The Portuguese Constitution has extensive provisions on protecting privacy, secrecy of communications and data protection.[2140] Article 26 states, "(1) Everyone's right to his or her personal identity, civil capacity, citizenship, good name and reputation, image, the right to speak out, and the right to the protection of the intimacy of his or her private and family life is recognized. (2) The law establishes effective safeguards against the abusive use, or any use that is contrary to human dignity, of information concerning persons and families. (3) A person may be deprived of citizenship or subjected to restrictions on his or her civil capacity only in cases and under conditions laid down by law, and never on political grounds." Article 34 states "(1) The individual's home and the privacy of his correspondence and other means of private communication are inviolable. (2) A citizen's home may not be entered against his will, except by order of the competent judicial authority and in the cases and according to the forms laid down by law. (3) No one may enter the home of any person at night without his or her consent. (4) Any interference by public authority with correspondence or telecommunications, apart from the cases laid down by law in connection with criminal procedure, are prohibited."
In 1997, Article 35 of the Constitution was amended to give citizens a right to data protection. The new Article 35 states, "1. All citizens have the right of access to any computerized data relating to them and the right to be informed of the use for which the data is intended, under the law; they are entitled to require that the contents of the files and records be corrected and brought up to date. 2. The law shall determine what is personal data as well as the conditions applicable to automatic processing, connection, transmission and use thereof, and shall guarantee its protection by means of an independent administrative body. 3. Computerized storage shall not be used for information concerning a person's ideological or political convictions, party or trade union affiliations, religious beliefs, private life or ethnic origin. Such storage is only allowed when there is express consent from the data subject, authorization is provided for under the law with guarantees of non-discrimination, or as long as it is not possible to identify individuals in the case of data processing done for statistical purposes. 4. Access to personal data of third parties is prohibited, aside from exceptional cases as prescribed by law. 5. Citizens shall not be given an all-purpose national identity number. 6. Everyone shall be guaranteed free access to public information networks and the law shall define the regulations applicable to the transnational data flows and the adequate norms of protection for personal data and for data that should be safeguarded in the national interest. 7. Personal data kept on manual files shall benefit from protection identical to that provided for in the above articles, in accordance with the law."
The 1998 Act on the Protection of Personal Data adopts the EU Data Protection Directive requirements into Portuguese law.[2141] It limits the collection, use and dissemination of personal information in manual or electronic form. It also applies to video surveillance or "other forms of capture, processing and dissemination of sound and images." It replaces the 1991 Act on the Protection of Personal Data with Regard to Automatic Processing.[2142]
The Act is enforced by the National Data Protection Commission (Comissão Nacional de Protecção de Dados, or CNPD).[2143] The Commission is an independent agency that is directly responsible to the Parliament. Its functions are to register existing databases with private data, authorize and control such databases, issue directives, and oversee the Schengen Information System (SIS). The number of investigations conducted has risen steadily from 5 in 1994 to 42 in 1997, 78 in 1998 and 151 in 2000. The number of referrals for criminal prosecution to the Public Prosecution Service, has remained roughly static at around 20 per year in recent years. The Commission authorized 483 databases in 2000, for a total of 3,161 approvals between 1994 and 2000. The Commission also handled 133 inspections in 2000, mostly relating to financial services.[2144] It issued opinions on obtaining subscriber information from telecommunications providers, access to marketing databases by the Criminal Investigation Police, denied access by the Information and Security Service to the information system of the Aliens and Frontiers Department, and approved transborder dataflows to the United States when the transferee company promised to protect the personal data collected pursuant to European data protection legal standards. In June 1997, the Supreme Administrative Tribunal upheld the Commission's decision in a case against a shoe company that used smart cards to control employees' bathroom visits. In 2003, the CNPD published "Guidelines on Privacy in the Workplace"[2145] These guidelines establish that information and contents of phone calls, e-mails and Internet access for private use of a worker is protected as private data and must be respected as such by the employer.
The Penal Code has provisions against unlawful surveillance and interference with privacy.[2146] Evidence obtained by any violation of privacy, the home, correspondence or telecommunications without the consent of the interested party is null and void.[2147] An inquiry was opened in October 1994 on illegal surveillance of politicians after microphones were discovered in the offices of a state prosecutor and several ministers.[2148] The Portuguese government ordered cellular telephone companies to assist with surveillance in October 1996.[2149] Law No. 69/98[2150] implements the EU Telecommunications Privacy Directive (97/66/EC).
There are also specific laws on the SIS,[2151] computer crime,[2152] and counseling centers.[2153]
Law No. 65/93 of August 26, 1993 (Regula o Acesso aos Documentos da Administrção) (Law on the Regulation of, and Access to, Administrative Documents) provides for access to government records in any form by any person.[2154] Documents can be withheld for "internal or external security," secrecy of justice, and personal privacy. The access to government documents is overseen by the Commission for Access to Administrative Documents (CADA), an independent parliamentary agency. The CADA can examine complaints, provide opinions on access, and decide on classification of systems. CADA issued 177 opinions in 1998, 231 in 1999, 333 in 2000 and 260 in 2001.
Portugal is a member of the Council of Europe has signed and ratified the CoE Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) (Convention No. 108").[2155] In November 2001, it signed the CoE Convention on Cybercrime (ETS No. 185).[2156] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[2157] It is a member of the Organization for Economic Cooperation and Development ("OECD") and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.