data in the basic register of population may be collected from the service-related population information system or service-related foreigners information system only if they are in a format preceding the current state.

(6) Of the data provided only those data deemed necessary for satisfaction of a given task may be used in a particular case.

 

Chapter V.- ORGANISATION OF THE OFFICE

 

Article 30

(1) Employees of the Office shall consist of the President, inspectors and other employees.

(2) Supervisory activities of the Office shall be carried out by inspectors and authorised employees (hereinafter referred to as “the supervisory staff”).

(3) The President of the Office shall have the right to a salary, reimbursement of expenses and consideration in kind and golden handshake likewise the President of the Supreme Audit Office pursuant to a special Act.

(4) The inspectors of the Office shall have the right to a salary, reimbursement of expenses and consideration in kind as the members of the Supreme Audit Office pursuant to a special Act.

 

Article 31

Supervisory activities of the Office shall be performed on the basis of a supervision plan or on the basis of the incentives and complaints.

 

Article 32.- President of the Office

(1) The Office is managed by the President who shall be appointed and recalled by the President of the Czech Republic on the basis of a proposal of the Senate of the Parliament of the Czech Republic.

(2) The President of the Office shall be appointed for a period of 5 years. The President may be appointed for the maximum of two successive terms. The President shall be regarded as official body and entitled to issue orders to a civil servant as to the discharge of state service pursuant to the State Service Act.

(3) The President of the Office may be only a citizen of the Czech Republic who:

(a) enjoys legal capacity,

(b) is impeccable, meets the conditions prescribed by a special regulation and for whom it can be assumed in relation to his knowledge, experience and moral qualities that he will serve his position properly,

(c) has completed university education.

(4) For the purpose of this Act, a natural person shall be considered impeccable if he has not been lawfully sentenced for a wilful criminal offence or for an offence committed by negligence in relation to personal data processing.

(5) The position of the President of the Office cannot be exercised together with either of the positions of a Member of the Parliament or Senator, judge, state attorney, any position in the state administration, a position of a member of a territorial self-administration body and with the membership in political parties and movements.

(6) The President of the Office may not hold any other paid position, be in some other labour relationship, or perform any gainful activity, with the exception of administration of his own property and scientific, pedagogical, literal, journalistic and artistic activities, if such activities do not impair the dignity of the Office or threaten confidence in the independence and impartiality of the Office.

(7) The President of the Office shall be recalled from his position if he ceases to meet any of the conditions for his appointment.

(8) The President of the Office may also be recalled from his position if he fails to perform his position for a period of 6 months.

 

Article 33.- Inspectors of the Office

(1) An inspector shall be appointed and recalled by the President of the Czech Republic on the basis of a proposal of the Senate of the Parliament of the Czech Republic.

(2) An inspector shall be appointed for a period of 10 years. He may be appointed repeatedly.

(3) An inspector shall carry out inspections, direct inspections and perform other activities within the Office´s competence.

(4) The activities pursuant to paragraph 3 shall be carried out by 7 inspectors of the Office.

 

Article 34

(1) An inspector may be only a citizen of the Czech Republic who enjoys legal capacity, has no criminal record, meets the conditions prescribed by a special legal regulation and has completed professional university education.

(2) The position of an inspector cannot be exercised together with either the positions of a Member of Parliament or Senator, judge, state attorney, any position in the state administration, a position of a member of a territorial self-administration body and membership in political parties and movements. An inspector may not hold any other paid position, be in some other labour relationship, or perform any gainful activity, with the exception of administration of his own property and scientific, pedagogical, literal, journalistic and artistic activities, if such activity does not impair the dignity of the Office or threaten confidence in the independence and impartiality of the Office.

(3) An inspector shall be recalled from his position if he ceases to meet any of the conditions for his appointment.

 

Chapter VI.- ACTIVITIES OF THE OFFICE

 

Article 35.- Register

(1) Information following from notifications pursuant to Article 16(2) and the date of execution or cancellation of the registration shall be recorded beside the entities of controllers in the Register of permitted personal data processing.

(2) Information written into the register, except the information referred to in Article 16(2)(e) and (i), are publicly accessible especially in the manner enabling remote access.

(3) Cancellation of registration pursuant to Article 17(a) shall be notified by the Office in the Official Journal of the Office.

 

Article 36.- Annual Report

(1) The annual report of the Office shall contain, in particular, information on performed supervisory activities and evaluation thereof, information on and evaluation of the state of affairs in the area of processing and protection of personal data in the Czech Republic and assessment of other activities of the Office.

(2) The President of the Office shall lay the annual report for information purposes before the Chamber of the Deputies and the Senate of the Parliament of the Czech Republic and before the Government of the Czech Republic within 2 months of the end of the budgetary year, and it shall be published.

 

Article 37.- Rights of the Supervisory Staff to Access Information

When performing inspection, the supervisory staff shall be entitled to get acquainted with every piece of information, including sensitive data, necessary to achieve the investigation purpose.

 

Article 38.- Licence of the Supervisory Staff

The supervisory staff is obliged to prove his identity before the investigated subject with an identity card, the sample of which is specified in a Government regulation and which represents authorization to perform supervision.

 

Article 39.- Repealed

 

Article 40.- Measures for Remedy

(1) If during the personal data processing an obligation provided by this Act or imposed on the basis thereof have been breached, the inspector shall specify measures that shall be adopted in order to eliminate the established shortcomings and set a deadline for their elimination.

 

Article 40a

Once the unlawful state remedied in accordance with the measures imposed or immediately after the breach of duty was detected, the Office may refrain from a fine.

 

Article 41.- Repealed

 

Article 42.- Repealed

 

Article 43.- Rights and Obligations in Supervision.- Repealed

 

Chapter VII.- ADMINISTRATIVE DELICTS

 

Article 44

(1) Natural person who

(a) is in a labour or similar relationship to the controller or processor;

(b) carries out activities for the controller or processor on the basis of an agreement, or who

(c) in the framework of fulfilling powers and obligations imposed by a special Act comes into contact with personal data at the controller or processor,

commits an offence by breaching the obligation to maintain confidentiality (Article 15).

(2) Natural person in the position of the controller or processor commits an offence in the course of personal data processing if he:

(a) fails to specify the purpose, means or manner of processing (Article 5(1)(a) and (b)) or breaches an obligation by the specified purpose of processing or exceeds his authority ensuing from a special Act,

(b) processes inaccurate personal data (Article 5(1)(c))

(c) collects or processes personal data in an extent or manner which does not correspond to the specified purpose (Article 5(1)(d),(f) thru (h))

(d) retains personal data for a period longer than necessary for the purpose of processing (Article 5(1)(e))

(e) processes personal data without the consent of data subject except for the cases provided by law (Article 5(2) and Article 9)

(f) fails to provide the data subject with information in the scope or in the manner provided by law (Article 11)

(g) refuses to provide the data subject with the requested information (Articles 12 and 21)

(h) fails to adopt or implement measures for ensuring security of personal data processing (Article 13)

(i) fails to fulfil the notification obligation pursuant to this Act (Articles 16 and 27)

(j) fails to implement imposed remedial measures in the fixed period.

(3) Natural person in the position of the controller or processor commits an offence if he in the course of personal data processing:

(a) jeopardises a substantial number of persons by unauthorized interference in the private and personal lives, or

(b) fails to fulfil obligations related to the processing of sensitive data (Article 9)

by some of the courses of action pursuant to paragraph 2.

(4) A fine up to CZK 100,000 may be imposed for an offence pursuant to paragraph 1.

(5) A fine up to CZK 1,000,000 may be imposed for an offence pursuant to paragraph 2.

(6) A fine up to CZK 5,000,000 may be imposed for an offence pursuant to paragraph 3.

 

Article 44a

(1) Natural person commits an offence by breaching prohibition to publish personal data provided by other legal regulation.

(2) A fine up to CZK 1,000,000 may be imposed for an offence pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 may be imposed for an offence pursuant to paragraph 1 committed by press, film, radio, television, publicly accessible computer network or by other equally effective way.

 

Article 45

(1) Legal or natural person doing business according to special regulations when processing personal data in the position of the controller or processor commits an administrative delict if he:

(a) fails to specify the purpose, means or manner of processing (Article 5(1)(a) and (b)) or breaches an obligation by the specified purpose of processing or exceeds his authority ensuing from a special Act;

(b) processes inaccurate personal data (Article 5(1)(c));

(c) collects or processes personal data in a scope or manner which does not correspond to the specified purpose (Article 5(1)(d), (f) thru (h));

(d) retains personal data for a period longer than necessary for the purpose of processing (Article 5(1)(e));

(e) processes personal data without the consent of data subject except for the cases provided by law (Article 5(2) and Article 9);

(f) fails to provide the data subject with information in the scope or in the manner provided by law (Article 11);

(g) refuses to provide the data subject with the requested information (Article 12 and Article 21);

(h) fails to adopt or implement measures for ensuring security of personal data processing (Article 13);

(i) fails to fulfil the notification obligation pursuant to this Act (Articles 16 and 27);

(j) don’t maintain an inventory of personal data breaches pursuant to Article 88 (7) of the Electronic Communications Act.

(k) fails to implement imposed remedial measures in the fiwed period.

(2) Legal person in the position of the controller or processor commits an administrative delict if he in the course of personal data processing:

(a) jeopardises a substantial number of persons by unauthorized interference in the private and personal lives, or

(b) fails to fulfil obligations related to the processing of sensitive data (Article 9)

by some of the courses of action pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 shall be imposed for an administrative offence pursuant to paragraph 1.

(4) A fine up to CZK 10,000,000 shall be imposed for an administrative offence pursuant to paragraph 2.

 

Article 45a

(1) Legal person or natural person doing business commits an administrative delict by breaching prohibition to publish of personal data provided by other legal regulation.

(2) A fine up to CZK 1,000,000 shall be imposed for an administrative delict pursuant to paragraph 1.

(3) A fine up to CZK 5,000,000 shall be imposed for an offence pursuant to paragraph 1 committed by press, film, radio, television, publicly accessible computer network or by other equally effective way.

 

Article 46

(1) Legal person shall not be liable for an administrative delict if he proves that he has made all reasonable effort to prevent the breach of a legal obligation.

(2) When deciding on the amount of the fine, especially the seriousness, manner, duration and consequences of the unlawful behaviour and the circumstances under which the unlawful behaviour was committed shall be taken into account.

(3) Liability of the legal person for an administrative delict becomes extinct, if the administrative body has not initiated proceedings within 1 year as of the day when it learned of it, but not later than within 3 years as of the day when the delict was committed.

(4) Administrative delicts pursuant to this act shall be dealt with in the first instance by the Office.

(5) The provisions on the liability of legal person and related sanctions applies on the liability for the behaviour of natural person that occurred when the natural person carried on business activities or in a direct relation to such business activities.

(6) The fine is payable within 30 days as of the day when the decision on imposing the fine came into force.

(7) The fine shall be collected by the Office. The revenue from fines shall be an income of the state budget.

 

Chapter VIII.- COMMON, TRANSITIONAL AND FINAL PROVISIONS

 

Article 47.- Measures for the Transitional Period

(1) Everyone who processes personal data by the date of entry into effect of this Act and who is subject to the notification obligation pursuant to Article 16 shall be obliged to fulfil this obligation at the latest within 6 months as of the date of entry into effect of this Act.

(2) Personal data processing carried out prior to the date of entry into effect of this Act shall be brought into accordance with this Act by December 31, 2001.

(3) In case the supervisory staff establishes a breach of obligations pursuant to paragraph 2, the provisions of Article 46(1) and (2) shall not be applied in such case prior to December 31, 2002

 

Article 48.- Repealing Provision

Act nº 256/1992 Coll., on the Protection of the Personal Data in Information Systems is hereby repealed.

 

Part TWO.- Repealed

 

Article 49.- Repealed

 

Part THREE

 

Article 50.- Amendment to the Act on Free Access to Information

Act nº 106/1999 Coll., on Free Access to Information, shall be amended as follows:

  1. Article 2 paragraph (3), including footnote nº 1 shall read:

“(3) The Act shall not apply to the provision of personal data and information pursuant to a special regulation.

  1. In Article 8, paragraphs (1) and (2), including the heading and footnote nº 5, shall be repealed.

 

Part FOUR.- Legal Force

 

Article 51

This Act comes into effect on June 1, 2000, with the exception of the provisions of Articles 16, 17 and 35, which come into effect on December 1, 2000.

 

 

 

 

Selected provisions of amandments

Article II of the Act nº 439/2004 Coll.

  1. Notifications and decisions on the registration of personal data processing pursuant to Articles 16, 17 and 17a of the Act nº 101/2000 Coll., on the Protection of Personal Data and on Amendment to Some Acts in wording of the Act nº 450/2001 Coll., submitted and issued prior to the day of entry into effect of this Act continue to be valid.
  2. Permissions for transfer or transfers of personal data to other state issued prior the day of entry into effect of this Act shall cease to have force on the day of entry into effect of this Act, if the state for which this permission was meant is a member state of the European Union or a state for which the prohibition to restrict the free movement of personal data ensues from a published international agreement, to the ratification of which the Parliament has given his assent and which is binding the Czech Republic. Permissions to transfer or transfers of personal data to a state not mentioned in the proceeding sentence issued before the Act has come into effect continue to be valid.
  3. Proceedings initiated and not terminated before the effective date of Act shall be completed pursuant to applicable legal regulations except of proceedings on the permission for transfer or transfers of personal data to a member state of the European Union or a state for which the prohibition to restrict the free movement of personal data ensues from a published international agreement, to the ratification of which the Parliament has given his assent and which is binding the Czech Republic, that will be discontinued.
  4. A controller performing the personal data processing for which no registration was needed pursuant to previous legal regulations and which underlies registration as of the day of entry into effect of this Act must notify such personal data processing to the Office for Personal Data Protection within 6 months as of the day of entry into effect of this Act.

 

12Jul/17

Act nº 13 of 17th June 2004. The Data Protection Act 2004

THE DATA PROTECTION ACT 2004

 

Act nº 13 of 2004

 

I assent

 

ANEROOD JUGNAUTH President of the Republic

17th June 2004

 

 

AN ACT

To provide for the protection of the privacy rights of individuals in view of the developments in the techniques used to capture, transmit, manipulate, record or store data relating to individuals

 

 

PART I .- PRELIMINARY

ENACTED by the Parliament of Mauritius, as follows :

 

1.- Short title

The Act may be cited as the Data Protection Act 2004.

 

2.- Interpretation

In this Act:

“adverse action”, in relation to a data subject, means any action that may adversely affect the person’s rights, benefits, privileges, obligations or interests;

“authorised officer” means an officer to whom the Commissioner has delegated his powers under section 9;

“blocking”, in relation to personal data, means suspending the modification of data, or suspending or restricting the provision of information to a third party where such provision is suspended or restricted in accordance with this Act;

“collect” does not include receipt of unsolicited information;

“Commissioner” means the Data Protection Commissioner referred to in section 4;

“consent” means any freely given specific and informed indication of the wishes of the data subject by which he signifies his agreement to personal data relating to him being processed;

“data” means information in a form which:

(a)

(i) is capable of being processed by means of equipment operating automatically in response to instructions given for that purpose; and

(ii) is recorded with the intent of it being processed by such equipment; or

(b) is recorded as part of a relevant filing system or intended to be part of a relevant filing system;

“data controller” means a person who, either alone or jointly with any other person, makes a decision with regard to the purposes for which and in the manner in which any personal data are, or are to be, processed;

“data matching procedure” means any procedure, whether manually or by means of any electronic or other device, whereby personal data collected for one or more purposes in respect of 10 or more data subjects are compared with personal data collected for any other purpose in respect of those data subjects where the comparison:

(a) is for the purpose of producing or verifying data that; or

(b) produces or verifies data in respect of which it is reasonable to believe that it is practicable that the data,

may be used, whether immediately or at any subsequent time, for the purpose of taking any adverse action against any of those data subjects;

“data processor” means a person, other than an employee of the data controller, who processes the data on behalf of the data controller;

“data protection principles” means the data protection principles specified in the First Schedule;

“data subject” means a living individual who is the subject of personal data;

“direct marketing” means the communication of any advertising or marketing material which is directed to any particular individual;

“document” includes:

(a) a disc, tape or any other device in which the data other than visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced from the disc, tape or other device; and

(b) a film, tape or other device in which visual images are embodied as to be capable, with or without  the aid of some other equipment, of being reproduced from the film, tape or other device;

“inaccurate”, in relation to personal data, means data which are incorrect, misleading, incomplete or obsolete;

“individual” means a living individual;

“information and communication network“ means a network for the transmission of messages and includes a telecommunication network;

“network” means a communication transmission system that provides interconnection among a number of local and remote devices;

“office” means the Data Protection Office established under section 4;

“personal data” means :

(a) data which relate to an  individual who can be identified from those data; or

(b) data or other information, including an opinion forming part of a database, whether or not recorded in a material form, about an individual whose identity is apparent or can reasonably be ascertained from the data, information or opinion;

“proceedings” :

(a) means any proceedings conducted by or under the supervision of a Judge, Magistrate or judicial officer; and

(b) includes:

(i) any inquiry or investigation into a criminal offence; and

(ii) any disciplinary proceedings;

“processing” means any operation or set of operations which is performed on the data wholly or partly by automatic means, or otherwise than by automatic means, and includes :

(a) collecting, organising or altering the data;

(b) retrieving, consulting, using, storing or adapting the data;

(c) disclosing the data by transmitting, disseminating or otherwise making it available; or

(d) aligning, combining, blocking, erasing or destroying the data;

“register” means the register referred to in section 33;

“relevant filing system” means a structured set of information relating to individuals that, although it is not in a form capable of being processed automatically, is structured, either by reference to any individual or by reference to criteria relating to the individual, in such a way that the structure allows ready accessibility to information relating to that individual;

“relevant function” means :

(a) any function conferred on any person by or under any enactment;

(b) any function of any Minister; or

(c) any other function which is of a public nature and is exercised in the public interest;

“relevant person”, in relation to a data subject, means :

(a) where the data subject is a minor, a person who has parental authority over the minor or has been appointed as his guardian by the Court;

(b) where the data subject is physically and mentally unfit, a person who has been appointed his guardian by the Court;

(c) in any other case, a person duly authorised in writing by the data subject to make a request under sections 41 and 44;

“sensitive personal data” means personal information concerning a data subject and consisting of information as to :

(a) the racial or ethnic origin;

(b) political opinion or adherence;

(c) religious belief or other belief of a similar nature;

(d) membership to a trade union;

(e) physical or mental health;

(f) sexual preferences or practices;

(g) the commission or alleged commission of an offence; or

(h) any proceedings for an offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings;

“telecommunication network” means a system, or a series of systems, operating within such boundaries as may be prescribed, for the transmission or reception of messages by means of guided or unguided electro-magnetic energy or both;

“third party” in relation to personal data, means any person other than :

(a) the data subject;

(b) a relevant person in the case of a data subject;

(c) the data controller; or

(d) a person authorised in writing by the data controller to collect, hold, process or use  the data :

(i) under the direct control of the data controller; or

(ii) on behalf of the data controller;

“traffic data” means any data relating to a communication by means of a computer system and generated by the system that form part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service;

“Tribunal” means the ICT Appeal Tribunal set up under section 36 of the Information and Communication Technologies Act 2001;

“underlying service” means the type of service that is used within the computer system;

“use” in relation to personal data, includes disclose or transfer the data.

 

3.- Application of Act

(1) This Act shall bind the State.

(2) For the purposes of this Act, each Ministry or Government department shall be treated as separate from any other Ministry or Government department.

(3) Subject to Part VII, this Act shall apply to a data controller :

(a) who is established in Mauritius and processes data in the context of that establishment; and

(b) who is not established in Mauritius but uses equipment in Mauritius for processing data, other than for the purpose of transit through Mauritius.

(4) A data controller, falling within subsection (3)(b) shall nominate for the purposes of this Act, a representative established in Mauritius.

(5) For the purposes of subsection (3)(a) any person who :

(a) is ordinarily resident in Mauritius;

(b) carries out data processing activities through an office, branch or agency in Mauritius,

shall be treated as being established in Mauritius.

(6) Subject to the provisions of this Act, every data controller shall comply with the data protection principles.

 

PART II .- DATA PROTECTION OFFICE

 

4.- Data Protection Office

(1) There is established for the purposes of this Act a Data Protection Office which shall be a public office.

(2) The head of the office shall be known as the Data Protection Commissioner.

(3) The Commissioner shall be a barrister with at least 5 years standing at the Bar.

(4) The Commissioner shall be assisted by such public officers as may be necessary.

(5) Every public officer referred to in subsection (4) shall be under the administrative control of the Commissioner.

 

5.- Functions of Commissioner

The Commissioner shall :

(a) ensure compliance with this Act, and any regulations made under the Act;

(b) issue or approve codes of practice or guidelines for the purposes of this Act;

(c) create and maintain a register of all data controllers;

(d) exercise control on all data processing activities, either of its own motion or at the request of a data subject, and verify whether the processing of data is in accordance of this Act or regulations made under the Act;

(e) promote self-regulation among data controllers;

(f) investigate any complaint or information which give rise to a suspicion that an offence, under this Act may have been, is being or is about to be committed;

(g) take such measures as may be necessary so as to bring to the knowledge of the general public the provisions of this Act;

(h) undertake research into, and monitor developments in, data processing and computer technology, including data-matching and data linkage, ensure that any adverse effects of such developments on the privacy of individuals are minimised, and report to the Prime Minister the results of such research and monitoring;

(i) examine any proposal for data matching or data linkage that may involve an interference with, or may otherwise have adverse effects on the privacy of individuals and, ensure that any adverse effects of such proposal on the privacy of individuals are minimised;

(j) do anything incidental or conducive to the attainment of the objects of, and to the better performance of his duties and functions under this Act.

 

6.- Confidentiality and oath

(1) The Commissioner, and every officer of the office shall take the oath specified in the Second Schedule.

(2) The Commissioner and every authorised officer shall not, except :

(a) in accordance with this Act or any other enactment;

(b) upon a Court order; or

(c) as authorised by the order of a Judge,

divulge any information obtained in the exercise of a power or in the performance of a duty under this Act.

(3) The Commissioner or any authorised officer, who otherwise than in the course of his duties, uses or records personal data or sensitive personal data, that comes to his knowledge or to which he has access by reason of his position as Commissioner or authorised officer, shall commit an offence.

(4) Any person, who without lawful excuse, contravenes subsection (2), shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

 

PART III .- POWERS OF COMMISSIONER

 

7.-  Powers of Commissioner

The Commissioner shall have power, for the purpose of carrying out his functions to do all such acts as appear to him to be requisite, advantageous or convenient for, or in connection with the carrying out of these functions.

 

8.- Powers to obtain information

(1) The Commissioner may, by notice in writing served on any person, request from that person, information as is necessary or expedient for the performance of his functions and exercise of his powers and duties under this Act.

(2) Where the information requested by the Commissioner is stored in a computer, disc, cassette, or on microfilm, or preserved by any mechanical or electronic device, the person named in the notice shall produce or give access to the information in a form in which it can be taken away and in which it is visible and legible.

 

9.- Delegation of powers by Commissioner

The Commissioner may delegate any of his investigating and enforcement powers conferred upon him by this Act to any officer of his office and to any police officer designated for that purpose by the Commissioner of Police.

 

10.- Contents of notice

(1) Subject to subsection (2) :

(a) the notice specified in section 8 shall state that the person to whom the notice is addressed has a right of appeal conferred under section 58; and

(b) the delay granted for compliance shall not be less than 21 days.

(2) Where a notice of appeal against a decision made under section 8, is lodged with the Commissioner, the information required need not be furnished, pending the determination or withdrawal of the appeal.

(3) Where the Commissioner considers that the information is required urgently for the proper performance of his functions and exercise of his powers under this Act, the Commissioner may apply to the Judge in Chambers for communication of the information.

(4) Any person, who without reasonable excuse, fails or refuses to comply with a requirement specified in a notice, or who furnishes to the Commissioner an information which he knows to be false or misleading in a material particular, shall commit an offence, and shall on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

 

11.- Complaints

Where a complaint is made to the Commissioner that this Act or any regulations made under it, has been, is being or is about to be contravened, the Commissioner shall :

(a) investigate the complaint or cause it to be investigated by an authorised officer, unless he is of the opinion that such complaint is frivolous or vexatious; and

(b) as soon as reasonably practicable, notify the complainant in writing of his decision in relation to the complaint and that the complainant may, if he is aggrieved by the Commissioner’s decision, appeal to the  Tribunal.

 

12.- Enforcement of notice

(1) Where the Commissioner is of opinion that a data controller or a data processor has contravened, is contravening or is about to contravene this Act, the Commissioner may serve an enforcement notice on the data controller or the data processor, as the case may be, requiring him to take such steps within such time as may be specified in the notice.

(2) Notwithstanding subsection (1), where the Commissioner is of the opinion that a person has committed an offence under this Act, he may investigate the matter or cause it to be investigated by an authorised officer.

(3) An enforcement notice shall :

(a) specify any provision of this Act which has been, is being or is likely to be contravened;

(b) specify the measures that shall be taken to remedy or eliminate the matter, as the case may be, which makes it likely that a contravention will arise;

(c) specify a time limit which shall not be less than 21 days within which those measures shall be implemented; and

(d) state the right of appeal conferred under section 58.

(4) In complying with an enforcement notice served under subsection (1), a data controller or a data processor, as the case may be, shall as soon as practicable and in any event not later than 21 days after such compliance, notify :

(a) the data subject concerned; and

(b) where such compliance materially modifies the data concerned, any person to whom the data was disclosed during the period beginning 12 months before the date of the service of the enforcement notice and ending immediately before such compliance, of any amendment.

(5) Where the Commissioner considers that any provision of the enforcement notice need not be complied with to ensure compliance with the data protection principles to which the notice relates, he may vary the notice and, where he does so, he shall notify in writing the person on whom the notice was served.

(6) Any person who, without reasonable excuse, fails or refuses to comply with an enforcement notice shall commit an offence, and shall, on conviction, be liable to fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding 2 years.

 

13.- Preservation Order

(1) The Commissioner may apply to a Judge in Chambers for an order for the expeditious preservation of data, including traffic data, where he has reasonable grounds to believe that such data is vulnerable to loss or modification.

(2) Where the Judge in Chambers is satisfied that an order may be made under subsection (1), he shall issue a preservation order specifying a period which shall not be more than 90 days during which the order shall remain in force.

(3) The Judge in Chambers may, on application made by the Commissioner, extend the period specified in subsection (2) for such time as the Judge thinks fit.

 

14.- Power to carry out prior security checks

(1) Where the Commissioner is of the opinion that the processing or transfer of data by a data controller entails specific risks to the privacy rights of data subjects, he may inspect and assess the security measures taken under section 27 prior to the beginning of the processing or transfer.

(2) The Commissioner may, at any reasonable time during working hours, carry out further inspection and assessment of the security measures imposed on a data controller under section 27.

 

15.- Compliance audit

The Commissioner may carry out periodical audits of the systems of data controllers to ensure compliance with data protection principles specified in the First Schedule.

 

16.- Powers to request assistance

(1) For the purposes of gathering information or for the proper conduct of any investigation concerning compliance with this Act, the Commissioner may seek the assistance of such persons or authorities, as he thinks fit and that person or authority may do such things as are reasonably necessary to assist the Commissioner in the performance of the Commissioner’s functions.

(2) Any person assisting the Commissioner pursuant to subsection (1), shall for the purposes of section 6 be deemed to an officer of the office.

 

17.- Powers of entry and search

(1) An authorised officer may, at any time, enter any premises other than a dwelling house, for the purpose of discharging any functions or duties under this Act or any regulations made under this Act.

(2) An authorised officer shall not enter a dwelling house unless he shows to the owner or occupier of the house, a warrant issued by a Magistrate authorising the officer to exercise his power under this Act in respect of the house.

(3) An authorised officer may, on entering any premises :

(a) request the owner or occupier to produce any document, record or data;

(b) examine any such document, record or data and take copies or extracts from them;

(c) request the owner of the premises entered into, or any person employed by him, or any other person on the premises, to give to the authorised officer all reasonable assistance and to answer all reasonable questions either orally or in writing.

(4) Where the information requested by the authorised officer pursuant to subsection (3) is stored in a computer, disc, cassette, or on microfilm, or preserved by any mechanical or electronic device, the person to whom the request is made shall be deemed to require the person to produce or give access to it in a form in which it can be taken away and in which it is visible and legible.

(5) For the purpose of carrying out his duties under this section, the authorised officer may be accompanied by such person as the Commissioner thinks fit.

 

18.- Warrant to enter and search dwelling house

(1) A Magistrate may, on being satisfied on an information upon oath, that the authorised officer has to exercise the powers and duties conferred upon him under section 17 in respect of a dwelling house, issue a warrant authorising the authorised officer to exercise those powers and duties.

(2) A warrant issued under subsection (1) shall be valid for the period stated in the warrant.

(3) The Magistrate may attach and specify any condition to a warrant.

 

19.- Obstruction of authorised officer

Any person who, in relation to the exercise of powers conferred by section 17 and 18 :

(a) obstructs or impedes an authorised officer in the exercise of any of his powers;

(b) fails to provide assistance or information requested by the authorised officer;

(c) refuses to allow an authorised officer to enter any premises or to take any person with him in the exercise of his functions;

(d) gives to an authorised officer any information which is false and misleading in a material particular,

shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to a term of imprisonment not exceeding 2 years.

 

20.- Referral to police

On completion of an investigation under this Act, the Commissioner shall, where the investigation reveals that an offence has been committed under this Act or any regulations made under the Act, refer the matter to the Police.

 

21.- Directions by Prime Minister

(1) Subject to subsection (2), the Prime Minister may give in writing such directions of a general character to the Commissioner, not inconsistent with this Act, which he considers to be necessary in the public interest, and the Commissioner shall comply with those directions.

(2) The Prime Minister shall not :

(a) give any direction in relation to any specific matter which is the subject of an investigation by the office; and

(b) question the Commissioner or an authorised officer, or otherwise enquire into, a matter which is under investigation by the office.

 

PART IV .- OBLIGATION ON DATA CONTROLLERS

 

22.- Collection of personal data

(1) Subject to Part VII, a data controller shall not collect personal data unless :

(a) it is collected for a lawful purpose connected with a function or activity of the data controller; and

(b) the collection of the data is necessary for that purpose.

(2) Where a data controller collects personal data directly from a data subject, the data controller shall at the time of collecting personal data ensure that the data subject concerned is informed of :

(a) the fact that the data is being collected;

(b) the purpose or purposes for which the data is being collected;

(c) the intended recipients of the data;

(d) the name and address of the data controller;

(e) whether or not the supply of the data by that data subject is voluntary or mandatory;

(f) the consequences for that data subject if all or any part of the requested data is not provided;

(g) whether or not the data collected shall be processed and whether or not the consent of the data subject shall be required for such processing; and

(h) his right of access to, the possibility of correction of and destruction of, the personal data to be provided.

(3) A data controller shall not be required to comply with  subsection (2) :

(a) in respect of a data subject where:

(i) compliance with subsection (2) in respect of a second or subsequent collection will be to repeat, without any material difference, what was done to comply with that subsection in respect of the first collection; and

(ii) not more than 12 months have elapsed between the first collection and this second or subsequent collection.

(b) where :

(i) compliance is not reasonably practicable at the time of collection, provided that the data controller makes available to the data subject all the relevant information specified in subsection (2) as soon as practicable; or

(ii) the data is used in a form in which the data subject concerned cannot or could not reasonably expect to be identified.

(4) Where data is not collected directly from the data subject concerned, the data controller or any person acting on his behalf shall ensure that the data subject is informed of the matters specified in subsection (2).

(5) Subsection (3) shall not operate to prevent a second or subsequent collection from becoming a first collection where the data controller has complied with subsection (2) in respect of the second or subsequent collection.

 

23.- Accuracy of personal data

A data controller shall take all reasonable steps to ensure that personal data within his possession is :

(a) accurate; and

(b) kept up to date where such data requires regular updating.

 

24.- Processing of personal data

(1) No personal data shall be processed, unless the data controller has obtained the express consent of the data subject.

(2) Notwithstanding subsection (1), personal data may be processed without obtaining the express consent of the data subject where the processing is necessary :

(a) for the performance of a contract to which the data subject is a party;

(b) in order to take steps required by the data subject prior to entering into a contract;

(c) in order to protect the vital interests of the data subject;

(d) for compliance with any legal obligation to which the data controller is subject;

(e) for the administration of justice; or

(f) in the public interest.

 

25.- Processing of sensitive personal data

(1) No sensitive personal data shall be processed unless the data subject has:

(a) given his express consent to the processing of the personal data; or

(b) made the data public.

(2) Subsection (1) shall not apply where the processing :

(a) is necessary :

(i) for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with his employment;

(ii) in order to protect the vital interests of the data subject or another person in a case where consent cannot be given by or on behalf of the data subject, or the data controller cannot reasonably be expected to obtain the consent of the data subject;

(iii) in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld;

(iv) for the performance of a contract to which the data subject is a party;

(v) in order to take steps required by the data subject prior to entering into a contract;

(vi) for compliance with a legal obligation to which the data controller is subject;

(b) is carried out by any entity or any association which exists for political, philosophical, religious or trade union purposes in the course of its legitimate activities and the processing :

(i) is carried out with the appropriate safeguards specified under sections 22, 23, 26 and 27;

(ii) is related only to individuals who are members of the charitable entity or association, and

(iii) does not involve disclosure of the personal data to a third party without the consent of the date subject;

(c) is in respect of the information contained in the personal data made public as a result of steps deliberately taken by the data subject;

(d) is required by law.

 

26.- Use of personal data

The data controller shall ensure that personal data is :

(a) kept only for one or more specified and lawful purposes for which such data has been collected and processed;

(b) not used or disclosed in any manner incompatible with the purposes for which such data has been collected and processed;

(c) adequate, relevant and not excessive in relation to the purposes for which such data has been collected and processed; and

(d) not kept for longer than is necessary for the purposes for which such data has been collected and processed.

 

27.- Security of personal data

(1) A data controller shall :

(a) take appropriate security and organisational measures for the prevention of unauthorised access to, alteration of, disclosure of, accidental loss, and destruction of the data in his control; and

(b) ensure that the measures provide a level of security appropriate to :

(i) the harm that might result from the unauthorised access to, alteration of, disclosure of, destruction of the data and its accidental loss; and

(ii) the nature of the data concerned.

(2) A data controller or a data processor shall take all reasonable steps to ensure that any person employed by him is aware of and complies with the relevant security measures.

(3) Where a data controller is using the services of a data processor, he shall choose a data processor providing sufficient guarantees in respect of security and organisational measures for the purposes of complying with subsection (1).

(4) Where the data controller is using the services of a data processor under subsection (3) the data controller and the data processor shall enter into a written contract which shall provide that :

(a) the data processor shall act only on instructions received from the data controller; and

(b) the data processor shall be bound by obligations devolving on the data controller under subsection (1).

(5) Without prejudice to subsection (1), in determining the appropriate security measures, in particular, where the processing involves the transmission of data over an information and communication network, a data controller shall have regard to :

(a) the state of technological development available;

(b) the cost of implementing any of the security measures;

(c) the special risks that exist in the processing of the data; and

(d) the nature of the data being processed.

 

28.- Duty to destroy personal data

(1) Where the purpose for keeping personal data has lapsed, the data controller shall :

(a) destroy such data as soon as reasonably practicable; and

(b) notify any data processor holding such data.

(2) Any data processor who receives a notification under subsection (1) (b) shall, as soon as reasonably practicable, destroy the data specified by the data controller.

 

29.- Unlawful disclosure of personal data

(1) Any data controller who, without lawful excuse, discloses personal data in any manner that is incompatible with the purposes for which such data has been collected shall commit an offence.

(2) Any data processor who, without lawful excuse, discloses personal data processed by him without the prior authority of the data controller on whose behalf such data is or has been processed shall commit an offence.

(3) Subject to subsection (4), any person who :

(a) obtains access to personal data, or obtains any information constituting such data, without prior authority of the data controller or data processor by whom such data is kept; and

(b) discloses the data or information to another person, shall commit an offence.

(4) Subsection (3) shall not apply to a person who is an employee or agent of a data controller or processor and is acting within his mandate.

(5) Any person who offers to sell personal data where such personal data has been obtained in breach of subsection (1) shall commit an offence.

(6) For the purposes of subsection (5), an advertisement indicating that personal data is or may be for sale, constitutes an offer to sell the personal data.

 

30.- Processing of personal data for direct marketing

(1) A person may, at any time, by notice in writing, request a data controller :

(a) to stop; or

(b) not to begin,

the processing of personal data in respect of which he is a data subject, for the purposes of direct marketing.

(2) Where the data controller receives a request under subsection (1)(a), he shall, as soon as reasonably practicable and in any event not more than 28 days after the request has been received :

(a) where the data are kept only for purposes of direct marketing, erase the data; and

(b) where the data are kept for direct marketing and other purposes, stop processing the data for direct marketing.

(3) Where the data controller receives a request under subsection (1)(b), he

(a) shall, where the data are kept only for the purpose of direct marketing, as soon as reasonably practicable and in any event not more than 28 days after the request has been received, erase the data; or

(b) shall not, where the data are kept for direct marketing and other purposes, process the data for direct marketing after the expiry of 28 days.

(4) The data controller shall notify the data subject in writing of any action taken under subsections (2) and (3) and, where appropriate, inform him of the other purposes for which the personal data is being processed.

(5) Where a data controller fails to comply with a notice under subsection (1), the data subject may appeal to the Tribunal.

(6) Where a data controller fails to comply with an order of the Tribunal, he shall commit an offence.

 

31.- Transfer of personal data

(1) Subject to subsection (2), no data controller shall, except with the written authorisation of the Commissioner, transfer personal data to a third country.

(2) The Eighth data protection principle specified in the First Schedule shall not apply where :

(a) the data subject has given his consent to the transfer;

(b) the transfer is necessary :

(i) for the performance of a contract between the data subject and the data controller, or for the taking of steps at the request of the data subject with a view to his entering into a contract with the data controller;

(ii) for the conclusion of a contract between the data controller and a person, other than the data subject, which is entered at the request of the data subject, or is in the interest of the data subject, or for the performance of such a contract;

(iii) in the public interest, to safeguard public security or national security.

(c) the transfer is made on such terms as may be approved by the Commissioner as ensuring the adequate safeguards for the protection of the rights of the data subject.

(3) For the purpose of subsection (2)(c), the adequacy of the level of protection of a country shall be assessed in the light of all the circumstances surrounding the data transfer, having regard in particular to :

(a) the nature of the data;

(b) the purpose and duration of the proposed processing;

(c) the country of origin and country of final destination;

(d) the rules of law, both general and sectoral, in force in the country in question; and

(e) any relevant codes of conduct or other rules and security measures which are complied with in that country.

 

32.- Data matching

(1) No data controller shall carry out a data matching procedure   unless :

(a)

(i) the data subject whose personal data is the subject to that procedure has given his consent to the procedure being carried out;

(ii) the Commissioner has consented to the procedure being carried out; and

(iii) is the procedure carried out in accordance with such conditions as the Commissioner may impose; or

(b) it is required or permitted under any other enactment.

(2) Subject to subsection (3), a data controller shall not take any adverse action against any data subject as a consequence of the carrying out of a data matching procedure :

(a) unless the data controller has served a notice in writing on the data subject:

(i) specifying the adverse action it proposes to take and the reasons therefor;

(ii) stating that the data subject has 7 days after the receipt of the notice to show cause why the adverse action should not be taken; and

(b) until the expiry of the 7 days specified in paragraph (a).

(3) Subsection (2) shall not preclude a data controller from taking any adverse action against any data subject if compliance with the requirements of that subsection shall prejudice any investigation into the commission of any offence which has been, is being or is likely, to be committed.

 

PART V .- THE DATA PROTECTION REGISTER

 

33.- Register of data controllers

(1) There shall be a register of data controllers to be known as the Data Protection Register, which shall be kept and maintained by the office.

(2) Subject to Part VII, a data controller shall register himself with the office.

 

34.- Application for registration

(1) An application for registration as a data controller shall be made in writing to the Commissioner and the person shall furnish such particulars as requested under section 35.

(2) Where a data controller intends to keep personal data for 2 or more purposes, he shall make an application for separate registration in respect of any of those purposes and, entries shall be made in accordance with any such applications.

(3) Subject to subsection (4), the Commissioner shall grant an application for registration, unless he reasonably believes that :

(a) the particulars proposed for inclusion in an entry in the register are insufficient or any other information required by the Commissioner either has not been furnished, or is insufficient;

(b) appropriate safeguards for the protection of the privacy of the data subjects concerned are not being, or will not continue to be, provided by the data controller; or

(c) the person applying for registration is not a fit and proper person.

(4) Upon registration of an application, the applicant shall pay such fee as may be prescribed.

(5) Where the Commissioner refuses an application for registration, he shall, as soon as reasonably practicable, notify in writing the applicant of the refusal:

(a) specifying the reasons for the refusal; and

(b) informing the applicant that he may appeal against the refusal under to section 58.

(6) The Commissioner may, at any time, at the request of the person to whom an entry in the register relates, remove his name from the register.

 

35.- Particulars to be furnished

(1) A data controller who wishes to be registered with the office shall provide the following particulars :

(a) his name and address;

(b) if he has nominated a representative for the purposes of this Act, the name and address of the representative;

(c) a description of the personal data being, or to be processed by or on behalf of the data controller, and of the category of data subjects, to which the personal data relate;

(d) a statement as to whether or not he holds, is likely to hold, sensitive personal data;

(e) a description of the purpose for which the personal data are being or are to be processed;

(f) a description of any recipient  to whom the data controller intends or may wish to disclose the personal data;

(g) the names, or a description of, any country to which the data controller directly or indirectly transfers, or intends or may wish, directly or indirectly to transfer the data; and

(h) the class of data subjects, or where practicable the names of data subjects, in respect of which the data controller holds personal data.

(2) Any data controller who, knowingly supplies false information under subsection (1), shall commit an offence and shall, on conviction, be liable to a fine not exceeding 100,000 rupees and to imprisonment for a term not exceeding 2 years.

(3) Where the data controller in respect of whom there is an entry in the register changes his address, he shall, within 15 days of the change in address, notify the Commissioner in writing.

 

36.- Contents of register

Each entry in the register shall contain the particulars provided under section 35.

 

37.- Inspection of register

(1) The register shall be kept in the office of the Commissioner and shall at all reasonable times be available for inspection by any person free of charge.

(2) Any person may, on payment of such fee as may be prescribed, obtain from the Commissioner a certified copy of, or of an extract from, any entry in the register.

 

38.- Duration of registration

(1) A registration shall be for a period not exceeding one year and on the expiry of such period, the relevant entry shall be cancelled unless the registration is renewed.

(2) The period specified under subsection (1) shall be calculated :

(a) in the case of a first registration, from the date on which the relevant entry was made in the register; and

(b) in the case of a registration which has been renewed, from the date on which it was renewed.

(3) The Commissioner may, subject to this Act, renew a registration upon application by the data controller, and on payment of such fee as may be prescribed.

 

39.- Failure to register or to renew registration

Any data controller, who without reasonable excuse, processes any personal data without being registered, shall commit an offence.

 

40.- Certificate issued by Commissioner

In any proceedings in which the registration of a person as a data controller or a data processor is in question, a certificate under the hand of the Commissioner that there is no entry in the register in respect of the person as a data controller or data processor, shall be conclusive evidence of that fact.

 

PART VI .- RIGHTS OF DATA SUBJECTS

 

41.- Access to personal data

(1) Subject to section 42, a data controller shall on the written request of a data subject or a relevant person :

(a) inform the data subject or the relevant person :

(i) whether the data kept by him include personal data relating to the data subject;

(ii) the purposes for which the data are being or are to be processed;

(iii) the recipients or classes of recipients to whom they are or may be disclosed; and

(b) supply the data subject or the relevant person with a copy of any data referred to in paragraph (a) on payment of the prescribed fee.

(2) A request under subsection (1)(a) and (b) shall be treated as a single request.

(3) Where any data referred to under subsection (1) is expressed in terms that are not intelligible without explanation, the data controller shall supply the information with an explanation of those terms.

(4) A fee paid by any person to a data controller under this section shall be returned to him where a request under subsection (1) is not complied with.

(5) The information to be supplied pursuant to a request under this section shall be supplied by reference to any personal data at the time when the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request.

 

42.- Compliance with request for access to personal data

(1) Subject to subsection (2) and section 43 and to the payment of the prescribed fee, a data controller shall comply with a request under section 41 not later than 28 days after the receipt of the request.

(2) Where a data controller is unable to comply with the request within the period specified in subsection (1), he shall :

(a) before the expiry of the specified period :

(i) inform the data subject or the relevant person who has made the request on behalf of the data subject, that he is unable to comply with the request and shall, if required, state the reasons therefor;

(ii) endeavour to comply with the request in such time reasonably practicable, and

(b) as soon as practicable after the expiry of the specified period, comply with the request.

 

43.- Denial of access to personal data

(1) A data controller may refuse a request under section 41 where :

(a) he is not supplied with such information as he may reasonably require in order to satisfy himself as to the identity of the person making the request, and to locate the information which the person seeks;

(b) compliance with such request will be in contravention with his confidentiality obligation imposed under any other enactment.

(2) Where a data controller cannot comply with a request under section 41 without disclosing personal data relating to another person, he may refuse the request unless :

(a) the other individual has consented to the disclosure of the his personal data to the person making the request; or

(b) he obtains the written approval of the Commissioner.

(3) In determining for the purposes of subsection (2)(b) whether it is reasonable for the Commissioner to approve a request without the consent of the other individual concerned, regard shall be had, in particular, to :

(a) any duty of confidentiality owed to the other individual;

(b) any steps taken by the data controller with a view to seeking the consent of the other individual;

(c) whether the other individual is capable of giving consent; and

(d) any express refusal of consent by the other individual.

(4)

(a) Where a data controller has previously complied with a request made under section 41 by a data subject, the data controller is not obliged to comply with a subsequent identical or similar request under that section by that data subject unless a reasonable interval has elapsed between compliance with the previous request and the making of the current request.

(b) In determining, for the purposes of paragraph (a), whether requests under section 41 are made at reasonable intervals, regard shall be had to :

(i) the nature of the data;

(ii) the purpose for which the data are processed; and

(iii) the frequency with which the data are altered.

(5) A data controller shall not comply with a request under section 41 where :

(a) he is being requested to disclose information given or to be given in confidence for the purposes of :

(i) the education, training or employment, or prospective education, training or employment, of the data subject;

(ii) the appointment, or prospective appointment, of the data subject to any office; or

(iii) the provision, or prospective provision, by the data subject of any service;

(b) the personal data requested consist of information recorded by candidates during an academic, professional or other examination;

(c) such compliance would, by revealing evidence of the commission of any offence other than an offence under this Act, expose him to proceedings for that offence.

 

44.- Inaccurate personal data

(1) A data controller shall, upon being informed as to the inaccurateness of personal data, by a data subject to whom such data pertains, cause such data to be rectified, blocked, erased or destroyed, as appropriate.

(2) Where a data controller is aware that a third party holds inaccurate personal data, he shall, as soon as reasonably practicable, require the third party to rectify, block, erase or destroy the data, as appropriate.

(3) Where the third party specified in subsection (2) fails to comply with the requirement under that subsection, he shall commit an offence.

(4) Where a data controller fails to rectify, block, erase or destroy inaccurate personal data, a data subject may apply to the Commissioner to have such data rectified, blocked, erased or destroyed, as appropriate.

(5) Upon being satisfied by an application under subsection (4) that the personal data is incorrect, the Commissioner shall, where he is satisfied, direct the data controller to rectify, block, erase or destroy those data and any other personal data in respect of which he is the data controller.

(6) Where the Commissioner :

(a) issues a direction under subsection (5); or

(b) is satisfied on the application by an individual that personal data of which the individual is the data subject were inaccurate and have been rectified, blocked, erased or destroyed,

he may direct the data controller to notify third parties to whom the data have been disclosed, of the rectification, blocking, erasure or destruction.

 

PART VII .- EXEMPTIONS

 

45.- National security

(1) Personal data are exempt from any provision of this Act where the nonapplication of such provision would, in the opinion of the Prime Minister be required for the purpose of safeguarding national security.

(2) In any proceedings in which the non-application of the provisions of this Act on grounds of national security is in question, a certificate under the hand of the Prime Minister referred in subsection (1) certifying that such is the case, shall be conclusive evidence of that fact.

 

46.- Crime and taxation

The processing of personal data for the purposes of :

(a) the prevention or detection of crime;

(b) the apprehension or prosecution of offenders; or

(c) the assessment or collection of any tax, duty or any imposition of a similar nature, shall be exempt from :

(i) the Second, Third, Fourth and Eighth data protection principles;

(ii) sections 23 to 26; and

(iii) Part VI of this Act in respect of blocking personal data,

to the extent to which the application of such provisions would be likely to prejudice any of the matters specified in paragraphs (a) to (c).

 

47.- Health and social work

(1) A data controller shall be exempt from the application of section 41 where the personal data to which access is being sought relates to the physical or mental health of the data subject and the application of that section is likely to cause serious harm to the physical or mental health of the data subject or of, any other person.

(2) The Prime Minister may, by notice in the Gazette or by regulations, waive the obligations imposed under section 41, on a public authority, voluntary organisations and any other similar body as may be prescribed, where such public authority, voluntary organisation or other body carries out social work in relation to a data subject or any other individual, and the application of that section is likely to prejudice the carrying out of the social work.

 

48.- Regulatory activities

The processing of personal data for the purpose of discharging any of the relevant functions :

(a) designed for protecting members of the public against :

(i) financial loss due to dishonesty, malpractice or other serious improper conduct, or by the unfitness or incompetence of, persons concerned in the provision of banking, insurance, investment or other financial services or in the management of bodies corporate;

(ii) financial loss due to the conduct of discharged or undischarged bankrupts; or

(iii) dishonesty, malpractice or other seriously improper conduct by, or the unfitness or incompetence of, persons authorised to carry on any profession or other activity;

(b) conferred on the Bank of Mauritius, the Financial Services Commission and the Financial Intelligence Unit, by or under any enactment;

(c) for protecting charitable trusts and other bodies involved in charitable work against misconduct or mismanagement in their administration;

(d) for protecting the property of charitable trusts and other bodies specified in paragraph (c) from loss or misapplication;

(e) for the recovery of the property of charitable trusts and other bodies specified in paragraph (c);

(f) for securing the health, safety and welfare of persons at work;

(g) for protecting persons other than persons at work against risk to health or safety arising out of or in connection with the actions of persons at work; or

(h) designed for:

(i) protecting members of the public against conduct which adversely affect their interests by persons carrying on a business;

(ii) regulating agreements or conduct which have as their object or effect the prevention, restriction or distortion of competition in connection with any commercial activity; or

(iii) regulating conduct on the part of one or more undertakings which amounts to the abuse of a dominant position in a market,

shall be exempt from the application of sections 23 to 26 to the extent that such an application would be likely to prejudice the proper discharge of such functions.

 

49.- Journalism, literature and art

(1) The processing of personal data for journalistic, literary and artistic purposes shall be exempt from the provisions specified in subsection (2) where :

(a) such processing is undertaken with a view to the publication  of any journalistic, literary or artistic material;

(b) the data controller involved in such processing reasonably believes that the publication would be in the public interest; and

(c) the data controller reasonably believes that compliance with any such provisions would be incompatible with such purposes.

(2) For the purposes of subsection (1), the processing of personal data shall be exempt from:-

(a) the Second, Third, Fifth and Eighth data protection principles;

(b) sections 23 to 27 and 32; and

(c) Part VI in respect of blocking personal data.

 

50.- Research, history and statistics

(1) Subject to subsections (2), (4), and (5), personal data which are processed only for research, historical or statistical purposes shall be exempt from the Fifth data protection principle.

(2) The exemption provided for under subsection (1) shall not be applicable where :

(a) such personal data are not processed to support measures or decisions with respect to particular individuals; and

(b) such personal data are not processed in such a way that such processing would substantially damage or substantially distress any data subject or will likely cause such damage or distress.

(3) For the purposes of :

(a) the Second data protection principle; and

(b) sections 23 and 27,

further processing of personal data only for research, historical or statistical purposes shall not be regarded as incompatible with the purposes for which such data was obtained provided that the conditions under subsection (2) are satisfied.

(4) The personal data processed for the purposes specified in subsection (1) shall also be exempt from the provisions of Part VI where :

(a) the conditions under subsection (2)(a) and (b) are satisfied; and

(b) the results of the research or any resulting statistics are not made available in a form which identifies any of the data subjects concerned.

 

51.- Information available to the public under an enactment

Where personal data consists of information which the data controller is obliged under an enactment to make available to the public, such data shall be exempt from :

(a) the Second, Third, Fourth, Fifth and Eighth data protection principles;

(b) sections 23 to 29; and

(c) Part VI in respect of blocking personal data.

 

52.- Disclosure required by law or in connection with legal proceedings

Personal data are exempt from :

(a) the Second, Third, Fourth and Fifth data protection principles;

(b) sections 23 to 29; and

(c) Part VI in respect of blocking personal data, where :

(i) the disclosure of such data is required under any enactment or by a Court order;

(ii) the disclosure of such data is necessary for the purpose of, or in connection with, any on-going or prospective legal proceedings;

(iii) the disclosure of such data is necessary for the purpose of obtaining legal advice; or

(iv) the disclosure is otherwise necessary for the purpose of establishing, exercising or defending legal rights.

 

53.- Legal professional privilege

Personal data are exempt from :

(a) the Second, Third, Fourth and Fifth data protection principles; and

(b) section 23,

where the data consist of information in respect of which a claim to legal professional privilege or confidentiality as between client and legal practitioner could be maintained in legal proceedings, including prospective legal proceedings.

 

54.- Domestic purposes

Personal data processed by an individual are exempt from :

(a) the data protection principles; and

(b) Part V and Part VI,

where such processing is only for the purposes of that individual’s personal, family or household affairs or for recreational purposes.

 

PART VIIl .- MISCELLANEOUS

 

55.- Annual report

(1) The Commissioner shall, not later than 3 months after the end of every calendar year, lay an annual report of the activities of the office before the National Assembly.

(2) Without limiting the generality of subsection (1), the report shall include :

(a) a statement about the operation of approved and issued codes of practice;

(b) any recommendations that the Commissioner thinks fit relating to the compliance with this Act, and in particular the data protection principles.

(3) The period starting from the commencement of this Act to the end of the year of such commencement shall be deemed to be the first calendar year.

 

56.- Codes and guidelines

(1) The Commissioner may, for the purposes of this Act or any regulations made under this Act, issue or approve codes of practice, or issue guidelines.

(2) Before issuing or approving any code of practice, or issuing any guidelines, the Commissioner may consult such person or authority as he thinks fit.

(3) Any code of practice :

(a) may be varied or revoked;

(b) shall, where the code is approved under subsection (1), come into operation on a day specified by the Commissioner.

(4) The Commissioner shall keep a register of approved codes and guidelines which shall be available for public inspection.

(5) The Commissioner may, on payment of such fee as may be prescribed, provide copies of, or extracts from, the register specified in subsection (4).

 

57.- Service of notice

(1) Any notice served by the Commissioner on an individual under this Act may be served by :

(a) delivering it to him;

(b) sending it to him by registered post addressed to him at his usual or last known place of residence or business.

(2) Any notice served by the Commissioner on a body corporate under this Act may be served by :

(a) sending it by post to the registered office of the body; or

(b) addressing it to and leaving it at the registered office of the body.

(3) Any notice served by the Commissioner on an unincorporated body of persons under this Act may be served by :

(a) sending it by post to the place where it ordinarily carries out its activities; or

(b) by addressing it to and leaving it at the place where it ordinarily carries out its activities.

 

58.- Right of appeal

Any person aggrieved by a decision of the Commissioner in respect of the performance of his duties and powers under this Act shall have a right of appeal within 21 days from the date when the decision is made known to that person to the Tribunal.

 

59.- Special jurisdiction of Tribunal

(1) Subject to subsections (2) and (3), the Tribunal shall hear and dispose of any appeal under this Act.

(2) Sections 40 to 44 of the Information and Communication Technologies Act 2001 shall, as far as appropriate, apply to an appeal made under this Act and to such decision as may be reached by the Tribunal on appeal under this Act.

(3) Sections 39 and 42(5) of the Information and Communication Technologies Act 2001 shall not apply to an appeal under this Act.

(4) Subject to subsection (5), every appeal under section 59 shall be in such form and be accompanied by such fees as may be prescribed.

(5) The Tribunal may entertain an appeal after the expiry of the period of 21 days where it is satisfied that there was sufficient cause for not lodging the appeal within that period.

(6) The Tribunal may, after giving the parties to the appeal an opportunity of being heard, pass such orders as it thinks fit, confirming, varying or setting aside the decision appealed against.

(7) The Tribunal shall send a copy of every order made by it to the parties to the appeal.

(8) Any appeal lodged with the Tribunal under this Act, shall be dealt with by it as expeditiously as possible and the Tribunal shall endeavour to dispose of the appeal within 6 weeks from the date the appeal was lodged.

(9) Any person who does not comply with an order issued by the Tribunal under subsection (6), shall commit an offence.

 

60.- Immunity

(1) Notwithstanding the Public Officers’ Protection Act, where any action has been entered before a Court pursuant to any act done by any authorised officer in the execution of his duties under this Act or any regulations made under it, and it appears to the Court that there was reasonable cause to do such act, the Court shall so declare and thereafter the authorised officer shall be immune from all proceedings, whether civil or criminal, on account of such act.

(2) No liability, civil or criminal shall attach to the Commissioner in respect of any act which he may have done or omitted to do in good faith in the execution or purported execution of his duties or powers under this Act or regulations made under it.

 

61.- Offences and penalties

(1) Any person who contravenes this Act shall commit an offence.

(2) Where no specific penalty is provided for an offence, the person shall, on conviction, be liable to a fine not exceeding 200,000 rupees and to imprisonment for a term not exceeding 5 years.

 

62.- Forfeiture

In addition to any penalty the Court may :

(a) order the forfeiture of any equipment or any article used or connected in any way with the commission an offence;

(b) order or prohibit the doing of any act to stop a continuing contravention.

 

63.- Prosecution and jurisdiction

(1) An authorised officer may swear an information in respect of any offence under this Act or any regulations made under this Act before a Magistrate.

(2) Notwithstanding any other enactment, the Intermediate Court shall have jurisdiction to try an offence under this Act or any regulations made under this Act.

(3) No prosecution shall be instituted under this Act except by, or with the consent, of the Director of Public Prosecutions.

 

64.- Consequential amendments

(1) The Criminal Code is amended by repealing section 300A.

(2) The Information and Communication Technologies Act 2001 is amended :

(a) in section 2, by deleting the definitions of “code of practice” and “personal data”;

(b) by repealing section 33;

(c) by repealing the Fourth Schedule.

(3) The National Computer Board Act is amended :

(a) In section 2, by deleting the definitions of “computer service person”, “data”, “data user”, and “personal data”;

(b) in section 4, by deleting paragraph (d); and

(c) by deleting the FIRST SCHEDULE.

 

65.- Regulations

(1) The Prime Minister may, after consultation with the Commissioner, make such regulations as he thinks fit for this Act.

(2) Any regulations made under subsection (1) may provide :

(a) for the requirements which are imposed on the data controller when processing data;

(b) for the contents a notification or application to a data controller should contain;

(c) for the information to be provided  to the data subject and how such information shall be provided;

(d) for the levying of fees and taking of charges;

(e) for the issuing, approval of codes and guidelines;

(f) that any person who contravenes them shall commit an offence and shall, on conviction, be liable to  a fine not exceeding 100,000 rupees and to imprisonment for a term not exceeding 2 years.

(3) The Prime Minister may, by regulations, amend the Schedules.

 

66.- Commencement

(1) Subject to subsection (2), this Act shall come into operation on a date to be fixed by Proclamation.

(2) Different dates may be fixed for the coming into operation of different sections of this Act.

 

Passed by the National Assembly on the first day of June two thousand and four.

 

André Pompon

 

Clerk of the National Assembly

 

 

FIRST SCHEDULE (section 2, 15 and 31)

DATA PROTECTION PRINCIPLES

 

First principle

Personal data shall be processed fairly and lawfully.

 

Second principle

Personal data shall be obtained only for any specified and lawful purpose, and shall not be further processed in any manner incompatible with that purpose.

 

Third principle

Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed.

 

Fourth principle

Personal data shall be accurate and, where necessary, kept up to date.

 

Fifth principle

Personal data processed for any purpose shall not be kept longer than is necessary for that purpose or those purposes.

 

Sixth principle

Personal data shall be processed in accordance with the rights of the data subjects under this Act.

 

Seventh principle

Appropriate security and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

 

Eighth principle

Personal data shall not be transferred to a third country, unless that country ensures an adequate level of protection for the rights of data subjects in relation to the processing of personal data.

 

 

SECOND SCHEDULE (section 6)

I, …………………………………………………………make oath/solemnly affirm/ declare that I will faithfully and honestly fulfill my duties as authorised officer/Commissioner in conformity with the Data Protection Act 2004 and that I shall not without the due authority in that behalf disclose or make known any matter or thing which comes to my knowledge by reason of my duties as such.

District Magistrate

Port Louis

 

 

 

 

11Jul/17

Act nº 44 of December 2001. The information and Communications Technologies Act 2001

Act nº 44 of December 2001. The information and Communications Technologies Act 2001. (Proclaimed by: Proclamation nº 6 of 2002 w.e.r. 11th February 2002 Section 1 and Part VII; Proclamation nº 27 w.e.f. 1st June 2002 Sections 2 and 3, Parts II to VI and Part IX; Proclamation nº 35 of 2003 w.e.f. 1st December 2003 Part VIII) (Amended, Deleted, Added, Repealed and Proclamation by: Act. nº 6 of 2002, Act. nº 27 of 2002, Act. nº 33 of 2002, Act. nº 35 of 2003, Act. nº Act nº 13 of 2004, Act. nº 1 of 2009, Act. nº 7 of 2009, Act nº 38 of 2011, Act. nº 7 of 2013, Act. nº 9 of 2015, Act. nº 21 of 2016

 

INFORMATION AND COMMUNICATION TECHNOLOGIES ACT 2001 Act 44/2001

Proclaimed by: (Proclamation nº 6 of 2002) w.e.f. 11th February 2002 Section 1 and Part VII (Proclamation nº 27 of 2002) w.e.f. 1st June 2002. Sections 2 and 3, Parts II to VI and Part IX (Proclamation nº 35 of 2003) w.e.f. 1st December 2003 Part VIII

An Act To establish the Information and Communication Technologies Authority, the Information and Communication Technologies Advisory Council, the Information and Communication Technologies Appeal Tribunal and to provide for the regulation and democratisation of information and communication technologies and related matters

 

ENACTED by the Parliament of Mauritius, as follows:

 

PART  I.- PRELIMINARY

 

1.-  Short title

This Act may be cited as the Information and Communication Technologies Act 2001.

 

2.- Interpretation In this Act :

“access” means access by a person to the facilities and services of a licensee excluding interconnection for the purpose of providing information and communication services.

“access agreements means an agreement which sets out the terms and conditions pursuant to which a licensee grants access to a person where the services operated by the letter do not require the interconnection of physical networks.

“allocation” means the entry of a given frequency band in the Mauritius Frequency Allocation Table to be used by one or more terrestrial or space radio communication service, or the radio astronomy services;

“authorised officer” means the officer designated as such under section 25;

“Authority” means the ICT Authority established under section 4;

“Board” means the ICT Board established under section 5;

“broadcasting” means the emission or transmission of sounds or images for reception by the public;

“certificate” means a document issued by a certification authority for the purpose of supporting digital signatures which purports to confirm the identity or other significant characteristics of the person who holds a particular key pair;

“certification authority” means a person duly authorised under the Electronic Transaction Act 2000 to issue a certificate;

“charging principles” means the principles that may be prescribed for use in determining the prices to be charged front or by a licensee under an access and an interconnection agreement;

“code of practice”  (Deleted by Act nº 13 of 2004)

“Competition Commission” means the Competition Commission established under section 4 of the Competition Act; (Added by Act nº 38 of 2011)

computer” means any device for storing and processing information whether or not the information is derived from other information by calculation, comparison or otherwise;

“computer service person”. (Deleted by Act nº 1 of 2009)

“computer system” means a device or combination of devices, including input and output support devices, but excluding calculators which are not programmable, and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

“Controller” means the Controller of Certification Authorities referred to in the Electronic Transactions Act; (Amended by Act nº 7 of 2009)

“Council” means the ICT Advisory Council set up under section 34;

“data” means information recorded in a form in which it can be processed by equipment operating automatically in response to instructions given for that purpose;

“data user”  (Deleted by Act nº 1 of 2009)

“domain name” means a unique alpha-numeric designation used to access a computer on the internet and all domain names located in the .mu name hierarchy;

“dominant operator” means a licensee who, by the terms of his licence or by reason of his share in the market or the availability to him of technological ability, infrastructure or capital, has a substantial degree of power in the market for the supply of an information and telecommunication services including a telecommunication service;

“electronic transaction” means any transaction conducted over a network, using computers, information and communication technologies, including telecommunications;

“Executive Director” means the Executive Director of the Authority appointed under section 14;

“facility” means :

(a) any part of the infrastructure of an information and communication network including a telecommunication network; or

(b) any line, cable, radio, equipment, antenna, tower, mast, tunnel, pit, pole or other structure or thing used, or included for use, in connection with an information and communication network including a telecommunication network;

“financial year” means the period extending from 1 July in any year to 30 June in the next ensuing year;

“frequency band” means a continuous frequency range of spectrum;

“information” means data, text, images, sounds, codes, computer, programmes, software, databases or the like;

“information and communication industry” means any entity :

(a) carrying on a business; or

(b) engaged in any commercial activity connected with information and communication technologies;

“information and communication network” means a network for the transmission of messages and includes a telecommunication network;

“information and communication service” means any service involving the use of information and communication technologies including telecommunication services;

“information and communication technologies” means technologies employed in collecting, storing, using or sending out information and include those involving the use of computers or any telecommunication system;

“intercept’ means intercept by listening or recording, by any means, a message passing over an information or communication network, including telecommunication network, without the knowledge of the person originating, sending or transmitting the message,

“interconnection” means the linking up of 2 information and communication networks, including telecommunication networks so that users of either network may communicate with users of, or utilise services provided by means of, the other network or any other information and communications network including telecommunication network;

“interconnection agreement” means an agreement made between 2 or more licensees which sets out the terms and conditions –

(a) for interconnection between the facilities in the information and communication networks, including telecommunication networks of 2 or more licensees; or

(b) upon which a licensee obtains interconnection to information and communication services, including telecommunication services supplied by another licensee;

“International Mobile Station Equipment Identity” or “IMEI” means a unique number which is allocated to every individual mobile station equipment in the Public Land Mobile Network and which shall unconditionally be implemented by the Mobile Station (MS) manufacturer;

“lnternet” means a publicly accessible system of global interconnected computer networks which uses the Internet Protocol as its communication protocol to provide a variety of information and communication facilities;

“Internet Protocol” or “IP” means a standard consisting of a set of rules governing digital data communication on the Internet;

“licence” means a licence issued under section 24,

“licensed certification authority” means a Certification Authority licensed by the Controller;

“licensee” means the holder of a licence;

“Mauritius Frequency Allocation Table” means the table where the spectrum plan for Mauritius is detailed:

“member” includes a chairperson;

“Minister” means:

(a) the Minister to whom responsibility for the subject of Information and Communication Technologies Authority is assigned; but

(b) in relation to sections 12, 34, 35 and 36, the Minister to whom responsibility for the subject of information technology and telecommunications is assigned;

“message” includes any communication whether in the form of speech, or other sound, data, text, visual image, signal or code, or in any other form or combination of forms;

“Multiplex Operator” has the same meaning as in the Independent Broadcasting Authority Act;

“network” means a communication transmission system that provides interconnection among a number of local or remote devices;

“personal data” (Deleted by Act nº 13 of 2004)

“public operator” means a licensee who :

(a)

(i) owns or operates a public information and communication network, including a telecommunication network; or

(ii) offers an information and communication service, including a telecommunication service to the public; or

(b) owns  or  operates  a  network  referred  to  in paragraph (a)(i), and offers a service referred to in paragraph (a)(ii); (Amended by Act nº 38 of 2011)

“radio communication” means any transmission, emission, or reception of signs, signals, writings, sounds or intelligence of any nature, of a frequency less than 3000 gigahertz, propagated in space without artificial guide;

“radio spectrum” means the portion of the electromagnetic spectrum which is below 3,000 gigahertz;

“service provider” means any person who provides an information and communication service, including telecommunication;

“significant market power”, in relation to a public operator, means the position of the operator who, either individually or jointly with any of its subsidiaries or others, enjoys a position equivalent to dominance in any specific market segment such that its position of economic strength affords it the power to behave to an appreciable extent independently of competitors, customers and ultimately consumers; (Added by Act nº 38 of 2011)

“tariff” means the rate of any fee or charge which a public operator offers to claim for a service which it supplies;

“telecommunication” means a transmission, emission or reception of signs, signals, writing, images sounds or intelligence of any nature by wire, radio, optical or other electromagnetic systems whether or not such signs, signals, writing, images, sounds or intelligence have been subjected to rearrangement, computation or other processes by any means in the course of their transmission, emission or reception;

“telecommunication equipment” means an electronic device intended for the purpose of

telecommunication; “telecommunication network” means a system, or a series of systems, operation within such boundaries as may be prescribed, for the transmission or reception of messages by means of guided or unguided electro-magnetic energy or both;

“telecommunication service”:

(a) means a service for carrying a message by means of guided or unguided electromagnetic energy or both;

(b)   subject to paragraph (c), includes radio-communication;

(c)   does not include public broadcasting;

“Tribunal”  means the Information and Communication Technologies Appeal Tribunal established under section 36;

“universal service’ means an information and communication service including a telecommunication service determined by the Authority as being a service to be provided by a licensee to an area or sector not served or adequately served by the service.

Amended by: (Act nº 7 of 2009); (Act nº 1 of 2009); (Act nº 38 of 2011); (Act nº 9 of 2015); (Act nº 21 of 2016)

 

3.- Application of the Act

(1) Subject to subsection (2), this Act shall bind the State.

(2) The Minister may on such terms and conditions as he may determine, exempt any Government department, statutory corporation, non-governmental organisation, or foreign governmental or foreign non-governmental agency acting pursuant to such international Convention or treaty as may be prescribed and to which both Mauritius and the government of that agency are signatories, from compliance with this Act in the interests of the sovereignty of the State, national security or public order.

(Amended by Act nº 21 of 2016)

 

Part II – ICT AUTHORITY

 

4.- Establishment of the ICT Authority

(1) There is established for the purpose of this Act, an Information and Communication Technologies Authority known as the ICT Authority.

(2) The Authority shall be a body corporate.

 

5.-  ICT Board

(1) There shall be an Information and Communication Technologies Board to be known as the ICT Board.

(2) The ICT Board shall be responsible for the administration and management of the Authority.

(3) The ICT Board shall consist of:

(a) a Chairperson. to be appointed by the Prime Minister, after consultation with the Leader of the Opposition;

(b) the Secretary for Home Affairs or his representative;

(c) a representative of the Ministry responsible for the subject of finance;

(d) a representative of the Ministry responsible for the subject of information technology and telecommunications;

(e) a representative of the Attorney-General’s Office:

(f) 4 other members, to be appointed by the Minister.

(4) The members referred to in subsection (3)(a) and (f) shall:

(a) be persons having sufficient knowledge and experience in the field of information and communication technologies, computer science. broadcasting and teIecommunication law, business and finance, internet or electronic commerce.

(b) hold office on such terms and conditions as the Prime Minister may determine.

(5) Any appointment made under the repealed section 5 shall, at the commencement of this section, lapse.

(Amended by Act nº 21 of 2016)

 

6.- Meetings of the Board

(1) The Board shall meet:

(a) at least once every month;

(b) whenever so decided by the Chairperson; or

(c) upon request of any 3 members.

(2) Five members shall constitute a quorum.

(3) The Board may co-opt such person as may be of assistance in relation to any matter before the Board.

(4) In the absence of the Chairperson at a meeting of the Board, the members present shall elect a member to act as Chairperson for that meeting.

(5) Any person co-opted under subsection (3) shall have no right to vote on any matter before the Board.

(6) Every member shall be paid such remuneration and allowances from the General Fund as may be determined by the Minister. (Amended by Act nº 21 of 2016)

 

7.-  Disqualification from membership

(1) No person shall be eligible to be appointed or to remain a member of the Authority if he –

(a) is a shareholder or director or employee of a public operator;

(b) is an undischarged bankrupt or has made any arrangement with his creditors;

(c) is incapacitated by physical or mental illness; or

(d) acts contrary to this Act.

(Amended by Act nº 21 of 2016)

(2)  (Repealed by Act nº 21 of 2016)

 

8.- Disclosure of interest A member who has a direct or indirect pecuniary or other interest in a matter being considered or about to be considered by the Board shall forthwith, or as soon as is practicable after the relevant facts have come to his knowledge, disclose on record or in writing the nature of his interests to the Board and shall not –

(a) be present during any deliberation of the Board with respect to that matter; and

(b) take part in any decision of the Board with respect to that matter.

 

9.-  Declaration of assets

(1) Every member, the Executive Director, and such other employees as the Board may decide, shall not later than 30 days after their appointment or after their vacation of office deposit with the Authority a declaration of assets and liabilities in relation to himself, his spouse and children.

(2) A declaration under this section shall be made by way of an affidavit, sworn before the Supreme Court in the form specified in the Second Schedule.

 

10.-  Delegation of powers Subject to such instructions and rules of a general nature as it may give or make, the Board may delegate to:

(a) a committee comprising the Chairperson and 2 other members; or

(b) the Executive Director,

such of its powers under this Act as may be necessary for the effective management of the Authority, other than the power to borrow money or to grant a licence.

 

11.-  Appointment of committees The Board may appoint such committees as it thinks fit to advise the Authority on such matters within the purview of this Act.

 

12.-  Internet Management Committee

(1) The Minister shall, after consultation with the Board, appoint an Internet Management Committee.

(2) The Committee under subsection (1) shall consist of a Chairperson and 10 members.

(3) The members shall hold office for a period of 3 years and shall be eligible for reappointment.

(4) Members under subsection (2) shall be selected from among representatives from the public sector, private sector, non- government organisation and academia, by virtue of their qualifications, expertise and experience in information and communication technologies, computer science, broadcasting and telecommunication law, business and finance, internet, electronic commerce and related educational and training services;

(5) Every member shall be paid such fee as may be determined by the Board.

 

13.-  Functions of the Internet Management Committee

(1) The functions of the Internet Management Committee shall be:

(a) to advise the Authority on Internet and related policies;

(b) to provide a forum for stake-holders to discuss issues relating to the administration of Internet;

(c) to administer domain names in the context of the development of the information and communication industry; and

(d) to make recommendations to the Board on any matter relating to Internet including the administration and management of domain names.

(2) The Committee may appoint such working groups as may be necessary in the discharge of its functions under the Act.

(3) The Committee shall regulate its meeting and proceedings in such manner as it thinks fit.

 

14.- The Executive Director

(1) There shall be a chief executive officer of the Authority who shall:

(a) be known as the Executive Director; and

(b) be appointed by the Board with the approval of the Minister on such terms and conditions as the Board thinks fit.

(2) The Executive Director shall be responsible for the execution of the policy and the control and management of the day-to-day business of the Authority.

(3) The Executive Director:

(a) shall attend every meeting of the Board;

(b) may take part in the deliberations of the Board;

(c) shall not be entitled to vote on any question before the Board.

(4) The Executive Director may, with the approval of the Board, delegate any of the functions or powers delegated to him under section 10 to an officer.

(5) In the exercise of his functions, the Executive Director shall act in accordance with such directions as he may receive from the Board.

 

15.-  Employment of staff

(1) The Authority may employ, on such terms and conditions as it thinks fit, such officers and other members of staff as may be necessary for the proper discharge of the functions of the Authority.

(2) Every employee shall be under the administrative control of the Executive Director.

(3) Every employee who has an interest in any contract with the authority or acquires an interest of any kind from a licensee shall make a declaration on the prescribed or approved form.

 

PART III – OBJECTS, POWERS AND FUNCTIONS OF THE AUTHORITY

 

16.-  Objects of the Authority

The objects of the Authority shall be:

(a) to democratise access to information taking into account the quality, diversity and plurality in the choice of services available through the use of information and communication technologies

(b) to create a level playing field for all operators in the interest of consumers in general;

(c) to license and regulate the information and communication services;

(d) to ensure that information and communication services including telecommunication services are reasonably accessible at affordable cost nationwide and are supplied as efficiently and economically as practicable and at performance standards that reasonably meet the social, educational, industrial, commercial and, other needs of Mauritius;

(e) to encourage the optimum use of information and communication technologies in business, industry and the country at large, the introduction of new technology and the investment in infrastructure and services;

(f) to promote the efficiency and international competitiveness of Mauritius in the information and communication sector;

(g)   to further the advancement of technology, research and development relating to information and communication technologies through modern and effective infrastructure taking into account the convergence of information technology, media, telecommunications and consumer electronics;

(h) to advise the Minister on all matters relating to information and communication technologies and on matters relating to the Authority generally.

 

17.-  Powers of the Authority

(1) The Authority, in addition to the powers it has under section 37 of the Interpretation and General Clauses Act, may:

(a) commission expert evaluations, conduct studies, collect data related to the information and communication industry;

(b) authorise any person to conduct such technical tests or evaluations relating to information and communication services including telecommunication as it thinks fit.

(2) For the purposes of subsection (1), the Authority may require a public operator who holds a licence granted under this Act to provide information on the use, area of coverage and means of access to his service.

(3) The Authority shall have the power to make such determinations, issue such directives and guidelines, and do such acts and things, as are incidental or conducive to the attainment of its objects and the discharge of its functions.

(Amended by Act nº 38 of 2011)

 

18.-  Functions of the Authority

(1) The Authority shall:

(a) implement the policy of government relating to the information and communication industry;

(b) provide economic and technical monitoring of the information and communication industry in accordance with recognized international standard practices, protocols and having regard to the convergence of technology;

(c) promote and maintain effective competition, fair and efficient market conduct between entities engaged in the information and communication industry in Mauritius and to ensure that this Act is implemented with due regard to the public interest and so as to prevent any unfair or anti-competitive practices by licensees;

(d) advise and assist in the formulation of national policies with respect to the regulation of the information and communication industry;

(e) act internationally as the national regulatory body of Mauritius in respect of information and communication technologies matters;

(f) exercise licensing and regulatory functions in respect of information and communication services in Mauritius including the determination of types and classes of licensees and the approval of prices, tariffs and alterations thereto;

(g) establish, for public operators, performance standards and linkage standards in relation to the provision of international and local telephone services, and monitor compliance with both of those standards;

(h)  report, in such manner as may be required, to the Minister or to any other person on any matter that lies within its purview, such as the performance of public operators, the quality of consumer service and consumer satisfaction, measured against the best available international standards of practice;

(i) ensure the fulfilment by public operators of their obligations under any enactment;

(j) (Repealed by Act nº 1 of 2009)

(k) develop and, where appropriate, revise, accounting requirements and draw up a cost allocation manual for use by public operators;

(l) regulate the security of data;

(Amended by Act nº 1 of 2009)

(m) take steps to regulate or curtail the harmful and illegal content on the Internet and other information and communication services;

(n) ensure the safety and quality of every information and communication services including telecommunication service and, for that purpose, determine technical standards for telecommunication network, the connection of customer equipment to telecommunication networks;

(o) entertain complaints from consumers in relation to any information and communication service in Mauritius and, where necessary, refer them to the appropriate authorities;

(p) allocate frequencies and manage, review, and, where appropriate, reorganise the frequency spectrum;

(q) determine the numbering system to be used for every information and communication services including telecommunication service, and manage, review, and, where appropriate, reorganise the numbering system;

(r)  set up a radio frequency management unit for the allocation, monitoring, control and regulation of radio frequencies and, with the approval of the Minister, participate in any regional monitoring system;

(s) monitor every access or interconnection agreement and assist in the resolution of any dispute relating thereto;

(t) monitor the use of information and communication services on any ship or aircraft;

(u)  control the importation of any equipment capable of being used to intercept a message;

(v)  regulate the conduct of examinations for, and the issue of, certificates of competency to persons wishing to operate any apparatus used for purposes of information and communication services including telecommunication;

(w) manage the Universal Service Fund set up under section 21;

(x) determine, whether as conditions of licences or otherwise, the universal service obligations and requirements;

(y)   authorise or regulate the registration, administration and management of domain names for Mauritius; and

(z) be the Controller of Certification Authorities.

(Amended by Act nº 7 of 2009)

(2)

(a) Notwithstanding subsection (1), the Authority shall allocate and regulate the use of any frequency to any licensed broadcaster in the case of analogue broadcasting and to the Multiplex Operator in the case of digital broadcasting.

(b) Subject to paragraph (c), the broadcaster or the Multiplex Operator shall pay to the Authority such fee as may be prescribed.

(c) The Multiplex Operator shall be exempt from payment of any fee referred to in paragraph (b) for the broadcast, through transmission stations operated by it, of the proceedings of the National Assembly under any access agreement between the Multiplex Operator and the National Assembly.

(3) The Authority shall furnish to the Minister:

(a) an annual report of its activities; and

(b) an annual report on the development of the information and communication industry in the country, as may be prescribed;

(c)  such reports and other information as may be required.

(4) The Minister shall at the earliest opportunity lay a copy of a report submitted under subsection 3(a) before the National Assembly.

Amended by: (Act nº 7 of 2009); (Act nº 1 of 2009); (Act nº 9 of 2015); (Act nº 21 of 2016)

 

19.-  Powers of the Minister The Minister may give such directions of a general character to the Board, not inconsistent with the objects of the Authority, which fie considers to be necessary in the public interest, and the Board shall comply with those directives.

 

PART IV.- FINANCIAL PROVISIONS

 

20.-  Establishment of the General Fund

(1) The Authority shall establish a General Fund:

(a) into which all money, dues, fees and charges received by the Authority shall be paid; and

(b) out of which:

(i) all payments required to be made by the Authority shall be effected;

(ii)  shall be paid into the Capital Fund established under the Finance and Audit Act, such surplus money not required for the purposes of subparagraph (i), as the Board may determine.

(2) The Authority may, in furtherance of its objects and in accordance with the terms and conditions upon which its funds may have been obtained or derived, charge to the General Fund all remuneration, allowances, salaries, grants, fees, pensions and superannuation fund contributions, gratuities, working expenses and all other charges properly arising, including any necessary capital expenditure.

(3) The Authority shall derive its income from:

(a) any charge or fee that may be prescribed;

(b) any sum appropriated from the Consolidated Fund; and

(c) such other source as may be approved by the Minister.

(4) The Authority shall, not later than 3 months before the commencement of every financial year, submit to the Minister for his approval a detailed estimate of its income and expenditure for that year.

(5) In signifying his approval, the Minister may make comments of a general policy nature regarding the estimate.

 

21.- Establishment of a Universal Service Fund

(1) The Authority shall establish a Universal Service Fund:

(a) into which shall be paid any contribution received from licensees in pursuance of subsection (2);

(b)   out of which payments may be made to any licensee required by the terms of his licence, or otherwise directed by the Authority, to provide a universal service.

(2) Every public operator shall, in addition to the licence fee payable, pay into the Universal Service Fund, such annual contributions is may be prescribed.

(3) The Minister may, on the recommendation of the Board, prescribe –

(a) the basis and manner of determination of such contributions;

(b)   the dates when such contributions shall become payable and the manner and, if he deems it appropriate, the period over which the contributions shall be paid.

 

22.-  Donations and exemptions

(1) Article 910 of the Code Napoleon shall not apply to the Authority.

(2) Notwithstanding any other enactment, the Authority shall be exempt from payment of all charges, duties, fees, rates or taxes.

 

PART V.- (Repealed by Act nº 21 of 2016)

 

PART VI.- LICENSING AND OTHER PROVISIONS

 

24.-  Licensing

(1) No person shall operate an information and communication network or service including telecommunication network or service unless he holds a licence from the Authority.

(2) Any person who wishes to obtain, transfer, renew, or vary the terms of, a licence for the operation of an information and communication network or service including a telecommunication network or service specified in the First Schedule shall make a written application to the Authority in the prescribed form.

(3) Upon receipt of an application referred to in subsection (2), the Authority:

(a) shall, in the case of such licences as may be prescribed, forthwith give public notice of the application in 2 daily newspapers and invite any interested person who wishes to object to the application to do so in writing within 14 days;

(b) may:

(i) require the applicant to furnish any additional information that it considers relevant;

(ii) inspect any installation, apparatus or premises relating to the application.

(4) The Authority shall, after hearing any objection that may be made pursuant to subsection (3) (a), determine whether to issue, transfer, renew, or vary the terms of, a licence.

(5) The Authority shall, in the exercise of its powers under subsection (4), have regard in particular to:

(a) the public interest and any likelihood of unfair practice;

(b)  any element of national security;

(c) the technical and electromagnetic compatibility of the application with any other licensed service;

(d)  any agreement between Mauritius or the Authority with any other State, or any national or international organization relating to information and communication technologies including telecommunication.

(6) Subject to subsection (5)(d), the Authority shall, within a period of 30 days from the date of receipt of the application, convey its decision to the applicant.

(7) Where the Authority agrees to issue, transfer, renew, or vary the terms of a licence –

(a) it may do so by imposing any term or condition that it thinks fit;

(b) it shall give written notice of its decision, and the reasons therefor, to any person objections who has raised an objection pursuant to subsection (3)(a).

(8) Where the Authority refuses to issue, transfer, renew or vary the terms of a licence, it shall gives written notice of its decision, and the reasons therefore, to the applicant and to any person who has raised an objection pursuant to subsection (3)(a).

(9) No licence shall be issued or renewed under this section unless the prospective licensee pays such fee as may be prescribed.

(10) Every licence shall specify:

(a) the name and business address of the licensee;

(b) the installation, apparatus and premises to which it relates;

(c)   the network or service to be provided by the licensee; and

(d) any term or condition imposed pursuant to subsection (7)(a).

(11) Subject to subsection (12), the authority may, of its own motion, vary the terms of, or revoke, a licence on the ground that the licensee has –

(a) contravened this Act; or

(b)   acted in breach of any term or condition imposed pursuant to subsection (7)(a).

(12) Where the Authority proposes to vary the terms of, or revoke, a licence pursuant to subsection (11), it shall have written notice of its intention to the licensee, stating –

(a) the reasons for which it proposes to do so; and

(b)   the time, being not less than 14 days, within which the licensee may make written representation to object to the proposal.

(13) The Authority shall, after considering any representations made pursuant to subsection (12), communicate its decision in writing, and the reasons therefore to the licensee.

(14) Where the urgency of the matter so requires, the Authority may forthwith suspend a licence on any ground specified in subsection (11).

(15) A suspension effected pursuant to subsection (14) shall, unless sooner revoked, lapse after 30 days.

(Amended by Act nº 13 of 2004)

 

25.- Special powers

(1) The Board may designate in writing any officer to act as an authorised officer who shall perform (lie duties specified in this section.

(2) An authorised officer may:

(a) require a licensee to produce his licence;

(b)   at all reasonable times inspect any installation, apparatus or premises relating to a licence.

(3) Where a Magistrate is satisfied, by information upon oath, that there is reasonable ground to suspect that a person is contravening this Act or any regulations made there under, he may grant a warrant to an authorised officer enabling him to-

(a) enter any premises named in the warrant and search those premises or any person found therein;

(b) inspect, remove and take copies of any document found which he considers relevant;

(c)   inspect and remove any installation or apparatus found therein which he has reason to suspect is operating in contravention of this Act.

(4) When a public operator contravenes this Act, the Authority may require the operator to remedy the default within a delay specified by it.

(5) Where a public operator fails to comply with a decision taken by the Authority under subsection (4), the Authority may:

(a) revoke or vary the terms of the licence;

(b) suspend the licence for a period not exceeding 30 days; or

(c) reduce the period, not exceeding one year, for which the licence was originally granted.

(6) Where it has come to the knowledge of the Authority that there has occurred a substantial change in the composition of the share capital of the public operator, the Authority may cancel the licence forthwith subject to the public operator being afforded all opportunity to be heard on why the licence should not be cancelled.

(7) Any matter dating back to more than 3 years shall not be the subject matter of consideration by the Authority unless an inquiry, verification or action has been initiated within that period.

(8) The Authority shall give reasons for its decision under this section and notify the interested party.

(9) Notwithstanding subsection (5), where a public operator fails to comply with a decision of the Authority under subsection (4), he commits an offence and shall be liable, on conviction, to a fine, the maximum of which shall be 3% of the net turnover of his preceding financial year or 5,000,000 rupees, whichever is the lesser.

 

26.-  Obligations of licensees

Every licensee shall:

(a) comply with every term and condition attached to his licence;

(b) maintain an installation, apparatus or premises relating to his licence in such condition as to enable him to provide a safe, adequate and efficient service;

(c) provide access thereto to an authorised officer;

(d) furnish to the Authority such reports, accounts and other information relating to his operations as the Authority relay require;

(e) comply with any written direction given to him by the Authority in relation to the exercise of his rights and obligations under a licence.

 

27.-  Public operators entering premises

(1) A public operator shall, subject to subsection (2), have authority to:

(a) enter any property for the purpose of exercising any of his powers under his licence;

(b) establish any installation or apparatus on, over, under or across any land or road.

(2)

(a) Before entering on any private property pursuant to subsection (1), a public operator shall give not less than 4 days written notice of his intention to the owner or occupier, stating the reasons for which lie proposes to do so.

(b) Any person who receives a notice issued pursuant to paragraph (a) may apply to the Authority forthwith for a review of the decision specifying the grounds of his objection.

(c) The Authority shall, after hearing the parties, determine every application under paragraph (b) within a reasonable delay.

(3) Where any person suffers any prejudice caused to his property or interest in the property through the acts or omissions of a public operator, he may apply for compensation to the Authority.

(4) The Authority shall, within 30 days, make an award on the claim for compensation and shall, within 7 days of the date of the award, communicate a copy to each of the parties.

(5) Nothing in this section shall prevent a public operator from entering on any property to do whatever may be required to remove any tree, branch, hedge or any other object that is likely to cause danger to any installation or apparatus relating to services provided by him.

(6) For the purpose of this section, establishing an information and communication installation or apparatus including telecommunication installation or apparatus shall include the setting up of poles, wires, stays or struts or other similar structure or any work performed either above or under the ground, in connection with the establishment, alteration, disconnection, modification or repair of the installation or apparatus.

(7) The Authority may, at the request of the owner or occupier of a property over which a public operator has established an information and communication installation including telecommunication installation, require the public operator to alter, modify or divert the installation and the expenses thereby incurred shall be borne by the person making the request.

 

28.-  Interconnection agreements

(1) Every network licensee or public operator shall grant access to his network in accordance with this section.

(2) A licensee may make a written application to a network licensee for access to its network with a copy of the application to the Authority.

(3)

(a) Where a network licensee receives an application he shall, unless the Authority otherwise determines, negotiate the terms of an interconnection agreement with the applicant in good faith.

(b) Either party to the proposed agreement may request the Authority to depute a representative to attend, and assist in the negotiations.

(4)

(a) Subject to paragraph (b), the rates for interconnection shall be determined in accordance with any charging principles in force.

(b) Where an interconnection agreement is negotiated before any charging principles have been prescribed, the agreement shall, where appropriate, be amended by the parties to comply with any charging principles that may subsequently be prescribed.

(5) Where the parties to a proposed interconnection agreement are unable to agree on the terms thereof within 60 clays front the date of an application under subsection (2), either party may request the Authority to act as an arbitrator in the matter.

(6) An arbitration made by the Authority pursuant to subsection (5) shall be deemed to be made under, and be regulated by the Code de Procedure Civile wherever applicable, subject to this Act.

(7) The award by the Authority on the dispute shall:

(a) be made within 60 days from the date of a request under subsection (5); and

(b) specify:

(i) the facilities and the network covered by the award;

(ii) the extent of any network over which one party is required to carry information and communication messages including telecommunications messages to enable another party to supply services;

(iii) the points of, and the technical standards for, interconnection

(iv)   the rates of interconnection

(v)    the effective date of the award.

(8) Each party to an interconnection agreement shall supply to the Authority:

(a) a copy of the agreement, and of any amendment to it, within 14 days of the execution of the agreement, or amendment, as the case may be;

(b) such information relating to the interconnection agreement as the Authority may require.

 

29.-  Access Agreement

(1) Any person may make an application to a public operator or network licensee for access to its facilities or services other than its network.

(2) Where the public operator or network licensee receives an application, he may, after consideration, grant the application, and negotiate the terms and conditions of the access with the applicant in good faith, or refuse the application.

(3) Where the application is not granted and the applicant has reasonable around to believe that the operator or network licensee has not acted in good faith, he may refer the matter to the Authority for its decision.

(4) Where the parties to a proposed access agreement are unable to agree on the terms thereof within 60 days front the date of the application under subsection (2) either party relay request the Authority to act as an Arbitrator in the matter.

(5) An arbitration made by the Authority pursuant to subsection (4) shall be deemed to be made under, and be regulated by the Code de Procedure Civile wherever applicable, subject to this Act.

(6) The award of the Authority on the dispute shall be made within 60 days from the date of the application.

 

30.- Market definition and determination of significant market power

(1) The Authority shall, at such times as it may determine, hold a public consultation and carry out a market analysis, to enable it to:

(a) identify information and communication service markets or market segments;

(b) designate every information and communication service market and market segment for which tariffs must be approved by the Authority before the service is offered to the public; (c) determine whether any public operator has significant market power in those information and communication service markets or market segments.

(2) The Authority   shall,   following   the   public consultation referred to in subsection (1), designate and give public notification of:

(a) every information  and  communication service market and market segment; and

(b) every   public   operator   which   has   a significant market power in an information and communication service market or market segment.

(3) Following the grant of the appropriate licences, every public operator shall, before the commercial launch of the relevant information and communication service, disclose to the Authority the relevant market or market segment in which it intends to operate.

(4) The Authority may, after consultation with the Competition Commission, issue such guidelines as are necessary for the purposes of determining which public operator has significant market power in an information and communication service market or market segment.

(5) Where a public operator has significant market power in a market or market segment, it may also be considered to have a significant market power in a closely related market or market segment, where the links between the two markets or market segments are such as to allow the market power held in one market or market segment to be leveraged into the other market or market segment, thereby strengthening the market power of the public operator.

(6) Where a public operator has significant market power in a market or market segment, and wishes to supply promotional offers, including discount practices, he shall submit the relevant cost breakdown for the said service and offers for determination by the Authority.

(7) Every public operator shall:

(a) before entering  into  a  new  market  or market segment, notify the Authority of its intention to do so; and

(b) furnish to the Authority such information relating to its operations as the Authority may require under this section.

(Amended by Act nº 38 of 2011)

 

30A.-  Significant market power conditions

(1) Where the Authority determines that a public operator has significant market power in a relevant market or market segment, it may impose such conditions as it considers appropriate on the public operator.

(2) Every public operator with significant market power shall comply with every condition imposed by the Authority under subsection (1).

(Added by Act nº 38 of 2011)

 

31.-  Tariffs

(1) Every public operator shall submit to the Authority, in such form and manner as the Authority may determine, a tariff for every information and communication service which it wishes to supply and every intended alteration to a tariff, at least 15 days before the implementation of the tariff or the alteration, as the case may be.

(2) Every tariff or alteration submitted to theAuthority under subsection (1) shall –

(a) be calculated  in  accordance  with  such guidelines as the Authority may issue;

(b) include information relating to:

(i) the term during which the tariff or alteration is to apply;

(ii) the description of the information and communication service;

(iii) the amount of all charges payable for each information and communication service, including the amount of any surcharge that may be imposed as a result of nonpayment of fees or charges and the cost-related computation thereof;

(iv) the breakdown of  cost  and  cost elements involved in supplying every information and communication service;

(v) the quantity in which the information and communication service is supplied;

(vi) the network configuration, including the capacity needed, to supply the information and communication service;

(vii)   the performance characteristics for the information and communication service supplied; and

(viii)  the terms and conditions on which the information and communication service is or is to be supplied, including the mode of payment.

(3) No public operator shall demand or receive from any person payment of any tariff which:

(a) has not been submitted to the Authority in accordance with subsections (1) and (2);

(b) is different from the tariff submitted to the Authority under this section; or

(c) has been disallowed by the Authority.

(4) Every public operator shall display the tariff or alteration applicable for every information and communication service it offers in a conspicuous place at every point of sale of such service.

(5) Where the Authority is provided with a tariff or alteration under subsection (1), it may, where the tariff or alteration has been provided by a public operator having a significant market power, require the public operator to provide such additional information as it considers necessary.

(6) On receipt of a request from the Authority under subsection (5), the public operator shall provide the additional information within 15 days of the date of the request.

(7)

(a) The Authority shall:

(i) in  the  case  of  a  public  operator having significant market power, within 30 days of the date on which it is provided with a tariff or alteration under subsection (1), or it receives additional information under subsection (5), whichever is the later; or

(ii) in the case of a public operator not having significant market power, within 15 days of the date on which it is provided with a tariff or alteration under subsection (1),

determine whether to allow, disallow, or amend the tariff or alteration and shall, by notice in writing, inform the public operator of its decision.

(b) Where the Authority allows or amends a tariff or alteration, it may impose such terms and conditions as it may determine.

(c) Where the Authority disallows or amends a tariff or alteration, it shall communicate, in writing, the reasons for its decision to the public operator.

(d) Where a tariff or an alteration has been allowed or amended by the Authority, the public operator shall forthwith give public notification of the tariff, alteration or amended tariff in 2 newspapers for 3 consecutive days.

(8)

(a) Subject to subsection (9), where a public operator does not receive any communication from the Authority within 15 days of the date the public operator has submitted its tariff to the Authority, the tariff shall be deemed to have been allowed by the Authority.

(b)Paragraph (a) shall not apply to a public operator having significant market power.

(9) The Authority may:

(a) in the case of an operator not having a significant market power, at any time after the specified period of 15 days referred to in subsection (8)(a); or

(b) in the  case  of  an  operator  having  a significant market power, at any time after its tariff or alteration has been allowed by the Authority,

disallow or amend the tariff or alteration where:

(i) the information  submitted  under subsection (2)(b) or (5), as the case may be, is found to be incorrect or misleading in a material particular;

(ii) the tariff or alteration:

(A) is not calculated in accordance with such guidelines as the Authority may issue;

(B) is not accompanied by information required to be submitted under subsection (2)(b); or

(C) is otherwise in contravention of the Act or a directive issued by the Authority.

(Amended by Act nº 38 of 2011)

 

32.-  Confidentiality

(1) Every member or officer of the Authority shall

(a) before he begins to perform his duties under this Act, take the oath set out in the Third Schedule;

(b)  maintain, and aid in maintaining, the secrecy of any matter which comes to his knowledge in the performance, or as a result, of his duties under this Act.

(2) Any person who, without legal cause or reasonable excuse, contravenes subsection (1)(b) shall commit an offence.

(3) Every licensee or his employees or agent shall treat as confidential any message or any information relating to a message which comes to his knowledge in the course of his duties.

(4) Any person who, otherwise than in the course of his duties, makes use of, or records, a message or any information relating to a message that comes to his knowledge, or to which he has access, by reason of his position is a licensee, or as an employee or agent of a licensee, shall comment an offence.

(5)

(a) Nothing in this Act shall prevent a public operator or any of his employees or agents from intercepting, withholding or otherwise dealing with a message which he has reason to believe is:

(i) indecent or abusive;

(ii) in contravention of this Act;

(iii) of a nature likely to endanger or compromise State’s defence, or public safety or public order.

(b) Where a message is withheld pursuant to paragraph (a), the operator shall forthwith refer it to the Authority for such written directions as the latter may think fit.

(6)

(a) Nothing in this Act shall prevent a Judge in Chambers, upon an application, whether ex parte or otherwise, being made to him, by the Police, from making an order authorising a public operator, or any of its employees or agents, to intercept or withhold a message, or disclose to the police a message or any information relating to a message.

(b) An order under paragraph (a) shall:

(i) not be made unless the Judge is satisfied that the message or information relating to the message is material to any criminal proceedings, whether pending or contemplated, in Mauritius;

(ii) remain valid for such period, not exceeding 60 days, as the Judge may determine;

(iii) specify the place where the interception or withholding shall take place.

(7)  In this section “information and communicationmessage” means a message passing over an information and communication network, including telecommunication network;

“message” includes an information and communication message.

(Amended by Act nº 21 of 2016)

 

33.-  (Deleted by Act nº 13 of 2004)

 

PART VII .- ICT ADVISORY COUNCIL

 

34.-  Establishment of the Council

(1) There is established for the purposes of this Act an information and Communication Technologies Advisory Council known as the ICT Advisory Council.

(2) The Council consists of

(a) a Chairperson;

(b) a representative of the Prime Minister’s Office;

(c)   a representative of the Ministry responsible for the subject of Information Technology and Telecommunications;

(d) a representative of the Ministry of Finance;

(e) a representative of the Ministry of Economic Development;

(f) a representative of the Joint Economic Council;

(g) a representative of the Mauritius Chamber of Commerce and Industry;

(h) 3 other persons representing the interests of consumers, purchasers and other users of information and communication services, including telecommunication services.

(3) The members of the Council, except the ex-officio members, shall be appointed by the Minister

(4) The Council may co-opt persons with specialized qualifications and experience to assist the Council at any of its meetings.

(5) Every member of the Council shall hold office on such terms and conditions as the Minister thinks fit.

(6)  The Council shall meet at least once every month or at such other time as the Chairman may decide.

(7)  Five members of the Council shall constitute a quorum.

 

35.-  Functions of the Council

The Council shall advise the Minister on any matter relating to:

(a) the promotion of the interests of consumers, purchasers and other users in respect of

(i) the  quality and variety of information and communication services including telecommunication services provided;

(ii) the information and communication equipment including telecommunication equipment and facilities supplied;

(iii) the effect of the tariff Policy adopted by the Authority;

(b) the promotion of research into, and the development and use of, new information and communication techniques including telecommunication techniques;

(c) the improvement of information and communication services including telecommunication services;

(d) information and communication technologies including telecommunications which, in its opinion, should be referred to the Minister;

(e) information and communication technologies including telecommunications which may be referred to it by the Minister or by the Authority.

 

PART VIII.-  ICT APPEAL TRIBUNAL

 

36.-  Establishment of the ICT Appeal Tribunal

(1) There is established for the purposes of this Act an Information Technologies Appeal Tribunal known as the ICT Appeal Tribunal which shall consist of :

(a) a Chairperson and a Deputy Chairperson, who shall be barristers of not less than 10 years standing, appointed by the Public Service Commission; and

(b) such other members, not exceeding 4 in number, as may be                       appointed by the Minister after consultation with the Prime Minister.

(2) Every member other than the Chairperson and Deputy Chairperson shall hold office on such terms and conditions as the Minister may determine.

(3) The members other than the Chairperson and Deputy Chairperson of the Tribunal shall hold office for a term of 3 years and may be eligible for reappointment.

(4) Where the Minister is of opinion that the state of business at the Tribunal requires that the number of members should be temporarily increased, he may, after consultation with the Prime Minister, appoint such members on an ad hoc basis and for such period as he considers necessary to serve on the Tribunal.

(5) The members other than the Chairperson and Deputy Chairperson shall be paid such fees as the Minister may approve.

 

37.-  Staff of the Tribunal

The Tribunal will be provided with such public officers as are necessary for the proper functioning of the Tribunal.

 

38.-  Disqualification from membership

No person shall be eligible to remain a member of the Tribunal if:

(a) he is found guilty of any misconduct or default in the discharge of his duties as a member which renders him unfit to be a member;

(b) he is convicted of an offence of such nature as renders it desirable that he should be removed from office; or

(c) he is suffering from such mental or physical infirmity as renders him unfit to discharge his duties as a member.

 

39.- Jurisdiction of the Tribunal

(1) The Tribunal shall hear and dispose of any appeal against a decision of the Authority regarding information and communication technologies.

(2) No appeal shall lie against any decision made by the Tribunal following a settlement reached with the consent of the parties or their representatives.

(3) Subject to subsection (4), every appeal under subsection (1) shall be lodged within a period of 21 days from the date of notification of the decision to the aggrieved person and it shall be in such form and be accompanied by such fee as may be prescribed.

(4) The Tribunal may entertain an appeal after the expiry of the said period of 21 days if it is satisfied that there was sufficient cause for not lodging it within that period.

(5) The Tribunal may, after giving the parties to the appeal an opportunity of being heard, pass such orders as it thinks fit, confirming, varying or setting aside the decision appealed against.

(6) The Tribunal shall send a copy of every order made by it to the parties to the appeal and to the Authority.

(7) Any appeal filed before the Tribunal under subsection (1) shall be dealt with by it as expeditiously as possible and the Tribunal shall endeavour to dispose of the appeal within 6 months from the date the appeal was lodged.

 

40.-  Procedure and powers of the Tribunal

(1) The Tribunal shall sit at such place and time as the Chairperson of the Tribunal may determine.

(2) Where the Tribunal adjourns any proceedings, it may resume them at such place and time as the Chairperson of the Tribunal may determine.

(3) Subject to any regulations made under section 48, all appeals before the Tribunal shall be instituted and conducted:

(a) as far as possible in the same manner as proceedings in a civil matter before a District Magistrate;

(b) in accordance with the law of evidence in force in Mauritius;

(c) in public, except where the Tribunal otherwise orders on the ground of public safety or public order or the privacy of persons concerned.

(4) The Tribunal may:

(a) make such orders for requiring the attendance of persons and the production of articles, documents or other electronic records, as it thinks necessary or expedient;

(b) take evidence on oath and may for that purpose administer oaths;

(c) on its own motion, call and hear any person as witness; and

(d) adopt such procedures as may be necessary for the proper functioning of the Tribunal.

(5) Any person who:

(a) fails to attend Tribunal after having been required to do so under subsection (4);

(b) refuses to take an oath before the Tribunal or to answer fully and satisfactorily to the best of his knowledge and belief any question lawfully put to him in any proceedings before the Tribunal or to produce any article or document when required to do so by this Tribunal;

(c) knowingly gives false evidence or evidence which he knows to be misleading before the Tribunal;

(d)  at any sitting of the Tribunal:

(i) wilfully insults any member thereof;

(ii)  wilfully interrupts the proceedings, or commits any contempt of the Tribunal, shall commit an offence.

 

41.-  Right to legal representation

The appellant may prosecute his appeal either in person or by a legal practitioner.

 

42.-  Determination of the Tribunal

(1) For the purpose of hearing and determining any cause or matter under this Act, the Tribunal shall be constituted of the Chairperson or Deputy Chairperson and at least any 2 of its members;

(2) Where the Tribunal is unable to reach a decision by unanimity, the Tribunal shall proceed to give its determination by a majority.

(3) A member of the Tribunal who has a direct interest in any cause or matter which is the subject of proceedings before the Tribunal shall not take part in those proceedings.

(4) Subject to section 43, a decision or finding of the Tribunal on any cause or matter before it shall be final and binding on the parties.

(5) On hearing an appeal, the Tribunal may confirm, amend, vary or cancel any decision referred to in section 24.

(6) Where a decision is confirmed or amended, the tribunal shall specify the delay within which it shall be complied with.

(7) Any person who fails to comply with a decision confirmed or amended by the Tribunal, shall commit an offence.

(8)

(a) The Tribunal may make such order as to costs as may be prescribed.

(b) An order made under paragraph (a) shall be enforced in the same manner as an order for costs in proceedings before a Magistrate.

(9) Proceedings before the Tribunal shall be exempt from registration dues.

 

43.-  Appeal to the Supreme Court

(1) Any party who is dissatisfied with the decision or findings of the Tribunal relating to an appeal as being erroneous in point of law may appeal to the Supreme Court.

(2) Any party wishing to appeal to the Supreme Court under subsection (1) shall within 21 days of the date of the decision of the Tribunal

(a) lodge with, or send by registered post to, the Chairperson of the Tribunal a written application requiring the Tribunal to state and sign a case for the opinion of the Supreme Court on the grounds stated therein;

(b) at the same time, forward a copy of his application by registered post to the other party.

(3) An appeal under this section shall be prosecuted in the manner provided by rules made by the Supreme Court.

 

44.-  Decision not suspended on appeal

No appeal to the Tribunal or the Supreme Court shall have for effect the suspension of any decision of the Authority.

 

PART IX .-  MISCELLANEOUS

 

45.-  Protection of members and officers

No liability, civil or criminal, shall attach to any member or officer of the Authority, or to the Authority, in respect of any loss arising from the exercise in good faith by a member or an officer or the Authority of his or its functions under this Act.

 

45A.-  Execution of documents

No deed or document relating to financial matters shall he executed or signed by or on behalf of the Authority unless it is signed by:

(a) the Chairperson or, in his absence, any other member designated by the Board; and

(b) the Executive Director or, in his absence, any other employee designated by the Executive Director.

(Added by Act nº 21 of 2016)

 

46.- Offences Any person who:

(a) by any form of emission, radiation, induction or other electromagnetic effect, harms the functioning of an information and communication service, including telecommunication service;

(b) with intent to defraud or to prevent the sending or delivery of a message, takes an information and communication message, including telecommunication message from the employee or agent of a licensee;

(c) with intent to defraud, takes a message from a place or vehicle used by a licensee in the performance of his functions;

(d) steals, secretes or destroys a message;

(e) wilfully or negligently omits or delays the transmission or delivery of a message;

(f) forges a message or transmits or otherwise makes use of a message knowing that it has been forged;

(g) knowingly sends, transmits or causes to be transmitted a false or fraudulent message;

(ga) uses telecommunication equipment to send, deliver or show a message which is obscene, indecent, abusive, threatening, false or misleading, or is likely to cause distress or anxiety;

(h) uses, in any manner other than that specified in paragraph (ga), an information and communication service, including telecommunication service,

(i) for the transmission or reception of a message which is grossly offensive, or of an indecent, obscene or menacing character; or

(ii) for the purpose of causing annoyance, inconvenience or needless anxiety to any person;

(iii) for the transmission of a message which is of a nature likely to endanger or compromise State defence, public safety or public order.

(i) dishonestly obtains or makes use of an information and communication service, including telecommunication service with intent to avoid payment of any applicable fee or charge;

(j) by means of an apparatus or device connected to an installation maintained or operated by a licensee:

(i) defrauds the licensee of any fee or charge properly payable for the use of a service;

(ii) causes the licensee to provide a service to some other person without payment by such other person of the appropriate fee or charge; or

(iii) fraudulently installs or causes to be installed an access to a telecommunication line;

(k) wilfully damages, interferes with, removes or destroys an information and communication installation or service including telecommunication installation or service maintained or operated by a licensee;

(ka) wilfully tampers or causes to be tampered the International Mobile Station Equipment (IMEI) of any mobile device;

(l) establishes, maintains or operates a network or service without a licence or in breach of the terms or conditions of a licence;

(m) without the prior approval of the Authority, imports any equipment capable of intercepting a message;

(n) discloses a message or information relating to such a message to any other person otherwise tan:

(i) in accordance with this Act;

(ii) with the consent of each of the sender of the message and each intended recipient of the message;

(iii) for the purpose of the administration of justice, or

(iv) as authorised by a Judge;

(na) knowingly provides information which is false or fabricated;

(o) except as expressly permitted by this Act or as authorized by a Judge, intercepts, authorises or permits another person to intercept, or does any act or thing that will enable him or another person to intercept, a message passing over a network;

(p) in any other manner contravenes this Act or any regulations made under this Act, shall commit an offence.

(Amended by Act nº 21 of 2016)

 

47.-  Penalties

(1) Any person who commits an offence under this Act, shall, on conviction, be liable to a fine not exceeding 1,000,000 rupees and to imprisonment for a term not exceeding 5 years.

(2) The Court before which a person is convicted of an offence under this Act may, in addition to any penalty imposed pursuant to subsection (1), order:

(a) the forfeiture of any installation or apparatus used in connection with the offence;

(b)  the cancellation of the licence held by the person convicted;

(c)   that the person convicted shall not be issued with a licence for such period as the Court thinks fit;

(d)   that a service provided to a person convicted of an offence under this Act shall be suspended for such period as the Court thinks fit.

(3) An offence under this Act shall:

(a) be triable by the Intermediate Court;

(b)   not be triable by a District Court.

 

48.- Regulations

(1) The Minister may, after consultation with the Board, make such regulations as he thinks fit for the purpose of this Act.

(2) Any regulation made under subsection (1) may provide:

(a) for the levying of fees and taking of charges;

(b)   for an amendment of the Schedules;

(c)   for the prescription of charging principles on the recommendation of the Board and such other matters as may be prescribed under this Act;

(d) that any person who contravenes them shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to imprisonment for a term not exceeding one year.

(Amended by Act nº 21 of 2016)

 

49.-  Repeal

The following enactments are repealed:

(a) The Telecommunications Act 1998;

(b) Section 21A of the National Computer Board Act 1988.

 

50.-  Consequential amendments

(1) The Central Tender Board Act is amended in the First Schedule, in Part IV, by inserting in its appropriate alphabetical order, the following ítem:

The Information and Communication Technologies Authority.

(2) Subject to subsections (3) and (4), the Schedule to the Statutory Bodies (Accounts and Audit) Act is amended in Part II by adding the ítem:

The Information and Communication Technologies Authority.

(3) For the purposes of the Statutory Bodies (Accounts and Audit) Act, the period extending from the commencement of this Act to 30 June next following shall be deemed to be the first financial year of the Authority.

(4) Section 7(1) of the Statutory Bodies (Accounts and Audit) Act shall not apply in relation to the first financial year of the Authority.

(5) The auditor to be appointed under section 5(1) of the Statutory Bodies (Accounts and Audit) Act shall be the Director of Audit.

(6) The Independent Broadcasting Authority Act 2000 is amended in the First Schedule by inserting therein the following ítems:

Subscription Television Rebroadcasting Services Licence.

Subscription Television Direct to Home Satellite Broadcasting

Service Provider Licence”

 

51.-  Transitional provisions

(1) Every tariff allowed or amended by the Authority under the repealed section 31 shall cease to be valid 6 months after the coming into operation of section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions) (No.2) Act 2011.

(2) Every tariff submitted to the Authority under the repealed section 31, pending before the commencement of section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions nº 2 Act 2011), shall, on the commencement of that section, be dealt with in accordance with section 31.

(3) Every public operator shall, at least 15 days before the expiry of the period of 6 months referred to in subsection (1), submit to the Authority, in such form and manner as the Authority may determine, with a tariff for every information and communication service which he wishes to continue to supply, in accordance with section 31.

(4) Every tariff submitted to the Authority under subsection (3) shall be in conformity with section 31.

(5) In subsections (1) and (2):

“repealed section 31” means the section 31 repealed by section 14(e) of the Economic and Financial Measures (Miscellaneous Provisions nº 2 Act 2011).

(Added by Act nº 38 of 2011)

 

SECTION (1 – 9) BELOW SPENT AS PER LEXIS NEXIS

(1) Every act done by, or in relation to, the Mauritius Telecommunication Authority established under section 4 of the Telecommunications Act 1998 shall be deemed to have been done, or commenced, as the case may be, by or in relation to the Authority.

(2)    Notwithstanding subsection (1), every person who has before the commencement of this Act been licensed under the Telecommunications Act 1998 for the operation of a telecommunication network or service shall

(a) be deemed to be licensed for a period not exceeding 3 months after the coming into operation of this Act, after which he shall surrender his licence or authority granted to him; and

(b) furnish to the Authority such further information as it may require concerning his operation under that licence or authority.

(3) Section 20(2) shall not apply to the first financial year of the Authority.

(4) Notwithstanding section 24 and subject to subsection (9), no public operator or any other person shall, in respect of the period commencing on the date of coming into operation of this Act and not extending beyond 31 December 2002, supply or offer to supply telecommunication services between places within Mauritius and places outside Mauritius otherwise than in accordance with an interconnection agreement with the Mauritius Telecom Ltd.

(Amended by Act nº 22 of 2002)

(5) A person who uses or provides a service otherwise than specified in subsection (4) shall commit an offence and shall be liable to a fine not exceeding 1,000,000 rupees and to imprisonment not exceeding 5 years.

(6) The Court may, in addition to the penalty imposed under subsection (5), order disconnection of any installation of apparatus used in the commission of the offence.

(7) It shall not be a defence to any prosecution under subsection (5) that the person prosecuted did not know of the non-existence of the interconnection agreement referred to in that subsection.

(8)   For the purposes of subsection (5)

(i) “a telecommunication service between places within Mauritius and places outside Mauritius” includes a “call back service”;

(ii)   “a call back service” includes a service permitting an international call to be made by a caller or subscriber in Mauritius whereby a foreign telecommunication service provider, or a reseller in a foreign country, initiates a return call or provides a dialling tone which enables the caller or subscriber to make an international call through the foreign telecommunication service provider or the reseller resulting in Mauritius Telecom Ltd being deprived of international call charges.

(9) Notwithstanding any other provision of this Act, the Mauritius Telecom Ltd shall be deemed to have, for period not extending beyond 31 December 2002, the exclusive right to supply, or to enter into an interconnection agreement or other appropriate agreement for the supply of telecommunication services between places within Mauritius and places outside Mauritius.

(10) The type of licences defined in the First Schedule shall continue until and unless the Authority determines otherwise.

(Amended by Act nº 33 of 2002)

 

52.-   Commencement

Proclaimed by:

(Proclamation nº 6 of 2002) w.e.f. 11th February 2002 (Section 1 and Part VII)

(Proclamation nº 27 of 2002) w.e.f. 1st June 2002 (Sections 2 and 3, PARTS II to VI and PART IX)

(Proclamation nº 35 of 2003) w.e.f. 1st December 2003 Part VIII

10Jul/17

Decree-Law nº 34 of 2006, Promulgating the Telecommunications Law

We, Hamad Bin Khalifa Al-Thani, the Emir of the State of Qatar,

In accordance with the Constitution and with regard to the following:

Law nº 11 of 1997 establishing the Qatari General Authority for Radio and Television, as amended by Law nº 9 of 2004;

Law nº 21 of 1998 concerning the conversion of the Qatari Public Telecommunications Establishment to a Qatari Shareholding Company;

Decree Law nº 36 of 2004 concerning the establishment of the Supreme Council for Telecommunications and Information Technology;

The proposal of the Supreme Council for Telecommunications and Information Technology; and the draft Law submitted by the Council of Ministers

Have decided the following Law:

Article 1.- Introduction

The provisions of the Telecommunications Law attached to this Law shall apply.

Article 2.- Introduction

The provisions of the attached Law shall apply to all government agencies, public bodies, institutions and persons, to all those who may have been granted special concessions or provisions concerning the regulation of telecommunications prior to the application of this Law, especially those subject to the provisions of the aforesaid Law nº 21 of 1998, and the Law of the Qatar Financial Centre by Law nº 7 of 2005, and Law nº 34 of 2005 of Free Zones Investment, and Law nº 36 of 2005 of establishing Free Zone for Science and Technology Park.

Article 3.- Introduction

The provisions of the attached Law shall not apply to:

1.      The content of the video and audio broadcast services which are subject to other statutory provisions.

2.      The content transmitted through IP networks telecommunications.

3.      The wireless devices or terminals which are imported or used by the armed forces, the Ministry of Interior or other security organizations.

Such parties shall abide by registering the data and frequencies of these devices or terminals. Registration shall be free of charge.

Article 4.- Introduction

The concession granted to Qatar Telecom (Qtel) under the aforementioned Law nº 21 of 1998 shall be revoked from the date of enforcing this Law, and all the powers and prerogatives concerning the organization of telecommunications, which were prescribed to Qatar Telecom (Qtel), shall devolve to the Supreme Council. Until a competitor Service Provider who is licensed under the attached Law starts to provide its services to the public, the company shall be committed to pay the annual fee provided for in Article 4 of the aforementioned Law nº 21 of 1998, and to provide the services it is undertaking in accordance with its provisions.

Article 5.- Introduction

Whoever owns operates or manages a Telecommunications Network, or provides telecommunications services in the State, at the enforcement date of this Law, shall operate according to the provisions of the attached law, within six months from the date of its enforcement. The Supreme Council has the power to extend this period.

Article 6.- Introduction

The Board of Directors shall issue the implementing regulation of the attached Law and the Secretary-General shall issue such other regulations, and  the Board of Directors shall also issue the decisions, orders, rules, instructions and circulars necessary to implement the provisions of the attached Law.

Article 7.- Introduction

Any articles contrary to the provisions of the attached Law shall be revoked

Article 8.- Introduction

All competent authorities, each in its jurisdiction, shall implement this decree, which shall be published in the Official Gazette.

Chapter One.- Definitions

 Article 1
In the application of the provisions of this Law, the following words and terms shall have the meanings assigned to them, unless the context otherwise requires:

Supreme Council: The Supreme Council of Telecommunications and Information Technology (I.C.T-Qatar).Board: Board of Directors of the Supreme Council.

Secretariat-General: The Secretariat-General of the Supreme Council.

Secretary-General: The Secretary General of the Supreme Council.

Qtel: Qatar Telecom (Qtel).

Telecommunications: Transmitting, broadcasting or receiving writing, signals, symbols, images, sounds, data, texts or information of any kind, by means of wired or wireless, optical or other electromagnetic means, or by any other means of telecommunications.

Telecommunications Network: Any wired, wireless, or fiber-optic system or
Electromagnetic systems to pass, convert and transfer the Telecommunications services between the endpoints of the network, including terrestrial networks, fixed, mobile and satellite networks and power transmission systems or other systems (to the extent used for Telecommunications), and switch networks with circuit or package (including those used to serve Internet Protocol), and the networks used to provide Broadcasting Services (including cable TV networks).

Radio Telecommunications: Any transmission, broadcasting or receipt of symbols, signals, texts, images, sounds, data, texts or information of any kind through electromagnetic waves in the Frequency Spectrum.

Transmission Service: Broadcasting radio and television programmes to the public free of charge, for payment or on the basis of subscription or any other basis, through the use of any type of Telecommunications Networks.

Terms of Service: General terms and conditions based on which the Service Provider provides the Telecommunications services to customers in accordance with the provisions of this Law.

Universal service: The provision of Telecommunications services to the public in accordance with the policy of Universal Service approved in accordance with the provisions of this Law.

Client: The person subscribing or using Telecommunications services, whether these services are for its own use or for resale.

Service Provider: the person licensed to provide one or more Telecommunications services to the public, or licensed to own, establish or operate a Telecommunications network to provide Telecommunications services to the public. It includes information providers or content provided by the Telecommunications Network.

Dominance: The dominance exercised by any person over the decisions of another person in any way, by enjoying an economic power which creates the authority to behave to a certain extent independently of competitors or customers, either directly through the ownership of shares or bonds, or indirectly through any contracts or agreements.

Dominant Service Provider: The Service Provider who enjoys a strong marketing or Dominance over a market or markets of the Telecommunications services in accordance with the provisions of Chapter IX of this Law.

Strong Position in the Market: The strong economic situation in the market for the Service Provider, which allows him to work independently of customers or competitors, or which allows him Dominance over the market or markets related to Telecommunications services, by working alone or together with others, all in accordance with the provisions of Chapter IX of this Law.

Telecommunications Facilities: Any facility, device, or other item used or which can be used in the transmission of Telecommunications services or in any process directly associated with the transmission of Telecommunications services.

Telecommunications Equipment: The equipment which can be linked directly or indirectly to a Telecommunications Network in order to send, transmit or receive Telecommunications services.

Interconnection: Physical and logical linking of the Telecommunications Networks used by the Service Provider itself or by a number of Service Providers, to enable the agents of the Service Provider to communicate among themselves or with customers belonging to another Service Provider, or enable them access to the services provided by another Service Provider.

Access: Access to Telecommunications Facilities or Telecommunications services between Service Providers, making these facilities, services, or both, available by the Service Provider for use by another Service Provider, according to specific terms and conditions, and on grounds of exclusive or non-exclusive rights to supply Telecommunications services, provided that the Access concept does not include, or will be applied to, the facilities or services for end users.

License: Individual or Class License issued pursuant to the provisions of Chapter III of this Law, or License to use the Frequency Spectrum, according to the provision of Chapter IV of this Law.

Licensee: The person holding a License in accordance with the provisions of this Law.

Individual License: The License granted to a particular person, in accordance with the provisions of Chapter III of this Law.

Class License: The License granted in accordance with the provisions of Chapter III of this Law to a defined group of Service Providers, which applies to any person within this category, without having to request this License.

Permit: Approval granted  for using the frequency or the provision of  Telecommunications service.

Frequency Spectrum: Spectrum of frequency that can be used in wireless Telecommunications according to the versions of the International Telecommunications Union.

License To Use The Frequency Spectrum: A License to use Frequency Spectrum, according to the plan, distributions, allocations and conditions set forth in Chapter IV of this Law.

Internet Protocol: Any set of Telecommunications protocols that define the standards of operational overlap, transmission and related systems within the Internet network, including the Transmission Dominance Protocol (TCP) and the protocol set (TCP/IP).

Frequency Band: Part of the Frequency Spectrum which begins with a frequency and ends with another.

National Plan For Frequency Spectrum: The plan which is prepared for the allocation and use of Frequency Spectrum to the concerned authorities.

Numbering: A pattern of serial numbers which defines a final point in the Telecommunications Network, and includes the information necessary to terminate calls to this final point.

Number Portability: Any service through which the Client can keep any current number without discomfort or any influence on the quality or availability of the service, when changing its position or moving from a Service Provider to another Service Provider.

National Numbering Plan: The plan prepared by the Secretariat-General for determining, allocating and distributing the numbers used in all Telecommunications services, or for any other purpose related to numbering.

International Rules: Any rules, instructions, orders, regulations, recommendations, guidelines, provisions, limitations, terminology, definitions or any other matters provided for in the agreements of the International Telecommunications Union and the Arab Union of Telecommunications, or any other agreements ratified by the State.

Chapter One: The Supreme Council of Telecommunications and Information Technology (I.C.T-Qatar)

Article 2.- Objectives

In addition to the objectives the Supreme Council is charged to achieve in accordance with the provisions of Article 3 of the aforementioned Decree Law nº 36 of 2004, it shall also achieve the following objectives:
  1. Developing the Telecommunications sector in order to promote national, social and economic development.
  1. Improving the performance of the Telecommunications sector in the State, by encouraging competition and promoting reliance on Telecommunications services.
  1. Encouraging the introduction of information technology and advanced and innovative Telecommunications to meet the needs of customers and the public.
  1. Increasing the benefits to customers and protecting their interests.
  1. Encouraging sustainable investment in the Telecommunications sector.
  1. Relying as much as possible on market forces for the protection of the interests of customers and the public.
  1. Determining and addressing non-competitive practices in the Telecommunications sector.
  1. Establishing a fair, objective and transparent licensing system for the Service Providers.
  1. Developing a system that meets the requirements of a fair competitive market through the promotion of Interconnection and related procedures between the Service Providers.
  1. Promoting the right of universal use of Telecommunications services.
  1. Adopting an effective accreditation system for the Telecommunications Equipment.
  1. Maintaining the organization of the Telecommunications sector in line with international norms.
  1. Ensuring the systematic development and regulation of the Telecommunications sector.

Article 3.- The Powers and Functions of the Council

The Board shall assume the following powers and functions:

  1. Granting, modifying, renewing, suspending, revoking and determining the conditions and procedures for issuance of the Individual and Class Licenses.
  2. Determining the fees of the Individual and Class Licenses and the charges for the License To Use The Frequency Spectrum, and any other fees or expenses to be paid by the Service Providers.
  3.  Adopting national plans for the Frequency Spectrum, numbering and adopting the Universal Service policy.

Article 4.- The Powers and Functions of the Secretariat-General

The Secretariat-General shall assume the following powers and functions:
  1. Granting, modifying, renewing, suspending and revoking Class Licenses and Permits and Licenses To Use The Frequency Spectrum, and determining the conditions and procedures for their issuance.
  1. Monitoring the compliance of Licensees with the terms of Licenses and Permits issued to them.
  1. Developing and managing the Frequency Spectrum plan and other scarce resources, ensuring optimal use, and maximizing their revenues to the extent required by International Rules.
  1. Developing and implementing the appropriate measures to prevent Service Providers carrying out anti-competitive practices.
  1. Developing the necessary procedures for the adoption of Telecommunications Equipment or their types that are connected to the Telecommunications Networks in the State, including the accreditation of the equipment that had already been accredited by other organizations or countries.
  1. Drawing up the terms of Interconnection and Access between Service Providers.
  1. Drawing up and managing the National Numbering Plan, and allocating numbers to Service Providers.
  1. Protecting the interests of customers, including the drawing up of rules for tariff regulation and standards of service quality, and monitoring the terms and conditions for providing Telecommunications services.
  1. Implementing any Universal Service program.
  1. Requesting information that will enable them to exercise their powers and perform their functions, including plans for developing the network or services, and financial, technical and statistical information, accounting records and other information.
  1. Verifying compliance with the provisions of this Law and its implementing regulations, and the rules and decisions issued in the implementation procedure.
The Secretariat-General, in order to achieve this, may use the services of specialized agencies, and academic or technical institutions or qualified consultants, to help perform some tasks and functions and cooperate and coordinate with ministries and other government agencies, bodies and public institutions.

Article 5.-  Secretary-General

The Secretary-General shall undertake all the technical, administrative and financial tasks of the Supreme Council as well as issuing regulations, decisions, orders, rules, instructions and circulars related to the organization of the Telecommunications sector, as determined by this Law and its implementing regulations, or as authorized by the Supreme Council.
The Secretary General shall give the Council a detailed annual report on aspects of the activities of the Telecommunications organization sector.

Article 6.-  Transparency and Non-Discrimination

The regulations, decisions, orders, rules, instructions and circulars issued pursuant to this Law must be transparent and non-discriminating between all Service Providers and other participants in the market.
It is not discrimination to take any decisions in accordance with the provisions of this Law and its implementing regulations, which would have a different impact on any Service Providers or any other participant in the market, when it is attributed to the particular circumstances of the aforementioned.
Article 7.- Conflict of Interest
None of the members of the Council, the Secretary-General or the staff of the Supreme Council may have any personal interest, direct or indirect, in the contracts concluded with or for the Supreme Council, the projects carried out, or Permits, works or activities which are issued in accordance with the provisions of this Law, or any other activities that are incompatible with the proper exercise of their responsibilities. In particular, the following shall be deemed prohibited personal interest in the application of the provisions of this Law:
  1. The basic or participatory ownership of any kind of the Telecommunications Network operator, Telecommunications Services Provider, or the manufacturer or supplier of Telecommunications Equipment, provided that he possesses more than five percent (5%) of any class of shares, any ordinary shares or debt securities whose value exceeds that set in any circular issued by the Council.
  2. Material benefit, or basic or participation ownership prohibited in accordance with the above item, which is transferred to any party concerned by virtue of this Article, as a result of a will or inheritance, or which becomes prohibited in accordance with any declaration made by the Board.
Conflict of interest, when realized according to the provision of any of the foregoing items, shall only cease if the material benefit or substantial or participatory ownership is reduced, to the extent set out in this Article, within three months from the date of transfer of the will or inheritance, or by the effective date of the pertinent declaration, as the case may be.
Article 8
All License fees of all kinds, and other fees and costs that the Service Providers shall pay, are from the funds realized by the Supreme Council from exercising its activities, which fall within the components of its financial resources in accordance with the provisions of Article 20 of the aforementioned Decree Law nº 36 of 2004.

Chapter Three.- Telecommunications Licenses

Article 9.- License Requirements

No person may, without a License, exercise any of the following:

  1. The provision of Telecommunications services to the public for a fee, direct or indirect, whether services are provided partly or as a whole. This includes the resale of Telecommunications services that are obtained from third parties, even if the beneficiary of this service is one person.
  2. Owning or operating a Telecommunications Network that is used to provide Telecommunications service to the public for a fee, direct or indirect.
  3.  Owning or operating any other Telecommunications Network.

 

Article 10.- Types of License

Telecommunications Licenses shall be as follows:
  1. Individual Licenses.
  1. Class Licenses.
The Secretariat-General shall publish the instructions that set forth the Telecommunications services and related activities that require Individual or Class Licenses, as determined by the implementing regulations of this Law.
Article 11.- License Provisions and Compliance
The Secretariat-General shall determine the fair and objective terms, conditions, procedures and standards required for the granting and renewal of Telecommunications Licenses in accordance with the provisions of this Law. The Secretary-General shall issue the relevant decisions, directives, orders and circulars, which shall be published in the Official Gazette.
The Secretariat-General shall have the power to monitor the extent of compliance, and scrutinize the Licensees with regard to the terms of their Licenses. The Secretary-General shall implement the work of this Dominance.
The Licensee who has an Individual License may only relinquish it to others with the approval of the Board. Regarding the category Licenses and Licenses To Use The Frequency Spectrum, they may only be waived after the approval of the Secretary-General.

Article 12.- Non-Renewal, Modification, Suspension and Revocation of Licenses

The Council shall, based on the proposal of the Secretary-General, have the right not to renew, modify, suspend or revoke the Individual Licenses. The Secretary-General shall have the same right regarding the Class Licenses, in any of the following circumstances:

  1. Repeated violation of the provisions of the Law, its implementing regulations, rules, decisions, and orders implementing it or any of the terms of the License.
  1. Non-payment of the fees prescribed for the License or for its renewal, or any other financial amount in accordance with the provisions of this Law and its implementing decisions.
  1. Death, or the expiration of a legal licensed person for any reason.
  1. Assignment of the License without the consent of the Council or the Secretary-General.
The Secretariat-General, in the event that the License is not renewed, or is modified, suspended or revoked, shall take appropriate measures to mitigate the negative impact that may ensue on the service and customers.

Chapter Fourth.- Frequency Spectrum

Article 13.- Frequency Spectrum
The Frequency Spectrum shall be a limited natural resource that is owned by the State, and the Supreme Council shall be the body responsible for organizing and managing all affairs relating to its use.

Article 14.- Procedures for the Management of the Frequency Spectrum

The Secretariat-General shall be entrusted with the management, allocation and distribution of frequencies in the Frequency Spectrum, systematically and effectively in accordance with the provisions of this Law and the relevant international norms. To this end, it may perform the following:

  1. Drawing up and maintaining the National Plan For Frequency Spectrum, and managing, distributing and allocating frequencies in accordance with that plan.
  2. Monitoring the implementation of the use of radio frequencies and Frequency Spectrum according to the National Plan For Frequency Spectrum, pertinent distributions and allocations and applicable License terms, and the preparation of the National Register for Frequencies wherein all information relating to frequencies, distribution, allocation and use are recorded.
  3. The formation of and supervision over committees and over any committee or committees existing to coordinate the uses of frequencies, including civil, non-civil and commercial uses. The Secretariat-General may issue the regulations and rules necessary for the establishment and operation of these committees.

 

Article 15.- Licenses To Use The Frequency Spectrum
No person may operate any Telecommunications device or use frequencies until obtaining a License to Use the Frequency Spectrum, or a Permit to use the frequencies.
Article 16.- The Obligations of Licensees Using The Frequency Spectrum
The Licensee shall use the Frequency Spectrum according to the conditions set forth in this Law, its implementing regulations, rules and orders, in accordance with the conditions set forth in the License granted to him.
The Secretariat-General may monitor the use of Frequency Spectrum, detect the use of unlicensed frequencies and verify the commitment of Licensees with the terms of the License.

Article 17.- The Conditions of Non-renewing, Modifying, Suspending or Revoking the  Licenses To Use The Frequency Spectrum

The Secretary-General may not renew, modify, suspend or revoke the issued Licenses to Use the Frequency Spectrum, in any of the following circumstances:

Repeated violation of the provisions of the Law, its implementing regulations, rules, decisions, and orders relating to it or any of the terms set out in the License.

Misusing the licensed frequencies or using them other than for the allocated purposes.

Non-payment of the fees prescribed for the License or for its renewal, or any other financial amount in accordance with the provisions of this Law and its implementing regulations.

Death or the expiration of the legal licensed person for any reason.

Assignment of the License without the consent of the Secretary-General.

The Secretariat-General, in the event that the License to Use the Frequency Spectrum is not renewed, or is modified, suspended or revoked, shall take appropriate measures to mitigate the negative impact that may ensue on the service and customers.

Chapter Five.- Interconnection and Access

 

Article 18.- The Rights, Obligations and Conditions of Interconnection and Access
The Secretariat-General shall determine the rights, obligations and conditions for Interconnection and Access, and shall oversee and monitor compliance.  Each licensed Service Provider shall have the rights and obligations regarding Interconnection and Access as follows:

The right to engage in discussions, on the basis of good faith, with another Service Provider to reach an agreement on Interconnection and Access.

The right to Interconnection and Access to services or facilities of another Service Provider, according to the terms of Interconnection and Access.

The obligations set forth in Article 24 of this Law regarding the Dominant Service Provider for reasons of Interconnection and Access.

Abiding by the rules of Interconnection and Access as provided for in Article 21 of the Law.

The obligation to provide Interconnection and Access to services or facilities of another Service Provider, according to the terms of Interconnection and Access.

 

Article 19.- The Tasks and Duties of the Secretariat-General in the Field of Interconnection and Access
The Secretariat-General shall assume the following tasks and duties in the field of Interconnection and Access:

Promoting the appropriate, effective and low-cost Interconnection between the Telecommunications Networks, and promoting the Access of the Service Providers to the service facilities of the other Service Providers, to ensure the operational continuity of the Telecommunications services which begin or end in the State and to promote the growth of competitive markets for the Telecommunications services.

Establishing an open, transparent and commercially viable organizational structure that aims to facilitate regulatory procedures and eliminates or mitigates the effects of other barriers to entry into the Telecommunications market.

Facilitating negotiation between parties to reach agreements on Interconnection and Access.

Ensuring that the convention on Access and Interconnection meets the requirements of this Law and its implementing regulations and any regulations, rules or orders applicable to Interconnection and Access.

Determining which Service Provider is deemed a Dominant Service Provider in any Telecommunications market regarding Interconnection and Access.

Identifying the additional commitments on Interconnection and Access that apply to the Dominant Service Providers.
The obligations set forth in Articles 20, 22 and 24 of this Law, including those regarding Access to information and technical equipment, and related to requests for Interconnection and Access.

The obligations contained in or attached to the reference offer for Interconnection and which are specified by the Secretariat-General, in the case of a Dominant Service Provider and for the reasons of Interconnection and Access in accordance with the provisions of Article 24 of this Law.

Any obligations or requests for a Dominant Service Provider regarding Interconnection and Access as specified by the Secretariat-General, related to their charges, calculation of costs or the requirements of accounting separation in accordance with the provisions of Articles 24, 25 and 33 of this Law.

 

Article 20.- Interconnection Negotiations
Each Service Provider shall,  on receipt of a written request from another Service Provider for Interconnection or Access, proceed to negotiate in good faith with the applicant in order to reach an agreement on Interconnection or Access for:

1.- Linking their respective networks.

2.- Providing Access to the Telecommunications Facilities including the main offices and other locations of the devices, emergency, towers, columns, lines of Telecommunications and underground facilities, wherever necessary and reasonable to enable the Service Providers to provide the same to their customers.

 

Article 21.- Controls of Interconnection and Access
No Service Provider is obliged to enter into any agreement for Interconnection and Access based on conditions that would, in its reasonable opinion, cause physical damage or harm to any person or property, cause material injury to its network and Telecommunications Facilities or adversely affect the performance of any of them, or the Telecommunications services he is providing, or which are not reasonable in the light of the technical or economic data available.
Article 22.- Breach of the Obligation to Negotiate in Good Faith
The following acts and practices shall be deemed a breach of the obligation to negotiate in good faith on Interconnection and Access:

1.- Hindering or disrupting negotiations or failing to make reasonable efforts to resolve the existing differences.

2.- Refusing to provide data on the services or Telecommunications Networks of the Service Provider or its facilities which are required to arrange Interconnection and Access processes.

3.- Influence in any way the ability of the Service Provider to communicate with the Supreme Council.

4.- Refusing to amend the terms of Interconnection and Access, without reasonable justification to suit the changes in this Law or any regulations, rules or orders.

 

Article 23.- Identification of the Dominant Service Providers
The Secretariat-General may, for purposes of Interconnection or Access, decide to deem any Service Provider as a Dominant Service Provider in one or more Telecommunications markets, according to the competition policy and the principles and procedures set forth in Chapter IX of this Law.
Article 24.- The Obligations of the Dominant Service Provider Regarding
                       Interconnection and Access
In addition to the provisions of Article 20 of this Law, the Dominant Service Provider must respond to any reasonable request for Interconnection and Access to its Telecommunications Network, whenever technically feasible.
In similar circumstances, it must apply the same terms to all Service Providers for obtaining Interconnection or Access.
It must also be committed to provide Interconnection and Access to all Service Providers using the same conditions and quality  with which it provides its own connection services or those which belong to its subsidiaries.
Article 25.- The Rights and Obligations of the Dominant Service Providers
In addition to the provisions of this Chapter, the implementing regulations, rules and instructions issued in this regard shall set forth the rights and obligations of the Dominant Service Providers, including the following:

1.- Any requirements for obtaining prior approval from the Secretariat-General on the prices of Interconnection and Access, on calculating the cost or the accounting separation between the various costs.

2.- Any requirements relating to the preparation of a reference offer and the content of the offer.

3.- Any requirements relating to the deposition and publication of Interconnection and Access agreements.

 

Chapter Six.- Tariff Regulation for the Dominant Service Providers

 

Article 26.- Identification of the Elements of Tariff Offers
The Secretariat-General shall have the authority to define the elements necessary to provide tariff offers, and adopt and disseminate the same with regards to Telecommunications services. It may develop other rules for organizing prices and tariffs, including the application of any programme to restore balance in prices or define their ceilings.
Article 27.- Tariff Regulation for the Dominant Service Providers
The provisions regulating tariffs, as provided for in the following Articles, shall apply to the Service Providers who are classified by the Secretariat-General as Dominant Service Providers in one or more of the markets of Telecommunications service, according to competition policy, and the rules and regulations set forth in Chapter IX of this Law.
Article 28.- Presentation of Tariff Offers and their Pre-Approval
The Dominant Service Providers shall submit to the Secretariat-General tariffs offers, rates and fees for Telecommunications services in the markets where they have been classified as Dominant Service Providers and obtain pre-approval.
The Secretariat-General may exempt the Dominant Service Providers from providing their tariffs and obtaining a prior approval, if it considers that the competitive market forces alone are enough to protect the interests of customers, and the elimination of dangers harmful to competition.
Article 29.- Extra Fees
The tariff of the Telecommunications services provided by the Dominant Service Providers must be based on the cost of providing the service effectively, provided that the tariff does not contain any extra duties resulting from the position of Dominance enjoyed by the Service Provider. The Secretariat-General may issue substantiated resolutions to amend the tariff if it considers it is not commensurate with the cost of providing the service, provided that the ruling declares the new amount.
Article 30.- Approval of the Temporary Tariff
The Secretariat-General may issue an interim decision to adopt any temporary tariff until the completion of its evaluation, and it may amend that decision or make it final or revoked.
Article 31.- Compliance with the Tariff
No Dominant Service Provider may apply or change any tariff, rates, fees or any other payment that violates the tariff approved by the Secretariat-General. Any contrary agreement or arrangement between the Service Provider and any Client shall be prohibited.
Article 32.- Cost Studies
The Secretariat-General, at its expense, may assign any Dominant Service Provider to prepare or participate in a study on the cost of services provided, if the Secretariat-General deems that such a study is necessary to prevent any conduct that is harmful to competition or that is necessary to regulate the tariffs and prices.
Article 33.- Accounting Practices
If the Secretariat-General sees that some accounting practices or accounting separation, between the different types of activities and services, represent an effective and necessary tool to prevent  conduct that is harmful to competition, or to regulate the tariffs and prices, it will be entitled to ask any Dominant Service Provider to adopt such practices or any other accounting practices to determine the cost of its services, including the preparation of cost studies for each type of activity or service, or make an accounting separation between the different types.
Article 34.- National Numbering Plan
The Secretariat-General shall develop and maintain a National Numbering Plan and shall manage the distribution and allocation of numbers, E-addresses, capabilities and associated resources and control their use in accordance with the terms of Licenses, and take action to enforce compliance.  The National Numbering Plan must be in accordance with the International Rules. The Service Providers must ensure that the allocation, distribution and use of numbers and email addresses given to them, and related capabilities and resources, are compatible with the National Numbering Plan, regulations, orders, rules and declarations related to them.
Article 35.- Practicing Numbering
The distribution and allocation of numbers shall not gain any proprietary rights or private rights other than the right of use for the Service Provider or its customers, whether the distribution or allocation is in return for or without charge. The Secretariat-General may, where appropriate, re-distribute and allocate the numbers to the Service Providers. Furthermore, any Service Provider may change the number assigned to any customer on reasonable grounds and in accordance with the orders, decisions and circulars issued by the Secretariat-General in this regard. In the cases where the customer has obtained the number for a charge, the Service Provider shall be obliged to refund or compensate it fairly. The Secretariat-General may issue the orders, rules, decisions and circulars governing the distribution and allocation of numbers and re-distribution or allocation of the same, including the rules governing the collection of any fee or charge for  receiving those numbers.
Article 36.- Plans for the Application of Number Portability and Selection of Service Providers
The Secretariat-General, after consulting the concerned Service Providers and relevant parties, may issue the necessary decisions on the development of a plan for Number Portability and Service Provider selection. The development plan must include the Service Providers’ obligations in the operational and financial aspects of the facilities and systems necessary to implement this plan.

Chapter Eight.- Universal Service Policy

 

Article 37.- Application of Universal Service Policy
The Secretariat-General shall be responsible for the application of any Universal Service policy, including the following:

1.- Definition of the rights and duties of the Service Providers in the application of Universal Service initiatives.

2.- Identification of means of funding for any Universal Service initiatives.

 

Article 38.- The Obligation of the Service Provider to Provide Universal Service
Service Providers shall comply with the regulations, decisions and orders issued by the Secretariat-General to implement the Universal Service, including the obligations related to funding.
Article 39.- Universal Service Fund
The Council, after the adoption of the Universal Service policy, may establish a fund called the Universal Service Fund to support the costs of providing Universal Service. A decision shall be issued by the Secretary-General for regulating the fund, defining its powers, its procedures of payment and the Service Providers’ obligations to contribute to it.

Chapter Nine.- Competition Policy

Article 40.- Development and Application of Competition Policy
The Secretariat-General shall develop and apply the competition policy and the related regulations in the Telecommunications sector and in the Telecommunications markets defined in the State. To this end, it shall do the following:

1.- Review the state of competition in the Telecommunications markets in the State, exercise its powers, functions and authorities to promote competition in the provision of Telecommunications services.

2.- Update the competition policy and its related regulations to reflect the state of competition in those markets, provided that the aim  of relying on market forces is  consistent with protecting the interests of the customers and the public.

3.- Determine the criteria to be applied in the classification of Service Providers who have a Strong Position in the Market or who enjoy a Dominant position in specific Telecommunications markets, and the application of that criteria in any classification process.

4.- Control and prevent the misuse of the market power or Dominant position and anti-competitive practices, as defined under this Law.

5.- Determine the appropriate procedures and arrangements to address the misuse of market power and behavior specified as non-competitive, and apply the same to promote competition and to protect the interests of customers and the public.

Article 41.- The Prohibition of Anti-Competitive Practices
Service providers shall be prohibited from exercising non-competitive practices. Service providers who are classified as enjoying a Strong Position in the Market, or who are Dominant in a market or several markets of Telecommunications in the State, shall undertake not to abuse their market power or Dominance in those markets or anything related to them. The Secretariat-General may determine whether the conduct of any of the Service Providers constitutes an abuse of the market power, or an abuse of Dominance, or any other non-competitive practice. If the Secretariat-General decides that abuse has occurred it may take such action as it sees fit.
Article 42.- Categories of Strong Position in the Market
The Secretariat-General shall classify the Service Providers and determine the extent of the strong or Dominant position they enjoy in the market. Before classification, it shall do the following:

1.- Identify the markets of the relevant products and services, including the geographical area or region.

2.- Determine the criteria and methodology to be applied in determining the degree of market power, or the other standards of the Strong Position in the Market or Dominance in the relevant markets.

3.- Undertake an analysis of the markets of relevant products and services through the application of the relevant criteria and methodology.

The decisions that classify the Service Providers as having a Strong Position in the Market or Dominance shall define the markets of relevant products and services, the standards, and the methodology and circumstances relied upon to justify this classification. The Secretariat-General may consult the Service Providers, customers or any of the other stakeholders when identifying any market, analyzing or classifying the market forces in accordance with the provisions of this Article. The implementing regulations, other regulations, rules and issued orders shall define the standards, methodologies and processes for the classification of market forces.
Article 43.- Abuse of Dominance
Dominant Service Providers are prohibited to engage in activities or acts that constitute an abuse of dominance. The following acts and activities, in particular, shall be considered as abuse of dominance:
1- Failure to supply Interconnection or Access services or facilities to other service providers within a reasonable period of time from the time requests for such services had been presented. Excluded are cases when failure to supply any of such services is justified;
2- Failure to supply Interconnection or Access related services or facilities to other service providers on the same terms the service provider provides such services and facilities to its own facilities or those of its subsidiaries or affiliates. Excluded are the cases where the differences in the terms of services are justified;
3- Bundling up a number of telecommunications services in one package so that a competitor service provider has to obtain such package as a pre-requite for providing any of such services from Dominant Service Provider;
4- Providing an offer on more preferential terms and conditions and in a manner not based on differences in costs where a competing service provider is to acquires a service that is not required of him;
5- Monopolising the use of scarce facilities or resources of exclusive use, with the effect of denying a competing service provider from using such facilities or resources or from enjoying its right of Access.
6- Supplying competitive telecommunications services at prices below long-term incremental costs or any other cost criteria specified by the General Secretariat;
7- Using revenues or transferring a part of the cost of a specific telecommunications service to subsidise another telecommunications service supplied by same service provider, except where such subsidy is approved by the General Secretariat;
8- Failure to meet Interconnection service obligations;
9- Performing any acts that have the effect of substantially reducing competition in any telecommunications market, in particular any of the following acts:
a. reducing the margin of profit available to a competitor that requires a set of telecommunications services from Dominant Service Provider;
b. agreeing with a supplier not to sell to a competitor;
c. adopting technical specifications for networks or systems for the purposes of preventing interconnection or interoperability with a network or system of a competing service provider;
d. failure to make available within an appropriate period of time technical specifications, and information about essential telecommunications facilities or services or other related commercial information which are required by other service providers to provide telecommunications services; and
e. the use by Dominant Service Providers of information related to interconnection or other telecommunications facilities or services provided by competing service providers with the purposes of competing with them.
Article 44.- The Prohibition of Unjustified Discrimination
The Dominant Service Providers shall provide the conditions and quality of a standard service for all customers, including the tariff fee. The Secretariat-General may  decide otherwise if differing conditions were justified objectively based on a difference in the conditions of service supply, including the various costs, traffic volumes or the lack of available facilities or resources. This shall be applied  to customers who receive service for resale to their own customers and end-users. The Dominant Service Provider shall submit to the Secretariat-General sufficient justification for the existence of any discrimination, and must cease discrimination when receiving a notification from the Secretariat-General.
Article 45.- Other Non-Competitive Practices
No person shall participate in any practices that prevent competition or lead to a drop in the Telecommunications markets, in particular, the agreement between two or more Service Providers to determine the rates and conditions of service in the Telecommunications markets, distribution of employment opportunities and contracts, or sharing of Telecommunications markets among them.
Article 46.- Treatment of Non-Competitive Practices
If the Service Provider carries out non-competitive practices or the Dominant Service Provider abuses its Dominance, the Secretariat-General may issue any decisions to remedy anti-competitive practices or abuse of Dominance, and is entitled to do the following:
  1. Oblige the persons concerned to stop the work or activity that causes this practice, or make specific changes in the work or activity to eliminate or mitigate its negative impact on competition.
  2. Oblige the concerned Service Providers to submit periodic reports to the Secretariat-General to determine the extent of their adherence to its decisions.
  3. Refer the violator to the prosecution authority with a view to initiating criminal proceedings.

 

Article 47.- The Powers of the Secretariat-General in the Transfer of Dominance
The Secretariat-General shall review the proposals for the transfer of Dominance over the Service Providers. The Secretariat-General, upon reviewing the proposals for the transfer of Dominance, shall have the right to approve the transfer, grant conditional approval or reject the transfer. When deciding to approve the transfer, grant conditional approval, or reject, the Secretariat-General shall take into account the effects of the proposed transfer on the Telecommunications markets in the State, particularly its effects on competition in those markets and the related interests of customers and the public.

Chapter Ten.-  Consumer Protection

Article 48.- Preparation and Development of Consumer Protection Policy
The Secretariat-General shall prepare a policy for consumer protection in accordance with this Law, or any other related laws.

Article 49.- The Application of Consumer Protection Policy

When applying the consumer protection policy, the Secretariat-General shall carry out the following powers:

  1. Control the conditions of service between the Service Providers and customers.
  2. Determine and develop the applied standards of the quality of the service.
  3. Follow up and prevent abusive and misleading trade practices.
  4. Ensure the availability of effective procedures to resolve customer disputes.
  5. Review the conditions of competition in any markets for Telecommunications services that are determined by the State, review and update the consumer protection policy and related regulations to reflect the state of competition in those markets with the purpose of relying on market forces to protect the interests of customers. The Service Providers must abide by the rules, conditions, standards and practices relating to the policy of consumer protection.

 

Article 50.- Consumer Protection Regulations

The Secretariat-General shall determine the rules that regulate the drawing-up, development and application of the consumer protection policy, in the following matters:

  1. The practice of Service Providers regarding the issuance of invoices and retention of documents and papers relating to the services provided.
  2. The Terms of Service delivery, its adoption, publication and posting.
  3. The procedures for Service Providers to resolve disputes and complaints of the customers.
  4. The provision of telephone directories, directory services and service centres.
  5. The exploitation of Telecommunications services in the promotion of products and other goods.
  6. The requirements of service quality, quality control and quality compliance.
  7. Access to the Clients’ premises and property.
  8. The responsibility of Service Providers for the services and mandates they provide, and the limits of that responsibility.

 

Article 51.- Fair Practices
The Service Provider must provide the Client, before its subscription to the service, or before assuming any commercial obligations towards the Service Provider, with the Terms of Service and any other terms and conditions and all tariffs, prices and costs applicable to any Telecommunications service. The Service Providers may impose on the Client only the service fee specified for the selected Telecommunications, or the fee specified for Telecommunications Equipment requested by the Client. The Client shall not be responsible for paying any fee for any service or equipment for communications it did not request.

Article 52.- Protection of Customer Information

The Service Providers in managing their networks, facilities and related systems, shall take into account the rights of privacy of the Client. It is their responsibility to maintain the information and data of the Client and the Telecommunications in their possession, and they shall provide adequate protection for the same. The Service Provider may not collect, use, retain or announce any information of any customer except with its consent or as permitted by Law. The Service Providers must ensure that the information submitted is accurate, complete and valid for the purpose of use.
The customers shall have the right to request correction or deletion of any information relating to them. Nothing in the provisions of this Article shall prevent the relevant authorities from obtaining any confidential information or communications relating to the customers in accordance with this Law.

Chapter Eleven.- Access to property

 

Article 53.- Access Procedures
The Secretariat-General shall develop the rules necessary to facilitate Access to private and public property, in order to install, operate and maintain the Telecommunications Facilities according to the provisions of this Law in coordination with the relevant authorities.

Chapter Twelve.- Accreditation of the Criteria for Telecommunications Equipment

 

Article 54.- Definition and Accreditation of the Criteria for Telecommunications Equipment
The Secretariat-General shall define the technical standards and specifications for the Telecommunications Equipment, their types, accreditation requirements and the procedures to be applied to those standards and specifications, according to the provisions of this Law, and any other relevant Laws.
Article 55.- The compliance of the Service Providers and Suppliers with the
Telecommunications Equipment Standards and Accreditation and          Certification Requirements
The Service Providers and suppliers of Telecommunications Equipment shall undertake that all the Telecommunications Equipment used, imported, manufactured or supplied in any way for use in the State shall be consistent with the standards of equipment, International Rules, and certification requirements established by the Secretariat-General
Article 56.- Definition of Equipment Standards
The Secretariat-General, in exercising its powers regarding the definition and accreditation of equipment standards and adoption, shall carry out the following:
  1. Set forth the technical standards or specifications for the Telecommunications Equipment or their types.
  2. Define the technical standards or specifications for the Telecommunications Equipment or their types which are set by the other authorities or bodies concerned with standards, in order to be approved and adopted in the State.
  3. Create or identify the test systems and facilities to accredit the use of Telecommunications Equipment or their types.
  4. Identify the appropriate international and regional regulations or testing facilities for the accreditation of Telecommunications Equipment or their types and approval of the use.
  5. Approve the accreditation of other certifications of Telecommunications Equipment by the other competent authorities or bodies, and consider the same as sufficient for using this equipment, in accordance with the International Rules.
The Secretariat-General may, whenever it is necessary to avoid any damage or interference with the work of Telecommunications Networks, issue an order prohibiting the manufacture, import or use of certain Telecommunications Equipment or their types.  The Secretariat-General shall ensure that the technical standards and specifications and the requirements for mandatory accreditation are compatible with the approved technical requirements for the electrical equipment, wireless Telecommunications devices and products designed for use in the State.
Article 57.- Management of Criteria
The Secretariat-General shall keep records of accredited and prohibited Telecommunications Equipment. It shall make one or more declaration indicating the applicable standards and specifications required and the bodies responsible for test and measurement, the foundations for issuing the certification, accreditation of Telecommunications Equipment or their types and the adopted procedures and practices
Article 58.- Telecommunications Equipment Used before Enforcing the Law
The Telecommunications Equipment approved before enforcing the provisions of this Law, installed or connected to a public Telecommunications Network, shall be certified and approved for use in the State, unless the Secretariat-General has decided that they interfere with the work of any Telecommunications Network, equipment or facilities, or pose a public danger.

Chapter Thirteen.- National security and cases of public emergency

 

Article 59.- The Obligations of Service Providers
The Service Providers must comply with the requirements of the security authorities in the country especially with the requirements of maintaining national security and adhere to the guidance of government agencies in cases of public emergency. They must also observe the implementation of the orders and instructions issued by the Secretariat-General on the development of a service network or mechanism to meet those requirements.
Article 60.- Compensation and Recovery of Expenses
The Service Providers may request and recover any expenses resulting from the execution of orders and directives issued in accordance with the provisions of the preceding Article. Such a claim may not be based on loss of income, expenses, or indirect damages resulting from any period of suspension of service.

Chapter Fourteen.-  Settlement of Disputes

 

Article 61.- Settlement of Disputes by the Secretariat-General
The Secretariat-General shall settle the disputes that arise among the Service Providers and between them and others. The decision issued by the Secretariat-General regarding the dispute shall be final and enforceable. No case regarding the dispute may be accepted until a decision is issued by the Secretariat-General or until the passage of sixty days from the date of it being submitted, whichever is earlier. The implementing regulations shall govern the rules and procedures related to the dispute.

Chapter Fifteen.- The Authority to Inspect, Verify and Control

 

Article 62.- Provision of Information
The Secretariat-General may request the Service Providers or others to supply information necessary for the exercise of its powers. The information must be provided in the form, manner and time determined by the Secretariat-General. Any person required to provide information shall inform the Secretariat-General of any reasons which prevent this, and may request that the information provided may not be disclosed, in whole or part, because of its commercial nature or confidentiality.
Article 63.- The Authority to Inspect, Verify and Control
The employees of the Supreme Council, who shall be invested with the power of judicial control based on a decision from the prosecutor in agreement with the President of the Council, shall have the power to investigate and prosecute the crimes committed in violation of the provisions of this Law. They will have the authority to enter relevant places and have Access to records and documents, as well as checking equipment and Telecommunications systems and any other related things and requesting the data and clarifications they deem necessary.

Chapter Sixteen.- Offences and Sanctions

 

Article 64

 Without prejudice to any severer penalty provided for in any other law, the offences set forth in the following Articles shall be punished based on the penalties indicated.
Article 65
Whoever intentionally causes the disruption of Telecommunications or intentionally damages for this purpose some of the buildings or facilities allocated to the Telecommunications Networks, infrastructure or their Telecommunications lines, or makes all or part of them unfit for use shall be punished with imprisonment for not less than one year and not more than five years and with a fine of not less than fifty thousand (50,000) Riyals and not more than 500,000(five hundred thousand) Riyals.  If any of the acts referred to in the preceding paragraph are as a result of negligence or lack of precaution, the punishment shall be imprisonment for not more than three months and a fine of not more than fifty thousand (50,000 ) Riyals, or either one of the penalties. In all cases, the court shall compel the person who committed such act(s) to pay the value of the damage, or the cost of restoration, without prejudice to the right to compensation, if required.
Article 66
Whoever intentionally commits one of the following acts shall be punished with imprisonment for a period not exceeding one year and with a fine not exceeding fifty thousand (50,000 ) Riyals, or with either of the penalties:
  1. Using one of the Telecommunications Facilities or obtaining one of its services without payment of the costs prescribed.
  2. Accessing a Telecommunications Network or facility or a system associated with it by penetrating the security measures with the purpose of obtaining data or Telecommunications service.
  3. Wiretapping Telecommunications not intended for the public with technical means, intercepting radio waves which are intended for others, interfering with radio waves which are intended for others or other purposes which are contrary to this Law.
  4. Causing damage to, repealing, intercepting, altering or discontinuing the work of any Telecommunications Network or tool, or tampering with it in any way.
  5. Possessing, producing, selling or providing for the purpose of usage or importation, or distributing or providing a device in any other way, or password in the computer, Access code or any similar data that allows Access to a facility or network from Telecommunications, or a system linked with it, with the intent of committing any of the crimes provided in the previous four items of this Article.
  6. Using or allowing the use of a Telecommunications Network with the purpose of the disturbance, excitement or abuse of any person.
  7. Using any Telecommunications service or facility in a manner that leads to a violation of the provisions of this Law or other laws.

 

Article 67

Whoever violates a provision in any of Article 9, paragraph 3 of Article 11, and Articles 15 and 16 of this Law or violates any of the licensing or Permit conditions shall be punished with imprisonment for a period not exceeding one year and with a fine not exceeding one million) (1,000,000) Riyals.

 

Article 68

Whoever commits, without obtaining a License, one of the following acts shall be punished with imprisonment for a period not exceeding one year and with a fine that not exceeding twenty thousand (20,000) Riyals:
  1. Importing or manufacturing one of the of Telecommunications devices with the purpose of marketing the same.
  2. Acquiring, installing or operating any wireless Telecommunications devices.
Punishment shall be imprisonment for not less than two years and not exceeding five years if the import or manufacturing or acquisition is for the purpose of violating national security. The court shall in all cases order the confiscation of the equipment and devices used in committing the crime.
Article 69
Whoever, while performing its duty in the field of Telecommunications or as a result of the same, commits one of the following acts shall be punished with imprisonment for a period not exceeding one year and a fine not exceeding 100,000 (one hundred thousand) Riyals, or with either penalty:
  1. Disclosing, publishing or broadcasting any information about an institution operating in the field of Telecommunications where this would lead to unfair competition between the establishments operating in this area.
  2. Disclosing, publishing, broadcasting or recording the content of a Telecommunications message or part thereof without a legal basis.
  3. Hiding, changing, hindering or modifying any Telecommunications message or any part thereof that might have reached that person.
Disclosing any information concerning the users of Telecommunications Networks or concerning their outgoing or incoming Telecommunications, without a legal basis.
Article 70
Whoever violates any of the provision of Articles 18(4)#(8) and Articles 22, 24, 28, 31, the last paragraph of Article 34, Articles 38, 41, 43, 44, 45, the last paragraph of Article 49, and Articles 51, 52, 55, 59 and 62 of this Law shall be punished with imprisonment for a period not exceeding two years and with a fine not exceeding 100,000 (one hundred thousand) Riyals or either punishment.
Article 71
Whoever, being responsible for the actual management of the violator shall be punished with the same penalties prescribed for the acts committed in violation of the provisions of this Law if it is proved that the same were committed with his knowledge, or if his breach of the duties imposed by that management has contributed to the crime.
Article 72
The penalty shall be doubled in the case of recurrence. Any of the crimes specified in this Law committed within three years from the date of implementing the penalty preceding it shall be deemed recurrent.
10Jul/17

Decision of the Board of The Supreme Council for Information and Communication Technology nº 1 of 2009 on the promulgation of the Executive By-Law for the Telecommunications Law

Decision of the Board of The Supreme Council for Information and Communication Technology nº 1 of 2009 on the promulgation of the Executive By-Law for the Telecommunications Law

The Board,

Having perused the Telecommunications Law issued by Decree Law nº 34 of 2006;

Emiri Decision nº 29 of  1996 regarding the decisions of the Council of Ministers that are submitted to The Emir for certification and promulgation, and

The Council of Ministers’ approval of the draft of this Decision in its ordinary meeting nº 24 of 2008 held on 2/7/2008;

Have decided the following:

Article 1.- Introduction

The By-Law for the Telecommunications Law enclosed with this Decision, shall be effective.

Article 2.- Introduction

All competent authorities, each within its own competence, shall implement this decision which shall come into force on date of publication in the Official Gazette.

Tamim Bin Hamad Al-Thani
The Chairman of the Board

The Supreme Council for Information and Communication Technology
Issued on: 2/7/1430 A.H.
Corresponding to: 25/6/2009 A.D.

THE TELECOMMUNICATIONS BY-LAW

Chapter One.- Definitions and General Provisions

Article (1)
For implementation of this By-Law, the following terms and expressions shall have the meanings assigned to them, unless the context requires otherwise:

Supreme Council: The Supreme Council of Information and Communication Technology “ictQATAR.”

Board: The Board of the Supreme Council.

General Secretariat: the General Secretariat of the Supreme Council.

Law: The Telecommunications Law issued by Decree Law nº 34 of 2006.

By-Law: The Executive By-Law of the Telecommunications Law.

Person: a natural or juridical person of any type or form.

Access: access to any telecommunications network, telecommunications facilities or telecommunications services between Service Providers which makes facilities, services or both facilities and services available by one Service Provider to another Service Provider, under defined terms and conditions, on either an exclusive or non-exclusive basis, for the purpose of providing telecommunications services. It includes access to network elements and associated facilities, the connection of equipment, and in particular includes access to the local loop and to facilities and services necessary to provide services over the local loop, access to physical infrastructure including buildings, ducts and masts, access to relevant
software systems including operational support systems, access to number translation or systems offering equivalent functionality, access to fixed and mobile networks for roaming and access to conditional access systems for digital broadcasting services; but does not include access to facilities or services by end-user customers.

Control: the power of a Person to exercise decisive influence over, or to determine the actions of another Person in any manner, whether directly through the ownership of shares, stocks or other securities or voting rights, or indirectly through an agreement or arrangement of any type. Many factors shall be taken into consideration in determining Control including any Person that owns or has at its disposal, directly or indirectly, at least 10% of voting rights in another Person shall be deemed to be in control of such other Person.

Customer: subscriber, user or consumer of telecommunications services, whether an individual, corporation, governmental body or any other public or private legal entity and regardless of whether the services are acquired for the customer’s own use or for resale.

License: The permission issued by the Board or the General Secretariat to an individual or class of individuals to own or operate a telecommunications network, provide telecommunications services, or use radio frequency spectrum and it does not constitute a contract or bilateral agreement.

Significant Market Power: a position of an economic strength of a service provider in the market that permits it to act independently of customers or competitors, or to dominate one or more identified telecommunications service markets, through acting either individually or jointly with others, in accordance with the provisions of chapter nine of the Law and in accordance with chapter eight of this By-Law. Also referred to as “SMP”.

Telecommunications Equipment: equipment capable of being connected directly or indirectly to a telecommunications network in order to send, transmit or receive telecommunications services, and includes radio-communications equipment.

Affiliate or Affiliated Person: any natural or juridical person that directly or indirectly, is related to, is controlled by, or is under common control with another person.

Allocation of radio spectrum: entry in the national frequency allocation table, prepared by the General Secretariat pursuant to this By-Law, of a given frequency band for the purpose of its use by one or more terrestrial or space radio-communications services or the radio astronomy service under specified conditions.

Assignment of a radio frequency or radio frequency channel: authorization given by the General Secretariat pursuant to this By-Law for a radio station to use a radio frequency or radio frequency channel under specified conditions.

Information Request: an order issued by the General Secretariat requiring the provision of specified information, including original documents or copies of the same, pursuant to the Law or this By-Law.

Tariff: any statement of prices, rates, charges or any other compensation including related  service descriptions or terms and conditions such as rebates, waivers or discounts offered by a Service Provider regarding any of its services.

Telecommunications Service: any form of transmission, emission or reception of signs, signals, writing, text, images, sounds or other intelligence provided by means of a telecommunications network to a third party.

Article (2)

The Board may issue amendments to this By-Law as it deems appropriate after following the procedures set out by law.

Article (3)

Licensees and Service Providers shall comply with the Law, this By-Law, the terms and conditions of their respective Licenses, and all regulations, decisions, orders, rules, and notices issued thereunder.

Article (4)

The Secretary General shall issue other regulations, decisions, rules, orders, instructions and notices for the implementation of the provisions of the Law and this By-Law.

Article (5)

The General Secretariat shall carry out the powers and authorities stipulated in the Law and this By-Law.

Article (6)

The General Secretariat shall take measures, actions and decisions, as it deems appropriate, to ensure that Licensees and Service Providers comply with the provisions of the Law, this ByLaw and the provisions of the Licenses, or to remedy their breaches.

Chapter Two.- Telecommunications Licenses

Article (7)

Individual Licenses shall be in writing, and the General Secretariat shall make copies of them available on the Supreme Council’s official website, in addition to paper copies available for inspection by the public and it may exclude from published copies of Individual Licenses any information that it determines is confidential or commercially sensitive.

Article (8)

The licensing criteria, procedures and the basic terms and conditions of the Individual License shall be published on the official website of the Supreme Council. The form of Class License and the scope of licensed activities shall also be published on the official website of the Supreme Council. In all cases, the publication shall contain the period of time expected to reach a decision concerning an application for a License.

Article (9)

The General Secretariat shall establish the terms and conditions of granting Individual Licenses on a case by case basis and the terms and conditions of granting Class Licenses.

Article (10)

In determining whether Telecommunications Networks and Telecommunications Services should be subject to an Individual License, the following general criteria shall be taken into account:

(1) whether the Telecommunications Services are provided to the public, directly or indirectly, or to another Individual Licensee in return for a direct or indirect fee.

(2) whether the owners or operators of a Telecommunications Network or
Telecommunications Facility use the network or facility to provide services to the public, directly or indirectly, or to another Individual Licensee in return for a direct or indirect fee.

(3) any other criteria that the Supreme Council considers relevant for the efficient and effective administration of the licensing process and supervision of compliance by Licensees.

Article (11)

Class Licenses will generally be issued to authorize more than one person of the same class to provide Telecommunications Services or own or operate Telecommunications Networks or Telecommunications Facilities in cases where Individual Licenses are not issued.

Article (12)

The General Secretariat may issue regulations or instructions containing further requirements for applicants for Individual and Class Licenses and service providers in order to provide clarification of services, telecommunications and related activities that require an Individual
or Class License.

Article (13)

An Individual License will not be deemed to be assigned by contract or for any other reason, without the prior approval of the Board.

If a Licensee wishes to assign its Individual License to another person, the Licensee shall deliver to the General Secretariat a written notification of the intended transaction and the written notification shall be given without delay, within a period not less than sixty (60) days prior to the intended completion date of the transaction. The written notification shall with sufficient clarity identify the parties to the transaction, including their respective Affiliates,
and shall state the nature of the transaction, including the intended completion date in order for the General Secretariat to review the proposed assignment. The Licensee shall provide information, and comply with the procedural requirements, as specified by the General Secretariat.

The term “Assignment” shall include, without limitation, a transfer of the Individual License or a change of control of a Licensee.

The Board shall determine whether to approve such assignment or not within thirty (30) days from the date of receiving the request, unless the review requires a longer period, the term of which shall be specified by the General Secretariat before expiry of the initial 30 day period.

In the event that the assignment involves an assignment of radio spectrum or a transfer of control, the General Secretariat shall also follow a coordinated procedure with respect to its review it in accordance with this Article and Articles (32), (33), (77), (78), (79), (80), (81), (82), (83), (84) and (85) of this By-Law.

The Licensee will have 180 days to consummate the proposed assignment from the date of approval by Board and notify the General Secretariat of its completion. The General Secretariat may approve one or more extensions to the above-mentioned period upon request of the Licensee.

Article (14)

The Board may amend Individual Licenses and the General Secretariat may amend Class Licenses in one of the following cases:

(1) in accordance with the Law, this By-Law, rules, regulations or the applicable License terms and conditions.

(2) following changes to international treaties or any other applicable laws that require an amendment.

(3) where an amendment has been requested or agreed to by the Licensee.

(4) the Licensee have committed repeated violations of the provisions of the Law, this By-Law, regulations, orders, decisions of the Board or the General Secretariat, or License terms.

Article (15)

The Board may suspend, revoke or refuse to renew Individual Licenses and the General Secretariat may suspend, revoke or refuse to renew Class Licenses in one of the following cases:

(1) in accordance with the Law, this By-Law, and the applicable License terms and conditions.

(2) the Licensee have committed repeated violations of the provisions of the Law, this By-Law, regulations, orders or decisions issued by the Board or the General Secretariat, or License terms.

(3) non-payment of fees specified for the License or its renewal or any other financial amount pursuant to the provisions of the Law or this By-Law.

(4) The death of a natural person or the dissolution of a juridical person for any ground specified by law.

(5) The Individual Licensee assigned the Individual License without the approval of the Board or the Class Licensee assigned the Class license without the approval of the Secretary General.

Article (16)

Prior to amendment, suspension, revocation or non-renewal of an Individual License by the Board, pursuant to the preceding two Articles, the General Secretariat shall notify the Licensee of this in order for the Licensee to submit its comments and the General Secretariat shall comply with the following:

(1) shall give the Licensee sufficient time to prepare comments on the intended action.

(2) shall set out any procedures the Board may use in further consideration of the action.

(3) request comments from other interested parties or the general public, when necessary.

(4) study the comments received.

Article (17)

If the Board amends an Individual License, it shall provide the Licensee with a reasonable amount of time as determined by the Board to implement any changes needed to comply with the amendment.

Article (18)

The Board shall not suspend or revoke or refuse to renew an Individual License without giving the Licensee a reasonable amount of time, as determined by the Board, to remedy any breach or reason that is the basis for the suspension, revocation or refusal to renew, unless proven that the breach or the reason still continues after receipt by the Licensee of one or more written warnings issued by the General Secretariat ordering the Licensee to remedy same.

Article (19)
Where a License is amended, suspended, revoked or not renewed, the General Secretariat shall take measures to ensure the continuity of service to customers and include in its orders in this regard terms and conditions as it deems appropriate.

Article (20)

The General Secretariat may issue regulations, rules or orders containing further procedures related to the amendment, revocation, suspension or non-renewal of a License.

Article (21)

The term of a License shall be stated in the License. Upon request by the Licensee, a License may be renewed by the Board or the General Secretariat on the same conditions or on the basis of new conditions, subject to the applicable License terms, regulations and decisions issued by the Supreme Council in this regard.

Article (22)

The Board shall determinate the License fees, any other fees, remuneration or charges and the General Secretariat shall issue in this regard, from time to time, regulations, decisions and orders regulating this matter.

Article (23)

The regulations, decisions and orders issued in accordance with the preceding Article shall contain the following:

(1) the entity which the fees and charges are to be paid to.

(2) fees and charges may be based on a percentage or proportion of the revenues of Licensees.

(3) fees and charges payable under the Law and this By-Law as set by the Board are in addition to any other fees or charges that must be paid by Service Providers in connection with their operations or commercial activities.

(4) the totality of fees applied to each Licensee and to the sector as a whole pursuant to the Law, and the impact on Licensees and end users shall be considered in the light of the objectives stated in paragraphs (1), (2) and (3) of Article (2) of the Law.

Chapter Three.- Radio Spectrum Management

Article (24)

In relation to radio spectrum management, the General Secretariat shall:

(1) prepare and publish a national frequency assignment plan for the spectrum allocated to the telecommunications sector and to promote the optimal and most efficient use of radio spectrum, and assign radio spectrum in accordance with that plan.

(2) prepare and publish a national frequency allocation table identifying all radio spectrum allocations.

(3) ensure that the use of radio spectrum is consistent with the national frequency assignment plan, related allocations and assignments, any applicable international treaties, commitments, protocols and standards and Radio Spectrum License conditions, including taking related compliance and enforcement actions.

(4) ensure the best and most efficient use of radio spectrum in accordance with international best practice in order to promote the objectives identified in Article (2) of the Law.

(5) determine, allocate, and assign, and re-allocate or re-assign, radio frequencies and frequency bands and channel assignments, and issue Radio Spectrum Licenses or radio frequency Authorizations, in accordance with the national frequency assignment plan.

(6) advise the Council of Ministers and government agencies on matters specifically referred to the Supreme Council relating to the use or management of radio spectrum.

(7) regulate matters related to radio spectrum fees.

(8) conduct public inquiries relating to the use or management of radio spectrum as it deems appropriate.

(9) mediate, resolve and manage interference disputes, where such disputes are not resolved by the disputing parties to the satisfaction of the General Secretariat.

(10) issue regulations, rules, orders or notices relating to the use of radio spectrum as the General Secretariat deems appropriate.

(11) determine any other matters relating to the transmission of radio-communications whether by satellite, terrestrial or other transmissions.

(12) perform such other radio spectrum-related functions as are conferred on the Supreme Council by other applicable laws or regulations.

Article (25)

The General Secretariat shall issue Radio Spectrum Licenses in writing and shall refer to the Licenses in the national frequency assignment plan available on the Supreme Council’s website.

Article (26)

The General Secretariat shall develop a regulation to implement an efficient approach to management of the radio spectrum in the State of Qatar. This regulation shall include in particular the following:

(1) specify the procedures, conditions and restrictions relating to the operation of the radio spectrum and radio-communications equipment, including the use of radio spectrum and operation of radio-communications equipment without authorization.

(2) specify the requirements for Radio Spectrum Licenses in respect of the operation of the radio spectrum.

(3) specify the requirements for any other authorization for the use of radiocommunications equipment.

(4) specify the technical requirements and standards in relation to radio-communications equipment, interference-causing equipment and radio-sensitive equipment.

Article (27)

All service providers utilising radio spectrum or radio-communications equipment in the State of Qatar shall comply with the regulation mentioned in the preceding Article.

Article (28)

Applications for Radio Spectrum Licenses shall be submitted separately from applications for Licenses to provide Telecommunications Networks and Services. The General Secretariat may from time to time publish procedures of general or specific applicability to facilitate the simultaneous review of Individual Licenses with associated applications for Radio Spectrum
Licenses.

Article (29)

The General Secretariat shall grant the Radio Spectrum Licenses or Authorizations in accordance with the national frequency assignment plan.

Article (30)

In all circumstances where a Radio Spectrum License or Authorisation is required, the General Secretariat shall publish on the website of the Supreme Council the following:

(1) the applicable licensing procedures and licensing criteria.

(2) the basic terms and conditions of the License.

(3) the period of time expected to reach a decision concerning an application for a License.

Article (31)

The General Secretariat shall establish the terms and conditions of all Licenses and shall monitor compliance by Licensees with the terms and conditions of their Licenses, and the General Secretariat may take any measures and procedures in this regard.

The General Secretariat may establish the criteria through Radio Spectrum Regulations in order to determine what radio spectrum should be available for common use and this may be awarded by means of a Class License.

Article (32)

A Radio Spectrum Licensee may not assign a License or Authorization, spectrum rights or any portion thereof by contract or for any other reason, without the approval of the Secretary General.

A transfer or change of control of a Licensee or segregation or partitioning of radio frequency spectrum rights, or combination of the two or sharing radio frequency spectrum rights with a third party shall be deemed to be an assignment of the License, Authorization, spectrum rights or any portion thereof.

Article (33)

The Licensee shall notify the Secretary General in writing of its wish to assign a License or Authorization at least 60 days before the date of the proposed assignment. The Licensee shall provide the information, and comply with the procedural requirements specified in the regulations issued by the General Secretariat in this regard.

The Secretary General shall issue its decision, whether to approve such assignment or not, within 30 days from receiving the request, unless the Secretary General finds that circumstances warrant a longer period of review, the term of which shall be specified by the General Secretariat before expiry of the initial 30 day period.

In the event that the assignment of a Radio Spectrum Licence also involves assignment of an Individual Licence or a transfer of control, the General Secretariat will follow a coordinated procedure with respect to its review in accordance with Articles (13), (32), (33), (77), (78), (79), (80), (81), (82), (83), (84) and (85) of this By-Law, as the case may be.

The Secretary General shall determine whether to approve such assignment based on the suitability of the proposed assignee to use the radio spectrum, in accordance with the terms of the Individual License, the terms of its issuance, and the provisions of the Law and this ByLaw.

A Licensee will have 180 days, from the date of approval by the Secretary General, to consummate the proposed assignment and notify the General Secretariat of its completion. If necessary, the Licensee may request, and the General Secretariat may approve, one or more extensions to the 180-day deadline.

Article (34)

The General Secretariat may amend a Radio Spectrum License in one of the following circumstances:

(1) in accordance with the Law, this By-Law, and the terms and conditions of the License.

(2) as requested or agreed to by the Licensee.

(3) to implement changes to international treaties or laws that require the amendment.

Article (35)

The Supreme Council may suspend, revoke or refuse to renew Radio Spectrum Licenses in one of the following cases:

(1) the Licensee have committed repeated violations of the Law, this By-Law, other regulations, orders or decisions issued by the Board or the General Secretariat, or the terms of the License.

(2) the misuse of radio spectrum or its use for an unauthorised purpose.

(3) non-payment of fees specified for the License or its renewal or any other financial amount pursuant to the provisions of the Law or this By-Law.

(4) The death of a natural person or the dissolution of a juridical person for any ground specified by law.

(5) The Licensee assigned the License without the approval of the Secretary General.

Article (36)

The General Secretariat shall, prior to amendment, suspension, revocation, or refusal to renew a License, notify the Licensee of this in writing and shall consider any comments submitted by the Licensee in this regard. The notice shall contain the following:

(1) provide the Licensee with sufficient time to prepare comments on the intended action.

(2) specify the procedures that the General Secretariat may use in further consideration of the action.

(3) may invite comments from interested parties or the general public regarding the intended action.

Article (37)

In the case where the General Secretariat amends the License, the General Secretariat shall provide the Licensee with a period of time as it deems appropriate, to implement any changes needed to comply with the amendment.

Article (38)

The General Secretariat shall not implement the suspension, revocation or refuse to renew a License without giving the Licensee a period of time, as it deems appropriate, to remedy any breach or reason that is the basis for the suspension, revocation or refusal to renew, unless proven that the breach or reason continues following the issuance of one or more written warnings by the General Secretariat to remedy such breach or reason.

Article (39)

Where a License is amended, suspended, revoked or not renewed, the General Secretariat shall take measures to ensure continuity of service to customers and include in its orders terms and conditions as it deems appropriate to ensure the least amount of negative disruption to customers which may result therefrom.

Article (40)

The General Secretariat my issue regulations, rules or orders containing further procedures related to the amendment or revocation of a License.

Article (41)

The term of a License shall be stated in the License. Upon application by the Licensee, a License may be renewed by the General Secretariat in accordance with the provisions of the License, regulations and decisions issued by the General Secretariat.

Article (42)

The Board shall set the License fees and any other fees, remuneration or charges and the General Secretariat shall issue in this regard, from time to time, the regulations and orders regulating this matter.

Article (43)

Any regulations, decisions and orders issued pertaining to fees shall contain the following principles:

(1) stipulate the entity which the fees and charges are to be paid to.

(2) fees and charges shall be levied on Licensees in an impartial manner.

(3) fees and charges may be based on factors such as the amount of radio frequency spectrum provided in the License; whether the Licensee is operating in a shared or exclusive frequency band; or a percentage or proportion of the revenues of Licensees from the use of radio spectrum.

(4) fees and charges payable under the Law and this By-Law are in addition to any other fees or charges that must be paid by Service Providers in connection with their operations or commercial activities.

Article (44)

In resolving radio spectrum interference disputes, the General Secretariat may carry out the following:

(1) assign its professional staff or technical experts to mediate the dispute, and if failing mediation to submit a report to the General Secretariat on possible ways to resolve the dispute.

(2) submit the dispute for arbitration in accordance with the procedure of the International Telecommunications Union (ITU), or such other arbitration rules or processes as the General Secretariat shall select.

(3) issue an order to resolve the dispute.

Article (45)

The Supreme Council shall consult with and coordinate the use of the radio spectrum with other countries, users, and organizations such as the International Telecommunications Union “ITU”, as required by law, treaty in force or as otherwise determined by the General Secretariat.

Chapter Four.- Interconnection and Access

Article (46)

The General Secretariat shall issue regulations, orders or notices to specify interconnection and access terms, conditions and processes, including the types of interconnection and facilities access that shall be provided by one or more Service Providers, and to facilitate interconnection and related access in accordance with its duties and objectives pursuant to the Law.

The General Secretariat shall have the authority to determine and oversee compliance with the rights, obligations, terms and conditions governing interconnection of telecommunications networks and access to telecommunications facilities and telecommunications services, in accordance with the Law, this By-Law and any regulations, rules, orders or notices issued by the General Secretariat and the License terms.

Article (47)

Subject to any limitations that may be established concerning the types of Service Providers that are entitled to interconnect, a Service Provider shall, upon receipt of a written request by another Service Provider licensed to operate a telecommunications network, enter into good faith negotiations to reach interconnection or access agreement in order to achieve the following objectives:

(1) connect and keep connected the telecommunications networks of both Service Providers.

(2) provide access to such telecommunications facilities, including but not limited to central offices and other equipment locations, mast sites, towers, conduits, poles, subscriber access lines and underground facilities, as are reasonably requested in order for the Service Providers to provide telecommunications service to their customers. Any co-location of facilities shall also be subject to Articles (112) and (113) of this By-Law.

The parties shall have a period of (60) day from date of receipt of the request for interconnection in which to reach agreement. If the parties are unable to reach agreement, either or both parties may resort to the General Secretarial for resolution. The General Secretariat may issue interim orders before final determination.

Service Providers and any other interested parties may at any time request the General Secretariat to clarify or interpret the interconnection and access rights or obligations set out in the Law, this By-Law, any regulation, rule or order, or any interconnection or access agreement. Decisions issued by the General Secretariat shall be binding.

Article (48)

Articles (49), (50), (51) and (52) of this By-Law apply only to Service Providers that the General Secretariat has designated as Dominant Service Providers in one or more telecommunications markets relevant to interconnection and related facilities access in accordance with Chapter Nine of the Law and Chapter Eight of this By-Law.

Article (49)

Interconnection or access arrangements offered by Dominant Service Providers designated in accordance with the preceding Article, in addition to meeting the requirements of Article (47) of this By-Law shall:

(1) meet all requirements of the Law, this By-Law and any regulations, rules and orders issued by the General Secretariat, including any requirements relating to interconnection or access charges, interconnection provisioning intervals or quality of service.

(2) be in accordance with any applicable reference interconnection offer approved by the General Secretariat for the Service Provider.

(3) meet all reasonable requests for interconnection with the Dominant Service Provider’s telecommunications network, at any technically feasible point, including to permit traffic originating on the Dominant Service Provider’s network to be terminated on the networks of the interconnecting Service Provider and all other licensed Service Providers.

(4) incorporate reasonable terms and conditions, including technical standards and specifications.

Every Dominant Service Provider designated, shall ensure that:

(1) it applies substantially the same terms and conditions to all Service Providers requiring interconnection or facilities access under similar circumstances.

(2) it provides interconnection and facilities access to all Service Providers under substantially the same conditions and quality as it provides for its own
telecommunications service operations or those of its Affiliates.

(3) it makes available on request, and without delay, all necessary or reasonably required information and specifications to Service Providers requesting interconnection or facilities access.

(4) it uses information received from a Service Provider seeking interconnection or facilities access only for the purposes for which it was supplied and does not disclose the information or use the information for any other anti-competitive purpose.

Article (50)

(1) The General Secretariat may require that interconnection or access charges of any Dominant Service Provider be subject to Article (29) of the Law and Articles (56), (57), (58) and (59) of this By-Law. The General Secretariat may also direct Dominant Service Providers to implement specific interconnection or access charges, or changes to such charges, as determined by the General Secretariat.

(2) Interconnection and facilities access charges of Dominant Service Providers designated in accordance with Article (48) of this By-Law shall be cost-based and in accordance with rules or standards determined by the General Secretariat.

(3) In establishing charges for interconnection or facilities access, Dominant Service Providers designated in accordance with Article (48) of this By-Law shall comply with any rules or orders applicable to interconnection or access, including any pricing, costing and cost separation requirements as prescribed by the General Secretariat.

Article (51)

(1) Every Dominant Service Provider designated in accordance with Article (48) of this By-Law shall perform the following:

(a) prepare a reference interconnection offer for approval by the General Secretariat within the time period prescribed by order of the General Secretariat.

(b) periodically update the reference interconnection offer as directed by orders of the General Secretariat.

(c) publish its approved reference interconnection offer in the following manner:

(-) filing a copy with the Supreme Council, who shall publish the reference
interconnection offer on the Supreme Council’s official website.

(-) making a copy available to the public in its principal business offices;

(-) publishing the agreement on the Service Provider’s website.

(-) sending a copy to any other Service Provider on request.

(2) Every reference interconnection offer shall:

(a) comply with any rules or orders applicable to interconnection or facilities access, including any applicable instructions regarding the form and content of a reference interconnection offer as prescribed by the General Secretariat.

(b) include a full list of services, sufficiently unbundled, to be supplied to Service Providers, setting out the associated terms and conditions, including the provisioning processes and charges for each service.

(c) not be amended by the Dominant Service Provider except as directed or approved by the General Secretariat.

(3) In the event that a Dominant Service Provider does not submit a reference
interconnection offer within the time period prescribed by the General Secretariat, or delays finalization of a reference interconnection offer acceptable to the General Secretariat, the General Secretariat may require the Dominant Service Provider to adopt a reference interconnection offer as prepared or prescribed by the General Secretariat.

Article (52)

(1) Every Dominant Service Provider designated in accordance with Article (48) of this By-Law shall within five (5) days from signing the interconnection or access agreement, file a copy of the agreement with the General Secretariat.

(2) Subject to the following paragraph, the Supreme Council may place a copy of any interconnection or access agreements filed with it in accordance with paragraph (1) of this Article on its official website.

(3) A Dominant Service Provider or any other party to an interconnection or access agreement that has been filed with the General Secretariat may identify specific information contained in the interconnection or access agreement as confidential, and may request that such confidential information be excluded from the copy of the agreement placed on the Supreme Council’s official website. Details of interconnection or access charges and all other essential terms and conditions offered by any Dominant Service Provider shall not be considered confidential; and the General Secretariat shall determine what information will be treated as confidential.

Article (53)

If the General Secretariat decides that an interconnection or access agreement is in violation of the Law or this By-Law, or the requirements of any regulation, rule, order, notice or License, it may issue an order requiring one or more of the parties to the agreement to amend the agreement.

Chapter Five.- Tariff Regulation

Article (54)

The General Secretariat shall have the authority to review all Service Provider tariffs, including wholesale and retail tariffs, and to determine any requirements regarding tariffs, their approval and publication, and the General Secretariat may issue regulations or orders to regulate the tariffs of Service Providers.

Article (55)

Articles (56), (57), (58) and (59) of this By-Law apply to Service Providers that the General Secretariat has designated as Dominant Service Providers in one or more telecommunications markets, in accordance with Articles (72), (73) and (74) of this By-Law. These tariff requirements shall apply to all service tariffs of a Dominant Service Provider, including all retail and wholesale tariffs. These tariff requirements shall also apply to interconnection or access related charges where those charges have been the subject of an order under paragraph (1) of Article (50) of this By-Law.

Article (56)

Tariffs that are subject to filing with and approval by the General Secretariat shall enter into force only after they have been approved by a decision from the General Secretariat.

The General Secretariat shall be entitled to issue interim orders regarding service tariffs and tariff related matters pending further evaluation and final determination. Final orders may confirm, amend or revoke any interim order.

Article (57)

Unless the General Secretariat orders otherwise, the Service Provider shall from the date on which the tariff or tariff revision is filed until the tariff or tariff revision is approved publish an electronic copy on its website; and maintain a paper copy available to the public at its main business offices; and within ten (10) days from the day on which the tariff or tariff revision is filed, place a notice of the tariff filing summarizing its contents and specifically identifying its effects, including its commercial impact on customers, in two local newspapers published in Arabic and English, or as otherwise directed by the General Secretariat.

Dominant Service Providers shall also comply with the tariff information and disclosure requirements of Articles (97), (98) and (99) of this By-Law and License Terms.

Article (58)

Tariffs charged by a Dominant Service Provider to other Service Providers shall be filed with and subject to approval by the General Secretariat in accordance with Article (29) of the Law and Article (56) of this By-Law; and the terms of the License.

Those tariffs must also comply with the orders issued by the General Secretariat.

Article (59)

The General Secretariat may require a Dominant Service Provider to prepare or participate in the development of a cost study of its telecommunications services if it determines that a cost study would be an effective and necessary means of addressing the effects of dominance or significant market power, preventing anti-competitive conduct or would otherwise be effective and necessary in implementing any scheme of tariff or price regulation.

The General Secretariat may require any Dominant Service Provider to prepare or participate in the development of a cost study for the purpose of determining the costs of providing different types of telecommunications services or the business activities of the Service Provider and the General Secretariat shall decide on the cost categories, form, approach, procedures and timing of the cost study; the Service Provider shall comply with all
requirements identified by the General Secretariat; and shall file with the General Secretariat the study.

The General Secretariat shall consult with the Service Provider required to file a cost study and any other interested parties before it makes an order requiring the study.

The General Secretariat may require a Dominant Service Provider to adopt identified cost accounting practices to facilitate cost studies or to achieve any other regulatory purpose under the Law or this By-Law, including the separation of accounts among different categories of business activities or services or as directed by the General Secretariat.

Article (60)

The General Secretariat may develop methods of price control and may consult Service Providers or any other interested parties.

The General Secretariat may issue orders or notices prescribing guidelines for the development of proposals for methods of price control; or setting out directions for the further development of any proposal that has been filed with the General Secretariat or any method of price control that is under development by the General Secretariat.

The General Secretariat may also approve of a proposal or method of price control for implementation by one or more Service Providers. Following development and approval of any method of price control, the General Secretariat may also issue regulations, rules, orders or notices required for its implementation.

Chapter Six.- Numbers and Numbering

Article (61)

The General Secretariat shall prepare, publish and manage a National Numbering Plan and shall allocate and assign numbers and number ranges in accordance with the National Numbering Plan. The General Secretariat shall, in preparing the National Numbering Plan take into account the following:

(1) The National Numbering Plan shall be consistent with the requirements of
international agreements, commitments, conventions, regulations and
recommendations to which the State of Qatar is party therewith.

(2) expected growth in demand for telecommunications services, and to allow numbers to be assigned with no delay.

(3) the plan and resulting allocation and assignment of numbers shall reflect the needs of Service Providers and customers, and be consistent with the efficient use of the Service Providers’ telecommunications networks.

(4) the plan may provide for many features such as number portability and service provider selection when required.

(5) allocation or assignment of numbers shall not confer an unreasonable advantage or disadvantage to any Service Provider.

Article (62)

In preparing and managing the National Numbering Plan, the General Secretariat shall have due regard for existing allocations and assignments of numbers and for the costs to Service Providers in accommodating the plan.

Article (63)

The General Secretariat may modify the National Numbering Plan and notify the Service Providers of this within a period of time as it deems appropriate, prior to the date when the modification is to be effected. Service Providers shall notify their customers regarding any such modification and its practical effects in accordance with any direction issued by the General Secretariat.

Article (64)

Service Providers and customers shall not have any property rights in numbers.

Article (65)

A Service Provider shall only change a customer’s number in the following cases:

(1) based on the request of the customer.

(2) a change in the location of fixed service customer which makes the retention of the existing number not technically or economically feasible.

(3) modification to the National Numbering Plan which orders this or any direction from the General Secretariat.

(4) the Service Provider has other reasonable grounds, including compliance with any orders, decisions or notices issued by the General Secretariat, and in this case the Service Provider has to give a written notice to the customer in question, stating the reason and anticipated date of change including any compensation to be paid by the Service Provider in accordance with Article (35) of the Law. In cases of emergency, oral notice with subsequent written confirmation shall be sufficient.

Article (66)

The General Secretariat may publish instructions on practices and procedures for the allocation and assignment of numbers, including identification of any fees or charges payable by Service Providers or customers for the allocation or assignment of numbers. The instructions will form part of the National Numbering Plan.

Article (67)

Subject to the requirements of any statement published by the General Secretariat, Service Providers shall ensure, at the time of allocation or assignment, that customers understand that they have no ownership, special or property rights in numbers and that numbers may be reallocated or re-assigned, including where the customer has paid a special fee or charge for the assignment or use of a particular number. Service Providers shall also ensure that they provide customers with adequate remedies in the event such numbers are re-allocated or reassigned, including appropriate refunds of any special fees or charges or other form of fair compensation.

Article (68)

The General Secretariat may, after consultation with Service Providers and other interested parties, issue an order to one or more Service Providers to develop or to assist in the development of a number portability implementation plan, for approval and implementation by the General Secretariat. Such order will form part of the National Numbering Plan. Any order issued by the General Secretariat in this regard shall contain:

(1) the schedule for implementation of number portability.

(2) markets and Service Providers covered by the plan.

(3) the technical means of providing number portability.

(4) the recovery of costs for implementation of the plan.

The number portability implementation plan shall identify specific responsibilities for the supply, development and operation of the facilities and systems needed to implement number portability.

Following development and approval of a number portability implementation plan, the General Secretariat may issue any other regulations, rules, orders or notices required for its implementation.

Article (69)

The General Secretariat may, after consultation with Service Providers and other interested parties, issue an order directing one or more Service Providers to develop or to assist in the development of a Service Provider selection or Service Provider pre-selection implementation plan, for approval and implementation by the General Secretariat.

Following development and approval of a Service Provider selection or Service Provider preselection implementation plan, the General Secretariat may issue any other regulations, rules, orders or notices required for its implementation.

Chapter Seven.- Universal Service

Article (70)

(1) The General Secretariat may set out a policy stating specific objectives, and related principles and service obligations, relating to the provision of universal service and related access to telecommunications services and telecommunications facilities in the State of Qatar and the General Secretariat may consult with Service Providers and other interested parties when developing a universal service policy.

(2) In setting out the universal service policy, the General Secretariat shall take into account the following:

(a) the objectives for the development of universal service, including the state of universal access.

(b) the telecommunications services and telecommunications facilities to be included in universal service offerings.

(c) the service areas or types of service areas in which specified levels of universal service should be achieved.

(d) the costs of the universal service obligations, and how these costs should be met.

In developing a universal service policy, the General Secretariat shall ensure that any universal service obligations of Service Providers are administered in a transparent, nondiscriminatory and competitively neutral manner.

Article (71).- Universal Service Fund

Following approval by the Board of the universal service policy, the General Secretariat may issue a regulation to establish a Universal Service Fund to subsidize the net costs of providing universal service. The regulation shall determine how the Universal Service Fund shall be operated and administered. The Universal Service Fund shall be administered by and under
the direction of, the General Secretariat.

All Service Providers shall contribute to the Universal Service Fund in accordance with the policy approved by the Board, the terms of their Licenses, any implementing regulation or decisions issued by the General Secretariat.

The disbursement procedures of the Universal Service Fund shall be prescribed by the Secretary General, and shall be administered in a transparent, non-discriminatory and competitively neutral manner.

Chapter Eight.- Competition Policy

Article (72)

The General Secretariat shall issue a notice which establishes the standards and methodology that it will apply in determining whether Significant Market Power exists in a particular relevant market. The General Secretariat shall publish the methodology on the website of the Supreme Council and may be modified from time to time by it.

The methodology may include the following elements and any other relevant factors which will be applied in accordance with criteria set out in third paragraph of this Article:

(1) definition of the relevant telecommunications market or markets in terms of products and geographic scope.

(2) assessment of market power based on a review of the economic and behavioural characteristics of the relevant market and an examination of the extent to which a Service Provider, acting alone or jointly with others, is in a position to behave independently of customers or competitors.

The methodology may include the following criteria for assessing the degree of market power in a relevant market:

(1) market share.

(2) absolute and relative size of the firm in the relevant market.

(3) degree of control of facilities and infrastructure that would be uneconomical for another person to develop to provide services in the relevant market.

(4) economies of scope and scale.

(5) absence of countervailing buyer power, including customer churn characteristics.

(6) structural and strategic barriers to entry and expansion.

(7) any other factors relevant to evaluating the existence of market power in a particular market.

The methodology may also provide guidance on the parameters that will be used for measuring market share (number of lines, number of minutes, revenues or other relevant metrics), and for ease of administration, the General Secretariat may, in the absence of evidence to the contrary, may deem that an individual Service Provider with a share of more than 40 percent of the relevant market is a Dominant Service Provider.

Article (73)

The General Secretariat shall undertake a baseline review of those telecommunications markets that it determines should be examined as a matter of priority. In undertaking its assessment, the General Secretariat shall rely on the best data available to it, and all market participants shall cooperate fully in furnishing information requested by the General Secretariat in order to carry out its evaluation. Where true, complete and accurate data is not
available, the assessment may be based on reasonable estimates, proxies and regulatory actions in comparable jurisdictions in the region.

Article (74)

The General Secretariat’s decisions on dominance designations shall be published on the official website of the Supreme Council in a format that conceals information classified by the General Secretariat as confidential, along with a current list of all Service Providers which the General Secretariat has designated as dominant and the specific market(s) in which they been found to be dominant.

The General Secretariat shall, from time to time, review its designation of service providers as dominant in the relevant markets and the specific requirements imposed upon those service providers as a result of that designation. In doing so, the General Secretariat will take into account the presence of new market entrants and evaluate whether market forces are
sufficient to safeguard the interests of customers and the public.

Article (75)

Dominant Service Providers are prohibited from undertaking any activities or actions that abuse their dominant position. In addition to the conduct and activities specifically identified in Article (43) of the Law, the General Secretariat may prohibit any other action or activities engaged in by a Dominant Service Provider that the General Secretariat determines to have
the effect or to be likely to have the effect of substantially lessening competition in any telecommunications market.

Article (76)

In addition to the provision of Article (46) of the Law and any other remedies identified by the General Secretariat from time to time in accordance with this By-Law, the General Secretariat may require the Service Provider involved in the abusive action or anticompetitive practices, and the persons affected by such actions or practices, to meet and attempt to determine remedies for such actions or practices.

In case of repeated breaches of an order made by the General Secretariat to prohibit a Dominant Service Provider from the abuse of its dominant position or other anti-competitive action or activities, the General Secretariat may issue a order requiring the Service Provider to divest itself of some lines of business provided that:

(1) the Service Provider is notified in writing prior to issuing such an order to allow the Service Provider to provide its comments regarding this matter.

(2) the General Secretariat determines that such an order is an effective measure to end an abuse of dominant position or anti-competitive practices.

Article (77)

No transfer of control of a Service Provider shall become effective by any transaction without one or more parties providing written notification of the intended transaction to the General Secretariat. The written notification shall be given without delay, within a period of not less than sixty (60) days prior to the intended completion date of the transaction. The written notification shall in reasonable detail and with sufficient clarity identify all the parties to the
transaction, including their respective Affiliates or any related Persons, and shall summarize the nature of the transaction, including the intended completion date. In addition, the Licensee shall provide such information, and comply with such procedural requirements, as the General Secretariat may specify.

Within thirty (30) days of receiving the above-mentioned notification, the General Secretariat shall issue a written order in reply to the parties confirming whether the transaction will require approval under Article (78) of this By-Law. If approval of the transaction is not required, the order will state this. In such case, the order will also specify the conditions, if any, that would apply to any additional ownership, voting or other rights in the entity to be
acquired, or to any Affiliates of the entity to be acquired. The order will also indicate under what circumstances any proposal to acquire additional rights in the entity must be notified to the General Secretariat for review.

Article (78)

No transfer of control of a Service Provider shall be effected without the prior approval of the General Secretariat if:

(1) a Dominant Service Provider, or an Affiliate of a Dominant Service Provider is the Person ultimately acquiring control of the Service Provider; or the Person whose control is being transferred.

(2) the General Secretariat determines, in its sole but reasonable discretion, that as a result of the transfer a Person, alone or with its Affiliates or related persons, may become a Dominant Service Provider.

(3) The General Secretariat determines, in its sole but reasonable discretion, that the proposed transfer of control may result in a substantial lessening of competition.

Article (79)

No transfer of control that requires prior approval under the preceding Article shall be completed or have any legal force or effect unless the Person makes written application for approval of the transfer to the General Secretariat, and receives written approval for the transfer from the General Secretariat.

Article (80)

Applications for transfers of control stipulated under the preceding Article shall contain detailed information regarding the proposed transaction(s) provided that such information shall, at a minimum, include the following:

(1) the Persons involved in the transaction(s), including the buyers, sellers, their affiliated Persons, any related persons, and any shareholders or other Persons that have ownership rights in all such Persons;

(2) a description of the nature of the transaction(s) and a summary of the commercial terms.

(3) financial information regarding the Persons involved in the transaction(s), including their annual revenues from telecommunications markets identified by specific markets, value of assets for the telecommunications business and copies of any updated annual or quarterly financial reports.

(4) a description of the relevant telecommunications markets where those Persons involved or engaged in the transaction(s) operate in.

Article (81)

The General Secretariat may request at any time additional information regarding any transaction that is the subject of a notification under Articles (77) and (79) of this By-Law.

Article (82)

The General Secretariat shall, within sixty (60) days from receipt of the above-mentioned application stipulated under Article (79), or from date of receipt of the additional information requested pursuant to the preceding Article:

(1) approve the transfer of control with no conditions.

(2) conditional approval of the transfer of control. The conditions shall be related to the promotion and development of telecommunications markets in order to make them open and competitive in the State of Qatar and related to the protection of customers’ interests.

(3) deny the transfer of control.

(4) issue an order extending the review period for an identified period of time.

(5) issue a notice to initiate an investigation regarding the proposed transfer of control and take one of the above-mentioned decisions set out in subparagraphs (1), (2) or (3) of this Article.

Article (83)

Any party to a proposed transaction may apply to the Supreme Council requesting expedited approval of the transaction, including in the event that the General Secretariat does not take any of the decisions identified in the preceding Article within the identified 60 day period.

Article (84)

Transfers of control involving the assignment of Individual Licenses or Radio Spectrum Licences shall be reviewed by the General Secretariat pursuant to the competition policy and criteria, and in accordance with Articles (13), (32), (33) of this By-Law, also pursuant to a coordinated timetable corresponding to the provisions of Articles (77), (78), (79), (80), (81), (82), (83), (84), (85).
Article (85)

Following approval by the General Secretariat, a party seeking to effect a transfer of control of the Licensee will have 180 days to consummate the proposed transaction and notify the General Secretariat of its completion. If necessary, the General Secretariat may approve one or more extensions to the above-mentioned period upon request of the Licensee.

Chapter Nine.- Consumer Protection Provisions

Article (86)

Licensees and Service Providers shall comply with the provisions of this Chapter, the terms and conditions of applicable Licenses and with any regulations, rules, orders or notices issued by the General Secretariat in this regard.

Article (87)

Service Providers shall not transfer or attempt to transfer customers, and shall not charge customers for services, except in accordance with customer orders, agreed service terms or other written customer directions.

In addition to the orders issued by the General Secretariat regarding customer terms, service provision or billing, the Service Providers shall provide customers with invoices as follows:

(1) at least once every three (3) months and for free.

(2) in paper form, or in electronic form if the customer consents.

(3) in a plain and simple format.

(4) that provide accurate information on the services provided, the amounts due for each service and the method of calculation of tariffs for any service on which invoices are based, on the length of calls or other measure of usage.

Article (88)

Service Providers shall retain accurate records of all customer orders, service provisioning and billing for a period of at least twelve (12) months from the relevant billing date, and shall make them available to the General Secretariat upon request in accordance with the Law.

Article (89)

Where the General Secretariat has a concern relating to billing practices, it may require Service Providers to publish information on billing systems or billing practices or to take such other steps relating to their billing systems or billing practices as the General Secretariat may consider appropriate.

Article (90)

No Service Provider shall make any false or misleading claim or suggestion regarding the availability, price or quality of its telecommunications services or equipment; or the telecommunications services or equipment of another Service Provider.

A claim or suggestion is false or misleading if the Service Provider knew or ought to have known at the time it was made that it was false or misleading or that it was likely to deceive or mislead the person to whom it was made.

Article (91)

Service Providers shall take all reasonable steps to ensure the confidentiality of customer communications. Service Providers shall not intercept, monitor or alter the content of a customer communication, except with the customer’s explicit consent or as expressly permitted or required by applicable laws of the State of Qatar.

Article (92)

The purposes for which customer information is collected by a Service Provider shall be identified at or before collection, and a Service Provider shall not, except as permitted or required by law, or with the consent of the person to whom the information relates, collect, use, maintain or disclose customer information for undisclosed or unauthorised purposes. The Service Provider shall be entitled to use customer information for all legitimate purposes identified in its terms of service, or in accordance with the customer’s consent in accordance with legal and constitutional controls.

A Service Provider shall be responsible for any records, which are under its custody or control or under the custody or control of its agents, containing customer information and communications. Service Providers shall ensure that customer information and customer communications are protected by security and technical safeguards that are appropriate to their sensitivity.

A Service Provider shall not disclose customer information to any person without the customer’s consent, unless disclosure is required or permitted by the General Secretariat in accordance with the applicable laws or regulations of the State of Qatar.

All customer-specific information, and in particular billing-related information, shall be retained and used by a Service Provider only for purposes specifically provided for in the applicable terms of service or other agreed customer terms, or in accordance with any rules or orders made by the General Secretariat, or as otherwise permitted by applicable laws.

Service Providers shall ensure that customers’ information is accurate, complete and updated regularly for the purposes for which it is to be used.

Article (93)

Nothing in this By-Law prohibits or infringes upon the rights of authorized governmental authorities to access confidential information or communications relating to a customer, in accordance with applicable laws.

Article (94)

Service Providers shall identify a person or group of persons to receive complaints from customers other than Service Providers. Details of how to contact such person or group of persons shall be provided on all written communications sent to customers and also on each Service Provider’s website.

Service Providers shall set certain procedures to deal with complaints of customers other than Service Providers and have them published in the form and manner that is approved by the General Secretariat. These procedures along with any amendments introduced shall be subject to the approval of the General Secretariat.

Service Providers shall not disconnect or change the telecommunications services being provided to a customer that are the subject of a complaint or dispute, other than in accordance with the terms of service approved by the General Secretariat pursuant to Article (96) of this By-Law or as permitted by an order made by the General Secretariat.

Article (95)

The General Secretariat shall undertake any other appropriate action to protect the public from harassing, offensive or illegal telecommunications in accordance with the Law, this ByLaw and other applicable laws.

Article (96)

The General Secretariat may require a Service Provider to submit to it draft terms of service to it for approval and may prescribe a timetable for review, approval and implementation of the terms of service.

Terms of service shall be consistent with the Law, this By-Law, and all applicable regulations, rules, orders and License conditions, and shall describe the basic terms of the relationship between the Service Provider and its customers in the provision and use of telecommunications services.

The General Secretariat shall approve draft terms of service as submitted to it or after introducing changes to it as the General Secretariat deems appropriate. Once approved, the terms of service will replace the customer terms used by a Service Provider and shall become binding on the Service Provider and its customers.

The General Secretariat may issue an order discontinuing the requirement for a Service Provider to submit draft terms of service to the General Secretariat for approval where it determines that its approval is no longer required to protect the interests of customers.

Article (97)

Each Service Provider shall publish the following information on its website:

(1) the current version of any terms of service or other standard customer terms and conditions of service approved by the General Secretariat.

(2) Its tariffs, rates and charges for any equipment or services, including all approved tariffs and proposed tariff changes which have been filed with the General Secretariat in accordance with Article (55) of this By-Law.

(3) the official website address and other contact information of the Supreme Council, along with a clear statement that the Service Provider is regulated by the Supreme Council under the Law, this By-Law and any other applicable laws, and that customers and other Service Providers may contact the Supreme Council if they are unable to resolve disputes with Service Providers.

(4) a user-friendly navigation system that allows a customer to locate the abovementioned information easily.

Article (98)

Service Providers shall also maintain paper copies of the information described in the preceding Article at all of their business offices. This information shall also be made available for public inspection, without charge, during normal business hours. Copies of the information shall also be sent to the Supreme Council for public reference, and may be published by the Supreme Council in the manner that the General Secretariat deems
appropriate.

Article (99)

If required by an order of the General Secretariat, a Service Provider shall include the current version of its terms of service or other standard customer terms and conditions, copies of its tariffs, rates and charges being available for review at its business offices and the other information described in paragraph (3) of Article (97) of this By-Law in the introductory pages to every telephone directory published by it or on its behalf. Service Providers shall
provide, upon request and at a reasonable charge, paper copies of its terms of service and all applicable tariffs, rates and charges to any customer who requests them.

Article (100)

The General Secretariat may issue regulations, rules or orders requiring Service Providers to provide customers with a telephone directory and access to directory services.

Service Providers shall provide customers with a telephone directory and access to directory services in accordance with any regulations, rules or orders issued by the General Secretariat.

Service Providers shall also exchange and compile customer information as required to facilitate the production of telephone directories or the provision of directory services in accordance with any regulations, rules or orders issued by the General Secretariat.

Article (101)

The General Secretariat shall set the minimum quality of service standards and may have them amended by following consultation with the related Service Providers.

The Supreme Council may include those criteria in the Licenses, or issue them by an order from it.

A Service Provider shall deliver to the General Secretariat a written quality of service report each quarter in the form and detail prescribed by the General Secretariat and setting out therein the Service Provider’s actual results for each quality of service standard.

Article (102)

If the quality of service report mentioned in the preceding Article shows that a quality of service standard has not been fulfilled nor achieved, the Service Provider shall provide a clear explanation stating the reason behind it and the steps it has taken or to taken by it in order to implement that standard.

The General Secretariat shall advise the Service Provider within thirty (30) days from receipt of quality of service reports and whether it accepts the report and the explanation submitted regarding any standard not achieved. If the General Secretariat does not reply within the above-mentioned period, this shall be deemed approval by the General Secretariat of the report, including the explanation.

In case the General Secretariat does not accept the explanation, the General
Secretariat shall issue an order stating the extra steps that the Service Provider shall take and the time frame within which those steps shall be taken, including submission of any additional reports by the Service Provider until the standard is achieved; and specific refunds, if any, or any other customer remedies to be implemented by the Service Provider as a result of its failure to comply with the quality of service standards.

Article (103)

A Service Provider shall publish on its website, in accordance with the orders of the General Secretariat, the quality of service report or any other additional related material submitted by it to the General Secretariat. The Supreme Council may also post on its official website the quality of service report or any additional related material submitted by a Service Provider.

The General Secretariat may require a Service Provider to publish all of the quality of service reports or parts therefrom or any information relating to quality of service in both the Arabic and English languages and in two local newspapers.

The Supreme Council may issue press releases and publish information regarding Service Provider quality of service performance, including comparisons regarding the quality of service performance among different Service Providers.

Article (104)

The service obligations of Service Providers described in this Chapter shall extend to the installation, operation, maintenance and repair of all telecommunications facilities that are owned or provided by the Service Provider and located on the customer’s property.

A Service Provider shall have the right to enter a customer’s premises or property for the purposes described in the preceding paragraph, subject to the following conditions:

(1) the Service Provider has given the customer a notice and has received the consent of the customer.

(2) the Service Provider dispatches identified and qualified personnel.

Article (105)

The General Secretariat may issue any orders relating to Service Provider liability, customer refunds and damages associated with the provision of services. The General Secretariat may take these provisions into consideration in the course of approving terms of service pursuant to Article (96) of this By-Law.

Chapter Ten.- Access to Property

Article (106)

Where a Service Provider cannot, on commercially reasonable terms and within sixty (60) days following the commencement of negotiations between the Service Provider and the concerned party obtain the consent of the government authority having jurisdiction over State Public and Private Property or facilities to construct, maintain or operate telecommunications
network facilities on that land or facility; or gain access to the pole, duct, tower or other supporting structure of a telecommunications, electrical power, or other transmission system constructed on that property or facility that is owned or controlled by the State, the Service Provider may apply to the Supreme Council for assistance or to exercise its powers under applicable laws and regulations.

Article (107)

Upon receipt of an application for assistance in accordance with the preceding Article, the General Secretariat shall consult with the concerned government authority to find a solution acceptable to both the Service Provider and the concerned government authority. If the General Secretariat’s consultation fails to produce agreement within a period of (60) days from date of receipt by the General Secretariat of the request, the General Secretariat may refer the matter for resolution to any administrative, executive or any other competent
authority that has jurisdiction, or the General Secretariat may provide assistance as it deems appropriate, or the parties to the dispute may refer the matter to the courts for resolution.

Article (108)

The Service Provider may apply to the General Secretariat for assistance in reaching an agreement with the owner of private land or private facility, or for the exercise of powers under applicable laws or regulations to obtain access to private land or private facility to construct, maintain or operate telecommunications network facilities, or to provide telecommunications services; if the Service Provider cannot, on commercially reasonable
terms, reach an agreement with the owner of the private land or private facility within thirty (30) days from date of commencement of negotiations with the concerned party.

Article (109)

Upon receipt of an application for assistance in accordance with the preceding Article, the General Secretariat shall take the steps it deems necessary to assist the concerned parties. If the General Secretariat’s consultation fails to produce agreement within a period of sixty (60) days, from the date of receipt by the General Secretariat of request for assistance, the General Secretariat may refer the dispute to any administrative, executive or other competent body that has jurisdiction, or the General Secretariat may provide assistance as it deems appropriate, or the parties to the dispute may refer the matter for resolution by the court.

Article (110)

The Secretary General may prescribe regulations that require any Service Provider to allow other Licensees to have access to conduit, ducts, cabling, wire and space for switching facilities inside multi-tenanted buildings where historic or contractual arrangements create anti-competitive conditions in respect of such access. Such regulations shall prohibit any Service Provider from providing, installing or continuing to service inside wiring, duct, conduit and related facilities unless the property owner also permits other duly authorized Licensees to have the same rights of access, absent a proof showing of undue burden to the property-owner based on unusual circumstances.

Article (111)

A Service Provider shall, in exercising any rights of access stipulated in Articles (106), (107), (108), (109), (110) of this By-Law, comply with all other applicable laws and regulations and with all applicable planning and approvals requirements and related processes. Service Providers shall indemnify property owners for any damage to property, injury or expense caused by the Service Provider acting contrary to any terms of access, laws, regulations or
planning and approvals processes.

In exercising the functions identified in Articles (106), (107), (108), (109), (110) or as otherwise appropriate to facilitate the construction, maintenance or operation of telecommunications facilities, the General Secretariat may establish and oversee the operation of a committee or other body to coordinate applicable planning and approvals requirements and related processes. The General Secretariat may issue regulations, rules, orders or notices required for the establishment or operation of such a committee or
coordinating body.

Article (112)

Service Providers with existing telecommunications network facilities shall allow other Service Providers, whom the General Secretariat have decided that they are entitled to co-locate, to co-locate their telecommunications network facilities on those existing facilities, including central office premises and other equipment locations, land and roof tops, mast sites, towers, conduits, ducts, poles and underground facilities, and physical and virtual colocation arrangements, where such co-location is technically and economically feasible.

In the event that the parties fail to reach agreement within 30 days following the commencement of such negotiations, either party may request the assistance of the General Secretariat to reach an agreement in accordance with the provisions of the Articles (106), (107), (108), (109), (110) of this By-Law.

The party requesting co-location shall compensate the party required to provide colocation for such an amount as the parties may agree to or where the parties are unable to agree, the party requesting co-location shall compensate for such an amount as determined by the General Secretariat.

Where the parties are unable to agree on the terms of co-location, any party may request the General Secretariat to resolve the dispute in accordance with Articles (121), (122), (123) of this By-Law.

Article (113)

In addition to the rules and conditions of this Chapter, the terms of co-location shall be subject to Chapter Four of this By-Law.

Article (114)

New telecommunications facilities shall be installed in a manner that do not create an undue adverse effect on existing telecommunications facilities or other existing installations including installations used to maintain public ways, water and gas lines, oil pipelines and electrical installations or other.

Article (115)

Any person installing new telecommunications facilities shall compensate affected persons for the reasonable costs of relocating, modifying or protecting existing facilities or installations which result from the installation of the new facilities.

Article (116)

The General Secretariat may issue regulations, rules, decisions, orders or notices related to access to private or public property, in coordination with other concerned authorities.

Chapter Eleven.- Telecommunications Equipment Standards and Approval

Article (117)

The General Secretariat may issue regulations, rules, orders and notices regarding technical standards and specifications, equipment specifications, testing facilities, the application and procedures for certification or type approval of telecommunications equipment; and any other aspect of practice or procedure relevant to equipment standards or certification. The General Secretariat may consult with the Ministry of Health in the State of Qatar regarding some matters relating to public health and telecommunications equipment, if any.

Article (118)

In exercising its functions and powers regarding equipment standards and certification procedures or type approval, the General Secretariat may require from the concerned any information or documentation regarding equipment performance, standards or certification.

Article (119)

The General Secretariat shall ensure that all technical standards, specifications and certification requirements that it identifies as mandatory requirements for telecommunications equipment, are consistent with, the technical requirements and procedures generally applicable to electrical equipment, radio-communications apparatus and consumer products approved for sale or use in the State of Qatar.

Article (120)

The General Secretariat may issue instructions regarding ceasing use or removal of the equipment that was in use prior to the effective date of the Law if it determines that such telecommunications equipment interfere(s) with the operation of other telecommunications equipment, or constitute a public hazard and may issue instructions regarding of any replacement or modified equipment.

Chapter Twelve.- Dispute Resolution

Article (121)

In accordance with Article (61) of the Law, the General Secretariat shall resolve disputes arising between service providers, or between service providers and others, which are under its jurisdiction in accordance with the Law and this By-Law, and the General Secretariat shall establish procedures for the fair and efficient resolution of such disputes.

Article (122)

The General Secretariat may issue regulations, rules, orders and notices related to dispute resolution.

Article (123)

Where Service Providers have been unable to agree on the resolution of a matter following reasonable efforts to reach an amicable settlement, one or more Service Providers may apply to the General Secretariat for assistance in resolving the dispute, and the General Secretariat may take any of the following measures:

(1) assign members of its staff or an expert consultant to attempt to resolve the dispute.

(2) issue a decision to resolve the dispute, and the decision shall be binding.

(3) take any other action as it deems appropriate.

(4) direct the parties to refer the dispute to the competent Court.

Article (124)

Where a customer other than a Service Provider has a dispute with a Service Provider that the parties have been unable to resolve among themselves, by means of the Service Provider’s customer complaint process approved by the General Secretariat, either party may request the assistance of the General Secretariat to resolve the dispute, and the General Secretariat may take any of the following measures:

(1) assign members of its staff or an expert consultant to attempt to resolve the dispute.

(2) issue a decision to resolve the dispute and the decision shall be binding.

(3) take such other action as it deems appropriate.

(4) direct the parties to refer the dispute to the competent Court.

Article (125)

Parties to a dispute may refer the dispute to private mediation or arbitration and all costs arising therefrom including any travel or other expenses incurred by the General Secretariat in connection with any assistance in resolving the dispute, shall be paid for by the parties of the dispute.

Article (126)

Service Providers shall be subject to the dispute resolution processes defined or initiated by the General Secretariat pursuant to the Law and this By-Law or any other applicable laws, regulations or procedural rules. Service Providers shall also be subject to any customer complaint procedures established or approved by the General Secretariat.

Chapter Thirteen.- Provision of Information

Article (127)

The General Secretariat may require Service Providers or others to provide it with information that it deems necessary for the exercise of its powers or that enables it to perform its functions.

Article (128)

Such information shall be provided in the format specified by the Information Request and may include, but not limited to, data that must be calculated or compiled by the recipient of the Information Request, original paper-based documents and information stored in digital electronic format.

Article (129)

The Information Request shall specify the data that is required, identify the proceeding and purpose for which the data is being collected, and indicate the time period within which the information must be supplied to the General Secretariat. The General Secretariat may extend the deadline for the submission of part or all of the information requested if the recipient of the Information Request provides a convincing justification, in writing, at least five (5) working days before the date on which the information is due.

Article (130)

The General Secretariat shall take into consideration a request made by the recipient of the Information Request for the confidential treatment of the information provided and the General Secretariat shall ensure that appropriate measures are taken to protect the confidentiality of information, which the General Secretariat determines to be confidential or commercially sensitive.

Article (131)

The recipient of an Information Request shall cooperate fully and shall provide true and complete answers to the questions posed within the timeframe established by the General Secretariat.

Article (132)

If a recipient of an Information Request does not furnish the requested information within the time stipulated by the General Secretariat, the General Secretariat may base its decisions or any other actions on the best alternative data available to it, and may collect the alternative data from published reports issued by third parties, relevant benchmarks, and reasonable estimates based on known data.

09Jul/17

Resolución 109/2016, del 16 de diciembre de 2016, del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA). Estándar del Servicio de Provisión de Internet en forma inalámbrica (WIFI)

VISTO el Expediente nº 35/14 del Registro del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), los Decretos nros. 375 de fecha 24 de abril de 1997, 500 de fecha 2 de junio de 1997, ambos ratificados por el Decreto de Necesidad y Urgencia nº 842 de fecha 27 de agosto de 1997, los Decretos nros. 163 de fecha 11 de febrero de 1998, 1799 de fecha 4 de diciembre de 2007 y la Resolución nº 96 de fecha 31 de julio de 2001 del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), y

CONSIDERANDO:

Que en el Expediente citado en el Visto tramita actualmente la propuesta del Departamento de Control de Calidad de este Organismo Regulador de implementar el “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del SIistema Nacional de Aeropuertos (SNA)”, a fin de garantizar la prestación en forma libre y gratuita del servicio en el marco de un determinado estándar, mejorando la experiencia del usuario.

Que cabe considerar que el área técnica del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) analizó las características y la calidad del servicio de provisión de Internet en forma inalámbrica (WIFI) que se brinda en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), realizando pruebas de velocidad en varios de los referidos aeropuertos.

Que de dicho análisis surgió que el mencionado servicio se presta en diferentes condiciones en los distintos aeropuertos y que no existe una calidad mínima establecida que satisfaga las necesidades del usuario aeroportuario en el Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA).

Que en tal sentido el Departamento de Control de Calidad manifiesta que “El ORSNA como parte de su misión debe velar por la calidad de los servicios aeroportuarios que se ofrecen en los Aeropuertos del SNA, por ello debemos garantizar que la experiencia del usuario del servicio WIFI sea satisfactoria”.

Que el Departamento de Control de Calidad informa que los canales en las frecuencias 2,4Ghz y 5Ghz están ocupados por redes WIFI de prestadores, de organismos oficiales y del Concesionario Aeropuertos Artentina 2000 Sociedad Anónima, generando, de este modo, interferencias y degradando la calidad de las transmisiones de internet gratuito y la calidad del servicio prestado al usuario.

Que el área técnica expresa que “Se observa que los explotadores determinan características del servicio heterogéneas entre sí y además que no existe una calidad mínima establecida que satisfaga las necesidades del usuario aeroportuario, se sugiere que este Organismo establezca un estándar mínimo de servicio para garantizar un servicio adecuado”.

Que el mencionado Departamento, a los efectos de garantizar un servicio adecuado, indica que “Analizando distintos mecanismos que proponen los fabricantes y analistas, establecer una velocidad mínima garantizada en los horarios de conexiones pico resulta el más indicado dada la distribución horaria en las terminales aeroportuarias”.

Que el Departamento de Control de Calidad concluye que “La implementación del esquema de velocidad mínima permite la utilización del ancho de banda ocioso el resto del tiempo en que hay menos usuarios, por ello este mecanismo maximiza la utilización del ancho de banda para el usuario”. A ello agregó que “En base a las mediciones formuladas, y teniendo en cuenta lo dicho se sugiere la adecuación del espectro wifi y el establecimiento de un estándar para la provisión del servicio wifi gratuito”. Así también se sugiere que el servicio wifi esté disponible a la mayor cantidad de usuarios aeroportuarios posible”. Por último el área técnica en cuestión señala que “…habiéndose analizado el equipamiento adquirido por parte del concesionario Aeropuertos Argentina 2000 S.A, se sugiere que los aeropuertos bajo su administración conformen la primera etapa de implementación del estándar wifi dado que resultan capaces y suficientes”.

Que conforme lo expuesto en los considerandos precedentes, se prevé la necesidad de establecer un estándar para la prestación del servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA).

Que para el establecimiento del estándar propiciado en el servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), el Departamento de Control de Calidad utilizó como parámetro similar la calidad del servicio en cuestión prestado en la región y en otros países del mundo.

Que de dicho estudio surge que la prestación del servicio de provisión de Internet en forma inalámbrica (WIFI) libre y gratuito es una práctica habitual que se realiza en otros aeropuertos del mundo que favorece la comunicación de los usuarios aeroportuarios, ofreciéndose en condiciones de igualdad, libre acceso y no discriminación en el uso de dicho servicio.

Que la estandarización de los parámetros de calidad en el citado servicio otorga previsibilidad en la prestación del mismo, favoreciendo de esta manera a los usuarios, quienes incorporan a su cotidianeidad el uso de equipos de comunicación portátiles en los aeropuertos.

Que asimismo, el establecimiento de un estándar respecto de este servicio aporta orden y seguridad en el uso del espectro del servicio de provisión de Internet en forma inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA).

Que el estándar que propicia el Departamento de Control de Calidad fija un mínimo de velocidad garantizada en los horarios en que se encuentran presentes la mayor cantidad de conexiones simultáneas, y prevé que en el resto de los horarios la velocidad de conexión se distribuya según la cantidad de conexiones establecidas.

Que ello permite que en caso de existir pocas conexiones los usuarios incrementen su velocidad y así mejore su experiencia y satisfacción en el uso del servicio de provisión de Internet en forma inalámbrica (WIFI).

Que la implementación del esquema de velocidad mínima permite la utilización del ancho de banda ocioso el resto del tiempo en que hay menor cantidad de usuarios.

Que asimismo, con la presente medida se busca otorgar un servicio seguro que evite cualquier tipo de filtración de los datos sensibles.

Que la medida propuesta por el Departamento de Control de Calidad será sometida, a continuos exámenes de eficiencia y eficacia en forma constante a los fines de evaluar su aplicación y los logros obtenidos.

Que asimismo, cabe considerar que el Decreto nº° 375 de fecha 24 de abril de 1997 establece en su Artículo 14 Inciso a), que el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) tiene entre sus principios y objetivos asegurar la igualdad, el libre acceso y la no discriminación en el uso de los servicios e instalaciones aeroportuarias.

Que dentro de los servicios que se prestan actualmente en los aeropuertos, se encuentra el de provisión de Internet en forma inalámbrica (WIFI), por lo que este Organismo Regulador debe llevar adelante los mecanismos pertinentes a los fines de establecer los requisitos mínimos de su prestación.

Que de acuerdo a lo establecido en el Título Primero, Numeral 1, Punto a) del Pliego de Bases y Condiciones aprobado por el Decreto nº 500 de fecha 2 de junio de 1997 el Estado Nacional persiguió con la Licitación del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA) “mejorar substancialmente la actual infraestructura y operación de los aeropuertos objeto de la presente licitación y llevarla a los mayores niveles de operatividad, seguridad, tecnología y confianza posibles, acordes con los estándares internacionales en la materia, de forma de garantizar la mejor prestación del servicio aeroportuario a los usuarios”.

Que otro de los propósitos de la concesión, plasmado en el Punto c) del Numeral 1 de la citada norma fue el de “Incrementar la calidad de la prestación del servicio aeroportuario a los efectos de beneficiar a los usuarios destinatarios de tales mejoras”.

Que la concesión para la administración, explotación y funcionamiento de los aeropuertos integrantes del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos ha sido otorgada a la empresa Aeropuertos Argentina 2000 Sociedad Anónima por medio del Decreto nº 163 de fecha 11 de febrero de 1998, exigiendo que la administración y explotación comercial que el Concesionario ejerce, se desarrolle llevando a cabo todas las medidas y acciones necesarias para asegurar la continuidad en la prestación de los servicios cuya explotación se comprenda en los términos de la concesión, y el mantenimiento de los aeropuertos involucrados en óptimas condiciones operativas, asegurando además a los usuarios condiciones de seguridad y confort en el uso de las instalaciones (Artículo 13, numeral XXV).

Que el Numeral 3 de la Parte Cuarta del Acta Acuerdo de Adecuación de Contrato de Concesión, ratificada por Decreto nº 1799 de fecha 4 de diciembre de 2007, prevé la obligación del Concesionario de cumplir con los estándares de calidad que establezca el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), los cuales deben ser prudentes y establecidos de manera razonable por este Organismo Regulador según lo previsto en el Anexo I de la referida Acta Acuerdo

Que por su parte, el “Reglamento General de Uso y Funcionamiento de los Aeropuertos del Sistema Nacional de Aeropuertos” aprobado por la Resolución nº 96 de fecha 31 de julio de 2001 de este Organismo Regulador estableció en el Artículo 5.6.1 que el explotador aeroportuario deberá: “Aplicar y cumplir el nivel de servicio y los estándares de calidad de atención al pasajero, usuario y público en general, establecidos por el ORSNA o por la Autoridad de aplicación que corresponda”.

Que, en este sentido, el estándar propuesto en la presente se encuentra acorde con los lineamientos básicos por los cuales se determinó la concesión para la explotación, administración y funcionamiento del Grupo “A” de Aeropuertos del Sistema Nacional de Aeropuertos (SNA).

Que el Departamento de Sistemas y de Tecnología Informática de este Organismo Regulador ha tomado la intervención pertinente en el ámbito de su competencia.

Que la Gerencia de Asuntos Jurídicos, ha tomado la debida intervención.

Que el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) es competente para el dictado de la presente, conforme lo dispone el Artículo 3° de la Ley Nacional de Procedimientos Administrativos nº 19.549 y demás normativa citada precedentemente.

Que en reunión de Directorio de fecha 18 de noviembre de 2016 se ha considerado el asunto, facultándose al suscripto a dictar la presente medida.

Por ello,

EL DIRECTORIO DEL ORGANISMO REGULADOR DEL SISTEMA NACIONAL DE AEROPUERTOS

RESUELVE:

Artículo 1°.-  Aprobar el “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)” que como ANEXO I integra la presente medida.

Artículo 2°.-  Instruir a la empresa Aeropuertos Argentina 2000 Sociedad Anónima a que implemente la provisión del servicio de Internet en forma inalámbrica (WIFI) de acuerdo al “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)”, aprobado en el Artículo 1° de la presente medida, en el marco de las instrucciones emitidas por el Departamento de Control de Calidad de este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) y/o el área que lo reemplace.

Artículo 3°.- Instruir al Departamento de Control de Calidad y al Departamento de Sistemas y de Tecnología Informática a los efectos de que analice y verifique la provisión del servicio en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA) sobre la base del estándar aprobado en el Artículo 1° de la presente medida.

Artículo 4°.-  Regístrese, Notifíquese al Concesionario Aeropuertos Argentina 2000 Sociedad Anónima, publíquese, dése a la Dirección Nacional del Registro Oficial y cumplido, archívese.

Lic. PATRICIO DI STEFANO, Presidente, Organismo Regulador del Sistema Nacional de Aeropuertos, O.R.S.N.A.

ANEXO I.- Estándar del Servicio de Provisión de Internet en Forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)

1.- Ámbito de Aplicación
El Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) será de aplicación en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA), debiendo el Concesionario Aeropuertos Argentina 2000 Sociedad Anónima brindar el mencionado servicio de acuerdo al presente estándar, asegurando su prestación libre, gratuita y en condiciones de igualdad y no discriminación.

2.- Área de Cobertura
El servicio deberá ser prestado y estar disponible en la parte pública y la zona estéril de la terminal de pasajeros, entendida esta última como el sector comprendido entre un puesto de inspección y la aeronave, cuyo acceso está estrictamente controlado y sirve para la permanencia de los pasajeros que aguardan un determinado vuelo.

3.- Servicio Prestado

a) Los usuarios podrán conectarse por el término de UNA (1) hora de duración con reconexiones ilimitadas.

b) El servicio de WIFI deberá estar disponible las 24 (VEINTICUATRO) horas del día, los 365 (TRESCIENTOS SESENTA Y CINCO) días del año. Es decir que debe prestarse en forma continua e ininterrumpida.

c) El usuario deberá poder moverse por todo el aeropuerto —en las áreas en las que corresponda su prestación en los términos del Punto 2 de este Anexo I— sin necesidad de reconectarse al servicio, salvo el caso de reconexión previsto en el apartado a) del presente punto.

4.- Página de Inicio

4.1.- Al conectarse a la red WI-FI, el servicio provisto por el Concesionario deberá indicar al usuario que debe aceptar las políticas de uso y privacidad, términos y condiciones para su utilización.

4.2.- Una vez aceptadas se deberá presentar un sitio web con las siguientes características:
• Todo el sitio deberá adaptarse a la pantalla del dispositivo (responsive design).
• Todo el sitio deberá estar en el idioma Castellano, Inglés y Portugués.
• No podrá contener publicidades comerciales.
• Cada página del sitio web no deberá ser mayor a TRESCIENTOS (300) KB.
• Deberá incluir un link para visualizar los términos y condiciones del servicio provisto.
• El usuario deberá aceptar los términos y condiciones para acceder al servicio.
• La comunicación deberá estar cifrada.
• Todo el sitio deberá cumplir los estándares W3C.

5.- Características de la conexión

a) El Concesionario deberá prestar el servicio en las frecuencias 2,4Ghz (IEEE 802.11b/g/n) y 5Ghz (IEEE 802.11 a/n/ac) dentro del área de cobertura descripta en el Punto 2 del presente Anexo I.

b) El Concesionario deberá garantizar un mínimo de 1024 Kbps simétrico de ancho de banda ya sea nacional y/o internacional por cada conexión.

c) El ancho de banda de cada conexión no podrá ser limitado.

d) El Concesionario deberá garantizar la capacidad del vínculo al servicio para satisfacer a las “conexiones hora pico”.

e) El ancho de banda deberá estar distribuido en base a la cantidad de conexiones establecidas y deberá implementar mecanismos de balanceo de carga para tal fin.

f) El Concesionario deberá evaluar diariamente el tráfico total consumido y si el consumo fuera mayor al NOVENTA POR CIENTO (90%) de su capacidad deberá ampliar el vínculo a Internet. No deberá requerir información personal al usuario.

g) El Concesionario no podrá instalar software en los dispositivos de los usuarios.

6.- Señalización

a) El SSID deberá ser: WIFI-FREE (Nombre del Aeropuerto).

b) La calidad del beacon WIFI deberá ser superior al CINCUENTA POR CIENTO (50%).

c) La configuración del beacon interval del WIFI deberá ser entre CINCUENTA (50) y CIEN (100) milisegundos.

d) La intensidad de señal del punto de acceso más cercano deberá ser mayor a 70dBm.

e) Deberá proveerse IEEE 802.11 (b/g/n) en 2,4GHz y IEEE 802.11(a/n/ac) en 5GHz.

f) El Concesionario deberá garantizar la exclusividad del canal Mhz utilizado para la red WIFI evitando la superposición de canales.

g) Deberán utilizar el canal UNO (1) y SEIS (6) en 2,4GHz y del TREINTA Y SEIS (36) al CIENTO VEINTE (120) en 5Ghz para la red WIFI.

h) El resto de las redes WIFI del aeropuerto deberán utilizar el canal ONCE (11) en 2,4Ghz y los canales del CINTO VEINTE (120) en adelante en 5Ghz.

7.- Seguridad

a) El Concesionario deberá implementar un nivel de seguridad sobre la navegación a fin de evitar que los usuarios naveguen por sitios que puedan infringir las normativas vigentes.

b) El Concesionario deberá garantizar la privacidad de los usuarios conectados, mediante mecanismos de validación y encriptación:
Cada conexión a internet deberá ser única y no podrán verse los dispositivos entre sí.

Las comunicaciones entre el cliente y el “hotspot” deberán estar encriptadas.
El algoritmo de encriptación deberá ser WPA2 o superior.

c) El Concesionario deberá resguardar la seguridad de la red y de los sistemas del Aeropuerto de que se trate. Para ello, deberá contar con equipos destinados a tal fín. Deberá aplicar: filtros antispam; pornografía; fishing, propagandas, evitación de filtro, hacking, actividades ilegales, descargas ilegales, drogas ilegales, y armas, siendo esta enumeración meramente enunciativa pudiendo este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) requerir otros filtros.

d) El Concesionario deberá garantizar que en la red a la cual se conecten los usuarios no se propaguen programas y/o paquetes que afecten a la seguridad.

e) El Concesionario no podrá almacenar el contenido del tráfico de los usuarios.

f) El Concesionario deberá implementar mecanismos a fin de evitar conexiones “Man in the Middle”.

8.- Implementación del Servicio

a) El Departamento de Control de Calidad de este Organismo Regulador y/o el área que lo reemplace emitirá instrucciones al Concesionario Aeropuertos Argentina 2000 Sociedad Anónima respecto a la implementación del “Estándar del Servicio de Provisión de Internet en forma Inalámbrica (WIFI) en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA)”.

b) El Concesionario deberá requerir a los organismos públicos con presencia en los Aeropuertos del Grupo “A” del Sistema Nacional de Aeropuertos (SNA) y a los prestadores aeroportuarios, la adecuación de sus redes inalámbricas a la presente medida.

c) El Concesionario deberá auditar que los diferentes prestadores del servicio cumplan con la presente ordenando los canales en las frecuencias 2,4Ghz y 5Ghz.

9.- Información a suministrar por Aeropuertos Argentina 2000 Sociedad Anónima.

El Concesionario deberá remitir en formato digital antes del décimo día de cada mes a este Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) a la dirección electrónica [email protected] un informe sobre la capacidad y ocupación del servicio WIFI.

En dicho informe deberán figurar datos estadísticos que reflejen el funcionamiento del servicio y la acreditación del cumplimiento del estándar fijado por el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA).

Entre los datos a informar al Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA), deberán figurar:

a. Ancho de banda total (nacional e internacional).

b. Ancho de banda nacional e internacional consumido.

c. Cantidad de usuarios conectados por hora por día.

d. Kb/s promedio por usuario.

e. Total de tráfico promedio por usuario.

f. Cantidad de tráfico por servicio/protocolo.

g. Rango de los DIEZ (10) servicios o aplicaciones que consuman más tráfico.

h. Cantidad de incidentes del servicio, especificando su tipo y duración.

i. Cantidad de reclamos por el servicio.

j. Histograma mensual del tráfico total.

Cabe destacar que la precedente enumeración es meramente enunciativa, pudiendo el Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) requerir toda otra que considere pertinente.

10.- Falla en el Servicio
Cualquier tipo de contingencia que tenga el Concesionario respecto de la prestación del presente servicio que no permita ser suministrado en las modalidades aquí establecidas, deberá ser puesto en conocimiento del Organismo Regulador del Sistema Nacional de Aeropuertos (ORSNA) a la mayor brevedad posible a la dirección electrónica [email protected].

11.- Incumplimentos
La falta de cumplimiento de la presente medida será pasible de la aplicación de los procedimientos sancionatorios que correspondan.

09Jul/17

Acordada 9/2016, de 29 de marzo de 2016, de la Corte Suprema de Justicia de la Nación (CSJN)

Exp. 1074/2016

En Buenos Aires, a los 29 días del mes de marzo del año 2016, los
señores Ministros que suscriben la presente,

CONSIDERARON:

I. Que dentro del proceso de cambio y modernización en la prestación del servicio de justicia, que la Corte Suprema de Justicia de la Nación viene desarrollando en el marco del programa de fortalecimiento institucional del Poder Judicial de la Nación, en uso de las facultades que le otorga la Constitución Nacional en razón de lo dispuesto por las leyes nº
25.506, 26.685 y 26.856 este Tribunal ha procedido reglamentar distintos
aspectos vinculados al uso de tecnologías electrónicas digitales, y en
consecuencia dispuso su gradual implementación en el ámbito del Poder
Judicial de la Nación a partir de la puesta marcha de distintos proyectos de
informatización y digitalización.

II. Que en el marco de los principios universales del Desarrollo Sustentable contenidos en la Declaración de Río de Janeiro de 1992 sobre Medio Ambiente y Desarrollo y receptados por nuestra Constitución Nacional en su art. 41, por la Ley General del Ambiente, Ley nº 25.675, que vienen siendo implementados por este Tribunal (acordadas 35/11, 38/11, entre otras), resulta prioritario implementar medidas de acción que permitan cooperar en este aspecto.

Que a fin de continuar con esta política, se adoptara esta medida que racionaliza el uso del papel y redunda su vez en un mejor aprovechamiento del espacio físico.

III. Que la implementación de los distintos Sistemas de Gestión en las dependencias del Poder Judicial de la Nación, permite la integración de las actuaciones por tecnología digital sustituyendo los medios de uso convencional para la realización de las actividades vinculadas a las
actuaciones que aquí se tramitan.

IV. Que en el marco de este plan de modernización y, teniendo en cuenta el convenio firmado con la Oficina Nacional de Tecnología de la Información (ONTI), el 2 de septiembre de 2011, corresponde disponer la utilización de la firma digital en los trámites administrativos vinculados las resoluciones de la Secretaría General de Administración de la Corte Suprema de Justicia de la Nación.

V. Que ello se realizará progresivamente en las distintas dependencias de dicha Secretaria empleando un procedimiento y una metodología homogénea y transparente, lo cual permitirá resguardar la seguridad jurídica de los actos y la sustitución del soporte papel; debiéndose publicar las disposiciones administrativas firmadas de acuerdo al método indicado en los sitios web del Tribunal.

VI. Que la presente medida se dicta en ejercicio de las competencias propias de esta Corte Suprema de Justicia de la Nación como cabeza de este poder del Estado (art. 108 de la Constitución Nacional, cuyas atribuciones se encuentran ampliamente desarrolladas en los antecedentes que cita la acordada 4/2000, considerandos 1 al 7) por cuanto el dictado de sentencias, acordadas y resoluciones resulta un acto propio del Poder Judicial, en tanto el Tribunal tiene las facultades de dictar su reglamento interior (art. 113 de la Constitución Nacional).

Por ello,

ACORDARON:

1°) Aprobar el uso de la firma digital en el ámbito de la Secretaria General de Administración de la Corte Suprema de Justicia de la Nación en los actos que rubrique el señor Secretario General de Administración y los funcionarios que él designe.

2°) Establecer que en todos los casos en que se aplique la firma digital, no será necesario la utilización del soporte papel, quedando lo resuelto en soporte electrónico cuyo almacenamiento y resguardo estará a cargo de la Dirección de Sistemas del Tribunal.

Todo lo cual dispusieron, ordenando que se comunique, publique en la
página web del Tribunal, en el Boletín Oficial, en la página del CIJ y se
registre en el libro correspondiente, por ante mí, que doy fe.

RICARDO LUIS LORENZETTI, Presidente de la Corte Suprema de Justicia de la Nación

ELENA HIGHTON DE NOLASCO, Ministro de la Corte Suprema de Justicia de la Nación

JUAN CARLOS MAQUEDA, Ministro de la Corte Suprema de Justicia de la Nación

HECTOR DANIEL MARCHI, Secretario General de Administración de la Corte Suprema de Justicia de la Nación

08Jul/17

Disposición 17/2016, de 14 de julio de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP)

Disposición 17/2016, de 14 de julio de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP). Obligados ante el Registro Nacional “No llame”

Visto el Expediente nº S04:0012306/2016 del registro de este Ministerio, la Ley nº 26951 y su reglamentación aprobada por el Decreto nº 2501 del 17 de diciembre de 2014, las Disposiciones DNPDP nº 3 del 16 de enero de 2015 y 44 del 18 de agosto de 2015, y

CONSIDERANDO:

Que entre las atribuciones asignadas a esta Dirección Nacional se encuentra la de dictar las normas reglamentarias que se deben observar en el desarrollo de las actividades comprendidas por la Ley nº 26951 y el Decreto nº 2501/14.

Que la Ley mencionada crea en el ámbito de la Dirección Nacional de Protección de Datos Personales, el Registo Nacional “No llame” con el objeto de proteger a los titulares o usuarios autorizados de los servicios de telefonía, en cualquiera de sus modalidades, de los abusos del procedimiento de contacto, publicidad, oferta, venta y regalo de bienes o servicios no solicitados.

Que en virtud del artículo 7 de la Ley nº 26951, quienes publiciten, oferten, vendan o regalen bienes o servicios utilizando como medio de contacto los servicios de telefonía en cualquiera de sus modalidades, no podrán dirigirse a ninguno de los inscriptos en el Registro Nacional “No llame” y deberán consultar la lista de inscriptos proporcionada por la autoridad de aplicación con una periodicidad de TREINTA (30) días correspondiendo a la Autoridad de Aplicación determinar el procedimiento para dicha consulta.

Que por la Disposición DNPDP nº 003/15, se implementó el Registro Nacional “No llame”, estableciéndose el procedimiento para la descarga del Formulario “C06 – Certificación de Requisitos de Obligados por el Registro Nacional No llame.- Ley 26.951“, el que habilita para la descarga de la lista de inscriptos en el Registro Nacional “No llame”.

Que el objeto de dicho procedimiento es que esta Autoridad de Control verifique que los obligados por la Ley 26.951 cumplan con los requisitos legales que les son exigidos para poder consultar el citado Registro.

Que, entre otros requisitos, en su carácter de usuarios y responsables de archivos, registros y bancos de datos de acuerdo a lo establecido en la Ley nº 25326 y su modificatoria, deben encontrarse inscriptos ante el Registro Nacional de Bases de Datos habilitado por esta Dirección Nacional, según establece el artículo 7, párrafo tercero, del Anexo I al Decreto nº 2501/14.

Que el artículo 7 de la Disposición DNPDP nº 2 del 14 de febrero de 2005 establece que la inscripción en el Registro Nacional de Bases de Datos tendrá validez anual.

Que a los fines de mantener actualizada la nómina de obligados por el Registro Nacional “No llame”, también resulta indispensable establecer un límite temporal a la validez de la misma.

Que por Disposición DNPDP nº° 44/15 se aprobó el “Sistema de Gestión de Denuncias”, cuya finalidad es determinar el trámite a ser asignado en cada caso y conformar las planillas con el detalle de las denuncias recibidas que se adjuntarán a las respectivas intimaciones.

Que es necesario fijar un criterio para los casos en que corresponda la apertura de actuaciones administrativas, a los fines de iniciar el procedimiento sancionatorio establecido en el artículo 31 , apartado 3 de la reglamentación de la Ley nº 25326 , aprobada por el Decreto nº 1558 del 29 de noviembre de 2001 y su modificatorio.

Que se considera apropiado iniciar actuaciones administrativas mensualmente, en concordancia con el plazo dispuesto en el artículo 7 de la Ley 26.951 para la consulta de inscripciones y bajas en el Registro Nacional “No llame”.

Que teniendo en cuenta la experiencia de esta Dirección Nacional a UN (1) año de la vigencia de la Ley 26.951 y normas reglamentarias y complementarias, se considera conveniente, a fin de evitar un dispendio administrativo desmedido, que la apertura de actuaciones administrativas se realice no sólo mensualmente, sino también teniendo en cuenta una cantidad de denuncias por denunciado que permita mayor celeridad y sencillez en la atención del procedimiento aplicable y, consecuentemente, una mejor protección de los derechos amparados por la Ley 26.951.

Que las denuncias que correspondan a empresas denunciadas que no alcancen el número considerado para la apertura de actuaciones administrativas, se incluirán en los meses sucesivos.

Que ha tomado intervención el servicio permanente de asesoramiento jurídico de este Ministerio.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 9 de la Ley nº 26.951 y el artículo 2 del Anexo I al Decreto nº 2501 del 17 de diciembre de 2014.

Por ello,

 

EL DIRECTOR NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

 

DISPONE:

Artículo 1.- La habilitación de obligados ante el Registro Nacional “No llame” tendrá validez anual. Dentro del plazo de CUARENTA Y CINCO (45) días corridos anteriores a la fecha de vencimiento de dicha inscripción, deberá solicitarse su renovación, completando el Formulario “C06 – Certificación de Requisitos de Obligados por el Registro Nacional No llame. Ley 26.951“.

 

Artículo 2.- Las habilitaciones que cuenten con más de UN (1) año desde su aprobación, deberán regularizar su situación dentro de los CUARENTA Y CINCO (45) días desde la entrada en vigencia de la presente.

 

Artículo 3.- La apertura de actuaciones administrativas se hará mensualmente, teniendo en cuenta una cantidad de denuncias por denunciado que permita mayor celeridad y sencillez en la atención del procedimiento aplicable. Las denuncias que correspondan a empresas denunciadas que no alcancen el número considerado para la apertura de actuaciones administrativas, se incluirán en los meses sucesivos.

 

Artículo 4.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.-

 

EDUARDO BERTONI, Director, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

08Jul/17

Disposición 55-E/2016, de 25 de octubre de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP)

Disposición 55-E/2016, de 25 de octubre de 2016, de la Dirección Nacional de Protección de Datos Personales (DNPDP), que aprueba el “Procedimiento de Inspección y Control de la Dirección Nacional de Protección de Datos Personales” de 2016.

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

Disposición 55-E/2016

Ciudad de Buenos Aires, 25 de octubre de 2016

VISTO el Expediente nº EX-2016-00206789- -APN-DNPDP del registro de este Ministerio, la Ley nº 25.326 y su Decreto Reglamentario nº 1558 del 29 de noviembre de 2001, modificado por su similar nº 1160 del 11 de agosto de 2010 y la Disposición nº 3 del 31 de julio de 2012 de esta Dirección Nacional, y

CONSIDERANDO:

Que la Ley nº 25.326 tiene por objeto la protección integral de los datos personales asentados en archivos, registros, bancos de datos, u otros medios técnicos de tratamiento de datos, sean éstos públicos, o privados destinados a dar informes, para garantizar el derecho al honor y a la intimidad de las personas, así como también el acceso a la información que sobre las mismas se registre, de conformidad a lo establecido en el artículo 43, párrafo tercero de la Constitución Nacional.

Que es facultad de esta Dirección Nacional diseñar los instrumentos que considere adecuados para la mejor protección de los datos personales y para el cumplimiento de sus funciones y atribuciones.

Que de conformidad con lo establecido en el artículo 29, inciso 1, apartados b) y e), de la Ley nº 25.326, se encuentran entre sus funciones y atribuciones, las de dictar las normas y reglamentaciones que se deben observar en el desarrollo de sus actividades; y las de solicitar la información pertinente a las entidades públicas y privadas, en orden a proporcionar los antecedentes, documentos, programas u otros elementos relativos al tratamiento de los datos que se le requieran.

Que asimismo tiene la facultad de controlar la observancia de las normas sobre integridad y seguridad de datos por parte de los archivos, registros o bancos de datos. A tal efecto podrá solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la Ley nº 25.326, conforme el artículo 29, inciso 1, apartado d), de la mencionada norma.

Que se ha iniciado un proceso de revisión interna de los procedimientos sobre inspecciones a efectos de hacerlo más eficiente y fortalecer el rol de órgano de control de esta Dirección Nacional.

Que, con la sanción de la Ley nº 26.951, que crea el Registro Nacional “No llame”, se establece que esta Dirección Nacional es su autoridad de aplicación, conforme su artículo 9°.

Que, por lo tanto, se impone ampliar el control que lleva a cabo este organismo a fin de fiscalizar el cumplimiento de las obligaciones que impone la norma citada en el párrafo precedente.

Que, por todo lo expuesto, deviene necesario derogar el procedimiento de inspección aprobado por la Disposición DNPDP nº 3/12, aprobando un nuevo procedimiento de inspección y control.

Que ha tomado la intervención que le compete la Dirección General de Asuntos Jurídicos de este Ministerio.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 29, inciso 1, apartado b) de la Ley nº 25.326 y el artículo 29, inciso 5, apartado a) del Anexo I del Decreto nº 1558/01 y su modificatorio.

Por ello,

EL DIRECTOR NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

DISPONE:

Artículo 1°.- Derógase la Disposición DNPDP N° 3 del 31 de julio de 2012.

Artículo 2°.- Apruébase el “Procedimiento de Inspección y Control de la Dirección Nacional de Protección de Datos Personales” que se dispone en el Anexo IF-2016-02519312-APN-DNPDP y que forma parte de la presente.

Artículo 3°.- Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

EDUARDO BERTONI, Director Nacional, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

ANEXO I.- “PROCEDIMIENTO DE INSPECCIÓN Y CONTROL DE LA DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES”

1) Objetivos de las inspecciones

a) Fiscalizar y controlar las actividades del responsable del tratamiento de datos, los datos personales que administra, y los medios y la forma en que lo hace.

b) Evaluar el grado de cumplimiento conforme lo dispuesto por la Ley nº 25.326, la Ley nº 26.951, y demás normativa aplicable en el marco de la competencia de la Dirección Nacional de Protección de Datos Personales (DNPDP), con el objeto de:

I) detectar incumplimientos a la normativa vigente; y

II) realizar los requerimientos necesarios para adecuar el tratamiento de datos a la normativa vigente.

2) Competencia

Las facultades de la DNPDP para llevar adelante las inspecciones están establecidas en las siguientes normas:

Artículo 29, inciso 1, apartado d), Ley nº 25.326: “Controlar la observancia de las normas sobre integridad y seguridad de datos por parte de los archivos, registros o bancos de datos. A tal efecto podrá solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la presente ley”.

Artículo 29, inciso 1, apartado e), Ley nº 25.326: “Solicitar información a las entidades públicas y privadas, las que deberán proporcionar los antecedentes, documentos, programas u otros elementos relativos al tratamiento de los datos personales que se le requieran. En estos casos, la autoridad deberá garantizar la seguridad y confidencialidad de la información y elementos suministrados”.

3) Alcance de la inspección

Las inspecciones abarcarán los siguientes aspectos, sin perjuicio de otros que puedan contemplarse al momento de llevarse a cabo:

a) Licitud de las bases de datos (artículos 3°, 21 y 24, Ley nº 25.326).

b) Calidad de los datos tratados (artículo 4°, Ley nº 25.326).

c) Consentimiento del titular del dato e información (artículos 5° y 6°, Ley nº 25.326).

d) Cumpliento de los principios de categrías de datos, seguridad y confidencialidad (artículos 7°, 9° y 10, Ley nº 25.326).

e) Requisitos de la cesión de datos y transferencia internacional de datos (artículos 11 y 12, Ley nº 25.326).

f) Ejercicio de los derechos de los titulares del dato (artículos 14, 15, 16 y 19, Ley nº 25.326).

g) Prestación de servicios de información crediticia (artículo 25, Ley nº 25.326).

h) Tratamiento de datos con fines de publicidad (artículo 27, Ley nº 25.326; Ley N° 26.951).

4) Tipos de inspección

a) De oficio: aquellas que la DNPDP inicia en ejercicio de sus facultades de fiscalización. Se dividen en:

I) Planificadas: las que surgen de la planificación anual.

II) Espontáneas: las que se originan en razones que llegan a conocimiento de la DNPDP, y que pueden impactar en la protección de datos personales y en el derecho a la privacidad.

b) Por denuncia: aquellas que se inician en el marco de una investigación que se sustancia a raiz de una denuncia interpuesta ante la DNPDP. La inspección en este caso tiene el carácter de medida probatoria del sumario administrativo.

5) Planificación de las inspecciones

La DNPDP implementará una planificación de las inspecciones que se llevarán a cabo durante un período determinado, sin perjuicio de otras que puedan ser ordenadas de forma espontánea o como consecuencia de un sumario administrativo.

La selección de los sujetos a inspeccionar estará basada en criterios objetivos de selección, tales como categorías de datos procesados; impacto del tratamiento de datos sobre la privacidad; cantidad de denuncias recibidas; tipo de denuncias recibidas; incumplimiento del deber de inscripción o renovación ante el RNBD.

El proceso de selección se sustanciará mediante un expediente administrativo y tendrá el objeto de identificar a los responsables de tratamientos de datos, sectores o grupos sobre los cuáles se llevaran a cabo las inspecciones. En las actuaciones se dejará constancia del o los criterios objetivos de selección utilizados.

6) Procedimiento de la inspección

a) Apertura del expediente y notificación al responsable sujeto a inspección

Se procederá a la apertura de un expediente administrativo por cada responsable sujeto a inspección seleccionado.

Mediante una providencia se identificarán los inspectores a cargo de cada actuación, quienes actuarán en forma conjunta y/o indistinta.

Se notificará la apertura del procedimiento y se requerirá completar y remitir en un plazo de QUINCE (15) días hábiles administrativos el Formulario de Inspección, debiendo el inspeccionado adjuntar la documentación respaldatoria de sus respuestas. El formulario será puesto a disposición del inspeccionado como anexo de la primera notificación o a través de la página web de la DNPDP, mediante la indicación de su URL para su descarga.

En los casos en los que se considere que la notificación previa pueda afectar el resultado de la inspección, aquella podrá omitirse mediante acto fundado. En estos casos se procederá directamente a llevar a cabo la visita presencial de los inspectores prevista en el punto 6.c de la presente.

b) Programación y notificación de las visitas presenciales

Recibido el formulario de inspección, se programarán las visitas presenciales que llevaran a cabo los inspectores.

La fecha, hora y lugar de la visita presencial se notificará con una antelación no menor a DIEZ (10) días hábiles administrativos. En la notificación podrán incluirse los requerimientos que a criterio del inspector resulten necesarios, y que podrán cumplirse por el inspeccionado hasta la fecha de la visita presencial.

c) Visita presencial

Los inspectores se harán presentes en domicilio denunciado por el inspeccionado, a los fines de la visita presencial, para acceder a locales, equipos o programas de tratamientos de datos personales y verificar el correcto cumplimiento de las obligaciones establecidas por la Ley nº 25.326.

Presentación: Los inspectores, previa acreditación, procederán a informar los objetivos y procedimiento de la inspección y verificarán las identidades de los representantes del responsable de tratamiento, corroborando la correspondiente personería o autorización.

Alcance: La inspección abarcará los aspectos jurídicos y técnicos del tratamiento de datos personales y su adecuación a las exigencias de la normativa vigente.

Para la realización de la inspección técnica, se podrán llevar a cabo todas las acciones destinadas a controlar la observancia de las normas sobre integridad y seguridad de datos.

Metodología: Con el objeto de formar un juicio objetivo, se emplearán las siguientes técnicas:

I) Verificaciones verbales: se llevarán a cabo entrevistas al personal del inspeccionado para obtener información verbal sobre los tratamientos de datos efectuados;

II) Verificaciones oculares: mediante la observación, se constatará el cumplimiento de aquellas obligaciones que permitan ser corroboradas visualmente;

III) Verificaciones documentales: análisis de los documentos aportados;

IV) Verificaciones técnicas: mediante las acciones destinadas a controlar la observancia de las normas sobre integridad y seguridad de datos.

Acta: En la visita presencial se labrará un Acta de Inspección, que podrá contener observaciones y requerimientos que a criterio del inspector sean necesarios, sin perjuicio de otros que eventualmente surjan en etapas procedimentales posteriores.

El Acta será suscripta por todos por los inspectores intervinientes y por al menos un representante del inspeccionado que acredite personería o autorización. Si el representante del inspeccionado se negare a firmar, se dejará debida constancia en el Acta, la que será suscripta sólo por los inspectores intervinientes.

En el caso que la inspección técnica deba realizarse en un local distinto al de la visita presencial, se hará constar dicha circunstancia en el Acta, determinando fecha y lugar de realización. Al momento de realizar la inspección técnica en local distinto, se labrará nueva Acta.

Autorización judicial para acceso a locales, equipos y programas: En caso de que resultare necesario solicitar autorización judicial para acceder a locales, equipos, o programas de tratamiento de datos a fin de verificar infracciones al cumplimiento de la Ley nº 25.326, el inspector deberá elaborar un informe al Jefe de Departamento de Investigación y Difusión, o la unidad orgánica que eventualmente lo sustituya, quién elevará la respectiva petición al Director Nacional. En caso de compartir el criterio, se formulará el correspondiente requerimiento.

d) Cierre de la inspección

Con la información obtenida en las distintas etapas del procedimiento de inspección, los inspectores elaborarán y suscribirán un Informe Final en el que se establezca el nivel de cumplimiento del responsable inspeccionado.

Incorporado el Informe Final a las actuaciones, se procederá al cierre de la inspección mediante un acto que será subscripto por el Jefe de Departamento de Investigación y Difusión, o la unidad orgánica que eventualmente lo sustituya. Tanto el Informe Final como el acto de cierre serán notificados al inspeccionado.

Si en el Informe Final no se hubieran formulado observaciones, se procederá al archivo de las actuaciones. En caso contrario, las actuaciones pasarán a la etapa de seguimiento, sin perjuicio de la potestad del Director Nacional de ordenar la sustanciación de un sumario administrativo a fin de verificar la posible comisión de infracciones conforme Disposición DNPDP nº 7/15, concordantes y modificatorias.

e) Seguimiento de las inspecciones

En esta etapa se controlorá que el inspeccionado de cumplimiento a los requerimientos dispuestos para subsanar las observaciones señaladas en el Informe Final. A esos efectos, se lo intimará por el plazo de QUINCE (15) días hábiles administrativos.

En aquellos casos en los que el responsable no acredite su cumplimiento en tiempo y forma, se promoverá la sustanciación del correspondiente sumario administrativo.

Cumplidos la totalidad de los requerimientos en tiempo y forma, se dispondrá el archivo las actuaciones.

07Jul/17

Disposición 60-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP)

Disposición 60-E/2016 de la Dirección Nacional de Protección de Datos Personales (DNPDP), que aprueba las cláusulas contractuales tipo de transferencia internacional para la cesión y prestación de servicios de datos personales

MINISTERIO DE JUSTICIA Y DERECHOS HUMANOS

DIRECCIÓN NACIONAL DE PROTECCIÓN DE DATOS PERSONALES

Disposición 60-E/2016

Ciudad de Buenos Aires, 16 de noviembre de 2016

VISTO el EX-2016-00311578- -APN-DNPDP y las competencias atribuidas a esta Dirección Nacional por la Ley nº 25.326 y su Decreto Reglamentario nº 1558 de fecha 29 de noviembre de 2001, y

CONSIDERANDO:

Que el artículo 12 del Anexo I al Decreto nº 1558/01, faculta a la Dirección Nacional de Protección de Datos Personales a “evaluar, de oficio o a pedido de parte interesada, el nivel de protección proporcionado por las normas de un Estado u organismo internacional”.

Que la misma norma sostiene que “el carácter adecuado del nivel de protección que ofrece un país u organismo internacional se evaluará atendiendo a todas las circunstancias que concurran en una transferencia o en una categoría de transferencias de datos; en particular, se tomará en consideración la naturaleza de los datos, la finalidad y la duración de tratamiento o de los tratamientos previstos, el lugar de destino final, las normas de derecho, generales o sectoriales, vigentes en el país de que se trate, así como las normas profesionales, códigos de conducta y las medidas de seguridad en vigor en dichos lugares, o que resulten aplicables a los organismos internacionales o supranacionales”.

Que, asimismo, dispone “que un Estado u organismo internacional proporciona un nivel adecuado de protección cuando dicha tutela se deriva directamente del ordenamiento jurídico vigente, o de sistemas de autorregulación, o del amparo que establezcan las cláusulas contractuales que prevean la protección de datos personales”.

Que por tales motivos, nuestra legislación admite como garantías adecuadas a los fines de la transferencia internacional de datos personales la existencia de autorregulación o cláusulas contractuales que brinden una protección similar a la de nuestra normativa.

Que a tales fines resulta pertinente determinar las garantías y requisitos necesarios para que las cláusulas contractuales protejan adecuadamente los datos personales que se transfieran a países sin legislación adecuada en los términos del artículo 12 del Anexo I al Decreto nº 1558/01.

Que entiende esta Dirección Nacional que se garantizaran mejor los derechos del titular de los datos personales mediante la aprobación de un modelo de contrato de transferencia internacional, tanto para los casos de cesión como para los de prestación de servicios, el que deberá ser adoptado por quienes deban realizar transferencias internacionales de datos.

Que, asimismo, cabe considerar los casos en que el responsable del tratamiento decida apartarse del modelo que se propone, situación en la que se estima conveniente exigir la presentación del contrato de transferencia internacional ante esta Dirección Nacional para su aprobación, a fin de una adecuada tutela de los derechos de los titulares de los datos a ser transferidos.

Que a los fines de la confección de los contratos modelo cabe tener en cuenta la experiencia internacional, en particular las conclusiones del documento de trabajo relativo a las transferencias de datos personales a terceros países del Grupo de Trabajo del Artículo 29 de la Directiva 95/46/EC, del 24 de julio de 1998 y las cláusulas contractuales tipo de la Comisión de la Comunidad Europea dispuestas en la Decisión 2001/497/CE del 15 de junio de 2001 y la Decisión 2010/87/UE del 5 de febrero de 2010.

Que cabe distinguir en las cláusulas modelo las dos alternativas prácticas más habituales de una transferencia internacional, como son la cesión de datos personales y la prestación de servicios, proponiendo modelos de cláusulas tipo diferenciadas para ambos supuestos.

Que a los fines de la aplicación de la presente medida resulta conveniente determinar aquellos países que a criterio de esta Dirección Nacional de Protección de Datos Personales poseen legislación adecuada.

Que en el expediente EXP-S04:0071111/2011 se analizó la legislación de aquellos países calificados como legislación adecuada por parte de la Unión Europea, concluyéndose sobre el nivel equivalente de las normativas de dichos países respecto de la Ley nº 25.326.

Que resulta conveniente informar al público los países con legislación adecuada a través de la página de Internet de la Dirección Nacional de Protección de Datos Personales, en particular si se tiene en cuenta que la definición de la adecuación de un país respecto de la ley argentina es una cuestión que puede sufrir variaciones periódicas.

Que es menester destacar que el reconocimiento a ciertos países como poseedores de legislación adecuada no importará una calificación, respecto de todos los demás países no incluidos en esa enumeración, como naciones que carecen de esa legislación adecuada.

Que la Dirección General de Asuntos Jurídicos de este Ministerio ha tomado la intervención de su competencia.

Que la presente medida se dicta en uso de las facultades conferidas en el artículo 29, inciso 1, apartado b) de la Ley nº 25.326 y el artículo 29, inciso 5, apartado a) y 12 del Anexo I al Decreto nº 1558/01.

Por ello,

El Director Nacional de Protección de Datos Personales

DISPONE:

ARTÍCULO 1°.-  Apruébanse las cláusulas contractuales tipo de transferencia internacional para la cesión y prestación de servicios incorporadas en los Anexos I y II que forman parte integrante de la presente medida, respectivamente, a fin de garantizar un nivel adecuado de protección de datos personales en los términos del artículo 12 de la Ley nº 25.326 y del Anexo I al Decreto nº 1558/01 en aquellas transferencias de datos que tengan por destino países sin legislación adecuada.

ARTÍCULO 2°.- Dispónese que aquellos responsables de tratamiento que efectúen transferencias de datos personales a países que no posean legislación adecuada en los términos del artículo 12 de la Ley nº 25.326 y su Decreto reglamentario nº 1558/01, y utilicen contratos que difieran de los modelos aprobados en el artículo anterior o no contengan los principios, garantías y contenidos relativos a la protección de los datos personales previstos en los modelos aprobados, deberán solicitar su aprobación ante esta Dirección Nacional presentándolos, a más tardar, dentro de los TREINTA (30) días corridos de su firma.

ARTÍCULO 3°.-  A los fines de la aplicación de la presente disposición se consideran países con legislación adecuada a los siguientes: Estados miembros de la Unión Europea y miembros del espacio económico europeo (EEE), Confederación Suiza, Guernsey, Jersey, Isla de Man, Islas Feroe, Canadá sólo respecto de su sector privado, Principado de Andorra, Nueva Zelanda, República Oriental de Uruguay y Estado de Israel sólo respecto de los datos que reciban un tratamiento automatizado. Esta enumeración será revisada periódicamente por esta Dirección Nacional, publicando la nómina y sus actualizaciones en su sitio oficial en Internet.

ARTÍCULO 4°.-  Comuníquese, publíquese, dése a la Dirección Nacional del Registro Oficial y archívese.

EDUARDO BERTONI, Director Nacional, Dirección Nacional de Protección de Datos Personales, Ministerio de Justicia y Derechos Humanos.

ANEXO I.- Contrato modelo de transferencia internacional de datos personales con motivo de la cesión de datos personales

Entre, por una parte, ______________________________________, con domicilio en la calle________, localidad_____________, provincia de __________, Argentina, (en adelante, “el exportador de datos”) y, por otra, ____________________________ (nombre), __________ (dirección y país), (“en adelante, el importador de datos”), en conjunto “las partes”, convienen el presente contrato de transferencia internacional de datos personales, sometiéndola a los términos y condiciones que se detallan a continuación.

Cláusula 1) Definición de términos

A los efectos del presente contrato se entenderá por los siguientes términos:

a) “datos personales”, “datos sensibles”, “tratamiento”, “responsable” y “titular del dato”, el mismo significado que el establecido en la Ley nº 25.326, de Protección de Datos Personales.

b) “autoridad” o “autoridad de control”, la Dirección Nacional de Protección de Datos Personales de la República Argentina;

c) “exportador”, el responsable del tratamiento que transfiera los datos personales;

d) “importador”, el responsable del tratamiento radicado fuera de la jurisdicción argentina que reciba los datos personales procedentes del exportador de datos para su tratamiento de conformidad con los términos del presente.

Cláusula 2) Características específicas y finalidad del tratamiento

La finalidad y otros detalles específicos de la transferencia, como por ejemplo características de los datos personales transferidos, forma en que se atenderán los pedidos del titular del dato o la autoridad de control, cesiones o transferencias previstas a terceros, y jurisdicción en que se radicarán los datos, se especifican en el Anexo A, que forma parte del presente contrato. Las partes podrán suscribir en el futuro anexos adicionales a fin de incorporar detalles y características de aquellas transferencias que se realicen con posterioridad y que se enmarquen en el presente contrato.

Cláusula 3) Obligaciones del exportador de datos

El exportador de datos acuerda y garantiza lo siguiente:

a) La recopilación, el tratamiento y la transferencia de los datos personales se han efectuado y efectuarán de conformidad con la Ley nº 25.326, y manifiesta que ha cumplido en informar a los titulares de los datos que su información personal podía ser transferida a un tercer país con niveles inferiores de protección de datos a los de la República Argentina.

b) Hará entrega al importador de copia de la legislación vigente en Argentina aplicable al tratamiento de datos previsto.

c) En caso de ejercicio por parte del titular de los datos de los derechos que le otorga la Ley nº 25.326 respecto del tratamiento de sus datos personales previstos en el presente contrato, en especial sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, dará respuesta al mismo respetando los plazos de ley y disponiendo los medios para tal fin, sea por los datos en su poder o por pactarse como obligación a su cargo, lo que se indica en el Anexo A. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador, a menos que las partes hayan acordado que sea el importador quien responda a estas consultas. Aun en este supuesto, será el exportador quien deba responder, en la medida de lo posible y a partir de la información de que pueda disponer, si el importador de datos no responde.

d) Pondrá a disposición de los titulares de los datos, en su carácter de terceros beneficiarios a tenor de la cláusula 5, y a petición de éstos, una copia de las cláusulas que se relacionen al tratamiento de sus datos personales, derechos y garantías.

e) Ha realizado esfuerzos razonables para determinar que el Importador de datos es capaz de cumplir las obligaciones pactadas en el presente contrato. A tal efecto, el exportador podrá solicitar al importador la contratación de un seguro de responsabilidad para eventuales perjuicios ocasionados con motivo del tratamiento previsto, conforme se especifica en el Anexo A.

Cláusula 4) Obligaciones del importador de datos

El importador de datos acuerda y garantiza lo siguiente:

a) Disponer las medidas de seguridad y confidencialidad necesarias y efectivas para evitar la adulteración, pérdida, consulta o tratamiento no autorizado de los datos, y que permitan detectar desviaciones, intencionales o no, ya sea que los riesgos provengan de la acción humana o del medio técnico utilizado verificando que no sean inferiores a las dispuestas por la normativa vigente, de manera tal que garanticen el nivel de seguridad apropiado a los riesgos que entraña el tratamiento y a la naturaleza de los datos que han de protegerse;

b) dispondrá de procedimientos que garanticen que todo acceso a los datos transferidos se realizará por personal autorizado para ello, estableciendo niveles de acceso y claves, quienes cumplirán con el deber de confidencialidad y seguridad de los mismos, suscribiendo convenios a tales fines.

c) que ha verificado que la legislación local no impide el cumplimiento de las obligaciones, garantías y principios previstos en el presente contrato relativos al tratamiento de los datos personales y sus titulares, e informará al exportador de datos en forma inmediata en caso de tener conocimiento de la existencia de alguna disposición de esta índole;

d) tratará los datos personales para los fines descritos en el Anexo A;

e) comunicará al exportador de datos un punto de contacto dentro de su organización autorizado a responder a las consultas que guarden relación con el tratamiento de datos personales y cooperará de buena fe con el exportador de datos, el titular del dato y la autoridad respecto de tales consultas dentro de los plazos de ley. En caso de que el exportador de datos haya cesado de existir jurídicamente, o si así lo hubieran acordado las partes, el importador de datos asumirá las tareas relativas al cumplimiento de las disposiciones de la letra b) de la cláusula 3;

f) pondrá a disposición, a solicitud del exportador de datos o la autoridad, sus instalaciones de tratamiento de datos, sus ficheros y toda la documentación necesaria para el tratamiento, a efectos de revisión, auditoría o certificación. Estas labores serán realizadas, previa notificación razonable y durante horas laborables normales, por un inspector o auditor imparcial e independiente designados por el exportador o la autoridad, a fin de determinar si se cumplen las garantías y los compromisos previstos en el presente contrato;

g) tratará los datos personales de conformidad con la Ley nº 25.326 de protección de datos personales;

h) notificará sin demora al exportador de datos sobre:

i) toda solicitud jurídicamente vinculante de ceder datos personales presentada por una autoridad encargada de la aplicación de ley a menos que esté prohibido por la normativa aplicable (en la medida que no excedan lo necesario en una sociedad democrática siguiendo las pautas del epígrafe siguiente, punto 2),

ii) todo acceso accidental o no autorizado,

iii) toda solicitud sin respuesta recibida directamente de los titulares de los datos, a menos que se le autorice;

i) no cederá ni transferirá los datos personales a terceros excepto que:

1) se establezca de manera específica en el Anexo A del presente contrato o resulte necesario para su cumplimiento, verificando en ambos casos que el destinatario se obligue en iguales términos que el importador en el presente y siempre con el conocimiento y conformidad previa del exportador, o

2) la cesión sea requerida por ley o autoridad competente, en la medida que no exceda lo necesario en una sociedad democrática, por ejemplo, cuando constituya una medida necesaria para la salvaguardia de la seguridad del Estado, la defensa, la seguridad pública, la prevención, la investigación, la detección y la represión de infracciones penales o administrativas, o la protección del titular del dato o de los derechos y libertades de otras personas.

Al recibir la solicitud señalada arriba como punto 2), el Importador deberá de manera inmediata: a) verificar que la autoridad solicitante ofrezca garantías adecuadas de cumplimiento de los principios del artículo 4° de la Ley nº 25.326, y de los derechos de los titulares de los datos para el acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326 salvo en los siguientes casos y condiciones (conforme artículo 17 de la Ley nº 25.326):

i) previstos por la ley o mediante decisión fundada en la protección de la defensa de la Nación, el orden y la seguridad públicos, o la protección de los derechos e intereses de terceros,

ii) mediante resolución fundada y notificada al afectado, cuando pudieran obstaculizar actuaciones judiciales o administrativas en curso vinculadas a la investigación sobre el cumplimiento de obligaciones sujetas a control estatal y relativas al orden público, como ser: tributarias o previsionales, el desarrollo de funciones de control de la salud y del medio ambiente, la investigación de delitos penales y la verificación de infracciones administrativas; sin perjuicio de ello, se deberá brindar el acceso a los datos en la oportunidad en que el afectado tenga que ejercer su derecho de defensa; y b) en caso que la autoridad no otorgue u ofrezca las garantías indicadas en el punto a) inmediato anterior, prevalecerá la ley argentina, por lo que el Importador procederá a suspender el tratamiento en dicho país reintegrando los datos al Exportador según las instrucciones que este le imparta y notificando este último a la autoridad de control.

j) atenderá los pedidos que reciba del titular del dato (en su caso del exportador cuando actúe a su solicitud) respecto de los derechos que le otorga la Ley nº 25.326 sobre el tratamiento de sus datos personales previstos en el presente contrato —en su carácter de tercero beneficiario—, en especial sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, respetando los plazos de ley y disponiendo los medios para tal fin. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad —también en carácter de tercero beneficiario— relativas al tratamiento de los datos personales que realiza, sin perjuicio que las partes hayan acordado de otra forma respecto de quién responda a estas consultas;

k) destruirá, certificando tal hecho, y/o reintegrará al exportador, según se pacte en las condiciones particulares del Anexo A, los datos personales objeto de la transferencia cuando se produzca alguna de las siguientes circunstancias:

1) resolución del presente contrato;

2) imposibilidad de cumplimiento de las disposiciones de la Ley nº 25.326;

3) extinción de la finalidad por la que se transmitieron. Si a dicho momento la legislación nacional o la reglamentación local aplicable al importador no le permita devolver o destruir dichos datos en forma total o parcial, el importador se compromete a informar el plazo legal previsto y guardar el secreto sobre los mismos y a no volver a someterlos a tratamiento. En caso que dicho plazo de conservación sea contrario a los principios de protección de datos personales aplicables al caso no se reiterará la transferencia resolviéndose el contrato, al ser una causal de incumplimiento; y si se verificara tal condición durante la ejecución del contrato, éste deberá resolverse reintegrando los datos al Exportador conforme a las instrucciones que este le imparta.

l) llevará registro del cumplimiento de las obligaciones asumidas en la presente cláusula, cuyo informe estará disponible a pedido del exportador o la autoridad.

Cláusula 5) Responsabilidad y terceros beneficiarios

a) Cada una de las partes deberá responder ante los titulares de los datos por los daños que le hubiese provocado como resultado de la afectación de derechos reconocidos en este contrato en los términos previstos por la Ley nº 25.326, sus normas reglamentarias y derecho de fondo de Argentina.

b) Los titulares de los datos, podrán exigir al Importador, en carácter de terceros beneficiarios, el cumplimiento de las disposiciones de la Ley nº 25.326 relacionadas con el tratamiento de sus datos personales, conforme a las obligaciones y responsabilidades asumidas por las partes en el presente contrato, en particular lo relativo a los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos. 13 a 20 de la Ley nº 25.326; a tal fin, se someten a la jurisdicción argentina, tanto en sede judicial como administrativa. En aquellos casos en que se alegue incumplimiento por parte del importador de datos, el titular del dato podrá requerir al exportador que emprenda acciones apropiadas a fin de cesar dicho incumplimiento.

c) El importador acepta que la autoridad de control ejerza sus facultades respecto del tratamiento de datos que asume a su cargo, con los límites y facultades que le otorga la Ley nº 25.326, aceptando sus facultades de control y sanción, otorgándole a tales fines, en lo que resulte pertinente, el carácter de tercero beneficiario. Las tareas de auditoría podrán ser realizadas tanto por personal de la autoridad de control como por terceras personas idóneas por ella designadas para dicho acto o autoridades locales de competencias análogas en colaboración con la autoridad.

El importador de datos informará sin demora al exportador de datos en el caso de que la legislación existente aplicable a él o a cualquier subencargado no permita auditar al importador ni a los subencargados.

d) En caso que el Importador revoque, o no cumpla no obstante ser intimado por el Exportador otorgando un plazo perentorio de CINCO (5) días hábiles, con los derechos y facultades reconocidos a terceros beneficiarios en esta cláusula, tal hecho será causal de resolución automática del presente Contrato.

e) Las partes no se oponen a que los titulares de los datos estén representados por una asociación u otras entidades previstas por la ley argentina.

Cláusula 6) Legislación aplicable y jurisdicción

El presente contrato se regirá por la ley de la República Argentina, en particular la Ley nº 25.326, sus normas reglamentarias y disposiciones de la Dirección Nacional de Protección de Datos Personales, y entenderán en caso de conflicto vinculado a la protección de datos personales la jurisdicción judicial y administrativa de la República Argentina.

Cláusula 7) Resolución de conflictos con los titulares de los datos o con la autoridad

a) En caso de conflicto o de reclamación interpuesta contra una o ambas partes por un titular del dato o por la autoridad en relación con el tratamiento de datos personales, una parte informará a la otra sobre esta circunstancia y ambas cooperarán con objeto de alcanzar una solución lo antes posible y dentro de los plazos fijados por la Ley nº 25.326, participando activamente en cualquier proceso obligatorio.

b) Las partes acuerdan atender cualquier procedimiento de mediación que haya sido iniciado por un titular del dato o por la autoridad. Si deciden participar en el procedimiento no vinculante, podrán hacerlo a distancia (p. ej. por teléfono u otros medios electrónicos).

c) Cada una de las partes se compromete a acatar cualquier decisión de los tribunales competentes o de la autoridad cuyas decisiones sean finales y contra la que no pueda entablarse recurso alguno.

Cláusula 8) Resolución del Contrato

a) En caso que el importador de datos incumpla las obligaciones que le incumben en virtud de las presentes cláusulas, el exportador de datos deberá suspender temporalmente la transferencia de datos personales al importador hasta que se subsane el incumplimiento en plazo perentorio que le fije según la gravedad del hecho, notificando de dicho hecho a la autoridad de control.

b) El contrato se tendrá por resuelto, y así deberá declararlo el exportador previa intervención de la autoridad de control, en caso de que:

i) la transferencia de datos personales al importador de datos haya sido suspendida temporalmente por el exportador de datos durante un período de tiempo superior a TREINTA (30) días corridos de conformidad con lo dispuesto en la letra a);

ii) el cumplimiento por parte del importador de datos del presente contrato y la ley aplicable sean contrarios a disposiciones legales o reglamentarias en el país de importación;

iii) el importador de datos incumpla de forma sustancial o persistente cualquier garantía o compromiso previstos en las presentes cláusulas;

iv) una decisión definitiva y firme, contra la que no pueda entablarse recurso alguno de un tribunal argentino o de la Dirección Nacional de Protección de Datos Personales, que establezca que el importador o el exportador de datos han incumplido el Contrato; o

v) el exportador de datos, sin perjuicio del ejercicio de cualquier otro derecho que le pueda asistir contra el importador de datos, podrá resolver las presentes cláusulas cuando: se haya solicitado la administración judicial o la liquidación del importador de datos, ya sea a título personal o como empresario, y dicha solicitud no haya sido desestimada en el plazo previsto al efecto con arreglo a la legislación aplicable; se emita una orden de liquidación; se designe a un administrador para algunos de sus activos; se nombre un síndico de la quiebra; el importador de datos haya solicitado la declaración de concurso de acreedores; o se encuentre en una situación análoga ante cualquier jurisdicción.

En los casos contemplados en los incisos i), ii), o iv), también podrá proceder a la resolución el importador de datos sin necesidad de intervención de la autoridad de control.

c) Las partes acuerdan que la resolución del presente contrato por motivo que fuere no las eximirá del cumplimiento de las obligaciones y condiciones relativas al tratamiento de los datos personales transferidos.

Cláusula 9) Variación de las cláusulas

Las partes se comprometen a no modificar este contrato de forma tal que implique una disminución del nivel de tutela y garantías que otorga al titular del dato y la autoridad de control.

En prueba de conformidad, en la ciudad de _________________________ de ________________, se firman dos ejemplares de un mismo tenor y a un solo efecto a los ________ días del mes de __________ del año __________________.

…………………………………………….              ………………………………………

Por el Importador de Datos                     Por el Exportador de Datos

ANEXO A.- DESCRIPCIÓN DE LA TRANSFERENCIA

(Deberá ser cumplimentado por las partes conteniendo la naturaleza y categorías de los datos a transferir, detallando los mismos, la finalidad del tratamiento al que serán sometidos, forma en que se atenderán los pedidos del titular del dato o la autoridad, y la jurisdicción en la que se radicarán los datos).

ANEXO II.- Contrato modelo de transferencia internacional de datos personales con motivo de prestación de servicios

Entre, por una parte, ______________________________________, con domicilio en la calle________, localidad_____________, provincia de __________, Argentina, (en adelante, “el exportador de datos”) y, por la otra, ____________________________ (nombre), __________ (dirección y país), (“en adelante, el importador de datos”), en conjunto “las partes”, convienen el presente contrato de transferencia internacional de datos personales para la prestación de servicios, sometiéndola a los términos y condiciones que se detallan a continuación.

Cláusula 1) Definiciones

A los efectos del presente contrato se entenderá por los siguientes términos:

a) “datos personales”, “datos sensibles”, “tratamiento”, “responsable” y “titular del dato”, el mismo significado que el establecido en la Ley nº 25.326, de Protección de Datos Personales.

b) “autoridad” o “autoridad de control”, la Dirección Nacional de Protección de Datos Personales de la República Argentina.

c) “exportador”, el responsable del tratamiento que transfiera los datos personales;

d) “importador” o “encargado del tratamiento”, el prestador de servicios en los términos del artículo 25 de la Ley nº 25.326 radicado fuera de la jurisdicción argentina que reciba los datos personales procedentes del exportador de datos para su tratamiento de conformidad con los términos del presente.

e) por «legislación de protección de datos» se entenderá la Ley nº 25.326 y normativa reglamentaria.

Cláusula 2) Características, finalidad de la transferencia y términos específicos

Los detalles y otros términos específicos de la transferencia y servicio previsto, como por ejemplo características de los datos personales transferidos, forma en que las partes pactan atender los pedidos del titular del dato o de la autoridad de control, transferencias previstas a terceros, y jurisdicción en que se radicarán los datos, se especifican en el Anexo A, que forma parte del presente contrato. Las partes podrán suscribir en el futuro anexos adicionales a fin de incorporar detalles y características de aquellas transferencias que se realicen con posterioridad y que se enmarquen en el presente contrato.

Cláusula 3) Responsabilidad y terceros beneficiarios

a) Los titulares de los datos, podrán exigir al Importador, en carácter de terceros beneficiarios, el cumplimiento de las disposiciones de la Ley nº 25.326 relacionadas con el tratamiento de sus datos personales, en particular lo relativo a los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, conforme a las obligaciones y responsabilidades asumidas por las partes en el presente contrato; a tal fin, se someten a la jurisdicción argentina, tanto en sede judicial como administrativa. En aquellos casos en que se alegue incumplimiento por parte del importador de datos, el titular del dato podrá requerir al exportador que emprenda acciones apropiadas a fin de cesar dicho incumplimiento.

b) El importador acepta que la Autoridad de Control ejerza sus facultades respecto del tratamiento de datos que asume a su cargo, con los límites y facultades que le otorga la Ley nº 25.326, aceptando sus facultades de control y sanción, otorgándole a tales fines, en lo que resulte pertinente, el carácter de tercero beneficiario.

c) En caso que el Importador revoque, o no cumpla no obstante ser intimado por el Exportador otorgando un plazo perentorio de CINCO (5) días hábiles, con los derechos y facultades reconocidos a terceros beneficiarios en esta cláusula, tal hecho será causal de resolución automática del presente Contrato.

d) Los titulares de los datos podrán exigir al importador el cumplimiento de obligaciones asumidas en el presente contrato relativas al tratamiento de los datos que sean propias del exportador, cuando este último haya desaparecido de hecho o haya cesado de existir jurídicamente, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigirlos a dicha entidad.

e) Los titulares de los datos podrán exigir al eventual subencargado de tratamiento de datos el cumplimiento de la presente cláusula y el cumplimiento de obligaciones asumidas en el presente contrato por parte del exportador y el importador, relativas al tratamiento de los datos que sean propias del exportador, cuando ambos hayan desaparecido de facto o hayan cesado de existir jurídicamente, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas de alguno de ellos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigirlos a dicha entidad. La responsabilidad civil del subencargado del tratamiento de datos se limitará a sus propias operaciones de tratamiento de datos según lo pactado entre las partes y estas cláusulas.

f) Las partes no se oponen a que los titulares de los datos estén representados por una asociación u otras entidades previstas por la ley Argentina.

Cláusula 4) Obligaciones del exportador de datos

El exportador de datos acuerda y garantiza lo siguiente:

a) La recopilación, el tratamiento y la transferencia de los datos personales se han efectuado y efectuarán de conformidad con la Ley nº 25.326.

b) Ha realizado esfuerzos razonables para determinar si el importador de datos es capaz de cumplir las obligaciones pactadas en el presente contrato. A tal efecto, el exportador podrá solicitar al importador la contratación de un seguro de responsabilidad para eventuales perjuicios ocasionados con motivo del tratamiento previsto, conforme se especifica en el Anexo A.

c) Durante la prestación de los servicios de tratamiento de los datos personales, dará las instrucciones necesarias para que el tratamiento de los datos personales transferidos se lleve a cabo exclusivamente en su nombre y de conformidad con la Ley nº 25.326 y el presente contrato;

d) Hará entrega al importador de copia de la legislación vigente en Argentina aplicable al tratamiento de datos previsto.

e) Garantiza que ha cumplido en informar a los titulares de los datos que su información personal podía ser transferida a un tercer país con niveles inferiores de protección de datos a los de la República Argentina;

f) Garantiza que en caso de subtratamiento la actividad se llevará a cabo por un subencargado que deberá contar con su conformidad previa expresa del exportador y que proporcionará por lo menos el mismo nivel de protección de los datos personales y derechos de los titulares de los datos que los aquí pactados con el importador de datos, celebrando un contrato a tales fines, y quien estará también bajo las instrucciones del Exportador;

g) En caso de ejercicio por parte del titular de los datos —como tercero beneficiario— de sus derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, dará respuesta al mismo dentro de los DIEZ (10) días corridos si se refiere a un pedido de acceso y de CINCO (5) días hábiles si se refiere a un pedido de rectificación, supresión o actualización, y disponiendo los medios para tal fin, sea por los datos en su poder o por haberse pactado como obligación a su cargo, lo que se indica en el Anexo A. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador, a menos que las partes hayan acordado que sea el importador quien responda a estas consultas. Aun en este supuesto, será el exportador quien deba responder, en la medida de lo razonablemente posible y a partir de la información de que razonablemente pueda disponer, si el importador de datos es incapaz de responder o no lo realiza.

h) Pondrá a disposición de los titulares de los datos, en su carácter de terceros beneficiarios a tenor de la cláusula 3, y a petición de éstos, una copia de las cláusulas que se relacionen al tratamiento de sus datos personales, derechos y garantías, así como una copia de las cláusulas de otros contratos necesarios para los servicios de subtratamiento de los datos que deba efectuarse de conformidad con este contrato.

Cláusula 5) Obligaciones del importador de datos

El importador de datos acuerda y garantiza lo siguiente:

a) tratará los datos personales transferidos solo en nombre del exportador de datos, de conformidad con sus instrucciones y las cláusulas. En caso de que no pueda cumplir estos requisitos por la razón que fuere, informará de ello sin demora al exportador de datos, en cuyo caso este estará facultado para suspender la transferencia de los datos o rescindir el contrato;

b) disponer las medidas de seguridad y confidencialidad necesarias y efectivas para evitar la adulteración, pérdida, consulta o tratamiento no autorizado de los datos, y que permitan detectar desviaciones, intencionales o no, ya sea que los riesgos provengan de la acción humana o del medio técnico utilizado verificando que no sean inferiores a las dispuestas por la normativa vigente, de manera tal que garanticen el nivel de seguridad apropiado a los riesgos que entraña el tratamiento y a la naturaleza de los datos que han de protegerse;

c) dispondrá de procedimientos que garanticen que todo acceso a los datos transferidos se realizará por personal autorizado para ello, estableciendo niveles de acceso y claves, quienes cumplirán con el deber de confidencialidad y seguridad de los mismos, suscribiendo convenios a tales fines.

d) que ha verificado que la legislación local no impide el cumplimiento de las obligaciones, garantías y principios previstos en el presente contrato relativos al tratamiento de los datos personales y sus titulares, e informará al exportador de datos en forma inmediata en caso de tener conocimiento de la existencia de alguna disposición de esta índole, en cuyo caso el Exportador podrá suspender la transferencia;

e) tratará los datos personales siguiendo las expresas instrucciones que le imparta el exportador conforme a los fines y forma descriptos en el Anexo A;

f) comunicará al exportador de datos un punto de contacto dentro de su organización autorizado a responder a las consultas que guarden relación con el tratamiento de datos personales y cooperará de buena fe con el exportador de datos, el titular del dato y la autoridad respecto de tales consultas dentro de los plazos de ley. En caso de que el exportador de datos haya cesado de existir jurídicamente, o si así lo hubieran acordado las partes, el importador de datos asumirá las tareas relativas a su cumplimiento conforme a lo dispuesto en la letra d) de la cláusula 3;

g) pondrá a disposición, a solicitud del exportador de datos o la autoridad, sus instalaciones de tratamiento de datos, sus ficheros y toda la documentación necesaria para el tratamiento, a efectos de revisión, auditoría o certificación. Estas labores serán realizadas, previa notificación razonable y durante horas laborables normales, por un inspector o auditor imparcial e independiente designados por el exportador o la autoridad, a fin de determinar si se cumplen las garantías y los compromisos previstos en el presente contrato;

h) tratará los datos personales de conformidad con la Ley nº 25.326, de protección de datos personales;

i) notificará sin demora al exportador de datos sobre:

i) toda solicitud jurídicamente vinculante de ceder datos personales presentada por una autoridad encargada de la aplicación de ley a menos que esté prohibido por la normativa aplicable (en la medida que no excedan lo necesario en una sociedad democrática siguiendo las pautas del epígrafe siguiente, punto 2),

ii) todo acceso accidental o no autorizado,

iii) toda solicitud sin respuesta recibida directamente de los titulares de los datos, a menos que se le autorice;

j) no cederá ni transferirá los datos personales a terceros excepto que:

1) se establezca de manera específica en el Anexo A del presente contrato o resulte necesario para su cumplimiento, verificando en ambos casos que el destinatario se obligue en iguales términos que el importador en el presente y siempre con el conocimiento y conformidad previa del exportador, o

2) la cesión sea requerida por ley o autoridad competente, en la medida que no exceda lo necesario en una sociedad democrática, por ejemplo, cuando constituya una medida necesaria para la salvaguardia de la seguridad del Estado, la defensa, la seguridad pública, la prevención, la investigación, la detección y la represión de infracciones penales o administrativas, o la protección del titular del dato o de los derechos y libertades de otras personas.

Al recibir la solicitud señalada arriba como punto 2), el Importador deberá de manera inmediata: a) verificar que la autoridad solicitante ofrezca garantías adecuadas de cumplimiento de los principios del artículo 4° de la Ley nº 25.326, y de los derechos de los titulares de los datos para el acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326 salvo en los siguientes casos y condiciones (conforme artículo 17 de la Ley nº 25.326):

i) previstos por la ley o mediante decisión fundada en la protección de la defensa de la Nación, el orden y la seguridad públicos, o la protección de los derechos e intereses de terceros,

ii) mediante resolución fundada y notificada al afectado, cuando pudieran obstaculizar actuaciones judiciales o administrativas en curso vinculadas a la investigación sobre el cumplimiento de obligaciones sujetas a control estatal y relativas al orden público, como ser: tributarias o previsionales, el desarrollo de funciones de control de la salud y del medio ambiente, la investigación de delitos penales y la verificación de infracciones administrativas; sin perjuicio de ello, se deberá brindar el acceso a los datos en la oportunidad en que el afectado tenga que ejercer su derecho de defensa; y b) en caso que la autoridad no otorgue u ofrezca las garantías indicadas en el punto a) inmediato anterior, prevalecerá la ley argentina, por lo que el Importador procederá a suspender el tratamiento en dicho país reintegrando los datos al Exportador según las instrucciones que este le imparta y notificando este último a la autoridad de control.

k) atenderá los pedidos que reciba del titular del dato como tercero beneficiario, o del exportador, con motivo del ejercicio de los derechos de acceso, rectificación, supresión y demás derechos contenidos en el Capítulo III, artículos 13 a 20 de la Ley nº 25.326, respetando los plazos de ley y disponiendo los medios para tal fin. Responderá en los plazos dispuestos por la Ley nº 25.326 las consultas de los titulares de los datos y de la autoridad relativas al tratamiento de los datos personales por parte del importador de datos, sin perjuicio que las partes hayan acordado de otra forma quien responda a estas consultas en el Anexo A, siguiendo las instrucciones de la autoridad de control;

l) destruirá, certificando tal hecho, y/o reintegrará al exportador los datos personales objeto de la transferencia, cuando por cualquier causa se resuelva el presente Contrato.

ll) que, en caso de subtratamiento de los datos, habrá informado previamente al exportador de datos y obtenido previamente su consentimiento por escrito;

m) que los servicios de tratamiento por el eventual subencargado del tratamiento se llevarán a cabo de conformidad con la cláusula específica nº 10;

n) enviará sin demora al exportador de datos una copia del contrato que celebre con el subencargado del tratamiento con arreglo a este contrato y en el que se ha de otorgar al Exportador el carácter de tercero beneficiario a fin de impartir las instrucciones que considere necesarias y facultades para resolverlo.

ñ) llevará registro del cumplimiento de las obligaciones asumidas en la presente cláusula, cuyo informe estará disponible a pedido del exportador o la autoridad.

Cláusula 6) Responsabilidad

a) Las partes acuerdan que los titulares de los datos que hayan sufrido daños como resultado del incumplimiento de las obligaciones pactadas en el presente Contrato por cualquier parte o subencargado del tratamiento, tendrán derecho a percibir una indemnización del exportador de datos para reparar el daño sufrido.

b) En caso que el titular del dato no pueda interponer contra el exportador de datos la demanda de indemnización a que se refiere el epígrafe 1 por incumplimiento por parte del importador de datos o su subencargado de sus obligaciones impuestas en las cláusulas 5 y 10, por haber desaparecido de facto, cesado de existir jurídicamente o ser insolvente, el importador de datos acepta que el titular del dato pueda demandarle a él en el lugar del exportador de datos, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigir sus derechos a dicha entidad. El importador de datos no podrá basarse en un incumplimiento de un subencargado del tratamiento de sus obligaciones para eludir sus propias responsabilidades.

c) En caso de que el titular del dato no pueda interponer contra el exportador de datos o el importador de datos la demanda a que se refieren los apartados 1 y 2, por incumplimiento por parte del subencargado del tratamiento de datos de sus obligaciones impuestas en la cláusula 3 o en la cláusula 10, por haber desaparecido de facto, cesado de existir jurídicamente o ser insolventes ambos, tanto el exportador de datos como el importador de datos, el subencargado del tratamiento de datos acepta que el titular del dato pueda demandarle a él en cuanto a sus propias operaciones de tratamiento de datos en virtud de las cláusulas en el lugar del exportador de datos o del importador de datos, a menos que cualquier entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos o del importador de datos en virtud de contrato o por ministerio de la ley, en cuyo caso los titulares de los datos podrán exigir sus derechos a dicha entidad. La responsabilidad del subencargado del tratamiento se limitará a sus propias operaciones de tratamiento de datos con arreglo a las presentes cláusulas.

Cláusula 7) Legislación aplicable y jurisdicción

El presente contrato se regirá por la ley de la República Argentina, en particular la Ley nº 25.326, sus normas reglamentarias y disposiciones de la Dirección Nacional de Protección de Datos Personales, y entenderán en caso de conflicto vinculado a la protección de datos personales la jurisdicción judicial y administrativa de la República Argentina.

Cláusula 8) Resolución de conflictos con los titulares de los datos

a) El importador de datos acuerda que si el titular del dato invoca en su contra derechos de tercero beneficiario o reclama una indemnización por daños y perjuicios con arreglo a las cláusulas, aceptará la decisión del titular del dato de:

i) someter el conflicto a mediación por parte de una persona independiente;

ii) presentar denuncia ante la Dirección Nacional de Protección de Datos Personales; y

iii) someter el conflicto a los tribunales argentinos competentes.

b) Las partes acuerdan que las opciones del titular del dato no obstaculizarán sus derechos sustantivos o procedimentales a obtener reparación de conformidad con otras disposiciones de Derecho nacional o internacional.

Cláusula 9) Cooperación con las autoridades de control

a) Las partes acuerdan que la autoridad de control está facultada para auditar al importador, o a cualquier subencargado, en la misma medida y condiciones en que lo haría respecto del exportador de datos conforme a la Ley nº 25.326, poniendo a disposición sus instalaciones de tratamiento de los datos. Las tareas de auditoría podrán ser realizadas tanto por personal de la autoridad de control como por terceras personas idóneas por ella designadas para dicho acto o autoridades locales de competencias análogas en colaboración con la autoridad.

b) El importador de datos informará sin demora al exportador de datos en el caso de que la legislación existente aplicable a él o a cualquier subencargado no permita auditar al importador ni a los subencargados.

Cláusula 10) Subtratamiento de datos

a) El importador de datos no subcontratará ninguna de sus operaciones de procesamiento llevadas a cabo en nombre del exportador de datos con arreglo a las cláusulas sin previo consentimiento por escrito del exportador de datos. Si el importador de datos subcontrata sus obligaciones deberá realizarse mediante un acuerdo escrito en el que el subencargado asuma iguales obligaciones que el importador, en lo que resulte compatible, sea frente al exportador de datos como el titular del dato y la autoridad de control, como terceros beneficiarios. En los casos en que el subencargado del tratamiento de datos no pueda cumplir sus obligaciones de protección de los datos con arreglo a dicho acuerdo escrito, el importador de datos seguirá siendo plenamente responsable frente al exportador de datos del cumplimiento de las obligaciones del subencargado del tratamiento de datos con arreglo a dicho acuerdo.

b) El contrato escrito previo entre el importador de datos y el subencargado del tratamiento contendrá asimismo una cláusula de tercero beneficiario que incluya aquellos casos en que el titular del dato no pueda interponer la demanda de indemnización a que se refiere el apartado a) de la cláusula 6 contra el exportador de datos o el importador de datos por haber estos desaparecido de facto, cesado de existir jurídicamente o ser insolventes, y ninguna entidad sucesora haya asumido la totalidad de las obligaciones jurídicas del exportador de datos o del importador de datos en virtud de contrato o por ministerio de la ley. Dicha responsabilidad civil del subencargado del tratamiento se limitará a sus propias operaciones de tratamiento de datos conforme tareas subcontratadas.

c) Las disposiciones sobre aspectos de la protección de los datos en caso de subcontratación de operaciones de procesamiento se regirán por la legislación Argentina. Este requisito puede verse satisfecho mediante contrato entre importador y subencargado en el cual este último es cosignatario del presente Contrato.

d) El exportador de datos conservará la lista de los acuerdos de subtratamiento celebrados por el importador de datos, lista que se actualizará al menos una vez al año. La lista estará a disposición de la autoridad de control.

Cláusula 11) Resolución del Contrato

a) En caso que el importador de datos incumpla las obligaciones que le incumben en virtud de las presentes cláusulas, el exportador de datos deberá suspender temporalmente la transferencia de datos personales al importador hasta que se subsane el incumplimiento en plazo perentorio que le fije según la gravedad del hecho, notificando de dicho hecho a la autoridad de control.

b) El contrato se tendrá por resuelto, y así deberá declararlo el exportador previa intervención de la autoridad de control, en caso de que:

i) la transferencia de datos personales al importador de datos haya sido suspendida temporalmente por el exportador de datos durante un período de tiempo superior a TREINTA (30) días corridos de conformidad con lo dispuesto en la letra a);

ii) el cumplimiento por parte del importador de datos del presente contrato y la ley aplicable sean contrarios a disposiciones legales o reglamentarias en el país de importación;

iii) el importador de datos incumpla de forma sustancial o persistente cualquier garantía o compromiso previstos en las presentes cláusulas;

iv) una decisión definitiva y firme, contra la que no pueda entablarse recurso alguno de un tribunal argentino o de la Dirección Nacional de Protección de Datos Personales, que establezca que el importador o el exportador de datos han incumplido el Contrato; o

v) El exportador de datos, sin perjuicio del ejercicio de cualquier otro derecho que le pueda asistir contra el importador de datos, podrá resolver las presentes cláusulas cuando: se haya solicitado la administración judicial o la liquidación del importador de datos y dicha solicitud no haya sido desestimada en el plazo previsto al efecto con arreglo a la legislación aplicable; se emita una orden de liquidación o se decrete su quiebra; se designe a un administrador de cualquiera de sus activos; el importador de datos haya solicitado la declaración de concurso de acreedores; o se encuentre en una situación análoga ante cualquier jurisdicción.

En los casos contemplados en los incisos i), ii), o iv), también podrá proceder a la resolución el importador de datos sin necesidad de intervención de la autoridad de control.

c) Las partes acuerdan que la resolución del presente contrato por motivo que fuere no las eximirá del cumplimiento de las obligaciones y condiciones relativas al tratamiento de los datos personales transferidos.

Cláusula 12) Obligaciones una vez finalizada la prestación de los servicios de tratamiento de los datos personales

Las partes acuerdan que, una vez finalizada la prestación de los servicios de tratamiento de los datos personales, por motivo que fuere, el importador y el subencargado deberán, a discreción del exportador, o bien devolver todos los datos personales transferidos y sus copias, o bien destruirlos por completo y certificar esta circunstancia al exportador, a menos que la legislación aplicable al importador le impida devolver o destruir total o parcialmente los datos personales transferidos, verificando que dicho plazo de conservación no sea contrario a los principios de protección de datos personales aplicables, y en caso afirmativo se notificará a la autoridad de control.

En nombre del exportador de datos:

Nombre (completo):

……………………………………………………………………………………………………………………………………………….

Cargo: ……………………………………………………………………………………………………………………………………

Dirección: ……………………………………………………………………………………………………………………………….

…………………………………………………………….…………………………………………………………….

Otros datos necesarios con vistas a la obligatoriedad del contrato (en caso de existir):

…………………………………………………………………….…………………………………….………………

…………………………………………………………………………………………………………………………..

(Sello de la entidad)

Firma: …………………………………………………………………………………………………………………………………….

En nombre del importador de los datos:

Nombre (completo):

……………………………………………………………………………………………………………………………………………….

Cargo: ……………………………………………………………………………………………………………………………………

Dirección: ……………………………………………………………………………………………………………………………….

…………………………………………………………………………..………………………………………………

Otros datos necesarios con vistas a la obligatoriedad del contrato (en caso de existir):

……………………………………………………………………………………………………….………………….

……………………………………………………………………………….………………………………………….

…………………………………………………………………………….…………………………………………….

(Sello de la entidad)

Firma: …………………………………………………………………………………………………………………………………….

ANEXO A.- DESCRIPCIÓN DE LA TRANSFERENCIA Y SERVICIOS PREVISTOS

Exportador de datos

El exportador de datos es (especifique brevemente sus actividades correspondientes a la transferencia):

……………………………………………………………………………………..……………………………………….

……………………………………………………………………………………………………………………………………………….

Importador de datos

El importador de datos es (especifique brevemente sus actividades correspondientes a la transferencia):

……………………………………………………………………………………………………………………………………………….

……………………………………………………………………………………………………………………………………………….

Titulares de los datos

Los datos personales transferidos se refieren a las siguientes categorías de titulares de los datos:
………………………………………………………………………………………………………………………………………………

……………………………………………………………………………………………………………………………………………….

Características de los datos

Los datos personales transferidos se refieren a las siguientes categorías de datos: …………………

……………………………………………………………………………………………………………………………………………….

Tratamientos previstos y finalidad

Los datos personales transferidos serán sometidos a los siguientes tratamientos y finalidades:

……………………………………………………………………………………………………………………………..

………………………………………………………………………………………………………………………………………………

EXPORTADOR DE DATOS

Nombre: …………………………………………………………………………………………………………………………………

Firma ……………………………………………………………………………………………………………………………………..

IMPORTADOR DE DATOS

Nombre: …………………………………………………………………………………………………………………………………

Firma………………………………………………………………………………………………………………………………………

30Dic/16

Decreto Ejecutivo nº 40008-JP, 19 de julio de 2016

Decreto nº 40008-JP

EL PRESIDENTE DE LA REPÚBLICA Y LA MINISTRA DE JUSTICIA Y PAZ

Con fundamento en los artículos 24 y 140 incisos 3), 8) y 18) de la Constitución Política; el artículo 27 y concordantes de la Ley General de la Administración Pública, nº 6227 de 2 de mayo de 1978 y sus reformas; la Ley de Protección de la Persona Frente al Tratamiento de sus Datos Personales, nº 8968 del 7 de julio del 2011.

Considerando:

1º.-  Que el Estado democrático y constitucional de derecho costarricense está comprometido en garantizar a cualquier persona, el respeto a sus derechos fundamentales, incluyendo la protección de los datos personales de los habitantes conforme a la ley.

2º.-  Que mediante Ley nº 8968 del 7 de julio del 2011, se promulgó la Ley de Protección de la Persona Frente al Tratamiento de sus Datos Personales, siendo que la misma en su Transitorio III impone al Poder Ejecutivo emitir la debida reglamentación.

3º.-  Que mediante decreto ejecutivo nº 37554-JP, dado en la Presidencia de la República a los treinta días del mes de octubre de dos mil doce, publicado en el Diario Oficial la Gaceta, número cuarenta y cinco, de cinco de marzo de dos mil trece, se emitió el Reglamento a la Ley de Protección de la Persona frente al Tratamiento de sus Datos Personales.

4º.-  Que se ha determinado la necesidad de reformar varias disposiciones del citado Reglamento, a efecto de aclarar algunos aspectos que han suscitado dudas, facilitar la debida aplicación de la ley y coadyuvar con la simplificación de trámites. Las reformas buscan precisar mejor el ámbito de aplicación de la Ley nº 8968 en cuanto a las bases de datos internas, transferencias de datos, subcontratación del proveedor de servicios o intermediario tecnológico y entidades financieras. Asimismo, se precisan algunos requisitos relacionados con el consentimiento para el tratamiento de datos personales, el derecho al olvido, el registro de bases de datos y la forma de cálculo y cobro del canon en el caso de contratos globales. También se suprime la figura del “superusuario”, que no existe como tal ni en la Ley nº 8968 ni en el Derecho comparado, sin perjuicio de las facultades de verificación e inspección de la Agencia de Protección de Datos previstas en otras disposiciones legales y reglamentarias.

Por tanto,

DECRETAN:

Artículo 1.- Refórmense los incisos c), f), j), n) y w), y adiciónese un nuevo inciso z), al artículo 2 del Decreto Ejecutivo nº 37554-JP de 30 de octubre de 2012, para que se lean así:

“(…)

c) Base de datos interna, personal o doméstica: Se considerará como base de datos personal o doméstica, cualquier archivo, fichero, registro u otro conjunto estructurado de datos personales restringidos o de acceso irrestricto, mantenidos por personas físicas, siempre y cuando las bases de datos o su contenido no sea comercializado, distribuido o difundido. Se considerará como base de datos interna cualquier archivo, fichero, registro u otro conjunto estructurado de datos personales mantenidos por personas jurídicas, públicas o privadas, siempre y cuando las bases de datos o su contenido no sea comercializado, distribuido o difundido. Conservarán la calidad de base de datos interna, aquellas bases de datos que sean compartidas dentro de un mismo grupo de interés económico ya sea local o con presencia internacional siempre que no medie difusión o distribución a terceros, venta o comercialización de cualquier naturaleza.

(…)

f) Consentimiento del titular de los datos personales: Toda manifestación de voluntad expresa, libre, inequívoca, informada y específica que se otorgue por escrito o en medio digital para un fin determinado, mediante la cual el titular de los datos personales o su representante, consienta el tratamiento de sus datos personales. Si el consentimiento se otorga en el marco de un contrato para otros fines, dicho contrato deberá contar con una cláusula específica e independiente sobre consentimiento del tratamiento de datos personales.

(…)

j) Distribución, difusión: Cualquier forma en la que se repartan o publiquen datos personales, a un tercero, por cualquier medio siempre que medie un fin de comercializar el dato o medie el lucro con la base de datos.

(…)

n) Intermediario tecnológico o proveedor de servicios: Persona física o jurídica, pública o privada que brinde servicios de infraestructura, plataforma, software u otros servicios.

(…)

w) Transferencia de datos personales: Acción mediante la cual se trasladan datos personales del responsable de una base de datos personales a cualquier tercero distinto del propio responsable, de su grupo de interés económico, del encargado, proveedor de servicios o intermediario tecnológico, en estos casos siempre y cuando el receptor no use los datos para distribución, difusión o comercialización.

(…)

z) Grupo de interés económico: agrupación de sociedades que se manifiesta mediante una unidad de decisión, es decir, la reunión de todos los elementos de mando o dirección empresarial por medio de un centro de operaciones, y se exterioriza mediante dos movimientos básicos: el criterio de unidad de dirección, ya sea por subordinación o por colaboración entre empresas, o el criterio de dependencia económica de las sociedades que se agrupan, sin importar que la personalidad jurídica de las sociedades se vea afectada, o que su patrimonio sea objeto de transferencia, independientemente de su domicilio y razón social. Cuando la PRODHAB lo requiera la condición de grupo de interés económico podrá ser demostrada al menos por medio de una declaración notarial jurada o documento legal equivalente de la jurisdicción del titular de la base de datos sin perjuicio de las facultades de investigación de la PRODHAB.”

Artículo 2.- Refórmese el tercer párrafo y adiciónese un nuevo cuarto párrafo al artículo 3 del Decreto Ejecutivo nº 37554-JP de 30 de octubre de 2012 y adiciónese un nuevo párrafo, para que se lean así:

“(…)

Las bases de datos de entidades financieras que se encuentren sujetas al control y regulación por parte de la Superintendencia General de Entidades Financieras (SUGEF), no requerirán inscribirse ante la Agencia de Protección de Datos de los Habitantes. Sin perjuicio de lo anterior, la Agencia tendrá plena competencia para regular y fiscalizar la protección de los derechos y garantías cubiertos bajo la Ley Nº 8968 y ejercer todas las acciones que se conceden al efecto, sobre dichas bases de datos.

El régimen de protección de los datos de carácter personal que se establece en este Reglamento tampoco será de aplicación a los datos que se refieran a personas físicas en su calidad de profesionales siempre y cuando ello se realice para fines propios de la profesión o en cumplimiento de disposiciones legales.”

Artículo 3.- Refórmese el inciso d) del artículo 4 del Decreto Ejecutivo nº 37554-JP de 30 de octubre de 2012, para que se lea así:

“d) Inequívoco: debe otorgarse por cualquier medio o mediante conductas inequívocas del titular de forma tal que pueda demostrarse de manera indubitable su otorgamiento y que permita su consulta posterior.”

Artículo 4.- Refórmese el segundo párrafo del artículo 5 del Decreto Ejecutivo nº 37554-JP de 30 de octubre de 2012, para que se lea así:

“(…)

El consentimiento deberá ser otorgado por el titular, en un documento físico o electrónico. Tratándose de consentimiento recabado en línea, el responsable deberá poner a disposición un procedimiento para el otorgamiento del consentimiento conforme a la Ley.

(…)”

Artículo 5.- Refórmese el artículo 11 del Decreto Ejecutivo nº 37554-JP de 30 de octubre de 2012, para que se lea así:

“Artículo 11. Derecho al olvido. La conservación de los datos personales que puedan afectar a su titular, no deberá exceder el plazo de diez años, desde la fecha de terminación del objeto de tratamiento del dato, salvo disposición normativa especial que establezca otro plazo, que por el acuerdo de partes se haya establecido un plazo distinto, que exista una relación continuada entre las partes o que medie interés público para conservar el dato.”

Artículo 6.- Refórmese el artículo 29 del Decreto Ejecutivo nº 37554-JP de 30 de octubre de 2012, para que se lea así:

Artículo 29. Contratación o subcontratación de servicios.

En la contratación o subcontratación de servicios prestados por un intermediario tecnológico o proveedor de servicios, se considerará que quien contrate dichos servicios mantiene la responsabilidad por el tratamiento de datos personales. El responsable deberá verificar que dicho intermediario o proveedor cumpla con las medidas de seguridad mínimas que garanticen la integridad y seguridad de los datos personales.”

Artículo 7.- Refórmese el inciso c) y adiciónese un párrafo final al artículo 36 del Decreto Ejecutivo nº 37554-JP de 30 de octubre de 2012, para que se lean así:

“(…)

c) Señalar el tipo de sistema, programa, método o proceso utilizado en el tratamiento o almacenamiento de los datos; igualmente, indicarse el nombre y la versión de la base de datos utilizada cuando proceda.

(…)

“Las medidas de seguridad de las bases de datos serán consideradas información no divulgada y serán resguardadas exclusivamente por el responsable de la base de datos. Podrán ser requeridas por la Agencia únicamente para consulta in situ y para la verificación de acciones ante la existencia de una denuncia expresa de terceros afectados. Para efectos de registro se notificará a la PRODHAB los protocolos mínimos de seguridad con los que cuenta el responsable”

Artículo 8.- Refórmese el artículo 40 del Decreto Ejecutivo nº 37554-JP de 30 de octubre de 2012, para que se lean así:

“Artículo 40. Condiciones para la transferencia.

La transferencia requerirá siempre el consentimiento inequívoco del titular. La transferencia implica la cesión de datos personales por parte, única y exclusivamente, del responsable que transfiere al responsable receptor de los datos personales. Dicha transferencia de datos personales requerirá siempre del consentimiento informado del titular, salvo disposición legal en contrario, asimismo que los datos a transferir hayan sido recabados o recolectados de forma lícita y según los criterios que la Ley y el presente Reglamento dispone. No se considera trasferencia el traslado de datos personales del responsable de una base de datos a un encargado, proveedor de servicios o intermediario tecnológico o las empresas del mismo grupo de interés económico.

Toda venta de datos del fichero o de la base de datos, parcial o total, deberá reunir los requerimientos establecidos en el párrafo anterior.”

Artículo 9.- Refórmense los incisos c), e), g) y j), y adiciónese un párrafo final, al artículo 44 del Decreto Ejecutivo número 37554-JP, para que se lean así:

“(…)

c) Identificación de los encargados, incluyendo sus datos de contacto, así como carta de aceptación del cargo y las responsabilidades inherentes al mismo.

(…)

e) Especificación de las finalidades y los usos previstos de la base de datos

(…)

g) Procedimientos de obtención, según el consentimiento informado, de los datos personales.

(…)

j) Copia de los protocolos mínimos de actuación;

(…)”

No serán sujetas de inscripción ante la Agencia, las bases de datos personales, internas o domésticas.

Artículo 10.- Refórmese el artículo 82 del Decreto Ejecutivo número 37554-JP, para que se lea así:

“Artículo 82. Contratos globales.

El responsable que realice contratos globales, ya sean de bajo, medio o alto consumo de consultas, o modalidades contractuales de servicio en línea por número de aplicación, deberá pagar el canon correspondiente conforme al siguiente detalle:

a) Bajo consumo de consultas: desde una y hasta quinientas mil consultas, el 8% del precio contractual;

b) Medio consumo de consultas: desde quinientas un mil y hasta novecientas noventa y nueve mil consultas, el 5,5% del precio contractual;

c) Alto consumo de consultas: desde un millón de consultas y en adelante, el 3% del precio contractual. El pago de este canon deberá realizarse a favor de la Agencia, junto con el pago del Canon por Regulación y Administración de Bases de Datos, o, en su caso, dentro de los primeros diez días hábiles del mes siguiente a la firma del contrato global. El cobro del Canon se realizara por períodos anuales, del 1º al 31 de enero de cada año.”

Artículo 11.- Deróguense el inciso t) del artículo 2, el inciso l) del artículo 44 y el artículo 45 del Decreto Ejecutivo número 37554-JP.

Artículo 12.- Rige a partir de su publicación.

Dado en la Presidencia de la República, San José, a los diecinueve días del mes de julio de dos mil dieciséis.

LUIS GUILLERMO SOLÍS RIVERA

CECILIA SANCHEZ ROMERO.- MINISTRA DE JUSTICIA Y PAZ

07Dic/16

Firma Electrónica/Digital. Año 2015. Legislación Informática Argentina.

Disposición 1/2015, de 2 de febrero de 2015, de la Subsecretaría de Tecnologías de Gestión. Adhesión de la Administración Nacional de la Seguridad Social (ANSES), en su calidad de Certificador Licenciado, a la “Política Única de Certificación”.

Disposición 4/2015, de 13 de agosto de 2015, de la Subsecretaría de Tecnologías de Gestión. Adhesión de la Administración Federal de Ingresos Públicos (AFIP) en su calidad de Certificador Licenciado, a la “Política Única de Certificación”.

Disposición 1/2015, de 18 de agosto de 2015, de la Oficina Nacional de Tecnologías de Información (ONTI). Requerimientos para la Conformación de las Autoridades de Registro de la AC ONTI Versión 3.0.

Disposición 6/2015, de 19 de agosto de 2015, de la Subsecretaría de Tecnologías de Gestión. “Manual de Procedimientos”. Versión 2.0 de la Autoridad Certificante de la Oficina Nacional de Tecnologías de Información (AC ONTI).

Disposición 7/2015, de 10 de septiembre de 2015, de la Subsecretaría de Tecnologías de Gestión. Aclaraciones técnicas específicas para la Decisión Administrativa 927/2014.

 

07Dic/16

Firma Electrónica/Digital. Año 2014. Legislación Informática Argentina.

Decisión Administrativa 927/2014, de 30 de octubre de 2014, de la Jefatura de Gabinete de Ministros. Política Única de Certificación para los certificadores licenciados de la Infraestructura de Firma Digital.

Disposición 11/2014, de 30 de diciembre de 2014, de la Subsecretaría de Tecnologías de Gestión. Adhesión de la Oficina Nacional de Tecnologías de Información (ONTI), en su calidad de Certificador Licenciado, a la “Política Única de Certificación”.

Disposición 12/2014, de 30 de diciembre de 2014, de la Subsecretaría de Tecnologías de Gestión. Adhesión de la empresa ENCODE S.A., en su calidad de Certificador Licenciado, a la “Política Única de Certificación”.

07Dic/16

Telecomunicaciones en Argentina

Ley 19.798 de Telecomunicaciones de Agosto de 1972. (Derogados Capítulo V del Título III, Capítulo II del Título IV y todas las disposiciones del Título VII según Ley 22.285 de 15 de septiembre de 1980.- Ley de Radiodifusión).

Ley 22.285 de 15 de septiembre de 1980.- Ley de Radiodifusión.

Decreto 59/1990 de 5 de enero, sobre Telecomunicaciones.

Decreto 62/1990 de 5 de enero, otorgando exclusividad para la transmisión internacional de servicios de valor agregado –Internet-.

Decreto 1.185/1990, de 22 de junio de 1990, sobre creación de la Comisión Nacional de Telecomunicaciones. (Boletín Oficial de 28 de junio de 1990).

Decreto 702/1995 del Poder Ejecutivo Nacional, sobre Licenciatarios de Servicios Básicos Telefónicos /(Boletín Oficial de 15 de noviembre de 1995).

Resolución 1.845/1995, de la Comisión Nacional de Telecomunicaciones (Boletín Oficial de 15 de noviembre de 1995).

Resolución 1.857/1995, de la Comisión Nacional de Telecomunicaciones, sobre el vicio de Telefonía Móvil (Boletín Oficial de 15 de noviembre de 1995).

Ley 24.687 de 21 de agosto de 1996. Modificase el artículo 54 de la Ley nº 19.798. (Boletín Oficial nº 28.480 de 17 de septiembre de 1996).

Resolución SC 97/96 de 16 de septiembre de 1996.

Decreto 1620/1996, de 23 de diciembre de 1996, del Poder Ejecutivo Nacional, que aprueba la estructura organizativa de la Secretaría de Comunicaciones. (Boletín Oficial nº 28556 de 3 de enero de 1997).

Ley 24.848 de 11 de junio de 1997, sobre Constitución y Convenio de la Unión Internacional de Telecomunicaciones (1992) y enmiendas de Kyoto 1994. (Publicada el 15 de septiembre de 1997).

Resolución SC 2132/1997, de 11 de julio de 1997, de la Secretaría de Comunicaciones, adóptase el procedimiento de Audiencia Pública, previsto en el Reglamento General de Audiencias Públicas y Documentos de Consulta, para la presentación de inquietudes sobre aspectos relacionados con Internet.

Decreto 1.279/1997, de 25 de noviembre, declarando comprendida a Internet en la garantía constitucional de libertad de expresión.

Resolución SC 1.235/1998, de 22 de mayo de 1998, de la Secretaría de Comunicaciones, sobre las facturas emitidas por la Internet Provider. (Publicada en el Boletín Oficial de 28 de mayo de 1998).

Decreto 1018/98 de 1 de septiembre de 1998, por el que se crea el programa para el desarrollo de las comunicaciones telemáticas “[email protected]” en el ámbito de la República Argentina.

Decreto 1293/98 del 4 de noviembre de 1998, que declara de Interés Nacional el proyecto “Internet 2 Argentina”, destinado a la implementación, desarrollo y aplicaciones de una red de alta velocidad de telecomunicaciones, con el fin de interconectar centros académicos, científicos y tecnológicos en todo el territorio nacional.

Decreto 1503/98 de 23 de diciembre de 1998, Incorporación como inciso k) al artículo 38 del Decreto nº 1185 del 22 de junio de 1990.

Resolución SC 1616/1998, de 23 de julio de 1998, de la Secretaría de Comunicaciones.

Resolución SC 3605/99, de 18 febrero 1999, de la Secretaría de Comunicaciones.

Resolución 512/1999 de la Comisión Nacional de Comunicaciones que intima a los prestadores de servicios de telecomunicaciones y correo postales a presentar informes sobre la actividad del año 2000.

Resolución SC 18771/99 de 2 de julio 1999, de la Secretaría de Comunicaciones.

Resolución SC 19194/99 de 6 de julio 1999, de la Secretaría de Comunicaciones.

Resolución SC 2525/99, de 21 de octubre de 199,  de la Secretaría de Comunicaciones, sobre la obligación establecida en el artículo 1 ° de la Resolución S.C. nº 18771/99, estableciendo que las obligaciones de asegurar la prestación de los diferentes servicios propios de los programas integrantes de la iniciativa presidencial [email protected] por parte de TELECOM ARGENTINA STET FRANCE TELECOM S . A. y TELEFONICA DE ARGENTINA S.A., alcanzan únicamente a aquellas bonificaciones establecidas en el Anexo I de la referida resolución.

Resolución SC 4536/1999, de 7 de diciembre de 1999, de la Secretaría de Comunicaciones, que designa al Correo Oficial de la República Argentina como autoridad oficial de certificación de la firma digital de los poseedores de una dirección de Correo Electrónico sobre autoridad de aplicación de la firma digital. (Boletín Oficial nº 29297 de 21 de diciembre de 1999).

Resolución SC 536/1999, de 28 de diciembre de 1999. Conjunta nº 3, de la Secretaría de Comunicaciones, que suspende la Resolución 4536/1999.

Decreto 764/2000, de 3 septiembre de 2000, que aprueba el Reglamento de Licencias para Servicios de Telecomunicaciones.

Decreto 243/2001, de 26 de febrero de 2001, del Ministerio de Infraestructura y Vivienda, que dispone la adecuación de diversas normas con la finalidad de que algunas funciones de la Secretaría para la Tecnología, la Ciencia y la Innovación Productiva se trasladen a la órbita de la Secretaría de Comunicaciones, dependiente del citado Departamento de Estado.

Anteproyecto de Ley de Regulación de las Comunicaciones Publicitarias por Correo Electrónico. Resolución 338/2001 de la Secretaría de Comunicaciones (B.O. 18 septiembre de 2001).

Resolución SC 62/2002, de 11 de abril de 2002, de la Secretaria de Comunicaciones, por la que se prorroga el plazo establecido por la Resolución 476/2001, en relación con el mecanismo de Consulta Publica aplicado al Anteproyecto de Ley de Delitos Informáticos.

Ley 25.700/2003. Apruébanse las Enmiendas a la Constitución y al Convenio de la Unión Internacional de Telecomunicaciones, adoptadas en Minneapolis, Estados Unidos de América, el 6 de noviembre de 1998. (Boletín Oficial nº 30064 de 9 de enero de 2003).

Decreto 1214/2003, de 19 de mayo de 2003, sustitúyese el artículo 11 de la Ley 22.285, con la finalidad de remover el obstáculo legal, que impide a las provincias y a las municipalidades la prestación de determinados servicios de radiodifusión.

Ley 25.873 de 17 de diciembre de 2003. Modifícase la Ley 19.798, en relación con la responsabilidad de los prestadores respecto de la captación y derivación de comunicaciones para su observación remota por parte del Poder Judicial o Ministerio Público.

Ley 25.873/2004, sobre prestadores de servicios de telecomunicación. (Boletín Oficial de 9 de enero de 2004). (Declarada inconstitucional por la Corte Suprema de Justicia de la Nación de 24 febrero de 2009, que confirmó el fallo de la Cámara de Apelaciones en lo Contencioso Administrativo de 29 de noviembre de 2005).

Resolución SC 40/2004, de 13 de febrero de 2004, de la Secretaría de Comunicaciones, sobre conservación inalterada de los datos filiatorios de los clientes y registros de tráfico de telecomunicaciones existentes desde el 1º de enero de 1989. (Boletín Oficial nº 30340 del 16 de febrero de 2004).

Decreto 1.563/2004, de 8 de noviembre, sobre Telecomunicaciones , sobre el Reglamento de retención de Datos de Tráfico (Boletín Oficial de 9 de noviembre de 2004). (Suspendida aplicación por Decreto 357/2005).

Decreto 357/2005, de 22 de abril de 2005, que suspende la aplicación del Decreto 1563/2004 del 8 de noviembre (Boletín Oficial de 25 de abril de 2005).

Ley 25.891, de 28 de abril de 2004. Establécese que, la comercialización de los mencionados servicios podrá realizarse, únicamente, a través de las empresas legalmente autorizadas para ello, quedando prohibida la actividad de revendedores, mayoristas y cualquier otra persona que no revista ese carácter. Créase el Registro Público Nacional de Usuarios y Clientes de Servicios de Comunicaciones Móviles.

Ley 26.053, de 17 de agosto de 2005, sustitúyese el artículo 5 de la Ley 22.265 de Radiodifusión.

Resolución 112/09-SC-Telecomunicaciones, de 13 de mayo de 2009, que otorga licencia Única de Servicios de Telecomunicaciones, Dto 764/00 (Boletín Oficial 19 mayo de 2009).

Ley 26.522, de 10 de octubre de 2009, de Servicios de comunicación audiovisual.

Decreto 1225/2010, de 31 de agosto de 2010, Reglamento de la Ley de Servicios de Comunicación Audiovisual.

Decreto 1552/2010, de 21 de octubre de 2010, Créase el Plan Nacional de Telecomunicaciones “Argentina Conectada”. (Boletín Oficial nº 32.016 del 28 octubre 2010).

Resolución 2161/2010, de 10 de noviembre de 2010, Apruébase el reglamento de la Comisión de Planificación y Coordinación Estratégica del Plan Nacional de Telecomunicaciones “Argentina Conectada” (Boletín Oficial nº 32.044, de 9 de diciembre de 2010).

Resolución 493/2014, de 18 de febrero de 2014, de la Comisión Nacional de Comunicaciones (CNC). (Boletín Oficial nº 32.834, de 24 de febrero de 2014)

Ley 26.951, de 2 de julio de 2014. Créase el Registro Nacional “No Llame”.

Ley 27.078, de 16 de diciembre de 2014. Argentina Digital. (Modificación por el Decreto 267/2015)

Decreto 677/2015, de 28 de abril de 2015. Argentina Digital. Autoridad Federal de Tecnologías de la Información y las Comunicaciones.

Decreto 267/2015, de 29 de diciembre de 2015, de creación del Ente Nacional de Comunicaciones y modificación a la Ley 27.078.

Resolución Conjunta 6-E/2016, de 20 de octubre de 2016, del Ministerio de Seguridad y el Ministerio de Comunicaciones. Registro de Identidad de Usuarios del Servicio de Comunicaciones Móviles.

PROVINCIA DE SANTA FE

Ley 12.362 de 18 de noviembre de 2004, que establece las normas a que deben ajustarse los elementos técnicos necesarios para transmisión de comunicación (B.O.P. de 20 de diciembre de 2004).

01Ene/14

Legislación República del Perú por Descriptores

Página actualizada agosto 2024

Legislación República del Perú por Descriptores

  • Acceso a la información
  • Central privada de información de riesgos
  • Contratación electrónica del Estado
  • Correo electrónico
  • Defensa de la Competencia
  • Delitos Informáticos
  • Derechos de autor y protección jurídica del software
  • Dinero electrónico
  • Documento electrónico
  • Factura electrónica
  • Firmas y certificados electrónicos/digitales
  • Gobierno electrónico
  • Habeas Data
  • Internet
  • Manifestación de la voluntad por medios electrónicos
  • Microformas
  • Nombres de Dominio
  • Notificaciones electrónicas
  • Planilla electrónica
  • Portales del Estado Peruano
  • Propiedad industrial
  • Propiedad intelectual
  • Protección al consumidor
  • Protección de datos
  • Salud
  • Seguridad de la información
  • Sociedad de la información
  • Software
  • Software libre
  • Telecomunicaciones
  • Teletrabajo
  • Uso de las tecnologías de la información en la gestión de archivos y documentos
  • Varios
  • Vigilancia electrónica personal
  • Voto electrónico

ACCESO A LA INFORMACIÓN

Resolución Legislativa nº 13.282 de 15 diciembre 1959, aprueba la Declaración Universal de Derechos Humanos. (Artículo 19º).

Decreto Ley nº 22.128 de 28 marzo 1978, aprueba el Pacto Internacional de Derechos Civiles y Políticos adoptado por la ONU por Resolución nº 2200A (XXI) de 16 diciembre 1966. (Artículo 19º).

Decreto Ley nº 22.231 de 11 julio 1978, aprueba “Convención Americana sobre Derechos Humanos“. (Artículo 13º).

Constitución Política del Perú (Artículo 2º inciso 5).

Declaración de Principios sobre Libertad de Expresión, aprobada en octubre de 2000 por la Comisión Interamericana de Derechos Humanos. (Principio nº 4).

Decreto Supremo nº 018-2001/PCM del 26 febrero 2001, procedimiento para facilitar a las personas el acceso a la información que posean o produzcan las entidades del Sector Público.

Resolución Defensorial nº 041-2001-DP, aprueba Directiva sobre Transparencia y Acceso a la Información Pública.

Ley nº 27.806 de Transparencia y Acceso a la Información Pública, de 13 de julio de 2002. (Promulgada el 2 de agosto de 2002 y Publicada en el Diario Oficial “El Peruano” el 3 de agosto de 2002).

Resolución Defensorial nº 024-2002-DP (Defensoría del Pueblo), de 6 de agosto de 2002, anuncio de planteamiento Acción Inconstitucional contra la Ley nº 27806.

Ley nº 27.927 de 13 de enero de 2003, que modifica la Ley nº 27.806 Ley de Transparencia y Acceso a la información Pública. (Promulgada el 3 de febrero de 2003 y Publicada en el Diario Oficial “El Peruano” el 4 de febrero de 2003).

Resolución Defensorial nº 024-2000-DP (Defensoría del Pueblo), de 6 de agosto de 2002, anuncio de planteamiento Acción Inconstitucional contra la Ley nº 27806.

Decreto Supremo nº 043-2003/PCM, de 22 de abril de 2003, que aprueba el Texto Único Ordenado de la Ley nº 27.806, Ley de Transparencia y Acceso a la Información Pública.

Resolución Ministerial nº 103-2003/PCM, que crea la Comisión Multisectorial encargada de elaborar el Reglamento de la Ley de Transparencia y Acceso a la Información Pública, la misma que elaboró el respectivo anteproyecto y lo sometió a consulta ciudadana mediante su prepublicación en el Diario Oficial El Peruano el sábado 7 de junio de 2003.

Decreto Supremo nº 072-2003/PCM, de 6 de agosto de 2003, reglamento de la Ley nº 27.806 de Transparencia y Acceso a la Información Pública. (Publicado el 7 de agosto de 2003). (Modificado por los Decretos Supremos 019-2017-JUS y 011-2018-JUS).

Decreto Supremo nº 079-2007/PCM de 5 septiembre 2007, Lineamientos para la elaboración y aprobación de TUPA y Disposiciones para el cumplimiento de la Ley del Silencio Administrativo.

Resolución Defensorial nº 021-2008/DP de 12 de agosto de 2008, que aprueba la Directiva nº 001-2008/DP, que regula el procedimiento de atención de las solicitudes de acceso a la información pública de la Defensoría del Pueblo y sus anexos. (El Peruano, 16 de agosto de 2008).

Resolución Suprema nº 015-2011/PCM de 1 de febrero de 2011, por la que se constituye la Comisión Multisectorial Temporal para elaborar el anteproyecto de Ley de Acceso Electrónico de los ciudadanos a los Servicios Públicos e Interoperabilidad del Estado Peruano (El Peruano 2 de febrero de 2011).

Ley nº 30.035 de 4 de junio de 2013, Ley que regula el repositorio nacional digital de Ciencia, Tecnología e Innovación de Acceso Abierto.

Decreto Legislativo nº 1353, de 6 de enero de 2017, que crea la autoridad nacional de Transparencia y Acceso a la Información Pública, fortalece el régimen de Protección de Datos Personales y la regulación de la gestión de intereses. (El Peruano, sábado 7 de enero de 2017).  (Modificado por Decreto Legislativo nº 1416 de 12 de septiembre de 2018. Decreto Legislativo que fortalece el Tribunal de Transparencia y Acceso a la Información Pública).

Fe de erratas. Decreto Legislativo nº 1353 Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos Personales y la regulación de la gestión de intereses. (El Peruano, 12 de enero de 2017).

Decreto Supremo nº 006-2017-JUS. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444. Ley de Procedimiento Administrativo General.

Decreto Supremo nº 019-2017-JUS, de 14 de septiembre de 2017, aprueba el Reglamento del Decreto Legislativo n° 1353, Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos  y la regulación de la gestión de intereses. (Modificado por Decreto Supremo nº 011-2018-JUS de 13 de noviembre de 2018. Decreto Supremo que aprueba el Reglamento del Decreto Legislativo n° 1326, Decreto Legislativo que reestructura el Sistema Administrativo de Defensa Jurídica del Estado y crea la Procuraduría General del Estado).

Directiva nº 1-2018-JUS/DGTAIPD. Lineamientos para el reporte de solicitudes de Acceso a la Información Pública a ser remitidos a la Dirección General de Transparencia, Acceso a la Información Pública y Protección de Datos Personales.

Resolución Directoral nº 002-2018-JUS/DGTAIPD de 18 de enero de 2018. Resolución Directoral que regula los lineamientos para el reporte de solicitudes  de acceso a la información pública.

Directiva nº 1-2018-JUS/DGTAIPD. Lineamientos para el reporte de solicitudes de Acceso a la Información Pública a ser remitidos a la Dirección General de Transparencia, Acceso a la Información Pública y Protección de Datos Personales.

Decreto Supremo n° 007-2018-JUS, de 15 de junio de 2018. Decreto Supremo que modifica el Reglamento del Decreto Legislativo n° 1353, Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos Personales y la regulación de la gestión de intereses, aprobado por el Decreto Supremo n° 019-2017-JUS.

Resolución Directoral nº 43-2018-JUS/DGTAIPD de 3 de julio de 2018. Resolución Directoral que aprueba modelo de cláusula informativa sobre las circunstancias y condiciones del tratamiento de datos personales requeridas por el artículo 18 de la Ley 29733 de Protección de Datos Personales.

Decreto Legislativo nº 1416 de 12 de septiembre de 2018. Decreto Legislativo que fortalece el Tribunal de Transparencia y Acceso a la Información Pública.

Resolución Directoral nº 69-2018-JUS/DGTAIPD de 17 de septiembre de 2018. Resolución Directoral que aprueba la Directiva sobre lineamientos para la clasificación de opiniones emitidas por la Dirección General de Transparencia, Acceso a la Información Pública y Protección de Datos Personales.

Decreto Supremo nº 011-2018-JUS de 13 de noviembre de 2018. Decreto Supremo que aprueba el Reglamento del Decreto Legislativo n° 1353, Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos Personales y la Regulación de la Gestión de Intereses, aprobado por el Decreto Supremo n° 019-2017-JUS.

Resolución Directoral nº 85-2018-JUS/DGTAIPD, de 26 de noviembre de 2018. Resolución Directoral que aprueba la actualización de los formularios para el inicio de procedimientos ante la Dirección General de Transparencia, Acceso a la Información Pública y Protección de Datos Personales y sus unidades orgánicas.

Resolución Directoral nº 87-2018-JUS/DGTAIPD, de 21 de diciembre de 2018. Resolución Directoral que aprueban el Lineamiento para la elaboración del Informe anual sobre solicitudes de acceso a la información pública 2018, a ser presentado al Congreso de la República en el primer trimestre del año. 

Decreto Supremo nº 021-2019-JUS, de 10 de diciembre de 2019. Texto Único Ordenado de la Ley n° 27806, Ley de Transparencia y Acceso a la Información Pública.

Resolución Directoral nº 68-2020-JUS/DGTAIPD, de 11 de diciembre de 2020. Aprueban el Lineamiento para la elaboración del Informe anual sobre solicitudes de acceso a la información pública 2020, a ser presentado al Congreso de la República en el primer trimestre del año 2021. 

Resolución Directoral nº 69-2020-JUS/DGTAIPD, de 17 de diciembre de 2020. Se dispone la publicación del Proyecto de Lineamiento para la Implementación y Actualización del Portal de Transparencia Estándar en las entidades de la Administración Pública.

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

Ley de Reforma Constitucional de 7 de junio de 2023 

Ley nº 31.878 de 19 de septiembre de 2023, Reforma Constitucional que promueve el Uso de las Tecnologías de la Información y la Comunicación, y reconoce el Derecho de Acceso a Internet Libre en todo el País. (El Peruano Sábado 23 de septiembre de 2023).

CENTRAL PRIVADA DE INFORMACIÓN DE RIESGOS

Ley nº 27.489 de 11 de junio de 2001, que regula las centrales privadas de información de riesgos y de protección al titular de la información. (Promulgada el 27 de junio de 2001 y Publicada en el Diario Oficial “El Peruano” el 28 de junio de 2001).

Ley nº 27.863 de 12 de noviembre de 2002, que modifica la Ley nº 27.489 que regula las centrales privadas de información de riesgos y protección al titular de la información.

CIBERDEFENSA

Ley nº 30.999 de 9 de agosto de 2029. Ley de Ciberdefensa

Proyecto de Reglamento de 2 de agosto de 2023, de la Ley 30.999

CONTRATACIÓN ELECTRÓNICA DEL ESTADO

Decreto Supremo nº 013-2001/PCM de 12 febrero 2001, Reglamento de la Ley de Contrataciones y Adquisiciones del Estado. (Derogado por Decreto Supremo nº 084-2004-PCM)

Decreto Supremo nº 031-2002/PCM mediante el cual se aprueban los Lineamientos de Políticas Generales del Desarrollo del Sistema Electrónico de Adquisiciones y Contrataciones del Estado.

Directiva nº 001-2004/CONSUCODE/PRE de 15 enero 2004, Reporte de información sobre procesos de selección y sus contratos al sistema de información de Contrataciones y adquisiciones del Estado -SIACE.

Resolución Ministerial nº 142-2004/PCM, aprueba los “Lineamientos para la Implantación Inicial del Sistema Electrónico de Adquisiciones y Contrataciones del Estado – SEACE”

Resolución Ministerial nº 199-2004/PCM de 26 junio 2004, que constituyen la Comisión Multisectorial encargada de ejecutar e implantar los “Lineamientos para la implantación inicial del Sistema Electrónico de Adquisiciones y Contrataciones del Estado-SEACE”.

Decreto Supremo nº 084-2004/PCM, del 26 noviembre 2004. Reglamento de la Ley de Contrataciones y Adquisiciones del Estado.

Ley nº 28.267 de 1 julio 2004, Ley que modifica la Ley nº 26.850, Ley de Contrataciones y Adquisiciones del Estado (Título VII).

Decreto Supremo nº 070-2013-PCM, de 13 de junio de 2013, que modifica el Reglamento de la Ley de Transparencia y Acceso a la Información Pública, aprobado por Decreto Supremo nº 072-2013-PCM. (El Peruano 14 de junio de 2013).

Decreto Supremo nº 033-2018-PCM, de 22 de marzo de 2018. Decreto Supremo que crea la Plataforma Digital Única del Estado Peruano y establecen disposiciones adicionales para el desarrollo del Gobierno Digital, para lo cual en el ejercicio de sus funciones articula acciones con las entidades de la Administración Pública, la sociedad civil, los ciudadanos la academia y el sector privado. (Modificado por la Disposición Complementaria Modificatoria Tercera del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Decreto Legislativo nº 1416 de 12 de septiembre de 2018. Decreto Legislativo que fortalece el Tribunal de Transparencia y Acceso a la Información Pública.

Decreto Supremo nº 011-2018-JUS, de 13 de noviembre de 2018, que modifica el Reglamento del Decreto Legislativo n° 1353, Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos Personales y la Regulación de la Gestión de Intereses, aprobado por el Decreto Supremo n° 019-2017-JUS

CORREO ELECTRÓNICO

Decreto Legislativo nº 816, de 20 de abril de 1996, que aprueba el código tributario y recoge las notificaciones informáticas tributarias. (Promulgado el 20 de abril de 1996 y Publicado en el Diario Oficial “El Peruano” el 21 de abril de 1996).

Ley nº 26.961 de 2 junio 1998, Ley para el desarrollo de la actividad turística (El Peruano, 3 junio 1998) (Artículos 24 y 25)

Ley nº 27.419 de 25 de enero de 2001, que modifica dos artículos del Código Procesal Civil y posibilita el envío a través de correos electrónicos, de determinados  actos procesales. (Promulgada el 6 de febrero de 2001 y Publicada en el Diario Oficial “El Peruano” el 7 de febrero de 2001).

Ley nº 27.444, Ley de Procedimiento Administrativo General, de 21 de marzo de 2001. Que establece el marco jurídico para el uso del correo electrónico, documentos electrónicos y expedientes digitales, en la tramitación de procedimientos administrativos vía internet.

Resolución Jefatural nº 088-2003/INEI, aprueba Directiva sobre “Normas para el uso del servicio de correo electrónico en las entidades de la Administración Pública”.

Ley nº 28.493 de 18 de marzo de 2005, que regula el uso del correo electrónico comercial no solicitado (SPAM) (Promulgada el 11 de abril de 2005 y Publicada en el Diario Oficial “El Peruano” el 12 de abril de 2005).

Decreto Supremo nº 031-2005/MTC, Reglamento de la Ley 28.493 que regula el uso de correo electrónico comercial no solicitado (SPAM). (El Peruano, 4 enero 2006).

Resolución Ministerial nº 521-2006/MINSA, Directiva Administrativa para el correcto uso del correo electrónico en el Ministerio de Salud.

Resolución CONASEV nº 045-2006/EF/94.10, de 21 de julio de 2006, envío por las Sociedades Agentes de Bolsa, por medios distintos al soporte papel.

Ley nº 29246 de 4 de junio de 2008, Ley que modifica la Ley n° 28493, Ley que regula el uso del correo electrónico comercial no solicitado (SPAM). (El Peruano, Lima, martes 24 de junio de 2008).

Resolución Administrativa nº 029-2010/CED-CSJLN/PJ de 16 octubre 2010, disponen que las directivas y resoluciones de alcance general sean notificadas por el correo electrónico de los usuarios, magistrados y personal jurisdiccional y/o administrativos de la Corte Superior de Justicia de Lima Norte (CSJLN) (El Peruano 22 octubre 2010).

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

Ley nº 31.465 del 13 de abril de 2022, que modifica la Ley nº 27.444. Ley de Procedimiento Administrativo General.

DEFENSA DE LA COMPETENCIA

Resolución nº 070-97/INDECOPI-CRT de 23 de diciembre de 1997, de la Comisión de Reglamentos Técnicos y Comerciales, aprobó el reglamento para otorgar certificados de idoneidad técnica para los microarchivos. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

NTP-392.030/1-1997 Reglamentación exclusiva de micropelículas y microfichas (microformas). Norma Técnica aprobadas por el INDECOPI referido al uso de la tecnología. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

NTP-392.030/2-1997 Reglamentación exclusiva de medios de archivo electrónico (microformas). Norma Técnica aprobadas por el INDECOPI referido al uso de la tecnología. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Resolución nº 055-97/INDECOPI-CRT, de la Comisión de Reglamentos Técnicos y Comerciales. Norma técnica en micrografía.(Diario Oficial “El Peruano” el 7 de diciembre de 1997). (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Resolución nº 0021-98/INDECOPI/CRT, de la Comisión de Reglamentos Técnicos y Comerciales, de 17 de mayo de 1998

Resolución nº 0032-1998/INDECOPI-CRT, de la Comisión de Reglamentos Técnicos y Comerciales. Norma técnica en micrografía.(Diario Oficial “El Peruano” el 5 de agosto de 1998. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Decreto Supremo nº 077-2005/PCM. Reglamento de organización y funciones del Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual 2005. Publicado en el Diario Oficial “El Peruano”.

Resolución nº 023-2008/INDECOPI/DIR.- “EL Peruano” 19 de marzo de 2008, por la que se aceptan renuncia presentada por miembro de la Comisión de Libre Competencia del INDECOPI

Resolución nº 030-2008/CRT-INDECOPI, (Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual) “EL Peruano” 19 de marzo de 2008, por la que se aprueban las Guías de Acreditación de Entidades de Certificación Digital, Entidades de Registro o Verificación de datos y Entidades de Prestación de Servicios de Valor añadido, así como la Guía para la Acreditación del Software de Firmas Digitales.

Resolución Presidencia Consejo Directivo INDECOPI nº 042-2009/INDECOPI/COD de 29 marzo 2009, establecen competencia funcional de las Salas de Defensa de la Competencia del Tribunal de Defensa de la Competencia y de la Propiedad Intelectual.

Resolución nº 013-2009/CNB-INDECOPI – Aprueban Normas Técnicas Peruanas sobre melaza y bagazo de caña, diseño curricular de programas educativas, ingeniería de software y productos de cacao (El Peruano, 23 mayo 2009).

Directiva nº 005-2009/COD-INDECOPI de 3 de agosto de 2009. Directiva de operaciones y funcionamiento del Registro de números telefónicos y direcciones de correo excluidos de ser destinatarios de publicidad masiva.

Ley nº 29571 de 14 de agosto de 2010.- Código de Protección y Defensa del Consumidor. (Modificada por Decreto Legislativo 1390 de 4 de septiembre de 2018).

Decreto Supremo nº 071-2017-PCM, de 28 de junio de 2017. Aprueba disposiciones que regulan la implementación de la modalidad de publicación en la Gaceta Electrónica del Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual – INDECOPI, referida en el artículo 6 del Decreto Legislativo n° 1212, Decreto Legislativo que refuerza las facultades sobre eliminación de barreras burocráticas para el fomento de la competitividad.

Decreto Legislativo nº 1390, de 4 de septiembre de 2018, que modifica la Ley nº 29571 Código de Protección y Defensa del Consumidor.

DELITOS INFORMÁTICOS

Decreto Legislativo nº 635 de 3 de abril de 1991, que aprueba el Texto del Código Penal.

Decreto Legislativo nº 638 de 25 de abril de 1991, que aprueba el Texto del Código Procesal Penal. (Derogado por Decreto Legislativo nº 957 de 22 de junio de 2004. Nuevo Código Procesal Penal).

Decreto Legislativo nº 654 de 31 de julio de 1991, que promulga nuevo Código de Ejecución Penal.

Proyecto de reforma penal sobre criminalidad informática en 1999.

Ley nº 27.309 que incorpora el cibercrimen al Código Penal de 26 de junio de 2000  (Promulgada el 15 de julio de 2000 y Publicada en el Diario Oficial “El Peruano”17 de julio de 2000).

Ley nº 27.729, de 23 mayo 2002, que modifica diversos artículos del Código Penal (Publicada en el Diario Oficial “El Peruano” el 24 de mayo de 2002).

Resolución Suprema nº 026-2002/MTC, constituye Comisión encargada de proponer acciones para implementar medidas recomendadas en la Resolución 55/63 de la Asamblea General de la ONU, para prevenir el uso criminal de tecnologías de información.

Ley nº 28.251, de 17 de mayo de 2004, que modifica los artículos 170º, 171º, 172º, 173º, 174º, 175º, 176º, 176ºA, 179º, 180º, 181º, 182º, 183º, 183ºA e incorpora los artículos 179ºA, 181ºA, 182ºA a los Capítulos IX, X y XI del Título IV, del libro segundo del Código Penal. (Publicado en el Diario Oficial “El Peruano” el 8 de junio de 2004).

Decreto Legislativo nº 957 de 22 de junio de 2004. Nuevo Código Procesal Penal.

Ley nº 28.269, de 4 de julio de 2004. Ley que delega facultades legislativas en materia procesal penal al Poder Ejecutivo al amparo del artículo 104º de la Constitución Política.

Ley nº 28.289 de 19 de julio de 2004. Ley de lucha contra la Piratería.

Ley nº 28.493 de 18 de marzo de 2005, que regula el uso del correo electrónico comercial no solicitado (SPAM) (Promulgada el 11 de abril de 2005 y Publicada en el Diario Oficial “El Peruano” el 12 de abril de 2005).

Ley nº 29.139 de 30 de noviembre de 2007. Ley que modifica la Ley 28.119, ley que prohíbe el Acceso de menores de Edad a páginas Web de contenido pornográfico y a cualquier otra forma de Comunicación en Red de igual contenido, en las Cabinas Públicas de Internet.

Resolución Ministerial nº 150-2009/MINCETUR/DM de 8 octubre 2009.- Designan representantes del Ministerio ante la Comisión de Lucha contra los Delitos Aduaneros y la Piratería

Ley nº 29.499 de 18 de enero de 2010, que establece la vigilancia electrónica personal e incorpora el artículo 29 A y modifica el artículo 52 del Código Penal.

Decreto Legislativo nº 635; Modifica los artículos 135 y 143 del Código Procesal Penal, Decreto Legislativo nº 638, y los artículos 50, 52, 55 y 56 del Código de Ejecución Penal, Decreto Legislativo, nº 654. (El Peruano, 19 de enero de 2010).

Ordenanza nº 007-2010/GOB. REG. TUMBES-CR de 23 abril 2010, que crea la Subcomisión de lucha contra los delitos aduaneros y piratería (El Peruano 26 junio 2010)

Proyecto de Ley nº 4406-2010/CR, presentado el 28 octubre de 2010, sanciona el acoso y violencia escolar (Ley Antibullying) y cuando esta se produce mediante medios telemáticos (Ciberbullying).

Ley nº 30.076, de 25 de julio de 2013, que modifica el Código Penal, Código Procesal Penal, Código de Ejecución Penal y el Código de los niños y adolescentes y crea registros y protocolos con la finalidad de combatir la inseguridad ciudadana

Ley nº 30.077, de 20 de agosto de 2013, contra el crimen organizado.

Ley nº 30.096 de 21 de octubre de 2013. Ley de Delitos Informáticos.

Ley nº 30.171 de 9 de marzo de 2014, que modifica la Ley nº 30.096, Ley de delitos informáticos.

Resolución de la Fiscalía de la Nación nº 1503-2020-MP-FN, de 30 de diciembre de 2020. Resolución de la Fiscalía Especializada en Ciberdelincuencia del Ministerio Público con competencia nacional y designan y nombran Fiscales en el Distrito Fiscal de Lima.

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

Ley nº 31.880 de 22 de septiembre de 2023, Ley que delega en el Poder Ejecutivo la facultad de Legislar en materia de Seguridad Ciudadana, Gestión de Riesgo de desastres-niño global, infraestructura social, calidad de Proyectos y meritocracia (El Peruano, 23 de septiembre de 2023)

Decreto nº 1614 de 2o de diciembre de 2023, que modifica la Ley nº 30.096, Ley de Delitos Informáticos para prevenir y hacer frente a la Ciberdelincuencia (El Peruano, 21 de diciembre de 2023)

DERECHOS DE AUTOR Y PROTECCIÓN JURÍDICA DEL SOFTWARE

Decreto Legislativo nº 822 . Ley sobre Derecho de Autor (Promulgada el 23 de abril de 1996 y Publicada en el Diario Oficial “El Peruano” el 24 de abril de 1996). (Se deroga el presente decreto legislativo en la parte que se oponga a la Ley nº 28131). (Modificados e incorporados artículos del Decreto Legislativo nº 822 por la Ley nº 31117, de 29 de enero de 2021, Ley que incorpora y modifica artículos del Decreto Legislativo 822).

Decisión nº 351 Régimen Común sobre Derecho de Autor y Derechos Conexos.

Resolución nº 0121-98/ODA-INDECOPI, aprueban lineamientos de la Oficina de Derechos de Autor sobre uso legal de los programas de ordenador (software).

Ley nº 27.861 de 24 de octubre de 2002, que exceptúa el pago de los derechos de autor por la reproducción de obras para invidentes.

Ley 28131, Ley del Artísta Intérprete y Ejecutante. (El Peruano 19 de diciembre de 2003). (Modifica el Decreto Legislativo nº 822).

Ley nº 28.289 de 19 de julio de 2004. Ley de lucha contra la Piratería.

Ley nº 29.013 de 4 de mayo de 2007, que modifica la conformación de la Comisión de lucha contra los delitos aduaneros y la piratería.

Decreto Legislativo nº 1092 de 27 junio 2008, que aprueba medidas en frontera para la protección de los Derechos de Autor y Derechos Conexos y los Derechos de Marcas.

Decreto Supremo nº 077-2008/PCM de 26 noviembre 2008, modifica el artículo 4º del D. S. nº 013-2003-PCM para el cumplimiento en la Administración Pública de las  normas vigentes en materia de derecho de autor en el marco de la reforma del Estado y la implementación del Acuerdo de Promoción Comercial Perú-Estados Unidos. (El Peruano 27 de noviembre 2008).

Decreto Supremo nº 003-2009/EF de 12 de enero de 2009, Reglamento del Decreto Legislativo nº 1092 que aprueba medidas en frontera para la protección de los derechos de autor o derechos conexos y los derechos de marcas.

Decreto Supremo nº 053-3027-PCM, de 18 de mayo de 2017, que aprueba el Reglamento del Registro Nacional de Derecho de Autor y Derechos Conexos, contemplado en el Decreto Legislativo n° 822, Ley sobre el Derecho de Autor.

Ley nº 31117, de 29 de enero de 2021, Ley que incorpora y modifica artículos del Decreto Legislativo 822. Ley sobre el Derecho de Autor, para implementar el tratado de Marrakech y facilitar el acceso a obras publicadas a las personas ciegas, con discapacidad visual o con otras dificultades para acceder al texto impreso.

DINERO ELECTRÓNICO

Ley nº 29985 de 21 de diciembre de 2012. Ley que regula las características básicas del dinero electrónico como instrumento de inclusión financiera. (El Peruano, 17 de enero de 2013).

Decreto Supremo nº 090-2013-EF, de 13 de mayo de 2013, Reglamento de la Ley nº 29985, Ley que regula las características básicas del dinero electrónico como instrumento de inclusión financiera.

Resolución SBS nº 6283-2013, de 18 de octubre de 2013. Reglamento de Operaciones con Dinero Electrónico. (Modificado por artículo octavo de la Resolución SBS nº 504-2021 de 19 de febrero de 2021).

Resolución SBS n° 2755-2018 de 16 de julio de 2018 y sus normas modificatorias, se aprobó el Reglamento de Infracciones y Sanciones de la Superintendencia de Banca, Seguros y Administradoras Privadas de Fondos de Pensiones

Circular n° 0010-2023-BCRP de 27 de junio de 2023, se facultó a las Empresas Emisoras de Dinero Electrónico (EEDE) el acceso limitado a los servicios de canje y compensación que brindan las Empresas de Servicios de Canje y Compensación (ESEC), así como al Sistema de Liquidación Bruta en Tiempo Real (SLBTR) con la finalidad de permitir la interoperabilidad entre cuentas bancarias y cuentas de dinero electrónico

DOCUMENTO ELECTRÓNICO

Resolución nº 057-2011/SUNAT, facilita la presentación de escritos en procedimientos de cobranza coactiva a cargo de dependencias de tributos internos mediante formulario virtual (El Peruano, 8 marzo 2011).

Ley nº 27.444, Ley de Procedimiento Administrativo General, de 21 de marzo de 2001. Que establece el marco jurídico para el uso del correo electrónico, documentos electrónicos y expedientes digitales, en la tramitación de procedimientos administrativos vía internet. (Modificada por Ley nº 31.465 de 3 de mayo de 2022)

Resolución de Superintendencia nº 0188-2010/SUNAT de 16 de junio 2010, amplia el Sistema de Emisión Electrónica a la Factura y documentos vinculados a estos. (El Peruano, 17 junio 2010).

Resolución de Superintendencia nº 209-2010/SUNAT de 16 julio 2010, posterga la entrada en vigencia de algunas disposiciones de la Resolución de Superintendencia nº 188-2010/SUNAT que amplía el Sistema de Emisión Electrónica a la factura y documentos vinculados a esta.

Resolución de Superintendencia Nacional Adjunta de Aduanas nº 583-2010/SUNAT/A. – Modifican Procedimiento Específico “Teledespacho – Servicio Electrónico de Intercambio de Documentos Aduaneros (SEIDA)” INTA-PE.00.02 (versión 3) y Procedimiento General “Importación para el Consumo” INTA -PG.01-A (versión 1). (El Peruano, 2 octubre 2010).

Decreto Supremo n° 009-2017-SA, de 22 de marzo de 2017, aprobación del “Reglamento de la Ley nº 30024, Ley que Crea el Registro Nacional de Historias Clínicas electrónicas”.

Decreto Supremo nº 033-2018-PCM, de 22 de marzo de 2018. Decreto Supremo que crea la Plataforma Digital Única del Estado Peruano y establecen disposiciones adicionales para el desarrollo del Gobierno Digital, para lo cual en el ejercicio de sus funciones articula acciones con las entidades de la Administración Pública, la sociedad civil, los ciudadanos la academia y el sector privado. (Modificado por la Disposición Complementaria Modificatoria Tercera del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Ley nº 30823, de 2 de julio de 2018, Ley que delega en el Poder Ejecutivo la facultad de legislar en materia de gestión económica y competitividad, de integridad y lucha contra la corrupción, de prevención y protección de personas en situación de violencia y vulnerabilidad y de modernización de la Gestión del Estado.

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

Ley nº 31.465 del 13 de abril de 2022, que modifica la Ley nº 27.444. Ley de Procedimiento Administrativo General.

Ley nº 31.736 de 5 de mayo de 2023, que regula la notificación administrativa mediante casilla electrónica.

FACTURA ELECTRÓNICA

Resolución de Superintendencia nº 0188-2010/SUNAT de 16 de junio 2010, amplia el Sistema de Emisión Electrónica a la Factura y documentos vinculados a estos. (El Peruano, 17 junio 2010).

Resolución nº 052-2011/SUNAT, postergan entrada de las disposiciones que regulan el rechazo de la factura electrónica y la emisión de notas de crédito y de débito electrónicas (El Peruano, 26 febrero 2011).

Resolución nº 057-2011/SUNAT, facilita la presentación de escritos en procedimientos de cobranza coactiva a cargo de dependencias de tributos internos mediante formulario virtual (El Peruano, 8 marzo 2011).

Resolución de Superintendencia nº 0188-2010/SUNAT de 16 de junio 2010, amplia el Sistema de Emisión Electrónica a la Factura y documentos vinculados a estos. (El Peruano, 17 junio 2010).

Resolución de Superintendencia nº 209-2010/SUNAT de 16 julio 2010, posterga la entrada en vigencia de algunas disposiciones de la Resolución de Superintendencia nº 188-2010/SUNAT que amplía el Sistema de Emisión Electrónica a la factura y documentos vinculados a esta.

Resolución de Superintendencia nº 291-2010/SUNAT de 29 octubre 2010, modifica las Resoluciones de Superintendencia nº 182-2008/SUNAT y 188-2010/SUNAT que regulan la emisión electrónica del recibo por honorarios y el llevado del libro de ingresos y gastos electrónicos y la emisión electrónica de la factura.

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

FIRMAS Y CERTIFICADOS ELECTRÓNICOS/DIGITALES

Código Civil de 24 de julio de 1984

Resolución Suprema nº 098-2000/JUS designan Comisión Multisectorial encargada de elaborar el reglamento de la ley de firmas y certificados digitales

Resolución Ministerial nº 074-2000/ITINCI-DM designan representante del Ministerio ante la comisión multisectorial encargada de elaborar el reglamento de la ley de firmas y certificados digitales

Resolución Ministerial nº 276-2000/MTC-15.01 designan representante del Ministerio ante comisión encargada de elaborar el reglamento de la ley de firmas y certificados digitales

Ley nº 27.269 Ley de firmas y certificados digitales, del 8 de mayo de 2000. (Promulgada el 26 de mayo de 2000 y Publicada en el Diario Oficial El “Peruano” 28 de mayo de 2000). (Modificada por la Ley nº 27.310)

Ley nº 27.291, de 2 junio de 2000, que modificó el Código Civil, permitiendo la utilización de medios electrónicos para la comunicación de la manifestación de voluntad y la utilización de la firma electrónica, sobre todo en el área de contratos. (Promulgada el 23 de junio de 2000 y Publicada en el Diario Oficial “El Peruano” 24 de junio de 2000).

Ley nº 27.310, de 26 junio de 2000, que modifica el artículo 11 de la Ley nº 27.269, de 15 de julio de 2000, sobre certificados de firmas digitales. (Diario Oficial “El Peruano” 17 de julio de 2000). http://www.elcomercioperu.com/index.html.

Resolución SBS nº 735-2000, se reglamenta el uso de la firma digital. (Publicado el 10 de octubre de 2000).

Resolución SBS nº 736-2000, se reglamenta el uso de la firma digital. (Publicado el 11 de octubre de 2000).

Resolución de Superintendencia de Aduanas nº 000103 de 2001, que establece a nivel nacional el uso obligatorio del “Formato Electrónico de Documentos Internos” (FEDI), en la tramitación interna de documentos que no estén relacionados con el despacho de mercancías.

Resolución Jefatural nº 021-2001/INEI designan representantes del INEI ante el Consejo de Supervisión e Fedatarios Juramentados con Especialización en Informática

Decreto Supremo nº 019-2002/JUS, de 15 de mayo de 2002. Reglamento de la Ley de firmas y certificados digitales. (Modificado por Decreto Supremo nº 024-2002-JUS, publicado el 12 de julio de 2002) (Derogado mediante Decreto Supremo nº 004-2007-PCM).

Proyecto de Ley de 7 de junio de 2002, nº 03128 que modifica el artículo 2º del Decreto Supremo nº 019-2002-JUS y designa al registro nacional de identificación y estado civil (RENIEC) como la autoridad administrativa competente, conforme a lo establecido en el artículo 15º de la Ley 27.269 sobre firmas y certificados digitales.

Decreto Supremo nº 024-2002/JUS que sustituye articulo del Reglamento de la Ley de Firmas y Certificados Digitales. (El Peruano, 12 de junio de 2002)

Resolución nº 0103-2003/CRT-INDECOPI, de 23 octubre 2003. Disposiciones complementarias al Reglamento de la Ley de Firmas Digitales. Publicada el 5 de noviembre de 2003.

Ley nº 28.403 de 29 de noviembre de 2004, que dispone la recaudación de un aporte por supervisión y control anual por parte del INDECOPI de las entidades de certificación y de verificación/registro de firmas digitales acreditadas bajo su ámbito.

Decreto Supremo nº 004-2007/PCM, publicado el 14 de enero del 2007, aprueba el Reglamento de la Ley de Firmas y Certificados Digitales, Ley nº 27.269. Se han aprobado los requisitos específicos, los indicadores y los procedimientos de verificación aplicable en la etapa de certificación de las funciones específicas sectoriales, a ser transferidas a los gobiernos regionales, comprendidas en el “Plan Anual de Transferencia de Competencias Sectoriales a los Gobiernos del año 2007”, aprobado por Decreto Supremo nº 036-2007-PCM.

Decreto Supremo nº 052-2008/PCM de 18 julio 2008, Reglamento de la Ley de Firmas y Certificados Digitales (El Peruano, 19 julio 2008).

Decreto Supremo nº 0216-2016-PCM, de 28 de abril de 2016, de la Presidencia del Consejo de Ministros, que aprueba medidas para el fortalecimiento de la infraestructura oficial de firma electrónica y la implementación progresiva de la firma digital en el Sector Público y Privado. (El Peruano, 29 de abril de 2016).

Ley nº 30823, de 2 de julio de 2018, Ley que delega en el Poder Ejecutivo la facultad de legislar en materia de gestión económica y competitividad, de integridad y lucha contra la corrupción, de prevención y protección de personas en situación de violencia y vulnerabilidad y de modernización de la Gestión del Estado.

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

Resolución de Secretaría de Gobierno Digital n° 002-2019-PCM/SEGDI, de 17 de julio de 2019. Resolución que aprueba los Estándares de Interoperabilidad de la PIDE. (El Peruano 26 de julio de 2019).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

GOBIERNO ELECTRÓNICO/DIGITAL

Ley nº 27444, Ley de Procedimiento Administrativo General, de 21 de marzo de 2001. Que establece el marco jurídico para el uso del correo electrónico, documentos electrónicos y expedientes digitales, en la tramitación de procedimientos administrativos vía internet. (Quedan derogados los artículos 210 y 240 de la Ley 27444, Ley del Procedimiento Administrativo General, por Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General -El Peruano, 25 de enero de 2019-). (Modificada por Ley nº 31.465 de 3 de mayo de 2022)

Decreto Supremo nº 060-2001/PCM, del 22 de mayo del 2001, que crea el “Portal del Estado Peruano”, como sistema interactivo de información a los ciudadanos, a través de internet, el cual proporciona un servicio de acceso unificado a los servicios y procedimientos administrativos que se realizan ante las diversas dependencias públicas.

Resolución Ministerial nº 266-2002/PCM, encargan preparación de “Estrategia Nacional de Gobierno Electrónico”.

Resolución Ministerial nº 274-2006/PCM de 25 de julio 2006, que aprueba la Estrategia Nacional de Gobierno Electrónico.

Carta Patrimonio Digital de 6 marzo 2009, de la Oficina Nacional de Gobierno Electrónico e Informática.

Resolución Ministerial nº 504-2009/PCM, crean Comisión Sectorial encargada de recomendar acciones y medidas para optimizar capacidades operativas de la Oficina Nacional de Gobierno Electrónico e Informática y de la Oficina de Sistemas de la Oficina General de Administración. (El Peruano, 26 noviembre 2009).

Acuerdo de Concejo nº 08-2011/MM de 7 enero 2011, declaran de interés prioritario la implementación integral del gobierno electrónico y conforman Comisión Especial de Gobierno Electrónico en la Municipalidad de Miraflores (El Peruano 9 enero 2011).

Resolución Ministerial nº 61-2011/PCM de 17 febrero 2011, que aprueba lineamientos que establecen el contenido mínimo de los Planes Estratégicos de Gobierno Electrónico (El Peruano 18 de febrero de 2011).

Decreto Supremo n° 066-2011-PCM, de 27 de julio de 2011. Aprueban el “Plan de Desarrollo de la Sociedad de la Información en el Perú – La Agenda Digital Peruana 2.0”.

Decreto Supremo nº 070-2011-PCM, que modifica el Reglamento de la Ley 27269 y establece normas aplicables al Procedimiento Registral en virtud del Decreto Legislativo nº 681 y ampliatoria (El Peruano, 27 de julio de 2011)

Decreto Supremo nº 105-2012/PCM, que establece disposiciones para facilitar la puesta en marcha de la firma digital y que modifica el Decreto Supremo nº 052-2008-PCM. (El Peruano, 21 de octubre de 2012)

Decreto Supremo nº 026-2016/PCM, que aprueba medidas para el fortalecimiento de la Infraestructura Oficial de Firma Electrónica y la implementación progresiva de la firma digital en el Sector Público y Privado(El Peruano, 26 de septiembre de 2016).

Decreto Supremo nº 022-2017-PCM, de 27 de febrero de 2017, establece que la Secretaría de Gobierno Digital es el órgano de línea, con autoridad técnico normativa a nivel nacional, responsable de formular y proponer políticas nacionales y sectoriales, planes nacionales, normas, lineamientos y estrategias en materia de Informática y de Gobierno Electrónico.

Resolución Secretaría de Gobierno Digital nº 001-2017-PCM/SEGDI, de 9 de agosto de 2017, aprueban Modelo de Gestión Documental en el marco del Decreto Legislativo nº 1310.

Decreto Supremo n° 121-2017-PCM, de 15 de diciembre de 2017. Decreto Supremo que amplía la información para la implementación progresiva de la interoperabilidad en beneficio del ciudadano, en el marco del Decreto Legislativo n° 1246

Resolución de Secretaría de Gobierno Digital n° 001-2018-PCM/SEGDI, de 4 de enero de 2018. Aprueban Lineamientos para uso de servicios en la nube para entidades de la Administración Pública del Estado Peruano.

Resolución Ministerial n° 006-2018-PCM, de 17 de enero de 2018. Se designa a la señora MARUSHKA VICTORIA CHOCOBAR REYES, en el cargo de Secretaria de Gobierno Digital de la Presidencia del Consejo de Ministros.

Resolución de Secretaría de Gobierno Digital n° 002-2018-PCM/SEGDI, de 2 de febrero de 2018. Aprueban los Lineamientos para la suscripción de un Acuerdo de Nivel de Servicio (ANS).

Decreto Supremo nº 033-2018-PCM, de 22 de marzo de 2018. Decreto Supremo que crea la Plataforma Digital Única del Estado Peruano y establecen disposiciones adicionales para el desarrollo del Gobierno Digital, para lo cual en el ejercicio de sus funciones articula acciones con las entidades de la Administración Pública, la sociedad civil, los ciudadanos la academia y el sector privado. (Modificado por la Disposición Complementaria Modificatoria Tercera del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Resolución Ministerial n° 119-2018-PCM, de 8 de mayo de 2018. Se crea el Comité de Gobierno Digital, así como se establecen las funciones del mismo, su alcance, y los lineamientos de gestión y planificación en Gobierno Digital.

Decreto Supremo n° 050-2018-PCM, de 14 de mayo de 2018. Decreto que establece la definición de Seguridad Digital de ámbito nacional, en el cumplimiento con la Segunda Disposición Complementaria Final de la Ley nº 30618, Ley que modifica el Decreto Legislativo N°1441.

Decreto Legislativo 1412 de 12 de septiembre de 2018. Decreto Legislativo que aprueba la Ley de Gobierno Digital. (El Peruano, 13 de septiembre de 2018). (Modificado por artículo 14 de la Ley nº 30.999, de 9 de agosto de 2019).

Resolución de Secretaría de Gobierno Digital n° 003-2018-PCM/SEGDI, de 21 de septiembre de 2018. Modifican el artículo 4 de la Resolución de Secretaría de Gobierno Digital n° 001-2017-PCM/SEGDI referente al Modelo de Gestión Documental.

Resolución de Secretaría de Gobierno Digital n° 004-2018-PCM/SEGDI, de 10 de diciembre de 2018. Resolución que aprueba los lineamientos del Líder de Gobierno Digital.

Resolución de Secretaría de Gobierno Digital n° 005-2018-PCM/SEGDI, de 13 de diciembre de 2018. Resolución que aprueba los lineamientos para la formulación del Plan de Gobierno Digital. (El Peruano, 22 de diciembre 2018).

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

Resolución Ministerial n° 087-2019-PCM, de 19 de marzo de 2019. Se modifican los artículos 1 y 2 de la Resolución Ministerial n°119-2018-PCM, sobre Gobierno Digital. 

Resolución de Secretaría de Gobierno Digital n° 003-2019-PCM/SEGDI, de 27 de septiembre de 2019, de creación del Laboratorio de Gobierno y Transformación Digital del Estado. (El Peruano 5 de octubre de 2019). 

Decreto Supremo nº 118-2018-PCM, de 29 de noviembre de 2018. Decreto Supremo que declara de interés nacional el desarrollo del Gobierno Digital, la innovación y la economía digital. (El Peruano, 30 de noviembre de 2018). (Modificado por la Disposición Complementaria Modificatoria Quinta del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Decreto Supremo n° 119-2018-PCM, de 30 de noviembre de 2018. Decreto Supremo que modifica la Quinta Disposición Complementaria Final del Decreto Supremo n° 033-2018-PCM.

Resolución de Secretaría de Gobierno Digital n° 004-2018-PCM/SEGDI, de 22 de diciembre de 2018. Resolución que aprueba los lineamientos del Líder de Gobierno Digital.

Resolución de Secretaría de Gobierno Digital n° 005-2018-PCM/SEGDI, de 22 de diciembre de 2018. Resolución que aprueba los lineamientos para la formulación del Plan de Gobierno Digital.

Resolución Ministerial n° 087-2019-PCM, de 19 de marzo de 2019. Se modifican los artículos 1 y 2 de la Resolución Ministerial n°119-2018-PCM, sobre Gobierno Digital. 

Resolución de Secretaría de Gobierno Digital n° 001-2019-PCM/SEGDI, de 17 de abril de 2019. Resolución que aprueba la directiva para compartir y usar Software Público Peruano.

Resolución de Secretaría de Gobierno Digital n° 002-2019-PCM/SEGDI, de 17 de julio de 2019. Resolución que aprueba los Estándares de Interoperabilidad de la PIDE. (El Peruano 26 de julio de 2019).

Ley 30.999 de de 9 de agosto de 2019, de Ciberdefensa

Resolución de Secretaría de Gobierno Digital n° 003-2019-PCM/SEGDI, de 27 de septiembre de 2019, de creación del Laboratorio de Gobierno y Transformación Digital del Estado. (El Peruano 5 de octubre de 2019). 

Decreto de Urgencia n° 006-2020, de 8 de enero de 2020. Decreto de Urgencia que crea el Sistema Nacional de Transformación Digital.

Decreto de Urgencia nº 007-2020 de 8 de enero de 2020, que aprueba el marco de confianza digital y que dispone de medidas para su fortalecimiento. 

Decreto Supremo nº 070-2020-PCM, de 16 de abril de 2020, dictan medidas complementarias al Decreto Supremo n° 044-2020-PCM, Decreto Supremo que declara Estado de Emergencia Nacional por las graves circunstancias que afectan la vida de la Nación a consecuencia del brote del COVID-19.

Resolución de Secretaría de Gobierno Digital n° 001-2020-PCM/SEGDI, de 9 de julio de 2020. Norma que aprueba el Protocolo Técnico de Acceso a los resultados del cuestionario nacional o triaje inicial digital nacional en el marco del cumplimiento del Decreto Supremo n° 070-2020-PCM.

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

Resolución de Secretaría de Gobierno Digital nº 001-2021-PCM/SGD, de 15 de junio de 2021. Aprueban la Directiva n° 001-2021-PCM/SGD, “Directiva que establece los Lineamientos para la Conversión Integral de Procedimientos Administrativos a Plataformas o Servicios Digitales”

Ley nº 31.465 del 13 de abril de 2022, que modifica la Ley nº 27.444. Ley de Procedimiento Administrativo General.

HABEAS DATA

La Constitución Política del Perú de 1993. (Artículo 200).

Ley nº 26.301 de Habeas Data y Acción de Cumplimiento, de 18 de abril de 1994, trata de regular el Corpus Data de la Constitución.(Promulgada el 2 de mayo de 1994 y Publicada en el Diario Oficial “El Peruano” el 3 de mayo de 1994). (Derogada por Ley nº 28.237 de 7 de mayo de 2004)

Ley 26.545 de 10 de noviembre de 1995 que deroga inciso b) del artículo 5º de la Ley nº 26.301, que regula la aplicación de las Garantías Constitucionales del Hábeas Data y la Acción de Cumplimiento. (Derogada por la Ley nº 28.237 de 7 de mayo de 2004).

Ley nº 26.470 de 31 de mayo de 1995, que modifica la Constitución Política del Estado, en lo referido a las Garantías Constitucionales. Reforma Constitucional del artículo 200 relativo al Habeas Data. (Promulgada el 9 de junio de 1995 y Publicada en el Diario Oficial “El Peruano” el 12 de junio de 1995).

Ley nº 28.237, de 7 de mayo de 2004, del Código Procesal Constitucional. Regula el Habeas Data en su artículo 61. (Promulgada el 28 de mayo de 2004 y Publicada en el Diario Oficial “El Peruano” el 31 de mayo de 2004).

INTERNET

Decreto Supremo nº 060-2001/PCM, Crean el “Portal del Estado Peruano” como sistema interactivo de información de los ciudadanos a través de Internet.

Decreto Supremo nº 066-2001/PCM, aprueban los “Lineamientos de Políticas Generales para promover la masificación del acceso a Internet en el Perú”.

Decreto Supremo nº 067-2001/ED, crean el Proyecto Huascarán.

Decreto Supremo nº 070-2001/ED, aprueban el Reglamento del Fondo Nacional para el Uso de Nuevas Tecnologías en la Educación.

Decreto de Urgencia nº 077-2001, crea el Portal de Transparencia Económica como plataforma informativa del Ministerio de Economía y Finanzas para los ciudadanos a través de Internet.

Resolución Jefatural nº 229-2001/INEI, Crean el Centro de Administración del Portal del Estado Peruano (CAPEP).

Resolución Ministerial nº 347-2001/MTC-15.03, aprueban los “Lineamientos de Políticas Generales para promover la masificación del acceso a Internet en el Perú”.

Resolución Jefatural nº 234-2001/INEI, Aprueban Directiva “Normas y Procedimientos Técnicos sobre contenidos de las páginas web en las Entidades de la Administración Pública.

Resolución Suprema nº 292-2001/RE, de 16 de julio de 2001, que encarga al INDECOPI la administración del nombre de dominio correspondiente al Perú en Internet. Derogado por la Resolución nº 548-2001-RE.

Ordenanza número 12, de la Municipalidad Distrital de San Miguel, de 22 de mayo de 2003, sobre normas de uso de cabinas públicas de internet

Ordenanza número 45, de la Municipalidad Distrital de San Martín de Porres, de 21 de junio de 2003, sobre normas de uso de cabinas públicas de internet

Ordenanza número 7, de la Municipalidad Distrital de San Juan de Miraflores, de 24 de junio de 2003, sobre normas de uso de cabinas públicas de internet

Ordenanza número 6 de la Municipalidad Distrital Bellavista, de 29 de junio de 2003, sobre disposiciones para cabinas públicas de internet

Ordenanza número 115 de la Municipalidad Distrital de Jesús María, de 17 de julio de 2003, sobre normas de uso de cabinas públicas de internet

Ordenanza número 28, de la Municipalidad Distrital de Santa Anita, de 2 de agosto de 2003, sobre normas de uso de cabinas públicas de internet

Ordenanza número 118, de la Municipalidad Distrital de Los Olivos, de 13 de agosto de 2003, sobre normas de uso de cabinas públicas de internet

Ordenanza número 91 de la Municipalidad Distrital de Comas, de 5 de septiembre de 2003, sobre normas de uso de cabinas públicas de internet

Ordenanza número 139, de la Municipalidad Distrital de Magdalena del Mar, de 12 de septiembre de 2003, sobre normas de uso de cabinas públicas de internet

Resolución Jefatural nº 017-2004/JEF-RENIEC, del 29 de febrero del 2004. En dicho texto se regula el uso de la internet para realizar algunos trámites en línea.

Decreto Supremo nº 032-2006/PCM, Crean el Portal de Servicios al Ciudadano y Empresas (PSCE).

Ley nº 29.022 de 18 de mayo de 2007. Ley para la expansión de la infraestructura en telecomunicaciones

Resolución Ministerial nº 126-2009/PCM de 25 marzo 2009, aprueba lineamientos para Accesibilidad a páginas web y aplicaciones para telefonía móvil para instituciones públicas del Sistema Nacional de Informática.

Ordenanza nº 245/MDL (Municipalidad Distrital Lince) de 18 agosto 2009, regula el acceso a menores de edad a páginas web o a cualquier forma de medio magnético o archivo grabado de contenido pornográfico, violencia extrema o similares en cabinas públicas de internet y videojuegos en el distrito.(El Peruano, 5 de septiembre 2009).

Ordenanza nº 197/MDA Municipalidad Distrital de Ancón (Lima) del 15 de octubre de 2009, que regula el acceso de menores de edad a cabinas de internet.

Ordenanza nº 188 Municipalidad Distrital de La Molina, establecen las normas de prohibición y sanciones administrativas al acceso a páginas de información o contenido pornográfico a menores de edad en cabinas públicas de Internet en el distrito. (El Peruano 17 diciembre 2009).

Ordenanza nº 087/MCPSMH de 1 de octubre 2010, que aprueba Ordenanza sobre mecanismos de control y sanciones administrativas en protección de los derechos de menores de edad en el uso de cabinas de Internet y el acceso a páginas web de contenido pornográfico en cabinas ubicadas en la jurisdicción del Centro Poblado de Santa María de Huachipa (El Peruano, 9 diciembre 2010)

Ley nº 29.139 de 30 de noviembre de 2007. Ley que modifica la Ley 28.119, ley que prohíbe el Acceso de menores de Edad a páginas Web de contenido pornográfico y a cualquier otra forma de Comunicación en Red de igual contenido, en las Cabinas Públicas de Internet.

Decreto Supremo nº 034-2010/MTC de 23 julio 2010, establece como Política Nacional la implementación de una red dorsal de fibra óptica para facilitar a la población el acceso a Internet de banda ancha y promover la competencia en la prestación de este servicio. (El Peruano 24 julio 2010).

Decreto Supremo 011-2002/JUS, de 3 de abril de 2002, mediante el cual se aprueba el Texto Único de Procedimientos Administrativos del Sistema Nacional de Registros Públicos y la SUNARP (Superintendencia Nacional de Registros Públicos) permite obtener copias simples de las partidas electrónicas accedidas vía internet.

Ley nº 27.444, Ley de Procedimiento Administrativo General, de 21 de marzo de 2001. Que establece el marco jurídico para el uso del correo electrónico, documentos electrónicos y expedientes digitales, en la tramitación de procedimientos administrativos vía internet.

Decreto Supremo nº 060-2001/PCM, del 22 de mayo del 2001, que crea el “Portal del Estado Peruano”, como sistema interactivo de información a los ciudadanos, a través de internet, el cual proporciona un servicio de acceso unificado a los servicios y procedimientos administrativos que se realizan ante las diversas dependencias públicas.

Ley nº 28.119 de 20 de noviembre de 2003, que prohíbe el acceso de menores de edad a páginas de contenido pornográfico. (Promulgada el 12 de diciembre de 2003 y Publicada en el Diario Oficial “El Peruano” el 13 de diciembre de 2003).

Ley nº 28.530 de 29 de abril de 2005, de promoción de acceso a internet para personas con discapacidad y de adecuación del espacio físico en cabinas públicas de internet. (Promulgada el 24 de mayo de 2005 y Publicada en el Diario Oficial “El Peruano” el 25 de mayo de 2005).

Decreto Supremo nº 025-2010/ED de 30 noviembre 2010, aprueba el Reglamento de la Ley nº 28.119, Ley modificada por la Ley 29.139, Ley que prohíbe el acceso de menores de edad a páginas web de contenido pornográfico y a cualquier otra forma de comunicación en red de igual contenido, en las cabinas públicas de Internet. (El Peruano, 1 de diciembre de 2010).

Proyecto de Ley nº 4662/2010/CR presentado el 10 de febrero 2011, proyecto que promueve Internet para todos.

Ley nº 30228 de 25 de junio de 2014, que modifica la Ley 29022, Ley para la Expansión de Infraestructura en Telecomunicaciones.

Decreto Supremo nº 033-2018-PCM, de 22 de marzo de 2018. Decreto Supremo que crea la Plataforma Digital Única del Estado Peruano y establecen disposiciones adicionales para el desarrollo del Gobierno Digital, para lo cual en el ejercicio de sus funciones articula acciones con las entidades de la Administración Pública, la sociedad civil, los ciudadanos la academia y el sector privado. (Modificado por la Disposición Complementaria Modificatoria Tercera del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

Proyecto de Ley nº 3156/2018-CR de 11 de septiembre de 2019, de autoría de la Congresista Estelita Sonia Bustos Espinoza. Proyecto de Ley de Reforma Constitucional que reconoce el derecho de acceso a Internet como derecho fundamental progresivo en la Constitución Política del Perú.

Proyecto de Ley nº 05091/2020-CR, de junio de 2020, que propone modificar los artículos 2, 3 inciso a y 4.3 del Decreto Legislativo nº 1182 que regula el uso de los datos derivados de las telecomunicaciones para la identificación, localización y geolocalización de equipos de comunicación, en la lucha contra la delincuencia y el crimen organizado. 

Proyecto de Ley nº 5600/2020-CR de 24 de junio de 2020, de autoría de la Congresista Ariette Contreras. Proyecto de Ley que reconoce el derecho de acceso a Internet para garantizar una educación y alfabetización accesible para todas las peruanas y peruanos.

Proyecto de Ley nº 2780/2017-CR de 21 de julio de 2020, de autoría del Congresista Mauricio Mulder. Ley que declara el acceso a Internet como un Derecho Humano.

Proyecto de Ley nº 5843/2020-CR de 23 de julio de 2020, de autoría del Congresista Absalón Montoya Guivin. Ley que reconoce el derecho a acceso a Internet como derecho constitucional.

Proyecto de Ley nº 6544/2020-CR, de 23 de octubre de 2020, que garantiza la ejecución de operaciones de Ciberseguridad y Seguridad Digital a través de un Centro Nacional de Ciberseguridad.  

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

Resolución Legislativa n° 002-2021-2022-CR de 22 de octubre de 2021. Señala en el ítem 54 que el acceso a internet se enmarca dentro de las propuestas legislativas a ser presentadas por la Agenda Legislativa para el periodo anual de sesiones 2020-2021

Proyecto de Ley nº 00878/2021-CR. Ley General de Internet, presentado el 1 de diciembre de 2021.

Proyecto de Ley nº 00879/2021-CR. Ley de reforma constitucional que garantiza el acceso a Internet, presentado el 1 de diciembre de 2021.

Proyecto de Ley nº 881/2021-CR. Ley de reforma constitucional que reconoce el acceso a internet como Derecho Fundamental, presentado el 2 de diciembre de 2021. 

Proyecto de Ley nº 1418/2021-CR, presentado el 7  de marzo de 2022. Ley que obliga a las empresas de telefonía conservar por un periodo de al menos 7 años los registros de llamadas, para lo cual se modifica el literal E) del artículo 16 de la Ley 27.336, Ley de desarrollo de las funciones y facultades del organismo supervisor de inversión privada en Telecomunicaciones- OSIPTEL.

Ley de Reforma Constitucional de 7 de junio de 2023

Ley nº 31.878 de 19 de septiembre de 2023, Reforma Constitucional que promueve el Uso de las Tecnologías de la Información y la Comunicación, y reconoce el Derecho de Acceso a Internet Libre en todo el País. (El Peruano Sábado 23 de septiembre de 2023).

Decreto Legislativo nº 1623 de 2 de agosto de 2024, que modifica la Ley del Impuesto General a las ventas e impuestos selectivos al consumo respecto a la utilización en el país de servicios digitales y la importación de bienes intangibles a través de Internet (El Peruano, 4 de agosto de 2024)

MANIFESTACIÓN DE LA VOLUNTAD POR MEDIOS ELECTRÓNICOS

Ley nº 27.291, de 2 de junio de 2000, que modificó el Código Civil, permitiendo la utilización de medios electrónicos para la comunicación de la manifestación de voluntad y la utilización de la firma electrónica, sobre todo en el área de contratos. (Promulgada el 23 de junio de 2000 y Publicada en el Diario Oficial “El Peruano” 24 de junio de 2000).

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

MICROFORMAS

Decreto Legislativo nº 681 de 11 de octubre de 1991, dicta normas que regulan el uso de tecnologías avanzadas en materia de archivo de documentos e información tanto respecto a la elaborada en forma convencional cuanto la producida por procedimientos informáticos en computadoras. Sobre los efectos legales de los documentos digitales obtenidos producto del microfilmado. (Publicado en el Diario Oficial “El Peruano” el 14 de octubre de 1991).

Decreto Ley nº 25.661, comprenden a la Banca Estatal de Fomento, dentro de los alcances del Decreto Legislativo nº 681, en cuanto al uso de las tecnologías de microformas, microduplicados, migrograbación y otros análogos.

Decreto Supremo nº 009-92/JUS del 26 de junio de 1992. Reglamento del Decreto Legislativo nº 681, sobre el uso de tecnologías de avanzada en materia de archivos de la empresas. Este reglamento fue modificado y actualizado por el Decreto Supremo nº 001-2000-JUS, del 24 de marzo de 2000. (El Peruano, 27 de junio de 1992).

Circular nº B-1922-92/SBS, Circular referida a la sustitución de archivos, mediante microformas y plazos de conservación de libros y demás documentos.

Ley nº 26.612 de10 de mayo de 1996, que modifica el D. Leg nº 681, mediante el cual se regula el uso de tecnologías avanzadas en materia de archivo de documentos e información. Adapta los microarchivos a la tecnología electrónica. (Promulgada el 17 de mayo de 1996 y Publicada en el Diario Oficial “El Peruano” el 21 de mayo de 1996).

Decreto Legislativo nº 827, de 31 de mayo de 1996, que amplia los alcances del Decreto Legislativo 681 autorizando a las instituciones del Estado para la utilización del sistema de microfilmado en sus documentos. (Promulgado el 31 de mayo de 1996 y Publicado en el Diario Oficial “El Peruano” el 5 de junio de 1996). Fe de Erratas del Decreto Legislativo nº 827.

Resolución nº 066-97/INDECOPI-CRT, Comisión de Reglamentos Técnicos y Comerciales, aprueban normas técnicas peruanas sobre fotografía, micrografía, microformas y recipientes portátiles para gases licuados de petroleo. (El Peruano, 17 diciembre 1997)

Resolución nº 068-97/INDECOPI_CRT, Comisión de Reglamentos Técnicos y Comerciales, aprueban normas técnicas peruanas sobre microformas.

Resolución nº 070-97/INDECOPI-CRT, Comisión de Reglamentos Técnicos y Comerciales, aprueban el Reglamento de la certificación de la idoneidad técnicas del Sistema de producción y almacenamiento de microformas. (El Peruano, 16 enero 1998)

Norma Técnica Peruana NTP-392.030/1:1997 Reglamentación exclusiva de micropelículas y microfichas (microformas). Norma Técnica aprobadas por el INDECOPI referido al uso de la tecnología. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Norma Técnica Peruana NTP-392.030/2:1997 Reglamentación exclusiva de medios de archivo electrónico (microformas). Norma Técnica aprobadas por el INDECOPI referido al uso de la tecnología. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Decreto Supremo nº 001-98-TR, normas reglamentarias relativas a obligación de los empleadores de llevar planillas de pago con el uso de microformas (El Peruano, 22 de enero 1998).

Decreto Supremo nº 002-98/ITINCI de 18 de febrero de 1998, que aprobó las correspondientes normas técnicas, tanto para las organizaciones que operan microformas en micropelículas (microfilmación) como para las que emplean medios de archivos electrónicos; las que fueron incorporadas como obligatorias por el DS nº 002-98-ITINCI, de 18 de febrero de 1998. (El Peruano, 21 de febrero de 1998).

Decreto Supremo nº 135-99/EF. Texto Único Ordenado (TUO) del Código Tributario.

Resolución nº 055-99/EF-SAFP de 25 febrero 1999,  Dictan normas que modifican Títulos III y V del compendio de normas de Superintendencia Reglamentarias del Sistema Privado de Administración de Fondos de Pensiones (SAFP), autorización para usar el sistema de microforma digital.

Resolución nº 185-99/EF-SAFP, Modifican artículos del Título V del compendio de normas de Superintendencia, referido a afiliación y aportes (Admite el uso de microformas).

Decreto Supremo nº 001-2000/JUS, Reglamenta la ampliación del alcance del D.L. nº 827 y se establecen requisitos para la formación de los representantes de la fe pública.

Ley nº 27.038 que modifica el Decreto Legislativo nº 816, Código Tributario y Normas conexas. (En el artº 20 se regula las microformas)

Ley nº 27.323, Ley que establece funciones de la CONASEV y la SBS para autorizar e inscribir a empresas e instituciones que recurren a servicios de microarchivos cuando estas no cuentan con un microarchivo propio. (El Peruano, 22 julio 2000).

Ley nº 27.287,  Ley de Títulos Valores. (En el artículo 110.2 se regula las microformas).

Ley nº 27.291, Ley que modifica el Código Civil permitiendo el uso de los medios electrónicos para la comunicación de la manifestación de voluntad y la utilización de la firma electrónica.

Ley nº 27.323 Ley del Mercado de Valores, Ley que modifica el Decreto Ley nº 26.126. Ley Orgánica de CONASEV, el Decreto Legislativo nº 604. Ley de Organización y Funciones del Instituto Nacional de Estadística e Informática, el  Decreto Legislativo nº 681. Normas que regulan el uso de tecnologías avanzadas en materia de archivo y documentos y el Decreto Legislativo nº 861. Ley del Mercado de Valores.

Ley nº 27.419, Ley sobre notificación por correo electrónico (El Peruano, 6 febrero 2001).

Ley nº 27.658, Ley marco de modernización de la gestión del estado (El Peruano, 30 enero 2002).

Ley nº 28.186, Ley que establece los alcances del D. L. nº 681. Conservación de documentos con contenido tributario. (El Peruano, 5 de marzo de 2004)

Norma Técnica Peruana NTP-392.030/2:2005.

Decreto Legislativo nº 1030, Ley de los sistemas nacionales de normalización y acreditación -SNA (El Peruano, 24 junio 2008).

Decreto Supremo nº 052-2008/PCM, Reglamento de la Ley de Firmas y Certificados Digitales (El Peruano, 19 de julio de 2008).

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

NOMBRES DE DOMINIO

Resolución Suprema nº 292-2001/RE, de 16 de julio de 2001, que encarga al INDECOPI la administración del nombre de dominio correspondiente al Perú en Internet. Derogado por la Resolución nº 548-2001-RE.

Resolución Suprema nº 548-2001-RE, de 13 de diciembre de 2001, que deja sin efecto artículos de la Resolución mediante la cual se encargó al INDECOPI la administración del nombre de dominio correspondiente al Perú en Internet.

Resolución Jefatural nº 207-2002/INEI, de 5 de julio de 2002. Normas Técnicas para la asignación de nombres de Dominio de las Entidades de la Administración Pública.

Resolución Jefatural nº 190-2003/INEI, de 16 de junio de 2003, que modifica normas de registro de Dominios para Entidades Públicas.

Resolución nº 356-2003/MEM-DM, asigna dominio de Internet al Ministerio de Energía y Minas.

Resolución Ministerial nº 0285-2005/PCM de 12 de agosto de 2005 que crea la Comisión Multisectorial de Políticas del Sistema de Nombres de Dominio

NOTIFICACIONES ELECTRÓNICAS

Ley nº 27.419 de 25 de enero de 2001, que modifica dos artículos del Código Procesal Civil y posibilita el envío a través de correos electrónicos, de determinados  actos procesales. (Promulgada el 6 de febrero de 2001 y Publicada en el Diario Oficial “El Peruano” el 7 de febrero de 2001).

Decreto Legislativo nº 932, implementación del Sistema de comunicación por vía electrónica para que la SUNAT notifique los embargos en forma de retención y actos vinculados a las Empresas del Sistema Financiero Nacional.

Decreto Supremo nº 098-2004/EF, normas reglamentarias relativas a la implementación del Sistema de Comunicación por Vía Electrónica para que la SUNAT notifique embargos en forma de retención y actos vinculados a las empresas del sistema financiero.

Resolución de Superintendencia nº 087-2010/SUNAT de 18 marzo 2010, aprueba una nueva versión del programa de declaración telemática de notarios y dicta disposición sobre la utilización de la versión anterior a esta.

Resolución de Superintendencia nº 234-2010/SUNAT de 12 agosto 2010, incorpora actos administrativos que pueden ser notificados de manera electrónica al anexo de la Resolución de Superintendencia nº 014-2008-SUNAT que regula la notificación de actos administrativos por medio electrónico. (El Peruano 13 agosto 2010).

Resolución nº 057-2011/SUNAT, facilita la presentación de escritos en procedimientos de cobranza coactiva a cargo de dependencias de tributos internos mediante formulario virtual (El Peruano, 8 marzo 2011).

Resolución de Superintendencia nº 106-2011/SUNAT de 20 abril 2011, incorporan nuevos contribuyentes al uso del Sistema de Embargo por medios telemáticos ante Grandes Compradores (El Peruano, 22 abril 2011).

Decreto Supremo nº 033-2018-PCM, de 22 de marzo de 2018. Decreto Supremo que crea la Plataforma Digital Única del Estado Peruano y establecen disposiciones adicionales para el desarrollo del Gobierno Digital, para lo cual en el ejercicio de sus funciones articula acciones con las entidades de la Administración Pública, la sociedad civil, los ciudadanos la academia y el sector privado. (Modificado por la Disposición Complementaria Modificatoria Tercera del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

Ley nº 31.170 de 30 de marzo de 2021, Ley que dispone la implementación de mesas de Partes Digitales y Notificaciones Electrónicas

PLANILLA ELECTRÓNICA

Decreto Supremo nº 001-98/TR de 20 de enero de 1998, sobre normas reglamentarias relativas a obligación de los empleadores de llevar planillas de pago.

Decreto Supremo nº 018-2007/TR, establecen disposiciones relativas al uso del documento denominado “Planilla Electrónica”. (El Peruano, 28 agosto 2007).

Resolución Ministerial nº 250-2007/TR, aprueban información de la Planilla Electrónica y anexos. (El Peruano, 30 septiembre 2007).

Resolución de Superintendencia nº 204-2007/SUNAT, de 26 octubre 2007, aprobación del PDT Planilla Electrónica formulario virtual nº 0601 y de las normas referidas a declaraciones de otros conceptos. (El Peruano, 27 octubre 2007).

Resolución de Superintendencia nº 005-2008/SUNAT de 11 enero 2008, aprueban nuevas versiones del PDT Planilla Electrónica Formulario Virtual nº 601 y del PDT IGV Renta Mensual Formulario Virtual nº 621. (El Peruano 12 enero 2008).

Resolución de Superintendencia nº 125-2008/SUNAT de 24 julio 2008, modifican la Resolución de Superintendencia nº 204-2007-SUNAT y aprueban nueva versión de PDT Planilla Electrónica, Formulario Virtual nº 0601. (El Peruano, 25 julio 2008).

Resolución de Superintendencia nº 056-2009/SUNAT de 20 febrero 2009, aprueban nueva versión del PDT Planilla Electrónica, Formulario Virtual nº 0601. (El Peruano 21 febrero 2009).

Resolución de Superintendencia nº 091-2010/SUNAT de 29 marzo 2010, amplia uso de programa de declaración telemática (PDT) Planilla Electrónica.

Resolución de Superintendencia nº 175-2010/SUNAT de 26 mayo 2010, modifican la Resolución nº 204-2007-SUNAT para facilitar la actualización y/o modificación de datos de identificación de los trabajadores, pensionistas y otros asegurados regulares a ESSALUD y aprueban nuevas versiones del PDT Planilla Electrónica y del PDT Remuneraciones.

Resolución de Superintendencia nº 185-2010/SUNAT de 14 junio 2010, aprueba nueva versión del PDT otras retenciones Formulario Virtual nº 617.

Resolución de Superintendencia nº 0189-2010/SUNAT de 17 de junio 2010, aprueba el formulario virtual nº 1607 asegura tu pensión, el cual permitirá a la aseguradora efectuar la declaración y el pago de las aportaciones al Sistema Nacional de pensiones de los asegurados cuya relación laboral se haya extinguido por causal no imputable a estos. (El Peruano, 18 junio 2010).

Decreto Supremo nº 015-2010/TR de 17 diciembre 2010, modifican Decreto Supremo nº 018-2007-TR, mediante el cual se establecen disposiciones relativas al uso del documento denominado “Planilla Electrónica” (El Peruano 18 diciembre 2010).

Resolución de Superintendencia nº 332-2010/SUNAT de 23 diciembre 2010, aprueba proyecto “Optimización del registro y del programa de declaración telemática de la planilla electrónica” y designa el equipo a cargo de su ejecución.

Resolución de Superintendencia nº 333-2010/SUNAT (Superintendencia Nacional de Administración Tributaria) 22 diciembre 2010, que aprueba nueva versión del PDT Planilla Electrónica, Formulario Virtual nº 0601 (El Peruano 24 diciembre 2010).

Resolución de Superintendencia nº 343-2010/SUNAT de 30 diciembre 2010, amplía los plazos previstos en la resolución de Superintendencia nº 034-2010/SUNAT para el uso de sistemas informáticos y para la presentación del formulario nº 845.

Resolución Ministerial nº 009-2011/TR de 6 enero 2011, que aprueba información de la Planilla Electrónica (El Peruano, 8 enero 2011).

Resolución nº 010-2011/SUNAT, establece procedimiento para el registro de derechohabientes en el Registro de Información Laboral de SUNAT Operaciones en Línea y modifican la Resolución nº 204-2007/SUNAT que aprueba el PDT de Planilla Electrónica Formulario Virtual nº 601 (El Peruano, 26 enero 2011).

Resolución de Superintendencia nº 028-2010/SUNAT de 27 enero 2010, aprueba nueva versión del PDT Planilla Electrónica, Formulario Virtual nº 0601.

Resolución nº 076-2011/SUNAT, aprueba las nuevas versiones de los PDT IGV-Renta Mensual, Formularios Virtuales nº 621 y nº 617 modifican la Resolución nº 120-2009/SUNAT que aprobó el formulario nº 612 Simplificado IGV-Renta Mensual (El Peruano, 24 marzo 2011).

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

PORTALES DEL ESTADO PERUANO

Decreto Supremo nº 060-2001/PCM, del 22 de mayo del 2001, que crea el “Portal del Estado Peruano”, como sistema interactivo de información a los ciudadanos, a través de internet, el cual proporciona un servicio de acceso unificado a los servicios y procedimientos administrativos que se realizan ante las diversas dependencias públicas.

Resolución de Consejo Directivo nº 1170-2001/OS-CD, precisa información que publicará OSINERG en su página web y en el Diario Oficial El Peruano.

Resolución de Presidencia Ejecutiva nº 446/PE-ESSALUD-2001, dispone difusión periódica de la relación de proveedores aptos para el pago por servicios y bienes recibidos a través de la página web de ESSALUD.

Resolución de la Fiscalía de la Nación nº 1205-2001/MP-FN, aprueba el Reglamento del Sistema de Denuncias por Web.

Decreto de Urgencia nº 077-2001, crea el Portal de Transparencia Económica como plataforma informativa del Ministerio de Economía y Finanzas para los ciudadanos a través de Internet.

Resolución Administrativa de Presidencia nº 198-2001/P-CS, crea la página web del Poder Judicial.

Resolución Ministerial nº 110-2001/PCM, crea la Comisión de Trabajo Interinstitucional para el desarrollo del Portal del Estado Peruano.

Resolución Ministerial nº 220-2001/MTC-15.14, aprueba Directiva sobre publicación en la Página Web del Ministerio de convocatorias y resultados de procesos de concurso, licitación y adjudicación, directa pública que se realicen en el sector.

Resolución Jefatural nº 229-2001/INEI, crea el Centro de Administración del Portal del Estado Peruano (CAPEP).

Resolución Jefatural nº 234-2001/INEI, aprueban Directiva “Normas y Procedimientos Técnicos sobre contenidos de las páginas web en las Entidades de la Administración Pública”.

Resolución Jefatural nº 347-2001/INEI, aprueba Directiva “Normas y Procedimientos Técnicos para garantizar la Seguridad de la Información publicadas por las entidades de la Administración Pública”.

Resolución Jefatural nº 160-2002/INEI, aprueba Directiva nº 006-2002-INEI/DTNP sobre “Normas y Procedimientos Técnicos para la Actualización de Contenidos del Portal del Estado Peruano”.

Resolución Ministerial nº 266-2002/PCM, encargan preparación de “Estrategia Nacional de Gobierno Electrónico”.

Ley nº 27933 del Sistema de Seguridad Ciudadana, de 28 de enero de 2003. (Modificado por Decreto Legislativo nº 1316 de 30 de diciembre de 2016)

Decreto Supremo nº 059-2004/PCM, establece disposiciones relativas a la administración del “Portal del Estado Peruano”.

Decreto Supremo nº 032-2006/PCM del 20 junio 2006, crea el Portal de Servicios al Ciudadano y Empresas (PSCE).

Decreto Supremo nº 019-2007/PCM, se establece el uso de la Ventanilla Única del Estado a través del Portal de Servicios al Ciudadano y Empresas (PSCE) y se crea el Sistema Integrado de Servicios Públicos Virtuales.

Decreto Supremo nº 063-2010/PCM de 2 junio 2010, Decreto Supremo que aprueba la implementación del Portal de Transparencia Estándar en las Entidades de la Administración Pública.

Decreto Supremo nº 033-2018-PCM, de 22 de marzo de 2018. Decreto Supremo que crea la Plataforma Digital Única del Estado Peruano y establecen disposiciones adicionales para el desarrollo del Gobierno Digital, para lo cual en el ejercicio de sus funciones articula acciones con las entidades de la Administración Pública, la sociedad civil, los ciudadanos la academia y el sector privado. (Modificado por la Disposición Complementaria Modificatoria Tercera del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Decreto Supremo nº 051-2018-PCM, de 14 de mayo de 2018. Decreto Supremo que crea el Portal de Software Público Peruano. (Modificado por la Disposición Complementaria Modificatoria Cuarta del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

PROPIEDAD INDUSTRIAL

Decreto Legislativo nº 823 . Ley de Propiedad Industrial, de 23 de abril de 1996. (Promulgada el 23 de abril de 1996 y Publicada en el Diario Oficial “El Peruano” el 24 de abril de 1996).

Resolución nº 070-97/INDECOPI-CRT de 23 de diciembre de 1997, de la Comisión de Reglamentos Técnicos y Comerciales, aprobó el reglamento para otorgar certificados de idoneidad técnica para los microarchivos. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Decisión 486 de la Comisión del Acuerdo de Cartagena sobre el Régimen Común sobre Propiedad Industrial, vigente desde el 1 de diciembre de 2.000. Publicado en la Gaceta Oficial del Acuerdo de Cartagena en fecha 19 septiembre 2000.

Decreto Supremo nº 059-2017-PCM, de 26 de mayo de 2017. Aprueban el Reglamento del Decreto Legislativo n° 1075, Decreto Legislativo que
aprueba disposiciones complementarias a la Decisión 486 de la Comunidad Andina que establece el Régimen Común sobre Propiedad Industrial y sus modificaciones.

PROPIEDAD INTELECTUAL

Decreto Ley nº 22.994 de 23 de abril de 1980, que aprueba Convenio de Propiedad Intelectual (Promulgado el 23 de abril de 1980 y Publicado en el Diario Oficial “El Peruano” el 24 de abril de 1980).

Decreto Ley nº 25.868 de 6 de noviembre de 1992. Ley de organización y funciones del Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual. (INDECOPI). En las normas donde figure ITINTEC debe entenderse como INDECOPI. (Promulgado el 18 de noviembre de 1992 y Publicado en el Diario Oficial “El Peruano” el 24 de noviembre de 1992).

Decreto Supremo 24-93/ITINCI, de 24 de septiembre de 1993, encomienda el Servicio Nacional de Metrología al Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual (INDECOPI).

Decreto Legislativo nº 788, publicado de 29 de diciembre de 1994, declara en reorganización al Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual – INDECOPI. Modifica el Decreto Ley nº 25.868 de 6 de noviembre de 1992. (Promulgado el 29 de diciembre de 1992 y Publicado en el Diario Oficial “El Peruano” el 31 de diciembre de 1994).

NTP-392.030/1-1997 Reglamentación exclusiva de micropelículas y microfichas (microformas). Norma Técnica aprobadas por el INDECOPI referido al uso de la tecnología. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

NTP-392.030/2-1997 Reglamentación exclusiva de medios de archivo electrónico (microformas). Norma Técnica aprobadas por el INDECOPI referido al uso de la tecnología. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Resolución nº 055-97/INDECOPI-CRT, de la Comisión de Reglamentos Técnicos y Comerciales. Norma técnica en micrografía.(Diario Oficial “El Peruano” el 7 de diciembre de 1997). (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Resolución nº 068-97/INDECOPI-CRT Comisión de Reglamentos Técnicos y Comerciales, aprueban normas técnicas peruanas sobre microformas.

Resolución nº 0032-1998/INDECOPI-CRT, de la Comisión de Reglamentos Técnicos y Comerciales. Norma técnica en micrografía.(Diario Oficial “El Peruano” el 5 de agosto de 1998. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Resolución nº 0021-98/INDECOPI/CRT, de la Comisión de Reglamentos Técnicos y Comerciales, de 17 de mayo de 1998.

Resolución de la Presidencia del Directorio nº 064-2000/INDECOPI-DIR, aprueba el documento de trabajo nº 005-2000, “Promoviendo un Marco Institucional para la Valorización de la Propiedad Intelectual en el Perú”

Decreto Supremo nº 077-2005/PCM. Reglamento de organización y funciones del Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual 2005. Publicado en el Diario Oficial “El Peruano”.

Resolución nº 023-2008/INDECOPI/DIR.- “EL Peruano” 19 de marzo de 2008, por la que se aceptan renuncia presentada por miembro de la Comisión de Libre Competencia del INDECOPI

Resolución nº 030-2008/CRT-INDECOPI, (Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual) “EL Peruano” 19 de marzo de 2008, por la que se aprueban las Guías de Acreditación de Entidades de Certificación Digital, Entidades de Registro o Verificación de datos y Entidades de Prestación de Servicios de Valor añadido, así como la Guía para la Acreditación del Software de Firmas Digitales.

Decreto Legislativo nº 1033 de 24 de junio 2008: Ley de Organización y Funciones del Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual (INDECOPI).

Decreto Supremo nº 099-2009/PCM, de 16 de febrero de 2009. Aprueba el Reglamento de Organización y Funciones del INDECOPI.

Resolución Presidencia Consejo Directivo nº 042-2009/INDECOPI/COD de 29 marzo 2009, establecen competencia funcional de las Salas de Defensa de la Competencia del Tribunal de Defensa de la Competencia y de la Propiedad Intelectual.

Resolución nº 013-2009/CNB-INDECOPI – Aprueban Normas Técnicas Peruanas sobre melaza y bagazo de caña, diseño curricular de programas educativas, ingeniería de software y productos de cacao (El Peruano, 23 mayo 2009).

Directiva nº 005-2009/COD-INDECOPI de 3 de agosto de 2009. Directiva de operaciones y funcionamiento del Registro de números telefónicos y direcciones de correo excluidos de ser destinatarios de publicidad masiva.

Decreto Supremo nº 071-2017-PCM, de 28 de junio de 2017. Aprueba disposiciones que regulan la implementación de la modalidad de publicación en la Gaceta Electrónica del Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual – INDECOPI, referida en el artículo 6 del Decreto Legislativo n° 1212, Decreto Legislativo que refuerza las facultades sobre eliminación de barreras burocráticas para el fomento de la competitividad.

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

PROTECCIÓN AL CONSUMIDOR

Ley nº 27.311, de 26 de junio de 2000, de Fortalecimiento del Sistema de Protección al Consumidor (Diario Oficial “El Peruano” 18 de julio de 2000).

Decreto Supremo nº 006-2009/PCM, que aprueba el Texto Único Ordenado de la Ley de Protección al Consumidor.

Ley nº 29571 de 14 de agosto de 2010.- Código de Protección y Defensa del Consumidor.

Decreto Supremo nº 011-2011/PCM, aprueba el Reglamento del Libro de Reclamaciones previsto en el Código de Protección y Defensa del Consumidor (El Peruano 19 febrero 2011).

Decreto Supremo nº 029-2011/PCM, aprueba Reglamento del Registro de Infracciones y Sanciones al Código de Protección y Defensa del Consumidor (El Peruano, 14 abril 2011).

Decreto Supremo nº 030-2011/PCM, aprueba Reglamento de Procesos Judiciales para la defensa de los intereses colectivos de los consumidores y el Fondo Especial creado por el artículo 131 de la Ley nº 29.571, Código de Protección y Defensa del Consumidor (El Peruano, 14 abril 2011).

Decreto Supremo nº 031-2011/PCM, aprueba Reglamento que establece los mecanismos para la propuesta y designación de los representantes de las entidades y gremios que integran el Consejo Nacional de Protección al Consumidor (El Peruano, 14 abril 2011).

Decreto Supremo nº 032-2011/PCM, aprueba Reglamento que establece las condiciones del destino del monto para el funcionamiento de las asociaciones de consumidores (El Peruano, 14 abril 2011).

Decreto Supremo nº 037-2011/PCM, reducen plazo de implementación del Libro de Reclamaciones previsto en el Código de Protección y Defensa del Consumidor de 120 a 15 días calendario contados a partir de la fecha de entrada en vigencia de la presente norma, lo que implica que el uso de dicho libro será obligatorio a partir del 7 de mayo de 2011, en todos los establecimientos comerciales que atiendan al público consumidor. (El Peruano, 22 abril 2011).

Decreto Legislativo de 4 de septiembre de 2018, que modifica la Ley nº 29.571 Código de Protección y Defensa del Consumidor.

PROTECCIÓN DE DATOS

Constitución Política del Perú de 1993

Resolución Ministerial nº 622-99/MTC/15.17, de 27 de noviembre de 1996, aprueba procedimiento de inspección y requerimiento de información relacionados al secreto de las telecomunicaciones y protección de datos.

Resolución Ministerial nº 094-2002/JUS, de 18 marzo 2002, se constituye la Comisión Especial encargada de proponer el anteproyecto de Ley de Protección de Datos Personales.

Resolución Ministerial nº 331-2004/JUS 20 julio 2004, Proyecto Ley de Protección de Datos Personales (El Peruano, 23 julio 2004).

Resolución Ministerial nº 111-2009/MTC/03 (Ministerio de Transporte y Comunicaciones), sobre inviolabilidad, secreto de las telecomunicaciones y protección de datos personales. (El Peruano, 7 de febrero de 2009).

Proyecto de Ley de Protección de Datos Personales de 3 junio 2010.

Ley nº 29.733 de 2 julio 2011 de Protección de Datos Personales.  (Modificada por Decreto Legislativo nº 1353, de 28 de diciembre de 2016, que crea la autoridad nacional de Transparencia y Acceso a la Información Pública, fortalece el régimen de Protección de Datos Personales y la regulación de la gestión de intereses.)

Decreto Supremo nº 003-2013-JUS de 21 de marzo de 2013, mediante el cual se aprueba el Reglamento de la Ley de Protección de Datos nº 29.733. (Diario Oficial el Peruano 22 de marzo de 2013). (Modificado por Decreto Supremo nº 019-2017-JUS, de 14 de septiembre de 2017, aprueba el Reglamento del Decreto Legislativo n° 1353, Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos Personales y la regulación de la gestión de intereses).

Ley nº 30.024 de 30 abril de 2013, que crea el Registro Nacional de Historias Clínicas Electrónicas.

Resolución Directoral nº 002-2013/JUS/DGPDP, de 31 de mayo de 2013, de aprobación del formulario de denuncia por actos contrarios a la Ley nº 29733 y su reglamento.

Resolución Directoral nº 003-2013/JUS/DGPDP, de 31 de mayo de 2013, de aprobación del formulario de realización de flujo transfronterizo de datos personales.

Resolución Directoral nº 10-2013-JUS/DGPDP, de 8 de agosto de 2013, que aprueba el formulario de absolución de consulta sobre protección de datos personales.

Resolución Directoral nº 12-2013-JUS/DGPDP, de 8 de agosto de 2013, que aprueba el formulario de modificación de banco de datos personales y el formulario de cancelación de banco de datos personales.

Resolución Directoral nº 13-2013-JUS/DGPDP, de 8 de agosto de 2013, que aprueba el formulario de solicitud de opinión sobre la realización de flujo transfronterizo de datos personales (transferencia internacional). 

Resolución Directoral nº 019-2013-JUS-DGPDP, de 11 de octubre de 2013, que aprueba la Directiva de seguridad de la información administrada por los Bancos de Datos Personales. Fé de erratas.

Resolución Directoral nº 020-2013-JUS/DGPDP, de 11 de octubre de 2013, modificación del punto 1 del título II de los formularios de inscripción de los bancos de datos.

Resolución Directoral nº 29-2013-JUS/DGPDP, de 18 de noviembre de 2013, que aprueba el formulario de consulta al contenido del Registro Nacional de Protección de Datos Personales.

Ley nº 30.120 de 4 de diciembre de 2013, de apoyo a la Seguridad ciudadana con cámaras de videovigilancia públicas y privadas.

Resolución Directoral nº 057-2014-JUS/DGPDP, de 7 de julio de 2014, de realización de flujo transfronterizo de datos personales (transferencia internacional).

Directiva nº 001-2014-JUS/DGPDP, de 25 de julio de 2014, sobre protección de datos personales en el marco de los procedimientos para la construcción, administración, sistematización y actualización de bases de datos personales vinculados con programas sociales y subsidios que administra el Estado. (El Peruano, 1 de agosto de 2014).

Resolución Directoral nº 060-2014-JUS/DGPDP  de 1 de agosto de 2014, que ha aprobado la Directiva nº 001-2014-JUS/DGPDP, que establece disposiciones para la protección de datos personales en el marco de los procedimientos para la construcción, administración, sistematización y actualización de base de datos vinculados con programas sociales y de subsidios que administra el Estado.

Ley nº 30.287 de 21 de noviembre de 2014, de prevención y control de la tuberculosis en el Perú. (El Peruano, 14 de diciembre de 2014).

Decreto Supremo n° 011-2014-IN, de 4 de diciembre de 2014, que tiene por objeto normar el funcionamiento del Sistema Nacional de Seguridad Ciudadana (SINASEC), con arreglo a las disposiciones de la Ley nº 27933, Ley del Sistema Nacional de Seguridad Ciudadana. (Modificado por el Decreto Supremo nº 010-2019-IN, Decreto Supremo que modifica el Reglamento de la Ley n° 27933, Ley del Sistema Nacional de Seguridad Ciudadana, aprobado por D.S. n° 011-2014-IN).

Decreto Legislativo nº 1316 de 30 de diciembre de 2016. Decreto Legislativo que modifica la Ley nº 29733, Ley del Sistema Nacional de Seguridad Ciudadana y regula la cooperación de la PNP con las Municipalidades para fortalecer el Sistema de Seguridad Ciudadana.

Decreto Legislativo nº 1353, de 6 de enero de 2017, que crea la autoridad nacional de Transparencia y Acceso a la Información Pública, fortalece el régimen de Protección de Datos Personales y la regulación de la gestión de intereses. (El Peruano, sábado 7 de enero de 2017). (Modificado por Decreto Legislativo nº 1416 de 12 de septiembre de 2018. Decreto Legislativo que fortalece el Tribunal de Transparencia y Acceso a la Información Pública).

Fe de erratas. Decreto Legislativo nº 1353 Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos Personales y la regulación de la gestión de intereses. (El Peruano, 12 de enero de 2017).

Decreto Supremo nº 019-2017-JUS, de 14 de septiembre de 2017, aprueba el Reglamento del Decreto Legislativo n° 1353, Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos  y la regulación de la gestión de intereses. (Modificado por Decreto Supremo nº 011-2018-JUS de 13 de noviembre de 2018. Decreto Supremo que aprueba el Reglamento del Decreto Legislativo n° 1326, Decreto Legislativo que reestructura el Sistema Administrativo de Defensa Jurídica del Estado y crea la Procuraduría General del Estado).

Directiva nº 1-2018-JUS/DGTAIPD. Lineamientos para el reporte de solicitudes de Acceso a la Información Pública a ser remitidos a la Dirección General de Transparencia, Acceso a la Información Pública y Protección de Datos Personales.

Resolución Directoral 002-2018-JUS/DGTAIPD de 18 de enero de 2018. Resolución Directoral que regula los lineamientos para el reporte de solicitudes  de acceso a la información pública.

Decreto Supremo n° 007-2018-JUS, de 15 de junio de 2018. Decreto Supremo que modifica el Reglamento del Decreto Legislativo n° 1353, Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos Personales y la regulación de la gestión de intereses, aprobado por el Decreto Supremo n° 019-2017-JUS.

Resolución Directoral nº 43-2018-JUS/DGTAIPD de 3 de julio de 2018. Resolución Directoral que aprueba modelo de cláusula informativa sobre las circunstancias y condiciones del tratamiento de datos personales requeridas por el artículo 18 de la Ley 29733 de Protección de Datos Personales.

Decreto Supremo nº 011-2018-JUS, de 13 de noviembre de 2018, que modifica el Reglamento del Decreto Legislativo n° 1353, Decreto Legislativo que crea la Autoridad Nacional de Transparencia y Acceso a la Información Pública, fortalece el Régimen de Protección de Datos Personales y la Regulación de la Gestión de Intereses, aprobado por el Decreto Supremo n° 019-2017-JUS.

RD 43-2018-JUS/DGTAIPD de 3 de julio de 2018. Resolución Directoral que aprueba modelo de cláusula informativa sobre las circunstancias y condiciones del tratamiento de datos personales requeridas por el artículo 18 de la Ley 29733 de Protección de Datos Personales

RD 69-2018-JUS/DGTAIPD de 17 de septiembre de 2018. Resolución Directoral que aprueba la Directiva sobre lineamientos para la clasificación de opiniones emitidas por la Dirección General de Transparencia, Acceso a la Información Pública y Protección de Datos Personales.

Resolución Directoral nº 85-2018-JUS/DGTAIPD, de 26 de noviembre de 2018. Resolución Directoral que aprueba la actualización de los formularios para el inicio de procedimientos ante la Dirección General de Transparencia, Acceso a la Información Pública y Protección de Datos Personales y sus unidades orgánicas.

Resolución Directoral nº 87-2018-JUS/DGTAIPD, de 21 de diciembre de 2018. Resolución Directoral que aprueban el Lineamiento para la elaboración del Informe anual sobre solicitudes de acceso a la información pública 2018, a ser presentado al Congreso de la República en el primer trimestre del año. 

Decreto Supremo nº 010-2019-IN, de 8 de mayo de 2019. Decreto Supremo que modifica el Reglamento de la Ley n° 27933, Ley del Sistema Nacional de Seguridad Ciudadana, aprobado por Decreto Supremo n° 011-2014-IN.

Directiva nº 01-2020-JUS/DGTAIPD. Tratamiento de datos personales mediante Sistemas de Vigilancia.

Resolución Directoral nº 002-2020-JUS/DGTAIPD de 10 de enero de 2020. Resolución Directoral que aprueba la Directiva para el Tratamiento de Datos Personales mediante Sistemas de Videovigilancia.

Decreto Supremo nº 070-2020-PCM, de 16 de abril de 2020, dictan medidas complementarias al Decreto Supremo n° 044-2020-PCM, Decreto Supremo que declara Estado de Emergencia Nacional por las graves circunstancias que afectan la vida de la Nación a consecuencia del brote del COVID-19.

Resolución Directoral nº 68-2020-JUS/DGTAIPD, de 11 de diciembre de 2020. Aprueban el Lineamiento para la elaboración del Informe anual sobre solicitudes de acceso a la información pública 2020, a ser presentado al Congreso de la República en el primer trimestre del año 2021. 

Resolución Directoral nº 69-2020-JUS/DGTAIPD, de 17 de diciembre de 2020. Se dispone la publicación del Proyecto de Lineamiento para la Implementación y Actualización del Portal de Transparencia Estándar en las entidades de la Administración Pública.

Resolución Ministerial nº 0326-2020-JUS, de 23 de diciembre de 2020, que aprueba Metodología para el Cálculo de las Multas en materia de Protección de Datos Personales,

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

SALUD

Ley nº 29.973 de 13 de diciembre de 2012. Ley General de la persona con discapacidad. (El Peruano, 24 de diciembre de 2012).

Ley nº 30.024 de 30 abril de 2013, que crea el Registro Nacional de Historias Clínicas Electrónicas.

Decreto Supremo nº 002-2014-MIMP de 7 de abril de 2014. Reglamento de la Ley nº 29.973, Ley General de la persona con discapacidad.

SEGURIDAD DE LA INFORMACIÓN

Resolución Ministerial nº 0391-2009/AG, aprueban e institucionalizan el documento “Política de Seguridad de la Información” del Ministerio (El Peruano, 22 mayo 2009).

Resolución Jefatural nº 347-2001/INEI, aprueba Directiva “Normas y Procedimientos Técnicos para garantizar la Seguridad de la Información publicadas por las entidades de la Administración Pública”

Resolución Ministerial nº 224-2004/PCM, aprueba uso obligatorio de la Norma Técnica Peruana “NTP-ISO/IEC 17799:2004 EDI. Tecnología de la Información. Código de buenas prácticas para la gestión de la seguridad de la Información. 1ª Edición” en las Entidades integrantes del Sistema Nacional de Informática.

Resolución Ministerial nº 310-2004/PCM, autoriza ejecución de la “Primera encuesta de la Seguridad de la Información del Ministerio de Salud”.

Resolución Ministerial nº 575-2006/MINSA, Directiva Administrativa de Gestión de la Seguridad de la Información del Ministerio de Salud.

Resolución Ministerial nº 216-2006/MINCETUR-DM, Lineamientos Generales de Política de Seguridad de la Información del MINCETUR.

Circular nº G-140-2009, de 2 de abril de 2009. Gestión de la seguridad de la información.

Resolución Ministerial n° 144-2017-PCM, de 26 de mayo de 2017. Se designa al señor Fernando Francisco Veliz Fazzio, en el cargo de Subsecretario de Transformación Digital de la Secretaría de Gobierno Digital de la Presidencia del Consejo de Ministros

Resolución Ministerial nº 187-2010/PCM de 15 de junio 2010, autorizan ejecución de la “Encuesta de Seguridad de la Información en la Administración Pública – 2010”.

Resolución Ministerial nº 166-2017-PCM, de 20 de junio de 2017. Se modifica el artículo 5 de la Resolución Ministerial nº 004-2016-PCM.

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

Resolución Ministerial n° 087-2019-PCM, de 19 de marzo de 2019. Se modifican los artículos 1 y 2 de la Resolución Ministerial n°119-2018-PCM, sobre Gobierno Digital. 

Decreto de Urgencia nº 007-2020 de 8 de enero de 2020, que aprueba el marco de confianza digital y que dispone de medidas para su fortalecimiento. 

Resolución SBS nº 504-2021, de 19 de febrero de 2021, que aprueba el Reglamento para la Gestión de la Seguridad de la Información y la Ciberseguridad, modifican el Reglamento de Auditoría Interna, el Reglamento de Auditoría Externa, el TUPA de la SBS, el Reglamento de Gobierno Corporativo y de la Gestión Integral de Riesgos, el Reglamento de Riesgo Operacional, el Reglamento de Tarjetas de Crédito y Débito y el Reglamento de Operaciones con Dinero Electrónico. (El Peruano, martes 23 de febrero de 2021).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

SOCIEDAD DE LA INFORMACIÓN

Resolución Suprema nº 004-2003/MTC, Aprueban Convenio a suscribirse con el PNUD para ejecutar proyecto “Desarrollo de la Sociedad de la Información”

Resolución Ministerial nº 181-2003/PCM, Crean Comisión Multisectorial para el desarrollo de la Sociedad de la Información (CODESI).

Resolución Suprema nº 014-2003/MTC, Addenda al Convenio con el PNUD para administración del proyecto PER/03/005 “Desarrollo de la Sociedad de la Información en el País”

Ley nº 28.303 de 23 de julio de 2004, Ley Marco de Ciencia, Tecnología e Innovación Tecnológica.

Resolución Ministerial nº 235-2004/PCM, Publicación en la web de PCM y CODESI, informes relacionados al desarrollo de la Sociedad de la Información en el Perú.

Resolución Ministerial nº 318-2005/PCM de 16 agosto 2005, constituye la Comisión Multisectorial para el seguimiento y evaluación del “Plan de Desarrollo de la Sociedad de la Información en el Perú -La Agenda Digital Peruana”.

Resolución Ministerial nº 381-2005/PCM, modifica R. M. nº 318-2005-PCM sobre la Comisión Multisectorial para seguimiento y evaluación del “Plan de Desarrollo de la Sociedad de la Información – La Agenda Digital Peruana” (El Peruano, 27 de octubre de 2005).

Resolución Ministerial nº 1371-2005/RE de 11 diciembre 2005, nombran representantes del Ministerio ante la Comisión Multisectorial de seguimiento y evaluación del Plan de Desarrollo de la Sociedad de la Información- La Agenda Digital Peruana.

Resolución Ministerial nº 1372-2005/RE de 7 diciembre 2005, designación delegación de participes en la reunión previa a la Cumbre y en la Segunda Fase de la Cumbre Mundial de la Sociedad de la Información realizada en Túnez.

Resolución Suprema nº 001-2006-MTC, de 20 de enero 2006, aprueban la Addenda nº 4 al Convenio Suscrito con el PNUD para la ejecución del proyecto “Desarrollo de la Sociedad de la Información en el País”.

Decreto Supremo nº 031-2006/PCM de 20 de junio de 2006, aprueba el Plan de Desarrollo de la Sociedad de la Información en el Perú. La Agenda Digital Peruana.

Resolución Ministerial nº 274-2006/PCM de 25 de julio 2006, que aprueba la Estrategia Nacional de Gobierno Electrónico.

Decreto Supremo nº 048-2008-PCM de 16 julio 2008, aprueba la reestructuración de la Comisión Multisectorial para el seguimiento y evaluación del “Plan de Desarrollo de la Sociedad de la Información en el Perú- La Agenda Digital Peruana”.

Resolución Ministerial nº 775-2009/MTC/01 de 11 noviembre 2009.- Aceptan transferencia en la modalidad de donación a favor del Ministerio, en el marco del Proyecto “Desarrollo de la Sociedad de la Información en el País”.

Resolución Ministerial nº 0473-2010/RE de 26 mayo 2010, oficializa el evento “Tercera reunión Ministerial sobre Sociedad de la Información -eLAC2010”.

Decreto Supremo N° 066-2011-PCM, de 27 de julio de 2011. Aprueban el “Plan de Desarrollo de la Sociedad de la Información en el Perú – La Agenda Digital Peruana 2.0”.

Política 35 del Acuerdo Nacional, sobre Sociedad de la Información y Sociedad del Conocimiento. 35. Sociedad de la información y sociedad del conocimiento, de 16 de agosto de 2017.

Decreto Supremo nº 033-2018-PCM, de 22 de marzo de 2018. Decreto Supremo que crea la Plataforma Digital Única del Estado Peruano y establecen disposiciones adicionales para el desarrollo del Gobierno Digital, para lo cual en el ejercicio de sus funciones articula acciones con las entidades de la Administración Pública, la sociedad civil, los ciudadanos la academia y el sector privado. (Modificado por la Disposición Complementaria Modificatoria Tercera del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

SOFTWARE

Ley nº 28.612 que norma el uso, adquisición y adecuación del software en la administración pública.

Decreto Supremo nº 024-2006/PCM, Reglamento de la Ley nº 28.612, Ley que norma el uso, adquisición y adecuación del software en la Administración Pública.

Decreto Supremo nº 051-2018-PCM, de 14 de mayo de 2018. Decreto Supremo que crea el Portal de Software Público Peruano. (Modificado por la Disposición Complementaria Modificatoria Cuarta del Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021).

Resolución de Secretaría de Gobierno Digital n° 001-2019-PCM/SEGDI, de 3 de abril de 2019. Resolución que aprueba la Directiva para compartir y usar Software Público Peruano. (El Peruano 17 de abril de 2019).

Directiva nº 001-2019-PCM/SEGDI. Directiva para compartir y usar Software Público Peruano. (Aprobada por Resolución de Secretaría de Gobierno Digital nº 001-2019-PCM/SEGDI).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

SOFTWARE LIBRE

Proyecto de Ley de Uso de Software Libre en la Administración Pública de 9 de abril de 2002.

Resolución Jefatural nº 199-2003/INEI, que aprueba la Directiva sobre “Normas Técnicas para la Administración de Software libre en los servicios informáticos de la Administración Pública”.

Resolución de Secretaría de Gobierno Digital n° 001-2019-PCM/SEGDI, de 3 de abril de 2019. Resolución que aprueba la Directiva para compartir y usar Software Público Peruano. (El Peruano 17 de abril de 2019).

Directiva nº 001-2019-PCM/SEGDI. Directiva para compartir y usar Software Público Peruano. (Aprobada por Resolución de Secretaría de Gobierno Digital nº 001-2019-PCM/SEGDI).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

TELECOMUNICACIONES

Decreto Legislativo nº 701 de 5 noviembre 1991, disponen la eliminación de las prácticas monopolísticas, controlistas y restrictivas de la Libre Competencia.

Decreto Legislativo nº 702 de 5 noviembre 1991, declara de necesidad pública el desarrollo de telecomunicaciones y aprueban normas que regulan la Promoción de Inversión Privada. (El Peruano, 8 noviembre 1991).

Decreto Supremo nº 013-93/TCC de 28 abril 1993. Texto Único Ordenado de la Ley de Telecomunicaciones.

Ley nº 26.285 de 14 enero 1994, Ley de desmonopolización progresiva de los Servicios Públicos de Telecomunicaciones.

Decreto Supremo nº 06-94/TCC de fecha 11 de febrero de 1994, aprueba el Reglamento General de la Ley de Telecomunicaciones. Reglamento General de la Ley de Telecomunicaciones que ha sido modificado mediante Decretos Supremos nºs. 015-97-MTC, 005-98-MTC, 022-98-MTC, 002-99-MTC, 003-99-MTC, 043-2000-MTC, 029-2001-MTC, 029-2002-MTC, 015-2003-MTC y 012-2004-MTC.

Decreto Supremo nº 62-94/PCM de 9 agosto 1994, Reglamento de OSIPTEL (Derogado por Decreto Supremo nº 008-2001/PCM).

Resolución Ministerial nº 622-99/MTC/15.17, de 27 de noviembre de 1996, aprueba procedimiento de inspección y requerimiento de información relacionados al secreto de las telecomunicaciones y protección de datos.

Decreto Supremo nº 005-98/MTC de 26 marzo 1998, modifica el Reglamento General de la Ley de Telecomunicaciones.

Decreto Supremo nº 020-98/MTC de 4 agosto 1998, aprueban los lineamientos de política de apertura del mercado de telecomunicaciones del Perú. (El Peruano, 5 agosto 1998).

Decreto Supremo nº 021-98/MTC de 5 agosto 1998, aprueba modificaciones contratos de concesión entre el Estado y Telefónica del Perú.

Decreto Supremo nº 022-98/MTC de 13 agosto 1998, modifica artículos del Reglamento General de la Ley de Telecomunicaciones.

Decreto Supremo nº 02-99/MTC de 21 enero 1999, Modifica el Reglamento de la Ley de Telecomunicaciones.

Decreto Supremo nº 03-99/MTC de 21 enero 1999, modifica artículos del Reglamento General de la Ley de Telecomunicaciones.

Ley nº 27.269 Ley de firmas y certificados digitales, del 8 de mayo de 2000. (Promulgada el 26 de mayo de 2000 y Publicada en el Diario Oficial El “Peruano” 28 de mayo de 2000). (Modificada por la Ley nº 27.310).

Ley nº 27.309 que incorpora el cibercrimen al Código Penal de 26 de junio de 2000  (Promulgada el 15 de julio de 2000 y Publicada en el Diario Oficial “El Peruano”17 de julio de 2000).

Ley nº 27.332 de 29 julio 2000, Ley Marco de los Organismos Reguladores de la Inversión Privada en los Servicios Públicos.

Ley nº 27.336 de 5 agosto 2000, Ley de desarrollo de las funciones y facultades del Organismos Supervisor de Inversión Privada en Telecomunicaciones.

Decreto Supremo nº 008-2001/PCM de 2 febrero 2001, aprueba el Reglamento General del  Organismo Supervisor de Inversión Privada en Telecomunicaciones (OSIPTEL).

Decreto Supremo nº 032-2001/PCM de 29 marzo 2001, precisa alcances de diversas disposiciones de la Ley Marco de los Organismos reguladores de la Inversión Privada en Servicios Públicos.

Ley nº 27.631 de 16 enero 2002, modifican Ley Marco de los Organismos Reguladores de la Inversión Privada en los Servicios Públicos.

Decreto Supremo nº 029-2002/MTC de 30 junio 2002, modifica el Reglamento General de la Ley de Telecomunicaciones.

Decreto Supremo nº 058-2002/PCM de 10 julio 2002, modifica el Reglamento General de OSIPTEL.

Resolución Suprema nº 022-2002/MTC de 31 agosto 2002, Plan Técnico Fundamental de Numeración.

Resolución Suprema nº 011-2003/MTC de 6 mayo 2003, Plan Técnico Fundamental de Señalización.

Resolución Ministerial nº 181-2003/PCM de 4 de junio de 2003, crea la Comisión Multisectorial para el Desarrollo de la Sociedad de la Información (CODESI).

Decreto Supremo nº 038-2003/MTC de 6 julio 2003, establece límites máximos permisibles de Radiaciones no Ionizantes en Telecomunicaciones.

Decreto Supremo nº 049-2003/MTC de 17 agosto 2003, lineamientos de Políticas para promover un mayor acceso a los servicios de telecomunicaciones en áreas rurales y lugares de referente interés social.

Decreto Supremo nº 062-2003/MTC de 27 noviembre 2003, precisan numeral 2.10.3 del Plan Técnico Fundamental de Numeración.

Ley nº 28.295 de 28 junio 2004, Ley que regula el acceso y uso compartido de infraestructura de uso público para la prestación de Servicios Públicos de Telecomunicaciones.

Decreto Supremo nº 027-2004/MTC de 9 de julio de 2004, que aprueba el Texto Único Ordenado del Reglamento General de la Ley de Telecomunicaciones. (El Peruano, 15 julio 2004).

Decreto Supremo nº 029-2004/MTC de 12 agosto 2004, modifica el Decreto Supremo nº 062-2003/MTC que reguló los servicios especiales con interoperabilidad. (El Peruano, 13 agosto 2004).

Ley nº 28.337 de 16 agosto 2004, Ley que modifica Ley Marco de los Organismos Reguladores de la Inversión Privada en los Servicios Públicos.

Decreto Supremo nº 040-2004/MTC, Modificación del Texto Único Ordenado del Reglamento General de la Ley de Telecomunicaciones.

Decreto Supremo nº 005-2005/MTC, de 11 de enero de 2005, Reglamento de la Ley de Radio y Televisión (Publicado en el Diario “El Peruano” el 15 de febrero de 2005).

Decreto Supremo nº 009-2005/MTC, de 18 de marzo de 2005, que aprueba el Reglamento de la Ley 28295 que regula el acceso y uso compartido de infraestructura de uso público para la prestación de servicios públicos de telecomunicaciones. (El Peruano, 21 de marzo de 2005).

Ley nº 28.493 de 18 de marzo de 2005, que regula el uso del correo electrónico comercial no solicitado (SPAM) (Promulgada el 11 de abril de 2005 y Publicada en el Diario Oficial “El Peruano” el 12 de abril de 2005).

Decreto Supremo nº 042-2005/PCM de 11 junio 2005, aprueban Reglamento de la Ley nº 27.332, Ley Marco de los Organismos Reguladores de la Inversión Privada en los Servicios Públicos, modificada por la Ley nº 28.337.

Resolución Suprema nº 032-2005/MTC de 19 octubre 2005, modifica el numeral 7 del Plan Técnico Fundamental de señalización (El Peruano, 20 octubre 2005).

Decreto Supremo nº 031-2005/MTC, Reglamento de la Ley 28.493 que regula el uso de correo electrónico comercial no solicitado (SPAM). (El Peruano, 4 enero 2006).

Decreto Supremo nº 001-2006/MTC de 21 enero 2006, aprueba Reglamento específico de homologación de equipos y aparatos de Telecomunicaciones.

Resolución Legislativa nº 28766 y Resolución Legislativa nº 29054, el Congreso de la República aprobó el Acuerdo de Promoción Comercial Perú – Estados Unidos y su Protocolo de Enmienda, respectivamente, suscrito el 12 de abril de 2006. (Capítulo catorce: Telecomunicaciones).

Ley nº 28.744 de 7 julio 2006, crea el registro nacional de terminales de telefonía celular, establece prohibiciones y sanciona penalmente a quienes alteren y comercialicen celulares de procedencia dudosa.

Ley nº 28.900 de 4 noviembre 2006, Ley que otorga al Fondo de Inversión en Telecomunicaciones -FITEL, la calidad de persona jurídica de derecho público, Adscrita al Sector Transportes y Comunicaciones.

Decreto Supremo nº 038-2006/MTC de 7 diciembre 2006, modifica el Decreto Supremo nº 038-2003/MTC.

Decreto Supremo nº 041-2006/MTC de 22 diciembre 2006, adecuan el Texto Único Ordenado del Reglamento General de la Ley de Telecomunicaciones a la Ley que establece la Concesión Única para la prestación de servicios públicos de telecomunicaciones.

Decreto Supremo nº 043-2006/MTC de 28 diciembre 2006, aprueban Reglamento del Canon por el uso del Espectro Radioeléctrico para Servicios Públicos Móviles.

Resolución Ministerial nº 049-2007/MTC/03 de 26 enero 2007, modifican el Anexo II del Reglamento del Canon por uso del espectro radioeléctrico para servicios públicos móviles de telecomunicaciones. (El Peruano, 27 de enero 2007).

Decreto Supremo nº 003-2007/MTC de 2 febrero 2007, incorpora Título I “Lineamientos para desarrollar y consolidar la competencia y la expansión de los Servicios de Telecomunicaciones en el Perú” al D. S. nº 020-98-MTC.

Decreto Supremo nº 010-2007/MTC de 1 de abril 2007, aprueba Reglamento de la Ley nº 28.900 que otorga al Fondo de Inversión en Telecomunicaciones -FITEL, la calidad de persona jurídica de derecho público. (El Peruano, 2 de abril 2007).

Ley nº 28.999 de 4 abril 2007, de portabilidad numérica en los Servicios Móviles.

Ley nº 29.022 de 18 de mayo de 2007. Ley para la expansión de la infraestructura en telecomunicaciones (El Peruano, 20 de mayo de 2007).

Resolución Ministerial nº 251-2007/MTC/03 de 31 mayo 2007, dictan disposiciones para facilitar la implementación posterior de la Segunda Etapa del Plan Técnico Fundamental de Numeración referente al servicio público móvil.

Decreto Supremo nº 020-2007/MTC de 4 julio 2007, Reglamento General de la Ley de Telecomunicaciones.

Decreto Supremo nº 023-2007/MTC de 8 julio 2007, aprueba el Reglamento de la Ley nº 28774, Ley que crea el Registro Nacional de Terminales de Telefonía Celular, establece prohibiciones y sanciones.

Decreto Supremo nº 039-2007/MTC, de 12 de noviembre de 2007, que aprueba el Reglamento de la Ley nº 29022. Ley para la Expansión de la Infraestructura en Telecomunicaciones.

Decreto Supremo nº 002-2009/MTC, que modifica el Reglamento General de la Ley de Telecomunicaciones. (El Peruano, 13 de enero de 2009).

Resolución Ministerial (Ministerio de Transporte y Comunicaciones) nº 111-2009/MTC/03, sobre inviolabilidad, secreto de las telecomunicaciones y protección de datos personales. (El Peruano, 7 de febrero de 2009).

Decreto Supremo nº 009-2009/MTC de 13 de febrero de 2009, que modifica el numeral 1 del artículo 258º del TUO del Reglamento General de la Ley de Telecomunicaciones (El Peruano, 14 de febrero de 2009).

Ley nº 29.432 de 9 de noviembre de 2009, que prorroga los alcances de la Cuarta Disposición Transitoria y Final de la Ley nº 29.022, Ley para la expansión de infraestructura en telecomunicaciones, para estimular la inversión privada en la ejecución de obras de infraestructura en Servicios Públicos de Telecomunicaciones.

Decreto Supremo nº 001-2010/MTC del 4 de enero de 2010, que modifica el Texto Único Ordenado del Reglamento General de la Ley de Telecomunicaciones. (El Peruano, 5 de enero de 2010).

Decreto Supremo nº 024-2010/MTC, aprueba el procedimiento para la subsanación de la información consignada en el Registro de Abonados Pre Pago.

Decreto Supremo nº 054-2010/PCM, modifica el Reglamento del Concurso Público para la designación de los miembros de los Consejos Directivos de los organismos reguladores de la inversión privada en los servicios públicos.

Resolución Ministerial  nº 317-2010/MTC/03, proyecto de Decreto Supremo que aprueba el “Marco Normativo General del Sistema de Comunicaciones en Emergencias”, modifica el Plan Técnico Fundamental de Numeración, aprobado por Resolución Suprema nº 022-2002/MTC, el Texto Único Ordenado del Reglamento General de la Ley de Telecomunicaciones, aprobado por Decreto Supremo nº 020-2007/MTC y el Reglamento de la Ley de Radio y Televisión, aprobado por Decreto Supremo nº 005-2005/MTC y deroga los Decretos Supremos nº 030-2007/MTC y nº 043-2007/MTC. (El Peruano, 10 de julio de 2010).

Decreto Supremo nº 031-2010/MTC de 26 julio 2010, modifica el TUO del Reglamento General de la Ley de Telecomunicaciones y aprueba el “Método para la evaluación del cumplimiento de las obligaciones de las empresas concesionarias de servicios públicos de telecomunicaciones. (El Peruano, 27 julio 2010).

Decreto Supremo nº 044-2009/RE, Tratado de Libre Comercio entre Canadá y la República del Perú, suscrito el 29 de mayo de 2008 (publicado en el Diario Oficial El Peruano el 31 de julio de 2009). (Capítulo diez: Telecomunicaciones).

Decreto Supremo nº 004-2011/PCM, modifica el artículo 103 del Reglamento General del OSIPTEL aprobado por Decreto Supremo 008-2001-PCM. (El Peruano, 15 enero 2011).

Resolución Ministerial nº 209-2011/MTC/03, Proyecto de Decreto Supremo que modifica el Artículo 28º del Texto Único Ordenado del Reglamento General de la Ley de Telecomunicaciones, aprobado por Decreto Supremo nº 020-2007/MTC  (El Peruano, 25 de marzo de 2011).

Decreto Supremo nº 015-2011/MTC, modifica el artículo 28º del Texto Único Ordenado del Reglamento General de la Ley de Telecomunicaciones, aprobado por Decreto Supremo nº 020-2007/MTC (El Peruano, 19 abril 2011).

Ley nº 29.733 de 2 julio 2011 de Protección de Datos Personales.

Ley nº 29.904 de 19 de Julio de 2012. Ley de promoción de la banda ancha y construcción de la red dorsal nacional de fibra óptica. (El Peruano, 20 de julio de 2012).

Decreto Supremo nº 019-2012/MTC de 29 de diciembre de 2012, que modifica el Texto Único Ordenando del Reglamento General de Telecomunicaciones, aprobado por Decreto Supremo nº 020-2007/MTC

Decreto Supremo nº 006-2013/MTC de 4 de abril de 2013, que modifica el TUO del Reglamento General de la Ley de Telecomunicaciones, el Marco Normativo General para la promoción del desarrollo de los servicios públicos de telecomunicaciones de áreas rurales y lugares de preferente interés social, y establecen disposiciones complementarias.

Ley nº 30228 de 25 de junio de 2014, que modifica la Ley 29022, Ley para la Expansión de Infraestructura en Telecomunicaciones.

Decreto Legislativo 1182 de 26 de julio de 2015, sobre Uso de datos derivados de telecomunicaciones para identificación, localización y geolocalización de equipos para luchar contra delincuencia y crimen organizado

RD 43-2018-JUS/DGTAIPD de 3 de julio de 2018. Resolución Directoral que aprueba modelo de cláusula informativa sobre las circunstancias y condiciones del tratamiento de datos personales requeridas por el artículo 18 de la Ley 29733 de Protección de Datos Personales.

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.

Ley nº 31.284 de 15 de julio de 2021, que modifica el Decreto Legislativo 1.182, Decreto Legislativo que regula el uso de los Datos derivados de las Telecomunicaciones para la identificación, localización y geolocalización de equipos de comunicación, en la lucha contra la delincuencia y el crimen organizado.

TELETRABAJO

Ley nº 30.036 de 4 de junio de 2013, Ley que regula el Teletrabajo.

Decreto de Urgencia nº 026-2020 de 15 de marzo de 2020. Decreto de Urgencia que establece medidas excepcionales y temporales para prevenir la propagación del coronavirus (COVID-19) en el territorio nacional. (El Peruano nº 15313 del domingo 15 de marzo de 2020). Título II. Trabajo Remoto. (Modificado por la Disposición Complementaria Modificatoria Única del Decreto de Urgencia nº 127-2020 de 31 de octubre de 2020).

Decreto de Urgencia nº 127-2020 de 31 de octubre de 2020. Decreto de Urgencia que establece el otorgamiento de subsidios para la recuperación del empleo formal en el sector privado y establece otras disposiciones. (El Peruano, domingo 1 de noviembre de 2020).

Ley nº 31.169 de 30 de marzo de 2021, que declara de interés nacional y necesidad pública la instalación de antenas de radio, televisión e Internet para facilitar a niñas, niños y adolescentes de zonas rurales el aprendizaje de lecciones a distancia “aprendo en casa”.

Ley nº 31284 de 15 de julio de 2021, que modifica el Decreto Legislativo 1182, Decreto Legislativo que regula el uso de los Datos derivados de las Telecomunicaciones para la identificación, localización y geolocalización de equipos de comunicación, en la lucha contra la delincuencia y el crimen organizado.

Ley nº 31.572 de 7 de septiembre de 2022, del Teletrabajo (El Peruano, 11 de septiembre de 2022).

USO DE LAS TECNOLOGÍAS DE LA INFORMACIÓN EN LA GESTIÓN DE ARCHIVOS Y DOCUMENTOS

Ley nº 25.323, de 10 de junio de 1991, que crea el Sistema Nacional de Archivos (El Peruano, 11 de junio de 1991).

Decreto Ley nº 25.661, comprenden a la Banca Estatal de Fomento, dentro de los alcances del Decreto Legislativo nº 681, en cuanto al uso de la tecnología de microformas, microduplicados, micrograbación y otros análogos.

Ley nº 26.612, modifica el Decreto Legislativo nº 681, mediante el cual se regula el uso de tecnologías avanzadas en materia de archivos de documentos e información.

Decreto Legislativo nº 681 de 11 de octubre de 1991, dicta normas que regulan el uso de tecnologías avanzadas en materia de archivo de documentos e información tanto respecto a la elaborada en forma convencional cuanto la producida por procedimientos informáticos en computadoras. Sobre los efectos legales de los documentos digitales obtenidos producto del microfilmado. (Publicado en el Diario Oficial “El Peruano” el 14 de octubre de 1991).

Circular nº B-1922-92/SBS, Circular referida a la sustitución de archivos, mediante microformas y plazos de conservación de libros y demás documentos.

Decreto Supremo nº 009-92/JUS del 26 de junio de 1992. Reglamento del Decreto Legislativo nº 681, sobre el uso de tecnologías de avanzada en materia de archivos de la empresas. Este reglamento fue modificado y actualizado por el Decreto Supremo nº 001-2000-JUS, del 24 de marzo de 2000. (El Peruano, 27 de junio de 1992).

Resolución Ministerial nº 10-93/JUS de 8 de enero de 1993. Texto Único del Código Procesal Civil. (Publicado en el Diario Oficial “El Peruano” el 23 de abril de 1993).

Resolución nº 090-93-EF/94.10.0 CONASEV, sobre el archivo de documentos (El Peruano, 23 de junio de 1993).

Resolución Jefatural nº 030-96 de 1 de mayo 1996, que crea el Archivo del Registro Único de Identificación y Estado Civil de las Personas Naturales, recogidos con medios de tipo magnético.

Ley nº 26.612 de10 de mayo de 1996, que modifica el D. Leg nº 681, mediante el cual se regula el uso de tecnologías avanzadas en materia de archivo de documentos e información. Adapta los microarchivos a la tecnología electrónica. (Promulgada el 17 de mayo de 1996 y Publicada en el Diario Oficial “El Peruano” el 21 de mayo de 1996).

Decreto Legislativo nº 827, de 31 de mayo de 1996, que amplia los alcances del Decreto Legislativo 681 autorizando a las instituciones del Estado para la utilización del sistema de microfilmado en sus documentos. (Promulgado el 31 de mayo de 1996 y Publicado en el Diario Oficial “El Peruano” el 5 de junio de 1996). Fe de Erratas del Decreto Legislativo nº 827.

Resolución nº 124-97/SUNARP de Superintendencia Nacional de los Registros Públicos , aprobar la sustitución del archivo Registral existente en la Oficina de Lima y Callao por un Sistema de Microarchivos.

Resolución nº 068-97/INDECOPI-CRT, de la Comisión de Reglamentos Técnicos y Comerciales, que aprueba normas técnicas sobre micrografía. (El Peruano, 1 de enero de 1998).

Resolución nº 070-97/INDECOPI-CRT de 23 de diciembre de 1997, de la Comisión de Reglamentos Técnicos y Comerciales, aprobó el reglamento para otorgar certificados de idoneidad técnica para los microarchivos. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Decreto Supremo nº 002-98/ITINCI de 18 de febrero de 1998, que aprobó las correspondientes normas técnicas, tanto para las organizaciones que operan microformas en micropelículas (microfilmación) como para las que emplean medios de archivos electrónicos; las que fueron incorporadas como obligatorias por el DS nº 002-98-ITINCI, de 18 de febrero de 1998. (El Peruano, 21 de febrero de 1998).

Resolución nº 0032-1998/INDECOPI-CRT, de la Comisión de Reglamentos Técnicos y Comerciales. Norma técnica en micrografía.(Diario Oficial “El Peruano” el 5 de agosto de 1998. (INDECOPI. Instituto Nacional de Defensa de la Competencia y de la Protección a la Propiedad Intelectual).

Resolución Administrativo del Titular del Pliego del Ministerio Público nº 112-99/SE-TP-CEMP (“El Peruano” 25 junio 1999). La Comisión Ejecutiva del Ministerio Público aprobó la conformación de un Comité de trabajo encargado de la elaboración de las propuestas para el tratamiento de imágenes y documentos de los archivos principales del Ministerio Público utilizando tecnologías de microfilmación, digitalización y otras.

Decreto Supremo nº 001-2000/JUS del 24 de marzo de 2000, que aprueba el Reglamento sobre la aplicación de normas que regulan el uso de tecnologías avanzadas en materia de archivo de documentos e información a entidades públicas y privadas. El D. Leg. nº 681 fue reglamentado mediante el D.S. nº 009-92-JUS del 26 de junio de 1992. Este reglamento fue modificado y actualizado por el D.S. nº 001-2000-JUS, del 24 de marzo de 2000. (El Peruano, 26 de marzo de 2000).

Ley nº 27.323, del 15 de junio de 2000, que modifica el Decreto Ley nº 26.126. Ley Orgánica de CONASEV, el Decreto Legislativo nº 604. Ley de Organización y funciones del Instituto Nacional de Estadística e informática, el Decreto Legislativo nº 681. Normas que regulan el uso de Tecnologías avanzadas en materia de archivo y documentos y el Decreto Legislativo nº 861. Ley del Mercado de Valores. (Promulgada el 13 de julio de 2000 y Publicada en el Diario Oficial “El Peruano” el 23 de julio de 2000).

Ley nº 27.697, de 10 de abril de 2002, que otorga facultad al Fiscal para la intervención y control de comunicaciones y documentos privados en caso excepcional. (Promulgada el 11 de abril de 2002 y Publicada en el Diario Oficial “El Peruano” el 12 de abril de 2002).

Resolución de Superintendencia de Aduanas nº 0005l6, sobre procesos de micrograbación de documentos aduaneros (El Peruano, 11 de junio de 2002).

Ley nº 28.186, de 12 de febrero de 2004, que establece los alcances del Decreto Legislativo nº 681 mediante el cual se regula el uso de Tecnologías avanzadas en materia de archivo de documentos e información. (Promulgada el 4 de marzo de 2004 y Publicada en el Diario Oficial “El Peruano” el 5 de marzo de 2004).

Proyecto 4.2.5 Aplicación de tecnologías de microfilmación, digitación, digitalización y otras para el tratamiento de imágenes y documentos de los archivos de la Comisión Ejecutiva, Secretaría Ejecutiva y Archivo Central del Plan de Consolidación del Proceso de Reorganización y Modernización del Ministerio Público, con el propósito de mejorar los niveles de acceso a la Justicia.

Resolución SBS nº 5860 de 12 de junio de 2009, que crea el Registro de Empresas especializadas en servicios de Microarchivos (REMA), modifican el TUPA de la SBS y el Reglamento de Sanciones y dictan otras disposiciones para conservación o sustitución de archivos.

Decreto Supremo nº 004-2019-JUS, de 22 de enero de 2019. Decreto Supremo que aprueba el Texto Único Ordenado de la Ley nº 27444 – Ley del Procedimiento Administrativo General (El Peruano, 25 de enero de 2019).

VARIOS

Ley nº 24.789 de Centrales de Datos Financieros, de 18 de diciembre de 1987. (Promulgada el 28 de diciembre de 1987 y Publicada en el Diario Oficial “El Peruano” el 30 de diciembre de 1987).

Decreto Ley nº 26.116 de 24 de diciembre de 1992, Ley de Reestructuración Empresarial, que modifica el Decreto Ley nº 25.868 de 6 de noviembre de 1992. (Promulgado el 28 de diciembre de 1992 y Publicado en el Diario Oficial “El Peruano” el 30 de diciembre de 1992).

Resolución Legislativa nº 26.407 de 16 diciembre 1994, aprueba acuerdo por el que se establece la Organización Mundial del Comercio y los Acuerdos Comerciales multilaterales contenidos en el Acta Final de la Ronda de Uruguay.

Resolución Jefatural nº 025-98/IDENTIDAD (“El Peruano” 24 marzo de 1998) relativo a la emisión del DNI.

Resolución Suprema nº 292-2004/RE por la que se crea la Comisión multisectorial para proponer normativa para el cctld.pe.

Resolución Administrativa nº 356-2009/CE-PJ de 26 octubre de 2009,  Disponer que las Salas y Juzgados Especializados en materia Contencioso Administrativa requieran a las partes consignar obligatoriamente en sus escritos de demanda y/o contestación…

Ordenanza nº 255-MDL (Municipalidad Distrital Lince) de 30 octubre 2009, aprueban la implementación del Sistema Administrativo Informático de Identificación Biométrica para el Registro de Incidencias e Infracciones Ciudadanas en el distrito de Lince.

Resolución de Superintendencia nº 034-2010/SUNAT de 29 enero 2010, establece plazos para el uso de Sistemas Informáticos y para la presentación del formulario nº 845.

Resolución de Superintendencia nº 182-2010/SUNAT de 4 junio 2010, normas para la emisión por medios electrónicos de comprobantes de pago para la prestación de servicios aeroportuarios a favor de los pasajeros.

Resolución de Superintendencia nº 196-2010/SUNAT, modifica la Resolución de Superintendencia nº 286-2009/SUNAT que dictó disposiciones para la implementación del llevado de determinados libros y registros vinculados a asuntos tributarios de manera electrónica, a fin de facilitar el acceso a dicho sistema.

Resolución Administrativa nº 256-2010/CE-PJ, amplían alcances de la Resolución Administrativa nº 356-2009-CE-PJ mediante la cual se dispuso requerir la consignación de la casilla electrónica en escritos de demanda y contestación ante órganos competentes para conocer procesos contenciosos administrativos (El Peruano, 15 julio 2010).

Ordenanza Regional nº 157-GOB.HVCA/CR del 8 junio 2010, aprueba la creación del Consejo Regional de Ciencia y Tecnología e innovación tecnológica de Huancavelica (CORCYTECH-HVCA) (El Peruano 22 octubre 2010).

Resolución de Superintendencia nº 276-2010/SUNAT de 15 octubre 2010, modifica la Resolución de Superintendencia nº 149-2009/SUNAT que dictó normas para la implementación del Sistema de Embargo por medios telemáticos ante grandes compradores.

Resolución de Superintendencia nº 292-2010/SUNAT de 29 octubre 2010, modifica la R.S. nº 182-2010/SUNAT que aprueba normas para la emisión por medios electrónicos de los comprobantes de pago por la prestación de servicios aeroportuarios de pasajeros.

Resolución de Superintendencia nº 329-2010/SUNAT de 22 diciembre 2010, modifican la RS nº 286-2009/SUNAT que dicto disposiciones para la implementación del llevado de determinados libros y registros vinculados a asuntos tributarios de manera electrónica, a fin de facilitar el llevado de dichos libros y/o registros.

Ordenanza nº 007-2010, por la que se constituye el Consejo Regional de Ciencia, Tecnología e Innovación de la Región de Puno-CORCYTEC (B.O.P. 3 febrero 2011).

Resolución nº 073-2011/SUNAT, modifica la Resolución nº 188-2010/SUNAT en cuanto a las condiciones para la emisión de notas de crédito y de débito electrónicas (El Peruano, 24 marzo 2011).

Resolución nº 106-2011/SUNAT, incorpora nuevos contribuyentes al uso del sistema de medios telemáticos ante grandes compradores, en dos grupos, el primer grupo indicado en el Anexo I a partir del 1 de mayo de 2011 y el segundo grupo indicado en el Anexo 2 a partir del 1 de junio de 2011. (El Peruano, 22 abril 2011).

VIGILANCIA ELECTRÓNICA PERSONAL

Decreto Supremo nº 013-2010/JUS, de 14 de agosto de 2010, que aprueban reglamento para la implementación de la vigilancia electrónica personal establecida mediante la Ley 29.499.

Resolución Suprema nº 108-2010/EF de 5 octubre de 2010, ratifican acuerdo de PROINVERSIÓN que incorpora al proceso de promoción de la inversión privada el servicio de Vigilancia Electrónica Personal establecido por la Ley nº 29.499. (El Peruano, 6 de octubre 2010).

Resolución Suprema nº 118-2010/EF de 4 noviembre 2010, ratifican acuerdo de PROINVERSIÓN que aprueban la modalidad y el plan de promoción de la inversión privada del proyecto servicio de Vigilancia Electrónica Personal bajo el marco del Decreto Legislativo nº 674. (El Peruano, 5 noviembre 2010).

Ley nº 29.499 de 18 de enero de 2010, que establece la vigilancia electrónica personal e incorpora el artículo 29 A y modifica el artículo 52 del Código Penal, Decreto Legislativo nº 635; Modifica los artículos 135 y 143 del Código Procesal Penal, Decreto Legislativo nº 638, y los artículos 50, 52, 55 y 56 del Código de Ejecución Penal, Decreto Legislativo, nº 654. (El Peruano, 19 de enero de 2010).

Ley nº 30.120 de 4 de diciembre de 2013, de apoyo a la Seguridad ciudadana con cámaras de videovigilancia públicas y privadas.

Decreto Legislativo nº 1218 de 23 de septiembre de 2015. Regula el uso de las cámaras de videovigilancia. (El Peruano, 24 de septiembre de 2015)

Resolución Directoral nº 002-2020-JUS/DGTAIPD de 10 de enero de 2020. Resolución Directoral que aprueba la Directiva para el Tratamiento de Datos Personales mediante Sistemas de Videovigilancia.

Directiva nº 01-2020-JUS/DGTAIPD. Tratamiento de datos personales mediante Sistemas de Vigilancia.

RD 002-2020-JUS/DGTAIPD de 14 de febrero de 2020. Resolución Directoral que aprueba la Directiva sobre Directiva para el Tratamiento de Datos Personales mediante Sistemas de Videovigilancia.

Decreto Supremo n° 007-2020-IN de 23 de abril de 2020, que aprueba Reglamento del DL 1218 de la Ley 30120 Ley de apoyo a seguridad ciudadana con cámaras de videovigilancia públicas y privadas.

VOTO ELECTRÓNICO

Ley nº 29.603 de 20 octubre 2010, autoriza a la Oficina Nacional de Procesos Electorales (ONPE) a emitir las normas reglamentarias para la implementación gradual y progresiva del voto electrónico.

Resolución Jefatural nº 083-2011/J/ONPE de 19 abril 2011, que aprueba el “Procedimiento para el sorteo de miembros de mesa de voto electrónico para la Segunda Elección Presidencial 2011 (Diario El Peruano del 19 abril 2011) pags. 441325-441326.

Resolución Jefatural nº 089-2011/J/ONPE de 29 abril 2011, que aprueban modelos definitivos de cédulas de sufragio y de votación electrónica para las Elecciones Municipales Complementarias 2011 (El Peruano, 1 de mayo 2011).

Ley nº 28.581 que establece normas que regirán para las elecciones generales del año 2006 (Regula la implementación del voto electrónico) (El Peruano, 20 de julio de 2005).

Resolución Jefatural nº 211-2010/J/ONPE de 17 diciembre 2010, por el que se reglamenta el voto electrónico (El Peruano, 19 diciembre 2010).

Resolución Jefatural nº 016-2011/J/ONPE de 17 diciembre 2010, que aprueba los modelos definitivos de cédulas de sufragio y de votación electrónica para le Elección del Presidente de la República y Vicepresidentes, Congresistas de la República y Representantes Peruanos ante el Parlamento Andino 2011 y para la Segunda Elección del Presidente de la República y Vicepresidentes (El Peruano 22 enero 2011).

Resolución Jefatural nº 060-2011/J/ONPE de 7 de marzo de 2011, que aprueba la Reprogramación del “Plan de Aplicación del Voto Electrónico Presencial: Distrito de Pacarán – ODPE Cañete”, a que se refiere la Resolución Jefatural nº 033-2011-J/ONPE, cuyo texto en anexo forma parte integrante de la presente resolución.

Resolución Jefatural nº 082-2011/J/ONPE de 12 abril 2011, que aprueba el diseño de cédula de votación electrónica para las Elecciones Municipales Complementarios 2011 (Diario El Peruano, 13 abril 2011, pags. 440902-440906).

Resolución Jefatural nº 089-2011/J/ONPE de 29 abril 2011, que aprueban modelos definitivos de cédulas de sufragio y de votación electrónica para las Elecciones Municipales Complementarias 2011 (El Peruano, 1 de mayo 2011).

Decreto Supremo nº 029-2021-PCM, de 18 de febrero de 2021, que aprueba el Reglamento del Decreto Legislativo nº 1412. Decreto Legislativo que aprueba la Ley de Gobierno Digital, y establece disposiciones sobre las condiciones, requisitos y uso de las tecnologías y medios electrónicos en el procedimiento administrativo.