Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

New Latvian Personal Data Processing law is being developed

30.11.2017

Latvian Ministry of Justice has drafted text of new Personal Data Processing Law, which fulfils the assignment of Regulation (EU) 2016/679 to introduce national provisions to specify the application of the rules of Regulation in the national legislation. The law adopts the Regulation and generally does not stipulate stricter national requirements.

One of the national specifications is that the child’s age stipulated in Article 8 of the Regulation and prescribed as minimal for giving lawful consent for data processing is diminished by the new law to 13 years, observing that various national laws allow a child to take independent decisions before reaching 16 years: e.g. the Official Electronic Address Law, which shall enter into force on 1 March 2018, prescribes that a natural person registered in the Population Register and aged from 14 years can use an official electronic address . As specified in the annotation to the draft text of the new Personal Data Processing Law, when leaving the age of 16 years as stated in the Regulation, a situation will arise when the child shall have the rights to decide about the issues on his health, provision of social services, he can be held criminally responsible [from the age of 14 according to the Latvian Criminal Law], but he still cannot be treated as mature enough to register his electronic mail, or profile <…> [in social network].

When fulfilling the obligation of Chapter 9 of the Regulation, the draft text includes specific provisions and limitations in case of processing of personal data for statistical purpose, archiving purposes in the public interest, scientific or historical research. The draft law points out that in a situation of processing personal data for journalistic and academic purposes, artistic or literary expression, the Regulation, except its Article 5, is not applicable in cases when: (1) the processing is being made to exercise rights to freedom of expression and information, complying with person’s rights for privacy, and if there are no person’s interests requiring protection and prevailing over public interests; and (2) compliance with the Regulation is not compatible with or prevents from the exercise of rights to freedom of expression and information.

The draft text does not provide specific conditions or limitations for processing of genetic data, biometric data or data concerning health, processing personal identification number and data in the context of employment. However, it must be noted that according to the draft text requirements of this law do not apply to the data processing performed by persons via automatized record devices in road traffic – such video records can be disclosed only to state institutions for the execution of statutory functions, and to the controllers for protection of legitimate interests–, and to data processing performed by natural persons via automatized video surveillance devices for personal and household purposes, except the surveillance of public space.

The draft text was supported by the meeting of State Secretaries in October 2017 and the next step will be harmonization thereof with other Ministries, governmental and non-governmental commissions and associations. The road of the wording to a final law and entering into force will include a review by the Cabinet of Ministers and adoption by Latvian Parliament, Saeima, in its sittings.

Related links:

 

Article provided by: Jana Paņko (Lawyer, Njord Law Latvia)

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Höllwarthtobias.hoellwarth@eurocloud.org

VIEW PROJECT

WHAT IS THE DPC/CPC PROJECT?

53 lawyers from 33 countries are contributing to the project “Data Privacy Compliance (DPC)/Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More

 

CPC MISSION & VISION STATEMENT, 2018

The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.