/ Basic info / Legal instruments / Annual Reports / Forum / News / Internet & Privacy / Contacts / Links
State Data Protection Inspectorate, Lithuania

Contents:
  1. The Legal Grounds for the Protection of Personal Data in Lithuania
  2. The Legal Position of the Supervisory Authority
  3. The Legal Rights of the Supervisory Authority
  4. The Restrictions of the Activities of the Supervisory Authority
  5. Contacts

1. Legal Grounds for the Data Protection.

The legal grounds for the data protection are set in the Constitution of the Republic of Lithuania (adopted on 25 October 1992), the Law on Legal Protection of Personal Data (adopted on 11 June 1996, last new version on 21 January 2003, came into force on 1 July 2003), as well as in the international agreements. For full text of the Law on Legal Protection of Personal Data and for other legal acts concerning data protection in Lithuania, please refer to the link http://www.ada.lt/images/cms/File/pers.data.prot.law.pdf

Constitution of the Republic of Lithuania

Article 22
The private life of an individual shall be inviolable.

Personal correspondence, telephone conversations, telegraph messages, and other intercommunications shall be inviolable.

Information concerning the private life of an individual may be collected only upon a justified court order and in accordance with the law.

The law and the court shall protect individuals from arbitrary or unlawful interference in their private or family life, and from encroachment upon their honour and dignity.

Law on Legal Protection of Personal Data contains detailed provisions, which ensure protection of an individual's right to privacy with regard to the processing of personal data.

By the Article 2 of the Law it shall regulate relations arising in the course of the processing of personal data by automatic means, and during the processing of personal data by other than automatic means in filing systems: lists, card indexes, files, codes etc. The Law shall establish the rights of natural persons as data subjects, the procedure for the protection of these rights, the rights, duties and responsibility of legal and natural persons with regard to the processing of personal data.

The Law shall not apply where a natural person processes personal data in the course of a purely personal activity, unrelated to business or profession. When personal data are processed for the purposes of State security or defence, this Law shall apply in so far as other laws do not provide otherwise.

The Law has been approximated with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individual regard to the processing of personal data and on the free movement of such data and with the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No 108).

In February 2000 Lithuania signed and on the 20th February 2001 ratified the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No.108). On 8th November 2001 Lithuania signed and on 18th December of the year 2003 ratified Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No.108) regarding Supervisory Authorities and Transborder Data Flows.

2. The Legal Position of the Supervisory Authority.

The Article 29 of the Law establishes that the implementation of the Law on Legal Protection of Personal Data, with the exception of Article 8, shall be supervised and monitored by the State Data Protection Inspectorate. The State Data Protection Inspectorate shall be a government institution financed from the state budget. It shall be accountable to the Government. The regulations of the State Data Protection Inspectorate shall be approved by the Government. The processing of personal data carried out for the purposes of providing information to the public or the purposes of artistic or literary expression as well as other purposes shall be supervised by the Inspector of Journalistic Ethics.

The State Data Protection Inspectorate shall be guided by the Constitution of the Republic of Lithuania, laws, international agreements of the Republic of Lithuania, this Law and other legal acts.

The Article 30 of the Law establishes that the activities of the State Data Protection Inspectorate shall be based on the principles of lawfulness, impartiality, openness and professionalism in the discharge of its functions. When discharging the functions provided by this Law and making its decisions related to the discharge of the functions set out for it in this Law, the State Data Protection Inspectorate shall be independent; its rights may be limited only by law.

State and municipal institutions and agencies, members of the Seimas and other officials, political parties, political and public organisations, other legal and natural persons shall have no right to exert any kind of political, economic, psychological or social pressure on the employees of the State Data Protection Inspectorate or tamper with them in any other way. Interference with the activities of the State Data Protection Inspectorate shall render the infringing party liable in accordance with law.

By the Resolution of the Government of the Republic of Lithuania No 1156 on the Structural Reform of the State Data Protection Inspectorate, Granting Authorization to the State Data Protection Inspectorate, the Approval of the Regulations of the State Data Protection Inspectorate and the Amendment of the Related Resolutions of the Government of the Republic of Lithuania (new version 24 January 2005) State Data Protection Inspectorate was authorised to supervise and control the enforcement of the Law on Legal Protection of Personal Data of the Republic of Lithuania (except Article 8) and designated as authority responsible for the implementation of regulations of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).

On 8 March 2004 the Parliament of the Republic of Lithuania ratified the Convention drawn up on the basis of Article K.3 of Treaty on European Union, on the use of information technology for customs purposes. On 15 July 2004 the Government of the Republic of Lithuania appointed the Inspectorate as a responsible authority for the independent supervision of personal data entered in the Customs Information System ensuring that processing and use of personal data stored in the Customs Information System would not violate rights of concerned persons.

On 22 April 2004 the Parliament of the Republic of Lithuania ratified the Convention based on Article K.3 of the Treaty on European Union, on the establishment of a European Police Office (Europol Convention). On 28 June 2004 the Government of the Republic of Lithuania appointed the Inspectorate as a responsible authority for the independent supervision of the permissibility of the input, the retrieval and any communication to Europol of personal data by the Republic of Lithuania and to examine whether this doesn't violate the rights of the data subject.

On the 20 May 2003 by the Governmental resolution the State Data Protection Inspectorate was assigned as the institution responsible for the independent supervision of the legitimacy of the processing of personal data in the national Schengen information system. The provisions of this resolution concerning the supervision of national SIS will come into force since the Republic of Lithuania will join the Schengen agreement.

According to the paragraph 6 of the Regulations of the Inspectorate approved by the Resolution of the Government of the Republic of Lithuania No 1156 the principal objectives of the Inspectorate shall be the following: to develop data protection, to supervise the activities of personal data controllers in processing personal data, to control the legality of the processing of personal data, to fight against the violations of data processing and to ensure the protection of the rights of the data subject. The Inspectorate shall seek that the protection of personal data in the Republic of Lithuania meets the requirements of the European Union and is properly ensured in the setting of the information society.

The paragraph 12 establishes that the Inspectorate shall be headed by Director, who shall be admitted and dismissed from work in accordance with the procedure laid down in the Law of Public Service of the Republic of Lithuania.

3. The Legal Rights of the Supervisiory Authority.

The Article 31 of the Law establishes that the Inspectorate shall:
  1. administer the Register of Personal Data Controllers, make its data public and carry out supervision of the activities of the registered data controllers relating to the processing of personal data;
  2. examine personal requests and complaints in cases provided by this Law in the manner set forth in the Law on Public Administration;
  3. check the lawfulness of personal data processing and take decisions in respect of the breaches of personal data processing;
  4. grant authorisations to data controllers to disclose personal data to data recipients in third countries;
  5. draw up and announce annual reports on its activities;
  6. provide assistance to data controllers and draw up methodological recommendations on the protection of personal data and make them public on the internet;
  7. following the procedure established by law, provide assistance to data subjects residing abroad;
  8. provide information, in the cases established by law, to other states about the legislation of the Republic of Lithuania regulating protection of personal data and the practices of its administration;
  9. carry out prior checking in the cases established by this Law and submit its conclusions to the data controller about the intended data processing;
  10. implement the provisions of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108);
  11. make recommendations to the Seimas, the Government, other state and municipal institutions and agencies relating to drafting, amendment and repeal of laws or other legal acts where the provisions of laws or other legal acts are related to the questions falling within the competence of the State Data Protection Inspectorate;
  12. assess the personal data processing regulations submitted by data controllers;
  13. perform other functions set out in this Law and other legal acts.
According to the Article 32 of the Law the Inspectorate, when performing its functions, shall be entitled:
  1. to obtain free of charge from state and municipal institutions and agencies, other legal and natural persons all necessary information, copies and transcripts of documents, copies of data and get access to all data and documents necessary for discharging all the functions of supervision of personal data processing;
  2. to obtain access, subject to a prior notice in writing, to the premises of the supervised person, including the premises which are leased or used on any other basis, or to the territory where the documents and equipment used for the personal data processing are kept. Access to the territory of the legal person, his buildings and premises, including the buildings and premises which are leased or used on any other basis shall be permitted only during the office hours of the legal person under supervision. Access to residential premises, including the premises which are leased or used on any other basis of a natural person under supervision, where documents and equipment relating to the personal data processing are kept shall be permitted only upon producing a court order warranting entry into the residential premises;
  3. to take part in the sessions of the Seimas, meetings of the Government and other state institutions when issues relating to the personal data protection are being deliberated;
  4. to summon experts/consultants, form work groups for examination of data processing or data protection, as well as for drafting of documents on data protection and for making decisions on other issues within the competence of the State Data Protection Inspectorate;
  5. to make recommendations and give instructions to data controllers with regard to personal data processing and protection;
  6. to draw up records about administrative offences in accordance with the procedure set out in the Code of Administrative Offences
  7. to exchange information with personal data supervisory authorities in other countries and international organisations to the extent necessary for the discharge of their duties;
  8. to take part in legal proceedings involving violations of international and national law on personal data protection;
  9. to exercise other rights provided by law and other legal acts.
Article 26 of the Law establishes that the State Data Protection Inspectorate shall carry out prior checking in the following cases:
  1. where the data controller intends to process special categories of personal data by automated means save for the purposes if internal administration or in the cases specified in Article 10 and paragraph 2(6) and (7) of Article 5 of this Law;
  2. where the data controller intends to process by automated means public data files unless the laws and other legal acts specify the procedure for disclosure of the data;
  3. where the data controller of the information systems of state registers or state and municipal institutions authorises the data processor to process personal data save the cases where the laws and other legal acts provide for the right of the data controller to authorise a specific data processor to process personal data or where the data processor is a legal entity established by the data controller;
  4. in the cases specified in paragraph 1 of Article 12, paragraph 2 of Article 16 and paragraph 4 of Article 18 of this Law.
4. The Restrictions of the Activities of the Supervisory Authority.

The Inspectorate's jurisdiction covers the entire public and private sectors, except the processing of personal data for the purposes of providing information to the public or the purposes of artistic or literary expression as well as other purposes. The Inspectorate shall not have the right to control the processing of personal data in the courts.

5. Contacts.

State Date Protection Inspectorate
Gedimino ave. 27/2,
01104 Vilnius, Lithuania

Phone:
+370 5 279 14 45
Fax:
+370 5 261 94 94
e-mail:
ada@ada.lt
web sites: www.ada.lt


  The administrator of this web site is:
Inspector General for the Protection of Personal Data
ul. Stawki 2; PL-00-193 Warszawa
Phone: +48 (22) 531 03 00, Fax: +48 (22) 531 03 01, e-mail: kancelaria@giodo.gov.pl