II. Surveillance policies
National security, government surveillance and law enforcement
Wiretapping, access to, and interception of communications
Violating the confidentiality of correspondence, information in the form of transmissions over a telecommunications networks and other information is subject to criminal punishment.1 On 28 October 2004, the Law on Electronic Communications was adopted,2 replacing the Law on Telecommunications. It incorporates the provisions of the EU Directive on Privacy and Electronic Communications (2002/58/EC), and has a chapter regulating data protection in the electronic communications sector. Section 68 of the Law on Electronic Communications states that service providers are prohibited from disclosing information about users or subscribers and the electronic communications services or value-added services they receive. Under the Law only officials of bodies performing investigative operations in specific cases have the right to the interception or surveillance of communications. The Law on Electronic Communications regulates the processing of traffic and location data.3
The Criminal Procedure Law, which replaced the Soviet Time Criminal Procedure Code of 1961, was adopted in April 2005 and has been amended several times.4 Among other things, the Law covers the role and process of acquiring electronic evidence. Under this regulation, investigative officers have the power to oblige information system managers to ensure that data necessary for the purposes of investigation is immediately preserved unchanged and will not be revealed to any third persons whatsoever. But the officer can only require a manager to reveal the stored data after receiving permission from the supervising authority (depending on the procedural status and the stage of the process the supervising authority may be a higher prosecutor or a judge).5 New rules cover investigations conducted without the individual's consent or knowledge, such as wiretapping, control of data stored in an electronic storage system, control of transferred data, or video and audio control of a certain place or person. A person may be tracked only with judicial permission. The law outlines detailed guidelines for the implementation of discretionary powers of responsible officers and the court.
Section 143 of the Criminal Law prescribes liability for illegal entry into a residence unit against the will of the person residing there. Under Section 144 of the Criminal Law the intentional violation of the secrecy of personal correspondence or information transmitted over telecommunications networks, as well as the intentional violation of the secrecy of such information and software provided for use in connection with electronic data processing, is punishable by imprisonment for a term of up to three years' community service or a fine of up to fifty times the minimum monthly wage. The sanctions are graver if the crime is committed with intent to gain material benefit.6
The Criminal Procedure Law provides an exhaustive list of situations in which public agencies have the right to interfere with the right of a person to the inviolability of privacy in family life, residence, and correspondence in compliance with the prescribed procedures. The Law lists the following procedural activities: search of the residence, search of the person, inspection, observation, seizure of property, seizure of post and telegraph correspondence, tapping of telephone conversations, and the acquisition of information by technical means, and the verification of testimonies on-site.7
If there are sufficient grounds to believe that tapping conversations or acquiring information by technical means can provide information relevant to a case, investigators may tap conversations over the telephone and other means of communication of the suspect or the accused person if authorised to do so by a judge.. In urgent cases an officer may commence wiretapping with nothing more than a prosecutor's consent, but within one working day he must also receive judicial permission. Conversations of persons over the telephone or other means of communication may be tapped without a court order if they give written consent, if there is a possibility that a crime will be directed against them or if they are or may be involved in performance of a crime.8
The Law on "Operative Activity" includes standards that prohibit the arbitrary and unjustified interference with the right of a person to the inviolability of residence and correspondence.9 Under Article 8 of the law, operative control of correspondence, acquisition of information via technical means, tapping of non-public conversations (over the telephone, electronic, or other means of communication) and data entry may only be undertaken with the approval of the Chairman of the Supreme Court or his designated Supreme Court judge. Permission for these activities may be issued for a period of up to three months and may, in the event of justified necessity. be prolonged, but only as long as the relevant proceedings concerning the person are active. In exceptional cases, i.e., when there is a need to act without delay to prevent a threat to vital public interests, such as an act of terrorism or subversive activity, a murder or other serious crime, or if there is actual threat to the life, health, or property of a person, the above activities can be initiated without the judge's approval. The prosecutor must be notified within 24 hours and the judge's approval received within 72 hours. If the officers fail to do so, tapping must be terminated. In addition, Article 5 of the above law stipulates that if the person under observation believes that his or her lawful interests and freedoms have been violated, the person has the right to either submit a complaint to the prosecutor, who after a review issues a compliance statement or submit a claim in court.10
However, in 2010 several provisions of the Law on "Operative Activity" were challenged in the Satversmes tiesa (the Constitutional Court).11 These include the provision that in exceptional cases allows wiretapping without judicial approval. The case should be ready for judicial review by December 2010.
There is no separate binding regulation on the use of surveillance technologies; issues arising from such cases are dealt with in accordance with the principles and norms of data protection law. However, in 2004 the Inspectorate prepared a non-binding recommendation comprising basic principles that should be followed by those willing to use such technologies in accordance with the rule of law. Updated recommendations were published in 2009.12 The first legal act appeared in 2010 when, on 10 August, the Cabinet of Ministers issued its regulation No. 773 concerning obtaining, storing, and using data from the State Border guard's video information systems.13
In 2007 a lower court ordered the Latvian financial police agency to pay LVL100,000 (approximately â‚¬420.300) to the high-profile TV news presenter Ilze Jaunalksne for illegally tapping her telephone and selling the transcripts to a newspaper.14 In 2010 the Supreme Court finally ordered the State to pay to Jaunalksne LVL12.000 (â‚¬17,074). The court found that the Ministry of Finance and State Revenue Service had failed in its duties by breaching Jaunalksne's privacy. Four financial police officers were prosecuted for abuse of office in connection with the wiretapping case.15
National security legislation
In 2004, the fight against terrorism inspired several amendments that loosened the rules guaranteeing the protection of personal data held by credit institutions.16
In November 2004, the Cabinet of Ministers accepted the Concept on Establishment of Anti-Terrorism Centre, a document that establishes a new, specialised department within the institutional structure of the Security Police. The Anti-Terrorism Centre is now operational, conducting mainly analytical and planning activities. In order to ensure better consultation and co-ordination among the key institutions, in 2005 a consultative council of experts of the Anti-Terrorism Centre was established, which includes representatives from the key institutions.17
The Law on Electronic Communications requires the providers of electronic communications to retain the so-called "storable data" for a period of 18 months. Among other things, these "storable data" include data about callers and their telephone numbers, recipients and their telephone numbers, and mobile phone identifiers and location data. According to the law, providers of electronic communications shall provide these data to the pre-trial investigatory institutions, to the subjects carrying out investigative activities, to state security institutions, prosecutor's office, and court, if these institutions request it.18 In accordance with the Law on "Operative Activity," the "subjects carrying out operative activities" are state security and defence institutions, institutions in charge of maintaining public order and other state bodies authorised by law to perform investigative operations within the scope of their competence.19
National databases for law enforcement and security purposes
The Law on Establishment and Use of National Data Base of DNA,20 adopted on 17 June 2004, requires the establishment of a national DNA database. to be used in the investigation of crimes. The law provides for storing the following information: profiles and data about the suspect, accused person, defendant, or convict, and information concerning the DNA profiles and data of unidentified dead bodies, missing persons, and traces of biological origin. This information is classified as restricted access information.
In 2007, access to the Schengen Information System (SIS) was enabled in Latvia.21 The SIS contains information about wanted or missing persons, persons being clandestinely followed, and vehicles and other objects that were stolen or otherwise separated from their owners.22 A communal system allows access to this information by police and other authorities in all SIS Member States.23 Anyone may request the review of personal data entered into SIS, request the correction of incorrect information, or request the deletion of illegally obtained information.24
The Court Information System is a database of legal proceedings aimed at automating the administrative cycle â€“ data registration, processing, storage, and availability. Recently, the Latvian Government has introduced new rules for the system's development, maintenance, and use, including the minimum amount of data that must be entered into the system and conditions for accessing the database.25
National and international data disclosure agreements
No specific information has been provided under this heading.
No specific information has been provided under this heading.
The notion of "critical infrastructure" is relatively new to Latvia. Before it was introduced in the first half of 2010 by amending the National Security Law,26 there was a similar but not identical concept of "objects which are important for national security".27 These amendments to the National Security Law establish the principle that the owner or user of a critical infrastructure is personally responsible for planning and carrying out the necessary steps to ensure its security. The State's role is mainly regulatory. If government institutions needed to monitor information systems, it would have to be on a different legal basis, for example, under the aforementioned Law on "Operative Activity". However, the system is very new and it is difficult to say how it will work.
In principle, video surveillance is subject to the LPDP's general rules on personal data protection. For example, the recently adopted regulations of the Cabinet of Ministers No. 773, which concern the obtaining, storage, and use of data from the video information systems of the State Border guard, frequently refer to LPDP's requirements.28
One of 2010's most reported news items was that the Data State Inspectorate has started to evaluate the compliance of Google's "Street View" service with the data protection principles and requirements. This evaluation started because Google, in compliance with the law, notified the Data State Inspectorate that it wished to introduce this service in Latvia and therefore to photograph the streets of various Latvian cities.29
Location privacy (GPS, mobile phones, location based services etc.)
According to the Electronic Communications Law, location data may only be processed to enable the provision of electronic communications services. The processing of location data for other purposes without the consent of a user or subscriber is permitted only if the user or subscriber cannot be identified. Processing location data for other purposes with the written consent of a user or subscriber is permitted only when it is necessary to provide value added services. A user or subscriber has the right to revoke his or her consent for the processing of location data for any other purpose at any time by notifying the relevant electronic communications service provider.30
Travel privacy (travel identification documents, biometrics etc.) and border surveillance
Starting in November 2007, the Latvian government began issuing e-passports to comply with European Union standards.31 The new passports feature a chip that stores biometric data (the holder's digital photo and fingerprints).32 All other (non-e) passports will be replaced as per their expiration dates.33 In total, 1.1 million e-passports will be produced by 2012.34
National ID and smart cards
In 2002, the Latvian Parliament passed a law introducing compulsory identity cards for all residents. It requires all citizens and non-citizens of Latvia over the age of 15 to be issued with machine-readable ID cards that will also be a means for creating personal e-signatures. The introduction of ID cards was set for 2005, but was originally postponed to 2007.35 In 2007 the government issued a mandate establishing a working group, which agreed that identity cards would be in the form of both a card and travel document with e-signature support.36 The draft of the eID card conception was unveiled on 10 December 2008.37 The government now expects the first eID cards to be rolled out in 2010, with a goal of producing 2 million cards by 2013.38
E-signature cards were first issued by the Latvian government in September 2006; they are based on qualified certificates and authentication certificates39 and used to sign electronic documents and access online services, including declarations and tax reports. A National Unified Library System is currently in process that will link all of Latvia's libraries through a single network and a unified catalogue.40
The new Law on Civil Registration Records was adopted on 17 March 2005.41 This law replaces the Law on Civil Registration and regulates the registration of marriage, birth, and death. The Law on Civil Registration Records states that cause of death will no longer be indicated on death certificates.42
On 10 February 2010 the Cabinet of Ministers of Latvia approved the e-ID card concept, which provides an introduction to the national e-ID card; its implementation will take place in the course of 2011.43 The concept was drafted by the Ministry of Regional Development and Local Government (MRDLG). The e-ID cards will be used both to identify people travelling abroad or visiting public or municipal institutions and to provide authentication in the electronic environment. The Ministry perceives the future card as a key enabler of the development of national and local e-Government services and, as a result, Latvian e-Government generally. The Office of Citizenship and Migration Affairs (OCME) will be in charge of issuing the cards while a private partner selected following a tendering process will deliver the relevant certification services.44
No specific information has been provided under this heading.
No specific information has been provided under this heading.
- 1. The Criminal Code of the Republic of Latvia, Section 144, unofficial English translation available at http://www.legislationline.org/documents/section/criminal-codes.
- 2. Law on Electronic Communications, available in Latvian at http://www.likumi.lv/doc.php?id=96611. The Law entered into force on 1 December 2004. See also ePractice, eGgovernment Factsheet â€“ Latvia â€“ Legal Framework (April 2010), available at http://www.epractice.eu/en/document/288289.
- 3. Law on Electronic Communications, supra.
- 4. Criminal Procedure Law, Latvijas Vestnesis, 11 May 2005, effective from October 2005, unofficial English translation available at http://www.legislationline.org/documents/section/criminal-codes.
- 5. Id. at Sections 191 and 192.
- 6. The Criminal Code of the Republic of Latvia, supra.
- 7. Criminal Procedure Law, supra. See also Periodic Report of the Republic of Latvia on the Implementation of the 1966 International Covenant on Civil and Political Rights in the Republic of Latvia during the Period from 1995 till 2002, available at http://www.mkparstavis.am.gov.lv/en/@id=58.
- 8. Id.
- 9. The Law on "Operative Activities" was adopted on 16 December 1993 and since then has been amended many times, most recently in December 2009. The consolidated text of the Law is available in Latvian at http://www.likumi.lv/doc.php?id=57573.
- 10. Id.
- 11. The decision to initiate proceedings, dated 16 July 2010, is available in Latvian at http://www.satv.tiesa.gov.lv/upload/lem_ierosin_2010_55.htm.
- 12. Available in Latvian at http://www.dvi.gov.lv/files/Rekomendacija_videonoverosana.pdf.
- 13. Available in Latvian at http://www.likumi.lv/doc.php?id=215316&from=off.
- 14. "News Presenter Wins 10.000 Lats in Phone Tapping Case," The Baltic Times, 12 February 2007, available at http://www.baltictimes.com/news/articles/17304/.
- 15. See Press release of the Supreme Court, "12 000 LVL Have Been Recovered from the Republic of Latvia for Ilze Jaunalksne," 18 February 2010, http://www.at.gov.lv/en/information/about-trials/2010/201002/20100218/.
- 16. See infra.
- 17. Terms of reference of the Consultative Council of experts of the Anti-Terrorism Centre are available in Latvian at http://www.likumi.lv/doc.php?id=122154&from=off.
- 18. Paragraph 11 of Section 19 and Section 71 primus of the Law on Electronic Communications, available at http://www.likumi.lv/doc.php?id=96611.
- 19. Law on "Operative Activitiy," supra. See Chapter 4 of the Law.
- 20. Law on Establishment and Use of National Data Base of DNA, available in Latvian at http://www.ic.iem.gov.lv/files/likumi/DNS_datu_bazes_likums.pdf, and in English at http://www.vvc.gov.lv/export/sites/default/docs/LRTA/Likumi/Development_.... The Law entered into force on 1 January 2005.
- 21. Id.
- 22. Data State Inspectorate, Personal Data in the Schengen Information System (SIS), available at http://www.dvi.gov.lv/eng/pdp/schengen/.
- 23. Id.
- 24. Id.
- 25. ePractice, eGovernment Factsheet â€“ Latvia â€“ Infrastructure (April 2010), available at http://www.epractice.eu/en/document/288292.
- 26. Amendments to the National Security Law, 24 April 2010, available in Latvian at http://www.likumi.lv/doc.php?id=209821.
- 27. National Security Law, 2005 consolidated text available in English at http://www.mfa.gov.lv/en/security/basic/4536/.
- 28. Available in Latvian at http://www.likumi.lv/doc.php?id=215316&from=off.
- 29. The relevant press release by the Data State Inspectorate is available in Latvian at http://www.dvi.gov.lv/jaunumi/read.php?c=&id=1282646801.787.2.2.
- 30. Section 71 of the Electronic Communications Law, available in English at http://www.vvc.gov.lv/export/sites/default/docs/LRTA/Likumi/Electronic_C....
- 31. Giesecke & Devrient, "Latvia Government Begins Issuing Electronic Biometric Passports Made by Giesecke & Devrient," available at http://www.gi-de.com/portal/page?_pageid=44,139709&_dad=portal&_schema=P....
- 32. ePractice, eGovernment Factsheet â€“ Latvia â€“ Infrastructure, supra.
- 33. Office of Citizenship and Migration Affairs, Questions and Answeres on E-Passports, available at http://www.pmlp.gov.lv/en/pakalpojumi/passport/questions.html.
- 34. ePractice, eGovernment Factsheet â€“ Latvia â€“ Infrastructure, supra.
- 35. Personal Identification Documents Law with amendments of 20 April 2004, available in Latvian at http://www.ic.iem.gov.lv/files/likumi/personu_apliecinosu_dokumentu_liku... and in English at http://www.ic.iem.gov.lv/files/lrcm/Personal_Identification_Documents_La....
- 36. EPractice, Egovernment Factsheet â€“ Latvia â€“ National Infrastructure, May 2009, available at http://www.epractice.eu/en/document/288292.
- 37. Id.
- 38. Id.
- 39. Id.
- 40. Id.
- 41. Law on Civil Registration Records, available in Latvian at http://www.likumi.lv/doc.php?id=104832 ">http://www.likumi.lv/doc.php?id=104832 . The Law entered into force on 15 April 2005.
- 42. Id.
- 43. ePractice, eGovernment Factsheet â€“ Latvia â€“ Infrastructure, supra.
- 44. Id.