Latvia - Data Protection
History of Data Protection in LATVIA
Latvia's general law on data protection, the Personal Data Protection Law, was passed in 2000. It implements Directive 95/46/EC into national legislation.
On 24 October 2002 the Latvian Parliament passed a statute entitled "Amendments to Personal Data Protection Law". This law holds that the provisions of the Personal Data Protection Law are applicable to the processing of personal data in the field of criminal law and domestic security.
The Latvian Data State Inspectorate was established under Regulation No. 408 of 28 November 2000, the Statute of the Data State Inspectorate.
Summary of Data Protection in LATVIA
|Title of Data Protection Legislation||Personal Data Protection Law|
|Name of supervisory authority||Data State Inspectorate|
|General Powers of supervisory authority||
Section 29(3) of the Personal Data Protection Law outlines
the duties of the Inspectorate:
"1) to ensure compliance of personal data processing
in the State with the requirements of this Law;
2) to take decisions and review complaints regarding the protection of personal data;
3) to register personal data processing systems;
4) to propose and carry out activities aimed at raising the efficiency of personal data protection and submit reports on compliance of personal data processing systems created by government and local government institutions […]
5) together with the Office of the Director General of the State Archives of Latvia, to decide on the transfer of personal data processing systems to the State archives for preservation thereof;
6) accredit persons wishing to perform system auditing of personal data processing systems of government and local government institutions in accordance with procedure established by the Cabinet of Ministers."
|Who has standing to notify the supervisory authority of breaches?||Probably anybody, but certainly the data subject (see s20, s29(3)(2) and s29(4)(1) of the Personal Data Protection Law.|
|What are the penalties for data controllers if they breach the law?||There are no penalties for breaches mentioned in the Personal Data Protection Law.|
|Have any provisions been made for the processing of a national identification number or a general identifier, as per Article 8(7)?||Yes. The Law on State Population Register states that each Latvian inhabitant shall be given personal identity number. Several laws regulate the usage of this identification number. They include the Tax Collection laws, the Administrative Procedure Law, and the Commercial Law. The personal identity number should also be treated as falling under the ambit of the Personal Data Protection Law.|
|Is it necessary to obtain consent before processing personal data, or are alternatives available even when obtaining consent would not be impracticable or inappropriate?||It is probably sufficient to use alternatives to consent even when it is not impracticable or inappropriate to obtain it.|
|Does the Data Protection Legislation cover the deceased?||Yes, in limited circumstances, for example genetic research.|
|Who is able to indirectly identify the data subject?||Anybody|
- Personal Data Protection law (23rd March 2000) and other relevant regulations
- Freedom for Information law 29th October 1998
- Medical Treatment Law as of 20 June 2001, see Section 50 with regards to medical information
- Latvian Data Protection Authority - Data State Inspection
- The Soros Foundation, whose aim is to establish a civil society in an independent Latvian State
- The Latvian chapter of Transparency International
- The Human Rights Institute of the University of Latvia
- Data protection in the project "Genome Database of the latvian population"