Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

III. Privacy topics

Internet and consumer privacy

E-commerce

Law on Electronic Communications provides that any electronic communication services, including e-mail messages, for direct marketing purposes may be used only upon a prior consent of subscriber or registered user of electronic communication services. The number of personal complaints submitted to the Inspectorate in 2009 concerning the processing of personal data for the direct marketing purposes was the highest. In comparison to 2008, the number of these complaints has increased three times.1

In February 2009 the Inspectorate received a complaint regarding unwanted email messages. The Inspectorate found violations of the LLPPD and of the Law on Electronic Communications: an illegal processing of personal data and illegal use of personal email address for direct marketing purposes. A person was collecting, accumulating and storing email addresses and using them for direct marketing purposes, i.e., sending unwanted email messages, and he did not follow the criteria for lawful processing of personal data. He got a fine of LTL100 (approx. €30).2

Cybersecurity

No specific information has been provided under this heading.

Online behavioural marketing and search engine privacy

No specific information has been provided under this heading.

Online social networks and virtual communities

No specific information has been provided under this heading.

Online youth safety

No specific information has been provided under this heading.

Workplace privacy

The HRMI reported that in 2004 there was an active trade in computer software that allowed control of an employee's computer. Such control creates unlimited possibilities to observe the work of the employee. A special software installation enables employers to gain access to employees' electronic correspondence and see which Web sites are visited on the Internet. Although such software usage is becoming increasingly popular among private business enterprises, there is no legal framework regulating electronic surveillance at the workplace.3 Trade unions do not express concern for the matter. The HRMI suggests that to prevent individuals from losing their entitlement to respect for private life in the workplace, employers should always inform employees about the use of electronic surveillance in advance, explain its purpose, and obtain the employee's agreement. A law should further specify situations and conditions for electronic surveillance and provide deterrent sanctions. Considering the urgency of the issue, the proper legal regulation should be adopted as soon as possible. Currently, workplace privacy in Lithuania is regulated only by general provisions of the LLPPD and other privacy laws. However, the Inspectorate in its practice follows the recommendations of Article 29 Data Protection Working Party.4 Overall, court practice is leaning towards allowing the employer's control over employee communication, as long as it is transparent and the employees are properly informed.

Health and genetic privacy

Medical records

The Law on the Rights of Patients and Compensation of the Damage to Their Health, adopted in 1996 and amended several times, most recently on 1 March 2010, provides rules concerning the inviolability of the patient's private life.5

The Law requires that information on the facts of a patient's life can be collected only upon his/her consent and only if it is necessary to detect or treat a disease or to nurse a patient. All the medical information related to a patient's visits or stays in a health care institution, his/her health, means of detection or treatment of disease, or his/her nursing must be contained in patient's medical documents of a set form and kind. This information shall be deemed to be private after the patient's death as well. Successor by the will, heir by operation of law, spouse (partner), parents and children have a right to obtain this information after the patient's death.

Confidential information can be provided to other persons only upon the written consent of the patient, which also has to indicate grounds for such consent and a purpose except where the patient had indicated a concrete person who can be provided with the information in the medical documents. Confidential information about the patient’s health can be provided without the patient's consent to the State institutions entitled by Lithuanian laws to acquire such information. Confidential information shall be provided only upon a written request by the relevant persons, indicating the basis of the request, purpose of the use of the information and the extent of information requested.

The Law on the Rights of Patients and Compensation of the Damage to Their Health submits that any person shall be accountable by law for any illegal collection and use of confidential information about a patient. In order to safeguard the patient's right to private life, the interests and welfare of a patient shall prevail over the interests of society. The application of this rule could only be limited if it is necessary for the protection of public safety, crime prevention, public health, or other human rights and freedoms. The Law also foresees a possibility to receive medical treatment without revealing a person's identity, provided the patient is older than 16 years, and he/she is sick with a certain disease defined by the Government. That being the case, the patient shall cover the expenses of healthcare services on his/her own.

In 2005 the Ministry of Health of Lithuania commenced the implementation of a health services system called "eHealth services".6 On 18 June 2010, the Minister of Health adopted an eHealth system development programme project for the years 2009-2015. The main objectives of the programme are to develop a customer-oriented eHealth system, which would provide him/her with direct and indirect services, and to develop an effective infrastructure of eHealth services and cooperation.7

Genetic identification

No specific information has been provided under this heading.

Financial privacy

No specific information has been provided under this heading.

Footnotes

  • 1. Annual Activity Report 2009 of the State Data Protection Inspectorate, supra at 13.
  • 2. "Po ValstybinÄ—s duomenų apsaugos inspekcijos iÅ¡nagrinÄ—to skundo teismas pripažino pažeidimus dÄ—l nepageidaujamų elektroninio paÅ¡to praneÅ¡imų siuntimo" ("Court Finds Violations Regarding Unwanted Email Messages, After Judging on Complaint of the State Data Protection Inspectorate"), Teises Forumas, available at http://www.teisesforumas.lt/index.php/idomybes-ir-naudinga-informacija/7....
  • 3. Valerija Lebedeva, "Electronic Working Place Control Is Not Legally Regulated," Vakarų ekspresas, 13 November 2006.
  • 4. Working document on the surveillance of electronic communications in the workplace, 29 May 2002, WP 55, available at http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2002/wp55_en.pdf.
  • 5. Law on the Rights of Patients and Compensation of the Damage to their Health In Lithuanian, supra.
  • 6. ePractice, eGovernment Factsheet – Lithuania – Infrastructure, supra.
  • 7. In Lithuanian: Lietuvos Respublikos sveikatos apsaugos ministro įsakymas dÄ—l E. Sveikatos sistemos 2009 – 2015metų plÄ—tros programos įgyvendinimo priemonių plano patvirtinimo, 18 June 2010, No V-570.