Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

II. Surveillance policies

National security, government surveillance and law enforcement

Wiretapping, access to, and interception of communications

Violating the confidentiality of correspondence, information in the form of transmissions over a telecommunications networks and other information is subject to criminal punishment.1 On 28 October 2004, the Law on Electronic Communications was adopted,2 replacing the Law on Telecommunications. It incorporates the provisions of the EU Directive on Privacy and Electronic Communications (2002/58/EC), and has a chapter regulating data protection in the electronic communications sector. Section 68 of the Law on Electronic Communications states that service providers are prohibited from disclosing information about users or subscribers and the electronic communications services or value-added services they receive. Under the Law only officials of bodies performing investigative operations in specific cases have the right to the interception or surveillance of communications. The Law on Electronic Communications regulates the processing of traffic and location data.3

The Criminal Procedure Law, which replaced the Soviet Time Criminal Procedure Code of 1961, was adopted in April 2005 and has been amended several times.4 Among other things, the Law covers the role and process of acquiring electronic evidence. Under this regulation, investigative officers have the power to oblige information system managers to ensure that data necessary for the purposes of investigation is immediately preserved unchanged and will not be revealed to any third persons whatsoever. But the officer can only require a manager to reveal the stored data after receiving permission from the supervising authority (depending on the procedural status and the stage of the process the supervising authority may be a higher prosecutor or a judge).5 New rules cover investigations conducted without the individual's consent or knowledge, such as wiretapping, control of data stored in an electronic storage system, control of transferred data, or video and audio control of a certain place or person. A person may be tracked only with judicial permission. The law outlines detailed guidelines for the implementation of discretionary powers of responsible officers and the court.

Section 143 of the Criminal Law prescribes liability for illegal entry into a residence unit against the will of the person residing there. Under Section 144 of the Criminal Law the intentional violation of the secrecy of personal correspondence or information transmitted over telecommunications networks, as well as the intentional violation of the secrecy of such information and software provided for use in connection with electronic data processing, is punishable by imprisonment for a term of up to three years' community service or a fine of up to fifty times the minimum monthly wage. The sanctions are graver if the crime is committed with intent to gain material benefit.6

The Criminal Procedure Law provides an exhaustive list of situations in which public agencies have the right to interfere with the right of a person to the inviolability of privacy in family life, residence, and correspondence in compliance with the prescribed procedures. The Law lists the following procedural activities: search of the residence, search of the person, inspection, observation, seizure of property, seizure of post and telegraph correspondence, tapping of telephone conversations, and the acquisition of information by technical means, and the verification of testimonies on-site.7

If there are sufficient grounds to believe that tapping conversations or acquiring information by technical means can provide information relevant to a case, investigators may tap conversations over the telephone and other means of communication of the suspect or the accused person if authorised to do so by a judge.. In urgent cases an officer may commence wiretapping with nothing more than a prosecutor's consent, but within one working day he must also receive judicial permission. Conversations of persons over the telephone or other means of communication may be tapped without a court order if they give written consent, if there is a possibility that a crime will be directed against them or if they are or may be involved in performance of a crime.8

The Law on "Operative Activity" includes standards that prohibit the arbitrary and unjustified interference with the right of a person to the inviolability of residence and correspondence.9 Under Article 8 of the law, operative control of correspondence, acquisition of information via technical means, tapping of non-public conversations (over the telephone, electronic, or other means of communication) and data entry may only be undertaken with the approval of the Chairman of the Supreme Court or his designated Supreme Court judge. Permission for these activities may be issued for a period of up to three months and may, in the event of justified necessity. be prolonged, but only as long as the relevant proceedings concerning the person are active. In exceptional cases, i.e., when there is a need to act without delay to prevent a threat to vital public interests, such as an act of terrorism or subversive activity, a murder or other serious crime, or if there is actual threat to the life, health, or property of a person, the above activities can be initiated without the judge's approval. The prosecutor must be notified  within 24 hours and the judge's approval received within 72 hours. If the officers fail to do so, tapping must be terminated. In addition, Article 5 of the above law stipulates that if the person under observation believes that his or her lawful interests and freedoms have been violated, the person has the right to either submit a complaint to the prosecutor, who after a review issues a compliance statement or submit a claim in court.10

However, in 2010 several provisions of the Law on "Operative Activity" were challenged in the Satversmes tiesa (the Constitutional Court).11 These include the provision that in exceptional cases allows wiretapping without judicial approval. The case should be ready for judicial review by December 2010.

There is no separate binding regulation on the use of surveillance technologies; issues arising from such cases are dealt with in accordance with the principles and norms of data protection law. However, in 2004 the Inspectorate prepared a non-binding recommendation comprising basic principles that should be followed by those willing to use such technologies in accordance with the rule of law. Updated recommendations were published in 2009.12 The first legal act appeared in 2010 when, on 10 August, the Cabinet of Ministers issued its regulation No. 773 concerning obtaining, storing, and using data from the State Border guard's video information systems.13

In 2007 a lower court ordered the Latvian financial police agency to pay LVL100,000 (approximately €420.300) to the high-profile TV news presenter Ilze Jaunalksne for illegally tapping her telephone and selling the transcripts to a newspaper.14 In 2010 the Supreme Court finally ordered the State to pay to Jaunalksne LVL12.000 (€17,074). The court found that the Ministry of Finance and State Revenue Service had failed in its duties by breaching Jaunalksne's privacy. Four financial police officers were prosecuted for abuse of office in connection with the wiretapping case.15

National security legislation

In 2004, the fight against terrorism inspired several amendments that loosened the rules guaranteeing the protection of personal data held by credit institutions.16

In November 2004, the Cabinet of Ministers accepted the Concept on Establishment of Anti-Terrorism Centre, a document that establishes a new, specialised department within the institutional structure of the Security Police. The Anti-Terrorism Centre is now operational, conducting mainly analytical and planning activities. In order to ensure better consultation and co-ordination among the key institutions, in 2005 a consultative council of experts of the Anti-Terrorism Centre was established, which includes representatives from the key institutions.17

Data retention

The Law on Electronic Communications requires the providers of electronic communications to retain the so-called "storable data" for a period of 18 months. Among other things, these "storable data" include data about callers and their telephone numbers, recipients and their telephone numbers, and mobile phone identifiers and location data. According to the law, providers of electronic communications shall provide these data to the pre-trial investigatory institutions, to the subjects carrying out investigative activities, to state security institutions, prosecutor's office, and court, if these institutions request it.18 In accordance with the Law on "Operative Activity," the "subjects carrying out operative activities" are state security and defence institutions, institutions in charge of maintaining public order and other state bodies authorised by law to perform investigative operations within the scope of their competence.19

National databases for law enforcement and security purposes

The Law on Establishment and Use of National Data Base of DNA,20 adopted on 17 June 2004, requires the establishment of a national DNA database. to be used in the investigation of crimes. The law provides for storing the following information: profiles and data about the suspect, accused person, defendant, or convict, and information concerning the DNA profiles and data of unidentified dead bodies, missing persons, and traces of biological origin. This information is classified as restricted access information.

In 2007, access to the Schengen Information System (SIS) was enabled in Latvia.21 The SIS contains information about wanted or missing persons, persons being clandestinely followed, and vehicles and other objects that were stolen or otherwise separated from their owners.22 A communal system allows access to this information by police and other authorities in all SIS Member States.23 Anyone may request the review of personal data entered into SIS, request the correction of incorrect information, or request the deletion of illegally obtained information.24

The Court Information System is a database of legal proceedings aimed at automating the administrative cycle – data registration, processing, storage, and availability. Recently, the Latvian Government has introduced new rules for the system's development, maintenance, and use, including the minimum amount of data that must be entered into the system and conditions for accessing the database.25

National and international data disclosure agreements

No specific information has been provided under this heading.

Cybercrime

No specific information has been provided under this heading.

Critical infrastructure

The notion of "critical infrastructure" is relatively new to Latvia. Before it was introduced in the first half of 2010 by amending the National Security Law,26 there was a similar but not identical concept of "objects which are important for national security".27 These amendments to the National Security Law establish the principle that the owner or user of a critical infrastructure is personally responsible for planning and carrying out the necessary steps to ensure its security. The State's role is mainly regulatory. If government institutions needed to monitor information systems, it would have to be on a different legal basis, for example, under the aforementioned Law on "Operative Activity". However, the system is very new and it is difficult to say how it will work.

Territorial privacy

Video surveillance

In principle, video surveillance is subject to the LPDP's general rules on personal data protection. For example, the recently adopted regulations of the Cabinet of Ministers No. 773, which concern the obtaining, storage, and use of data from the video information systems of the State Border guard, frequently refer to LPDP's requirements.28

One of 2010's  most reported news items  was that the Data State Inspectorate has started to evaluate the compliance of Google's "Street View" service with the  data protection principles and requirements. This evaluation started because Google, in compliance with the law, notified the Data State Inspectorate that it wished to introduce this service in Latvia and therefore to photograph the streets of various Latvian cities.29

Location privacy (GPS, mobile phones, location based services etc.)

According to the Electronic Communications Law, location data may only be processed to enable the provision of electronic communications services. The processing of location data for other purposes without the consent of a user or subscriber is permitted only if the user or subscriber cannot be identified. Processing location data for other purposes with the written consent of a user or subscriber is permitted only when it is necessary to provide value added services. A user or subscriber has the right to revoke his or her consent for the processing of location data for any other purpose at any time by notifying the relevant electronic communications service provider.30

Travel privacy (travel identification documents, biometrics etc.) and border surveillance

Starting in November 2007, the Latvian government began issuing e-passports to comply with European Union standards.31 The new passports feature a chip that stores biometric data (the holder's digital photo and fingerprints).32 All other (non-e) passports will be replaced as per their expiration dates.33 In total, 1.1 million e-passports will be produced by 2012.34

National ID and smart cards

In 2002, the Latvian Parliament passed a law introducing compulsory identity cards for all residents. It requires all citizens and non-citizens of Latvia over the age of 15 to be issued with machine-readable ID cards that will also be a means for creating personal e-signatures. The introduction of ID cards was set for 2005, but was originally postponed to 2007.35 In 2007 the government issued a mandate establishing a working group, which agreed that identity cards would be in the form of both a card and travel document with e-signature support.36 The draft of the eID card conception was unveiled on 10 December 2008.37 The government now expects the first eID cards to be rolled out in 2010, with a goal of producing 2 million cards by 2013.38

E-signature cards were first issued by the Latvian government in September 2006; they are based on qualified certificates and authentication certificates39 and used to sign electronic documents and access online services, including declarations and tax reports. A National Unified Library System is currently in process that will link all of Latvia's libraries through a single network and a unified catalogue.40

The new Law on Civil Registration Records was adopted on 17 March 2005.41 This law replaces the Law on Civil Registration and regulates the registration of marriage, birth, and death. The Law on Civil Registration Records states that cause of death will no longer be indicated on death certificates.42

On 10 February 2010 the Cabinet of Ministers of Latvia approved the e-ID card concept, which provides an introduction to the national e-ID card; its implementation will take place in the course of 2011.43 The concept was drafted by the Ministry of Regional Development and Local Government (MRDLG). The e-ID cards will be used both to identify people travelling abroad or visiting public or municipal institutions and to provide  authentication in the electronic environment. The Ministry perceives the future card as a key enabler of the development of national and local e-Government services and, as a result, Latvian e-Government generally. The Office of Citizenship and Migration Affairs (OCME) will be in charge of issuing the cards while a private partner selected following a tendering process will deliver the relevant certification services.44

RFID tags

No specific information has been provided under this heading.

Bodily privacy

No specific information has been provided under this heading.

Footnotes