Article 96 of the Latvian Constitution established a fundamental human right to privacy: Everyone has the right to inviolability of their private life, home and correspondence."[1737] Article 17 of the Constitutional Law on Rights and Obligations of a Citizen and a Person states: "(1) The State guarantees the confidentiality of correspondence, telephone conversations, telegraph and other communications. (2) These rights may be restricted by a judge's order for the investigation of serious crimes."[1738]
The Law on Personal Data Protection was adopted by the Parliament on March 23, 2000, and came into force in January 2001. The law is based on standard fair information practices and is fully compliant with the EU Data Protection Directive. Data processing systems in the areas of "public safety, combating of crime or national security and defence" or those maintained "by institutions specially authorized by law" are exempt from this registration procedure. A further exemption from the Act is provided for "official secret matters" regulated by the Law on Official Secrets. Under the Act all pre-existing databases (whether controlled by state and local government or private sector institutions) had to be registered with the Inspectorate by March 2003. The latest amendment created a registration fee.[1739] After this deadline, unregistered systems were to cease operations. As of July 2003, 4,734 data controllers submitted documents for the registration of their personal data processing systems. Of those, 1,000 are local government institutions, 400 state institutions, 3,300 private sector companies, 8 religious organizations and 26 non-governmental organizations. Altogether, there have been 10,610 registration applications for personal data processing systems submitted and 9,886 of those have been registered.[1740]
The Act established a State Data Inspectorate within the Ministry of Justice. The Inspectorate, which has a staff of 23, is charged with making decisions and reviewing complaints, making formal recommendations, issuing permission for the transfer of information abroad, and maintaining and inspecting the national register of data processing systems. As of March 15, 2003 the Data State Inspection is authorized to impose administrative penalties for violation of personal data processing, as authorized in the amendments to the Code of Administrative Violations in force since April, 2003.[1741]
Within the last year the State Data Inspectorate received 83 complaints and has initiated three verifications itself. Seventy-four cases were within the competence of the Data State Inspection; 15 complaints were not related to data protection and have been forwarded to competent institutions Fifty-two percent of the complaints dealt with personal data processing without a legal basis; 5 percent dealt with the subject of proportionality of processed data; 5 percent dealt with the subject of secure and fair data processing; 7 percent dealt with violation of data subject rights to receive information; 14 percent dealt with data quality; and 17 percent were not within the competence of Data State Inspection. During 2003, Data State Inspection initiated several verifications of State Medicine registers to ensure compliance of sensitive personal data processing with the requirements of the Personal Data Protection Law.[1742]
Training on personal data protection is provided for lawyers, information technology specialists and inspectors.[1743] Citizens can contact the Data State Inspection by telephone or e-mail, or they can leave a message on an answering machine.[1744]
Amendments to the Personal Data Protection Law to ensure full implementation of EU Data Protection Directive and its requirements regarding the degree of independence of the State Data Inspectorate were adopted by the Parliament in May 2002. The amendments stipulate that personal data protection should also apply to the police sector and authorize the Inspectorate to impose administrative penalties for violations of personal data processing.[1745] The European Commission approved Latvia's proposal for financing under the 2002 PHARE program to strengthen data protection. PHARE is a program financed by the European Communities that is designed to assist the applicant countries of central Europe in their preparations for joining the EU.[1746]
The Inspectorate maintains close relations with the data protection authorities in other central and eastern European countries. In December 2001, the data protection commissioners from the Czech Republic, Hungary, Lithuania, Slovakia, Estonia, Latvia and Poland signed a joint declaration agreeing to closer cooperation and assistance. The commissioners have been meeting twice a year. The fourth meeting took place at the end of April 2003 in Budapest.[1747]
The Latvian Parliament passed the final reading of a draft law on the introduction of compulsory identity cards for all residents on May 22, 2002. The law requires all citizens and non-citizens of Latvia over the age of fourteen to be issued machine-readable ID cards bearing the owner's place of residence. The law took effect in July 2002, but the ID cards will not be compulsory for citizens until 2005, and for foreigners until 2004.[1748]
The Latvian Constitutional Court ruled in December 2001 that although government language regulations requiring surnames to be "Latvianized" in official documents, such as passports, implicated the constitutional right to privacy, the restriction on privacy was constitutional because it protected "the rights of other inhabitants of Latvia to use the Latvian language on all of Latvia's territory and to protect the democratic order." The plaintiff, a woman who filed the suit after the surname she acquired through marriage to a German citizen was "Latvianized" on her passport from Mentzen to Mencena, lodged an application before the European Court of Human Rights shortly after the Latvian court's decision.[1749] The woman's complaint was the first case to be brought before the constitutional court by a private individual since the law was amended on July 1, 2001, to broaden the class of those entitled to file a claim.[1750] After the ruling of the Constitutional Court, the Cabinet of Ministers adopted new regulations that allowed the original form of the name to appear on page four of the passport.[1751]
The Grand Chamber of the ECtHR has also accepted several cases against Latvia for breach of privacy.[1752] These cases have been filed by families of former Soviet military personnel, who were denied Latvian residency. The cases include Tatjana Slivenko and Others v. Latvia, filed by a wife and a daughter of a former member of the Russian military. The family was denied residency on the basis of the 1994 agreement with Russia on troop withdrawal. At the end of 2002, the case was still pending. Another case, Sisojeva v. Latvia, was partially admitted for review., In this case, permanent residency in Latvia was canceled after the family also registered as residents of Russia. The case of Ludmila Mitina-, concerning residency, was also accepted for review.[1753]
In the spring of 2002, Latvia was involved in a controversy surrounding an unsuccessful attempt by the State Language Center to widen its authority to regulate the use of the Latvian language. The suggested amendments to Cabinet Regulations No. 296 of August 2000 on the State Language Proficiency Level Necessary to Perform Job and Professional Duties and on Examination Procedure of Language Proficiency would have extended the language requirements to salespeople at outdoor stands, shops, kiosks and markets, sports coaches and referees, accountants, bartenders, waiters, hairdressers and cosmetologists. These suggested amendments were quashed by the Ministry of Foreign Affairs before they reached the Parliament for review.[1754]
The Electronic Document Law, adopted in the first reading by the Parliament in October 2001 to implement EU Directive on a Community framework for electronic signatures (1999/93/EC),[1755] was expected to come into force in July 2002. The law defines the legal status of an electronic document and a digital signature. The regulation implementing the EU E-Commerce Directive (2000/31/EC)[1756] is being elaborated and will be adopted by October 2002. Latvia also adopted a regulation in April 2002 on the archiving of documented data and electronic documents stored in information systems in accordance with EU Recommendation 2000/13. In addition, the State Information Systems Law was adopted in May 2002 to provide a legal framework for the operation of the state information systems and cooperation of involved units.[1757]
In January 2002 Sweden and Latvia signed a joint agreement on cooperation in areas relating to justice and interior affairs. The agreement will stay in place until December 2003 and will involve cooperation on several issues including judicial training, information sharing and data protection, crime prevention and probation services.[1758]
Under the Penal Code, it is unlawful to interfere with correspondence.[1759] Wiretapping or interception of postal communications requires the permission of a court.[1760] In April 2001 the Parliament passed legislative amendments requiring mobile telephone operators to install wiretapping facilities, at their own cost, for operations of the top national security agency, the Bureau for the Protection of the Constitution.[1761] On November 16, 1995, it was reported that telephones in the Latvian Defense Ministry were tapped. The Latvian Defense Ministry responded by stating Latvia's "military counterintelligence service reserves the right to ensure the security of communications at the Ministry of Defense and structures of the national armed forces."[1762] In April 1994, a bugging device was found on the switchboard of the Dienas Bizness newspaper.[1763] The United States State Department report on Human Rights Practices, released by the Bureau of Democracy, Human Rights, and Labor for the year 2001, found no credible reports of illegal surveillance by the Latvian government.[1764]
Latvia joined the Council of Europe in 1995 and held the six-month rotating presidency from November 2000 to May 2001. It has signed and ratified both the European Convention for the Protection of Human Rights and Fundamental Freedoms[1765]and the CoE Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).[1766]