WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC --- Privacy and Human Rights Report

You are here:  WorldLII >> Databases >> EPIC --- Privacy and Human Rights Report >> 2006 >>

[Database Search] [Name Search] [Recent Documents] [Noteup] [Help]

EPIC --- Privacy and Human Rights Report 2006

Title Page Previous Next Contents | Country Reports >Republic of Latvia

Republic of Latvia

Constitutional Framework

Article 96 of the Latvian Constitution established a fundamental human right to privacy: "Everyone has the right to inviolability of their private life, home and correspondence."[3218] All laws protecting privacy apply to citizens and noncitizens equally.[3219]

Data Protection Framework

The Law on Personal Data Protection was adopted by the Parliament on March 23, 2000, and came into force in January 2001.[3220] The law is based on standard fair information practices and is fully compliant with the EU Data Protection Directive.

Data processing systems in the areas of "public safety, combating of crime or national security and defense" or those maintained "by institutions specially authorized by law" are exempt from this registration procedure. Nevertheless, personal data protection does apply to the police sector.[3221] A further exemption from the Act is provided for "official secret matters" regulated by the Law on Official Secrets. The Law distinguishes personal data related to criminal offences, criminal records, judicial procedures in criminal cases and closed civil cases can only be processed by persons prescribed by law in the occasions provided by law.

Data Protection Authority

Supervision over personal data protection shall be carried out by the Datu valsts inspekcija (Data State Inspectorate), an institution established in 2001 and currently under the jurisdiction of the Ministry of Justice" Data State Inspectorate has staff of about 23 employees as of August 2007. It is charged with making decisions and reviewing complaints, making formal recommendations, issuing permission for the transfer of information abroad, and maintaining and inspecting the national register of data processing systems. The Data State Inspectorate is also authorized to impose administrative penalties for violations of personal data processing.[3222] In 2006, a draft amendment was submitted to the Cabinet of Ministers that stipulates criminal liability for illegal data processing if it is performed repeatedly within one year, or if it was performed by a group of persons upon previous agreement.[3223]

In 2005, the Inspectorate considered 168 applications and provided 1,500 consultations to data controllers and citizens (by written answers as well as direct communication). By the end of 2005, the Inspectorate registered 624 systems, bringing the total number of registered personal data processing systems to more than 12,000.[3224]

The majority of the complaints received by the Inspectorate involved illegal data processing in the collection process of loans and payments overdue; lack of notification from the data processor, particularly in medical services; and disproportional data processing beyond the original purpose of the collection.[3225]

Wiretapping and Surveillance Rules

Violation of the confidentiality of correspondence, information in the form of transmissions over a telecommunications networks and other information is liable to criminal punishment.[3226] On October 28, 2004, the Law on Electronic Communications was adopted.[3227] The Law on Electronic Communications replaced the Law on Telecommunications; it contains the provisions of the EU Directive on privacy and electronic communications (2002/58/EC) and has a chapter regulating data protection in the electronic communications sector. Article 68 of the Law on Electronic Communications states that the service provider is prohibited from disclosing information on users or subscribers as well as information on received electronic communications services or value-added services. The Law gives the right to the interception or surveillance of communications only to the officials of bodies performing investigatory operations and only in the cases specified by law. In addition, the processing of traffic data and location data is regulated by the Law on Electronic Communications.[3228]

The Criminal Procedure Law, which is intended to replace the Soviet time regulation of 1961, was adopted in May 2005.[3229] Among other issues, the Law elaborates on the role and process of acquiring electronic evidence. According to this regulation, investigation officers have powers to obligate an information system manager to ensure immediately that certain data necessary for the purposes of investigation is preserved unchanged and may not be revealed to any third persons whatsoever. But it is only after receiving permission of a judge that the officer can require a manager to reveal data stored in the system.[3230] There are also new rules on applying means of investigation conducted without individual's consent or knowledge, such as wiretapping, control of data stored in an electronic storage system, control of transferred data, video and audio control of a certain place or person, and tracking of a person can be executed only with a permission of a judge. The law has outlined more detailed guidelines for implementation of discretionary powers of responsible officers and the court.

Article 143 of the Criminal Law prescribes liability for illegal entry into a residence unit against the will of the person residing there. Article 144 of the Criminal Law provides that the intentional violation of the secrecy of personal correspondence or information transmitted over telecommunications networks, as well as the intentional violation of the secrecy of such information and software provided for use in connection with electronic data processing, is punishable by coercive community service or a fine of up to five minimum monthly salaries.[3231]

The Criminal Procedure Code provides an exhaustive list of situations when public agencies have a right to interfere with the right of a person to the inviolability of privacy in family life, residence and correspondence, in compliance with the procedure prescribed by the abovementioned Code. The Law lists the following procedural activities – search of the residence, search of the person, inspection, observation, seizing the property, seizing the post and telegraph correspondence, tapping telephone conversations and acquiring information from technical means, investigation experiment and the verification of testimonies on site.[3232]

One is allowed to tap conversations over the telephone and other means of communication of the suspect or the accused person, on the basis of a decision of court or a judge, in the specific criminal case, if there are sufficient grounds to believe that tapping conversations or the acquisition of information through technical means can provide information relevant to the case. One is also allowed to gain information from the technical means that are used by the suspect or the accused person. The decision on tapping conversations or the acquisition of information through technical means is sent to the police for execution. If the threat of violence, extortion or other illegal acts has been directed against the victim, the witness or other persons participating in the case, conversations of these persons over the telephone or other means of communication can be tapped without a decision by court or a judge, following the application submitted by these persons and with their consent.[3233]

The Law "On Operative Activity" and the Criminal Procedure Code include norms that do not permit an arbitrary and unjustified interference in the right of a person to the inviolability of residence and correspondence. Under Article 8 of the above Law, the operative control of correspondence, the operative acquisition of information from technical means, the operative tapping of non-public conversations (also over the telephone, electronic and other means of communication) and the operative entry is to be performed with the approval of judges. The permission to perform these operative activities may be issued for a period of up to three months and, in the event of justified necessity, it may prolonged, but only for the period of time that the operative proceedings concerning the person are undertaken. In exceptional cases, i.e., when there is a need of acting without delay to prevent a threat to vital public interests, an act of terrorism or subversive activity, a murder or some other serious crime, or if there is actual threat for the life, health or property of a person or the person's close relatives, the above operative activities can be performed without the judge's approval. The prosecutor must be notified about them within 24 hours, while the judge's approval must be received within 72 hours. If the officers fail to do so, the performance of operative activities must be terminated. In addition, Article 5 of the above Law stipulates that if the person under observation holds the opinion that the operative activity has violated his or her lawful interests and freedoms, the person has the right to submit a complaint to the prosecutor, who after a review issues a statement on the compliance of officials of operative activities to law, or the person may submit a claim in court.[3234]

There is no separate binding regulation on use of surveillance technologies; issues arising out of such cases are dealt in accordance with principles and norms of data protection law. However, in 2004 the Inspection prepared a non-binding recommendation comprising basic principles that should be followed by those willing to use such technologies in accordance with the rule of law.

In 2007, the Latvian financial police agency was ordered to pay 10,000 LAT (42,300 EUR) to high-profile TV news presenter Ilze Jaunalksne for illegally tapping her telephone and selling the transcripts to a newspaper.[3235] The Riga Regional Court found that the Finance Ministry and State Revenue Service had failed in their duties by breaching Jaunalksne's privacy. Four Financial Police officers are being prosecuted for abuse of office in connection with the wiretapping case.[3236]

Anti-terrorism Measures

In 2004, there have been several amendments to the existing legislation, which on the account of fight against terrorism, have loosened the rules guaranteeing protection of personal data in credit institutions. Coordinated amendments were made to laws on credit institutions on the Prevention of the Laundering of the Proceeds from Crime and Law on Financial Instruments.

Though the basic principle in the law on credit institutions renders that information about a client and his dealings is protected information, the lawmakers have widened the scope of exceptions. It now ensures that information on clients (existent and potential) and their dealings have to be revealed to institutions mentioned in the law in the amount required by the law. The law now mentions 13 occasions when full information on the client must be given to institutions mentioned in law, with or without the consent of a judge in some cases.[3237]

In November 2004, the Cabinet of Ministers accepted a Concept on Establishment of Anti Terrorism Centre, a document that entails establishment of a new specialized department within the institutional structure of the Security Police. The department would mainly conduct analytical and planning activities.

Starting in November 2007, the Latvian government will begin issuing e-passports to comply with European Union standards. The passports will contain a readable chip that will store the individual’s digital photo and both forefinger prints. All pre-1997 passports must be replaced with the e-passport before June 2008; all other non-e-passports will be replaced as per their expiration dates.[3238]

Workplace Privacy

In 2005, the Inspectorate prepared Recommendations on personal data protection in the workplace. The handbook is for employers and employees, and it explains what personal data may be processed by employers and whether they must inform their employees about the data processing performed.[3239]

The Inspectorate also issued a decision on workplace email monitoring. The Inspectorate stated that where the employer had provided the means for communications that is meant to be used for the employees’ duties, the employer has the right to monitor the communications. However, the employer must notify employees of the monitoring.[3240]

Major Privacy Case Law

The European Court of Human Rights concluded that Latvia had violated applicants’ rights to respect for private and family life when the country failed to regularize the citizenship of stateless individuals within Latvian territory prior to the breakup of the Soviet Union and the Independence of Latvia. Although the applicants failed to apply for permanent residentcy before the state deadline, the Court concluded that the individuals had formed and developed personal, social and economic relationships, which constituted the private life of any human being. It also found that the Latvian authorities' refusal to grant them the right to reside lawfully and permanently in Latvia represented an interference with their private lives that could not be considered "necessary in a democratic society".[3241]

The Mentzen case concerned the law requiring personal names of foreign origin to be "Latvianized" in official documents. The Latvian Constitutional Court ruled that the law does implicate the constitutional right to privacy, but the restriction was declared constitutional because it protected "the rights of other inhabitants of Latvia to use the Latvian language on all of Latvia's territory and to protect the democratic order."[3242] The European Court on Human Rights (ECtHR) dismissed the application, stating the alleged violation is such that would be necessary in a democratic society.[3243]

Recent Developments

The legal status of Data State Inspectorate has caused repeated concerns during the last few years and has been alleged to undermine independence and effectiveness of the institution. Independence is one of the main requirements by international standards, such as the EU Data Protection Directive. This problem has been patrly solved by the Concept of the Status of Independent Institution soon[3244] to be adopted by the Cabinet of Ministers, which includes Inspectorate as one of the institutions whose effective functioning can be seriously undermined if working within the institutional structure of subordination and therefore political power. The last necessary step will be amendments in the Constitution requiring the assent of 2/3 of 100 parliamentarians. Several laws were adopted from June 1, 2004 through April 30, 2005 that concern the right to privacy.

According to the Law on Establishment and Use of National Data Base of DNA adopted on June 17, 2004,[3245] the national database of DNA has to be established. This database will be used in the investigation of crimes. The law provides that the following information will be stored in the national database: profiles and data about the suspect, accused person, defendant or convict, and information on the DNA profiles and data of unrecognized dead bodies, missing persons and traces of biological origin. This information is classified as restricted access information. The Law on Establishment and Use of National Data Base of DNA regulates also the exchange of results of genetic research of DNA with other countries and international organizations.[3246]

In 2002, the Latvian Parliament passed a law introducing compulsory identity cards for all residents. It requires all citizens and non-citizens of Latvia over the age of 15 to be issued machine-readable ID cards that would also be a means for creating personal e-signatures. Introduction of ID cards was set for 2005, but has recently been postponed to year 2007.[3247]

The new Law on Civil Registration Records was adopted on March 17, 2005.[3248] This law will replace the Law on Civil Registration and regulate the registration of marriage, birth and death in registry office. The Law on Civil Registration Records states that cause of death will no longer be indicated on death certificates.[3249]

Open Government

The Law on Freedom of Information (FOIL) was adopted by the Latvian Parliament on October 29, 1998 and signed into law by the President in November 1998. It guarantees public access to all information held by state administrative institutions and local government institutions in "any technically feasible form" not specifically restricted by law. Public bodies must respond to requests for information within 15 days. According to FOIL there are several exemptions from the basic principle: the information is for internal use of an institution; it is a trade secret not relating to public procurements or information about the private life of an individual; or if it concerns certification, examination, project, tender and similar evaluation procedures, and (a recent addition) information for the use of the service, mainly concerning information received from NATO and other international institutions relating to state security. Finally, the FOIL introduces a wide exception allowing other legitimate grounds for restricting public access to be defined by other laws (e.g. criminal procedure, law on police, other laws governing particular institutions).

Appeals can be made internally to a higher body or directly to a court. The law was amended in 2003 to give the Data State Inspectorate oversight authority starting in January 2004.[3250] In practice, however, Inspectorate experiences considerable problems with implementing this task due to the lack of resources, administrative capacity, and, in contrast to oversight of data protection issues, Inspectorate has no competence to punish any violations of FOIL.

The Law on Official Secrets[3251] establishes that information on the economic situation of the country, execution of budget, and rates of salaries, benefits, preferences and guarantees granted to officials and employees of the state and local government institutions cannot be declared information of restricted access.

International Obligations

Latvia joined the Council of Europe (CoE) in 1995 and held the six-month rotating presidency from November 2000 to May 2001. It has signed and ratified both the ECHR[3252] and the CoE Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108).[3253]

In the framework of the Article 29 Working Group (established by Article 20 of Directive 95/46/EK), Latvia along with other EU countries have been working to coordinate their data protection policies. The European Convention on the Suppression of Terrorism was ratified on April 20, 1999. On December 22, 2004, Latvia ratified the Protocol Amending the European Convention on the Suppression of Terrorism. Latvia has signed and ratified the European Convention on Cybercrime.[3254]

[3218] Constitution of the Republic of Latvia (as amended December 15, 2005), available at <>.
[3219] US State Department Human Rights Report 2002 – Latvia, available at <>.

[3220] Law on Personal Data Protection (as amended October 24, 2002), available at <>.

[3221] Latvia's Contribution to the Regular Report from the Commission on Latvia's Progress Towards Accession (National Progress Report), June 2002.

[3222] Id.; as of July 2003, 35 complaints had been received.
[3223] Ninth Annual Report of the Article 29 Working Party on Data Protection, June 2006, available at <>.

[3224] Latvian Data Protection Inspectorate Annual Report 2005, available at <>.

[3225] Id. See also Ninth Annual Report of the Article 29 Working Party, supra.

[3226] Criminal Code, Article 144.
[3227] Entered into force on December 1, 2004.
[3228] Law on Electronic Communications, available at <> (in Latvian). Available in English at <>.

[3229] Criminal Procedure Law, Latvijas Vestnesis, May 11, 2005, effective from October 2005.
[3230] Id. at Articles 191 and 192.

[3231] The Criminal Law, available at <>.

[3232] Id.

[3233] Id.

[3234] "Periodic Report Of The Republic Of Latvia On The Implementation Of The 1966 International Covenant On Civil And Political Rights In The Republic Of Latvia During The Period From 1995 Till 2002," available at <>.

[3235] “News presenter wins 10,000 lats in phone tapping case,” The Baltic Times, February 12, 2007, available at <>.
[3236] Id.

[3237] Law On Credit Institutions, Article 63.

[3238] Office of Citizenship and Migration Affairs <>.

[3239] Ninth Annual Report of the Article 29 Working Party, supra.

[3240] Latvian Data Protection Inspectorate Annual Report 2005, supra.

[3241] Sisojeva and Others v. Latvia, (Application no. 60654/00) Eur. Ct. H. R. (2005); Kaftailova v. Latvia, (Application no. 59643/00), Eur. Ct. H. R. (2006). See also Amnesty International World Report 2007 - Latvia, available at <>.

[3242] Judgment of the Latvian Constitutional Court of December 2, 2001, No. 2001-04-0103.
[3243] More information available at the Web page of the Representative of the Government of the Republic of Latvia before International Human Rights Organizations, <>.

[3244] The document has not been adopted as of July 2005.

[3245] Entered into force on January 1, 2005.
[3246] Law on Establishment and Use of National Data Base of DNA, available at <> (in Latvian).

[3247] Amendments to Personal Identification Documents Law of April 20, 2004.

[3248] Entered into force on April 15, 2005.
[3249] Law on Civil Registration Records, available at <> .

[3250] David Banisar, Global Survey: Freedom of Information and Access to Government Records Around the World - Latvia, July 2006, available at <>.

[3251] Law on Official Secrets, October 29, 1996 (last amended 2004) at Article 5 available at <>.

[3252] Signed February 10, 1995; ratified July 26, 1996; entered into force July 26, 1996.
[3253] Signed October 31, 2000; ratified May 30, 2001; entered into force September 1, 2001.

[3254] Signed May 5, 2004; ratified Febraury 14, 2007, see <>.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback