EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Country Reports >Republic of Lithuania|
Article 22 of the Constitution states, "The private life of an individual shall be inviolable. Personal correspondence, telephone conversations, telegraphs messages, and any other communication shall be inviolable. Information concerning the private life of an individual may be collected only upon a justified court order and in accordance with the law. The law and the court shall protect individuals from arbitrary or unlawful interference in their private or family life, and from encroachment upon their honor and dignity."
Lithuania's predominant data protection regulation, the Law on Legal Protection of Personal Data (LLPPD), was passed in 1996 and has since been amended multiple times, most recently in 2003. The appearance of data protection law in Lithuania was mainly fostered by Lithuania's political aim to become a member of the European Union; legislative amendments to the LLPPD ensured its compliance with the EU Directives on Data Protection and Telecommunications. Lithuania has been a full member of the EU since 2004.
The 2003 amendment radically changed the aim of the LLPPD. The current law seeks "protection of an inviolability of an individual's right to private life with regard to the processing of personal data" in comparison with previous wording of the LLPPD which aimed at balancing individuals’ and processors’ interests.
The stated purpose of the Law on Legal Protection of Personal Data is to protect the private lives of people by establishing the rights of individuals and regulations for data processors. The LLPPD extends to personal information held by both public and private entities. In addition to baseline protections, the LLPPD also includes specific provisions for the processing of personal data in various sectors and for various purposes, including social security, social care, health care, scientific research, direct marketing, statistics, elections, referenda and citizens' legislative initiatives and telecommunications.
Individuals are entitled to know about the processing of their personal data; have access to that data; familiarize themselves with the processing method; demand rectification or destruction of their personal data; and object to the processing of their personal data. These rights are, however, contingent upon several enumerated exceptions, such as national security, law enforcement and important economic or financial interests of the state. In addition to these rights, the data subject, who has sustained damage as a result of unlawful processing of personal data, or any other acts or omissions by the data controller, the data processor or any other persons, in violation of the provisions of the LLPPD shall be entitled to claim compensation for pecuniary and non-pecuniary damage caused to him. The extent of pecuniary and non-pecuniary damage is determined by the courts.
Personal data can only lawfully be processed if used for predefined purposes such as compliance with a legal obligation or as a necessary adjunct to a commercial transaction. The use must be accurate, fair, lawful, and not excessive in relation to the predefined purpose. Finally, personal data can only be further disclosed under a personal data disclosure contract, specifying the purposes for which the data will be used and the conditions and procedures of its use.
As a complement to the protections described above, in 1998 the Code of Administrative Offences was supplemented with monetary penalties for unlawful personal data processing, and unlawful state information systems processing. A 2006 amendment to the Code of Administrative Offences provides that any organization that fails to indicate mandatory information (name, registered office, legal form, code, register which registration data is stored and kept in or other mandatory data, as established by the laws) on its corporate Internet site shall be subject to a fine.
Article 26 provides the circumstances under which prior checking by the State Data Protection Inspectorate of information processing activities is necessary. Prior checking must be carried out in all cases, unless personal data are intended to be processed by non-automated means, or when sensitive data are intended to be processed for internal administration purposes. In addition, the Law on State Registers provides further controls on the use and legitimacy of state data registers that contain personal information, and mandates that data registers may only be erased or destroyed in cooperation with the SDPI.
The State Data Protection Inspectorate is responsible for supervising and monitoring the processing of personal data, and enforcing the provisions of the Law on Legal Protection of Personal Data and the Law on State Registers. Before data processing takes place, the data processor must inform the SDPI, which registers the processor and has the power to carry out prior checking. After processing is carried out, the SDPI checks its lawfulness, handles appeals for denial of access to records, and grants authorizations to data controllers to disclose personal data to data recipients in third countries. Other functions of the SDPI include examination of personal requests and complaints, assistance to data controllers and data subjects, and composition of methodological recommendations on the protection of personal data.
In 2004, the SDPI gained full membership status in the Working Party on the Protection of Individuals with regard to the Processing of Personal Data set up under Article 29 of the Directive 95/46/EC of the European Parliament and of the Council. After the ratification of the Europol Convention on April 22, 2004 and its entering into force on September 1, 2004, as well as the ratification of the Convention on the Use of Information Technology for Customs Purposes on May 1, 2004 and its entering into force on August 1, 2004, the SDPI became a full member of the Joint Supervisory Authorities of Europol, Schengen and Customs.
The State Data Protection Inspectorate is a government institution financed from the state budget. The SDPI is accountable to, and its regulations approved by, the government. The status of the SDPI is a specific one because, while under the executive power, it is competent to inspect and control the processing of personal data by legislative bodies. The lack of full independence of the SDPI as a national supervisory authority was noted most recently in evaluation by experts of the European Commission relating to Lithuania’s preparedness for implementation of its membership in the Schengen agreement, specifically the country’s adequacy in the data protection field. The EU’s report states that data protection in Lithuania is appropriate and entirely conforms to Schengen, except the fact that the Inspectorate is not fully independent. The Inspectorate’s administrative integration within the government structures could represent a risk for its functional independence.
In a 2005 case, O.Jakstaite v. Prime Minister, the petitioner, former SDPI Director Ms. Jakstaite, appealed the judgment of the Vilnius Circuit Administrative Court to the Supreme Administrative Court of Lithuania for annulment of the Prime Minister's decree. The decree imposed on the SDPI Director an official sanction, namely, a severe reprimand for breach of principles and rules of ethics of state servants' activities, as well as, infringement of principles of objectivity and proportionality. Vilnius Circuit Administrative Court indicated that the SDPI selected an authoritarian management style, and that the Director often adopted all decisions ex-parte and employees had no actual influence on decision-making. The representative of the Prime Minister in the case stated that the internal rules of the SDPI are too strict. Furthermore, it was determined that Ms. Jakstaite was often behaving in an unprofessional manner, and thus, raised the mistrust of the society and commercial entities, whose activities in the data protection field are controlled by the SDPI. It was also established that the SDPI had often been expressing different opinions on the same issues. The Supreme Administrative Court concluded that the Director of the SDPI, Ms. Jakstaite, breached principles and rules of ethics of state servants' activities and violated the objectivity and proportionality principles embedded in Article 4 of the Law on Public Administration.
During 2006 the SDPI reviewed 161 complaints and requests from individuals, investigated 729 notifications on data processing, answered 84 requests from Convention ETS No. 108 Member States, prepared 310 conclusions on prior checkings, and conducted 92 preventative inspections. In total, the SDPI provided 2,484 consultations. The SDPI provided information to the public through mass media, conferences, seminars and other means 141 times in 2006; this is a significant improvement in outreach efforts as compared to 2005. In 2006, the SDPI performed inspections on how personal data are being processed in selected sections: in banks established and operating in Lithuania also in the public utilities service providers.
The government adopted a resolution that affects Internet privacy. The Resolution introduces data retention requirements for hosting service providers. They are required to log operations with data and content hosted on their servers and to provide them free of charge, along with the personal data of the individual and entities using the hosting services, to criminal investigators and other law enforcement authorities. However, the obligation to provide such data is limited to data necessary for normal business operations, following the September 2002 Constitutional Court decision.
On April 15, 2004, the Parliament adopted Law No. IX-2135 on Electronic Communications, which replaced the former Law on Telecommunications. The law implements all of the EU directives of 2002 on electronic communications, including the EU Directive on Privacy and Electronic Communications (2002/58/EC), and is aimed at regulating the operation of electronic communications in Lithuania.
In March 2006, the European Union amended the EU Directive on Privacy and Electronic Communications by enacting the Directive on Mandatory Retention of Communications Traffic Data, which requires Member States to require communications providers to retain communications data for a period of between 6 months and 2 years. Member States have until September 16, 2007 to transpose the requirements of the Directive into national laws; however, a delay of 18 additional months, until March of 2009, is available. Lithuania is among the 16 Member States that have declared that they will delay the implementation of data retention of Internet traffic data for the additional period.
The Constitution and the law limit government observation of, and intrusion into, individuals' privacy. Under a criminal procedure law, as well as a Law on Operational Activities, wiretapping requires a warrant issued by the Prosecutor General or a judge. Police and security services may, with this warrant, engage in surveillance and monitoring activities on the grounds of national security, law enforcement, and important financial or economic interests of the state. In practice, the boundaries of lawful surveillance are still being determined, with the emergence of new national and international case law. The list of potential surveillance targets covered by the Law on Operational Activities is not exhaustive, and includes “other persons and events related to the state security.” In addition, the law does not include a principle of proportionality - it does not contain a requirement to assess the reasonable relationship between the means employed and the aim sought to be achieved.
Courts tend to issue warrants for surveillance without strict scrutiny. In 2006 the Commission for Parliamentary Scrutiny of Intelligence Operations stated that courts had sanctioned surveillance too informally and without careful consideration. This statement was based on the data received from different state institutions; for example, the Lithuanian Customs office stated that in 2004-2006, courts issued warrants for secret checks of two mails and posted documents, 604 for use of special technical equipment and 217 for taped telephone conversations. Only once, during the period of 2004-2006, did a court refuse an application for surveillance activities.
The Chairman of the Human Rights Monitoring Institute (later HRMI) Steering Committee has stated that there is no clear procedure for when calls may be intercepted and when the calls cannot be tapped. There is no need to have a very serious proof that a crime was committed. The mere assumption that such a crime could be committed is sufficient for starting the wiretapping. After this happens, it is not necessary to submit the case to the court. In addition, nobody explains what happens with the records. The records may be stored in the archives, copied and later on distributed for various purposes. Moreover, there is a huge potential to intercept all phone calls of important people.
In 2004, the press announced that the State Security Department has the ability to tap unrestrictedly the cell phones of the people. The representatives of the major telecommunication companies admitted that, taking into account current technical possibilities for the operational activity services to intercept the phone calls, the companies couldn't control whether the officers are tapping only those subscribers, which are indicated in the court order. There is a lack of the detailed procedure guaranteeing that the officers would control only those subscribers, which are indicated in the court order and only during the foreseen period of time. The institution nominated for the control of electronic communications, i.e. the State Security Department, is the same institution that conducts operational activities and pretrial investigations. The Report of the Human Rights Monitoring Institute (HRMI) states that this is a malpractice and suggests the control of electronic communications should be allocated to another institution than the State Security Department.
The excessive use of wiretapping is particularly troubling given recent leaks of collected information. In 2004, phone conversations of the Parliament members suspected of being corrupted and private persons were publicized. These conversations were broadcast on TV, radio and publicly discussed. The heads of the law enforcement institutions, the Deputy General Prosecutor and the Head of Vilnius Board of the Special Investigation Service, called for publicizing the private conversations between the Parliament members and private persons. 
A 2005 survey on "How the Society Evaluates the Human Rights Situation in Lithuania" assessed the level of tolerance for interference with the private life of the respondent and of the public person.[3285 ]Respondents totaling 1,005, from 19 cities and 59 villages, participated in the survey. Almost 80 percent of the respondents evaluated negatively the possibility to publicize their telephone conversations, but only about one-fifth of the respondents thought that publicizing the conversations of a well-known politician would violate his or her right to private life. For most of the people, the decisive criterion on admissibility to limit private life is the person's status in the society. The threshold for the privacy protection of well-known politicians, i.e. public persons, is rather low.
The Special Investigation Service tapped the phone of the mayor of Vilnius city; later, a special agent of this service handed the telephone records over to journalists. The agent received only the strict warning from the Head of the Special Investigation Service, who admitted that the agent caused a lot of trouble to the Special Investigation Service. However, the agent's actions were evaluated in a liberal manner. The Head of the Special Investigation Service also denied that the agent acted with the knowledge of the superior officers.
On June 26, 2003, the Parliament (Seimas) of the Republic of Lithuania passed a resolution to ensure the protection of personal information managed by government agencies. There are specific privacy protections in laws relating to telecommunications, radio communications, statistics, the population register, and health information. The Criminal Code provides for criminal responsibility for violations of the inviolability of a residence, infringement on secrecy of correspondence and telegram contents, on privacy of telephone conversations, persecution for criticism, secrecy of adoption, slander, desecration of graves and impact on computer information. The new Criminal Process Code requires a judge's authorization for the search of premises of an individual. The seizure, monitoring, and recording of information transmitted through telecommunications networks or surveillance must also be court-ordered. Civil laws provide for compensation for moral damage because of dissemination of unlawful or false information demeaning the honor and dignity of a person in the mass media.
In February 2001, the European Court of Human Rights (ECHR) accepted two cases against Lithuania filed by a former prosecutor and a former tax inspector who allege that their privacy was violated when they were fired from their positions and prohibited from taking certain posts in the private sector because of their previous collaboration with the KGB. On July 27, 2004, ECHR concluded that the ban on the applicants seeking employment in various private-sector spheres, in application of Article 2 of the KGB Act, constituted a disproportionate measure, even having regard to the legitimacy of the aims pursued by that ban and, thus, found a violation of Article 14 of the Convention taken in conjunction with Article 8. In another case, the applicants, also former KGB agents, complained that the loss of their jobs, respectively, as a private-company lawyer and barrister, and the ban on their employment in various private-sector spheres until 2009, breached their privacy. The Court recalled the case of Sidabras and Džiautas explaining that the applicants' complaints were very similar, albeit wider: they related not only to their hypothetical inability to apply for various private-sector jobs until 2009 (as in Sidabras and Džiautas), but they also concerned their actual dismissal from existing employment in that sector. Consequently, the ECHR found a violation of Article 14 of the Convention, taken in conjunction with Article 8.
The safety of classified information remains problematic. As in 2005, there were instances in 2006 when classified information was leaked and publicized. For example, the State Security Department (SSD) detained an editor of a newspaper for attempting to publish an article based on classified information. Although there had been an intelligence information leak, the negative consequences were borne only by the editor – he was arrested and the newspaper edition was confiscated. The SSD director publicly stated that an intensive investigation would be carried out for identification of responsible persons; however, in May 2006, they were not identified. To secure better protection of classified information, HRMI supports a more effective application of the existing legal norms, which enable initiation of pre-trial investigations and punishment of guilty persons. In addition, the law should define a clear and precise safety rules and foresee deterrent sanctions.
The Inspector of Journalistic Ethics noted that the data protected by the LLPPD, such as personal identification number, family status, incapacities for work, health, are too often publicized without the public interest. In particular, he drew attention to publicized information about debtors (those indebted to the mobile communication companies, municipality companies). The Inspector of Journalistic Ethics said in his report that a public announcement of debtors in the newspapers and other mass media initiated by the creditors is not lawful and violates the rights of these persons. Creditors do not have a right to disseminate information about debtors' solvency. Some of the companies consider this an effective measure in the fight against the debtors’ insolvency. However, publicizing such information should not become a precedent in the democratic society.
The HRMI reported that in 2004 there was an active trade in computer software, which allowed controlling of the work process of an employee's computer. Such control creates unlimited possibilities to observe the work of the employee. A special software installation enables employers to gain access to employees’ electronic correspondence and see which websites are visited on the Internet. Although such software usage is becoming increasingly popular among the private business enterprises, there is no legal framework regulating electronic surveillance at work place. Trade unions do not express concern for the matter. The HMRI suggests that to prevent individuals from losing their entitlement to respect for private life in the workplace, employers should always inform employees about the use of electronic surveillance in advance, explain its purpose and obtain employee’s agreement. A law should further specify situations and conditions for electronic surveillance and provide deterrent sanctions. Considering the urgency of the issue, the proper legal regulation should be adopted as soon as possible.
More and more companies and organizations have established such systems in public places.The SDPI has not yet made a systemic legal analysis on the use of video surveillance measures and has limited itself to the review of single complaints. There is a need for strict observance of the requirement to inform people properly about the existence of the video surveillance. At the moment there is no legal act regulating the use of video surveillance systems. In the absence of proper legal safeguards, in 2006 HMRI observed a noticeable increase in establishment of video surveillance systems. In Vilnius, streets are monitored now by over 200 cameras. A growing number of video cameras are being installed in Kaunas, Klaipėda and Panevėžys and planned to be introduced in Šiauliai and Kėdainiai. The establishment and maintenance of video surveillance systems is very expensive and without yet proved benefits. Vilnius municipality plans to allocate each year 2 million litas (approx. $773,775 USD) for the maintenance of the system. Kaunas, plans to spent nearly fifty thousand litas (approx. $19,300 USD) each month for maintenance of its systems. The claims about the usefulness and effectiveness of video surveillance systems without a cost-benefit analysis remain questionable. In addition, public notice regarding video surveillance systems is lacking, and no signage regarding cameras in public places have been installed.
Recently, Lithuania started to issue passports with biometric data to Lithuanian diplomats. In 2006, the Parliament (Seimas) amended Laws on Regular Passport, Official Passport and State Registry to introduce the use of biometric data (digital images of the face and fingerprints) in all passports and information storage in the state register. The European Union Regulation regulating the personal biometric data and its storage provided Member States with discretion in deciding whether to store data only in the personal document or in the state registry as well. The HRMI urged members of Parliament while voting for amendments of law to take into consideration that biometric data storage in one centralized state database may put in risk the safety of stored information and leave possibilities for its leak. The Institute publicly opposed the information storage in state centralized registry, however, the law amendments were adopted and parliamentarians’ discussion was limited only to the costs incurred in application of the new technology. Society, on the other hand, was not sufficiently informed about the advantages and disadvantages of biometric documents introduction. Information provided to the public took the form of a public relations campaign and advertising portrayed the adoption of biometric passports as an attractive innovation, which increases the security of society, without discussing the privacy implications.
In the past few years, data protection issues in courts' practice started to emerge. The HRMI reports that the use of technical measures during the court hearings is not properly regulated. The Law foresees wide possibilities for the use of video recording and other technical measures during the court hearings; however, there are no comprehensive rules for storage and destruction of the collected data. The courts in their decisions still frequently use full names and last names of the parties in publicized court decisions and include excessive personal data of the parties to the case. The examples include personal identification numbers, addresses, sometimes even indicating the personal identification numbers which should not necessarily be contained in the publicly accessible decisions and thus, jeopardize the interests of the parties.
Article 123(3) of the Civil Procedure Code foresees that if the person delivering a procedural document does not find the addressee at home or at his/her workplace, one of the options to deliver the document is to hand it over to the administration of the addressee's workplace. However, it should be noted that such a document contains not only the plaintiff's, but also the defendant's personal data, which should not be accessible to the employer, unless the employer is a party to the case.
The case law in the data protection field is not very extensive. One of the reasons for this status quo is such that the right to privacy is still a novelty in the laws of Lithuania and in the courts’ practice. Furthermore, many people still do not grasp the concept of this right to privacy and consequently, do not value it. Lithuanians rarely refer to the courts or other institutions due to the violations of their private life. The more rural settlements especially perceive the boundaries of private life in a very liberal way. However, the case law regarding the right to privacy is gradually developing.
In 2005, ECHR once more found that Lithuania violated right to respect for private and family life embedded in Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms. The applicant’s complaint concerned the opening up and reading by the prison administration of all his letters to and from the State authorities, NGOs and private persons such as his family, relatives, friends and legal counsel. The Court noted that interference with the applicant's right to respect for his correspondence could only be justified if such interference would be "in accordance with the law," pursued a legitimate aim and was necessary in a democratic society in order to achieve that aim.
The interference had a legal basis, namely the provisions of the Detention on Remand Act and Remand Prisons Internal Rules, and the Court was satisfied that it pursued the legitimate aim of "the prevention of disorder or crime." However, as regards the necessity of the interference, the government had not explained why the control of all of the applicant's letters addressed to him and coming from the outside world was indispensable. The Court explained that the government's reason, namely the fear of the applicant's absconding or influencing his trial, may have been a basis for a certain form of interference with part of his correspondence, such as, for example, checking of some correspondence of non-legal nature or his correspondence with certain persons of dangerous provenance. However, the Court said that this fear alone could not be sufficient to grant the remand prison administration an open license for indiscriminate, routine checking of all of the applicant's correspondence, in particularly the applicant's letters from his legal counsel. The Court also did not find any reason to justify the censorship by the prison administration of the applicant's letters to State authorities. Overall, the government has not presented sufficient reasons to show that such a total control of the applicant’s correspondence with the outside world was "necessary in a democratic society." Consequently, the Court found a violation of Article 8 of the Convention. The ECHR affirmed this position in its November 16, 2006 decision, Ciapas v. Lithuania, where prison administration opened and read all of the applicant’s correspondence from his wife, his co-suspects and his acquaintances.
The Supreme Court indicated that the right to the private life and privacy is not violated if the elements of a publication’s content do not create a possibility to identify the person about whom the information in the publication is provided. In this decision, the Supreme Court concluded that the first instance court reasonably rejected the claim and the court of appeals left the decision without the changes after the courts were not able to determine that the publicized information in the article was in particular about the plaintiff's private life. In another case, the Supreme Court also explained that a public person is not under the same defense of honor and dignity as the private one because higher behavior requirements are set for the public person than for the private one. Therefore, the public person has to tolerate the publicized information (even though it is not precise in full) or opinion about him.
According to Article 2.24(6) of the Civil Code, the author's liability is waived, when the data falls short of reality, if publicized data is about a public person, or his or her state or social activities, and the author publicized the data in good faith in order to acquaint society with that person. The Supreme Court interpreted Article 2.24(6) of the Civil Code noting that the author of misleading, incomplete or incorrect information about a public person is released from liability for the act of publishing the material, but the author is not released from a duty to correct the information, should it degrade the honor and dignity of the public person.
The Supreme Court, interpreting Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms and the person's right to private life, entrenched in national law, indicated that a violation of the right to private life can be understood as the filming of a private person in his/her private tenure without his/her consent, and/or distribution or publicizing of the video record in which the private person is recorded without his/her consent. Substantiation measures, or admissible evidence, may consist of photos, audio and video records, made without infringing the law. Admissibility of the substantiation measure is understood as receiving of information, constituting the content of the proof, without violating procedures set by the laws. Upon assessing the admissibility of the video record as the substantiation measure, it should be decided, whether this proof was received without violation of the rights and interests of the data subjects who are recorded in the video record, in particular their right to privacy. The Supreme Court indicated that in the present case the filming was conducted in the shop premises belonging to the defendant, the salesroom, i.e. the public place, the filmed persons were in labor relations with the defendant and materially liable for carried work. Such filming cannot be regarded as violation of the private person's rights, therefore, information in the video record has to be recognized as a proper proof, when considering the labor duties violation. This proof shall be assessed and analyzed together with other evidence in the case. On the basis of these arguments the Supreme Court repealed the decision of the appellate instance court, where it was decided that the discussed video records violated person's right to his private life and, thus, could not be regarded as admissible measure of substantiation.
In another case, the Supreme Court indicated that person's right to privacy is not absolute. Immunity of private life can be restricted if the person abuses his/her right (for example, by acting dishonestly, then seeking to defend himself or herself with a claim to privacy). The right to claim a right of privacy might be reasonably denied on a case by case basis. The plaintiff worked as a sales clerk. From the point of view of the territory the sphere of the private life consists of a person's living accommodations, as well premises, which the person uses for his housekeeping or professional activities or similar.[3343 ]The public workplace is not a person's private sphere. The salesmen cannot require that their privacy be guaranteed at their workplace, i.e. in the salesroom; therefore, surveillance of the salesroom and the salesmen's work is not secret surveillance of person's private life. The defendant, owner of the store, installed video cameras in public locations, i.e. in the salesroom above the working place of the saleswomen (cash register) in order to prevent the law infringements and crimes. The work of the saleswoman was public character activity, therefore she could not require to guarantee her privacy at her workplace.[3346 ]The plaintiffs made an Administrative Law infringement; her behavior was dishonest in the workplace, even unlawful; therefore, the plaintiff cannot use violation of her right to privacy in her defense.
The 1996 Law on the Provision of Information to the Public provides for a limited right of access to official documents and to documents held by political parties, political and public organizations, trade union and other entities.
There were some new developments with regard to various registers. At the beginning of 2004, the Information Systems on the Administration of the Debtors, which included both natural and legal persons, started to operate. On average, there are more than 340,000 records and 100,000 requests made each month. In December 2004, the requests increased to 200,000 per month. In 2005, the Electronic Internal Waters Vessels Register was created.[3351 ]The register will interact with other state registers and information systems and will guarantee the effective distribution of information to the data subjects, such as marshal’s judicial institutions and Tax Inspectorate.
The Lithuanian Social Insurance Fund now provides data by electronic means to private companies, such as banks and leasing companies. The banks only have partial access to the data stored in the Social Insurance Fund's database. They will be allowed to access the data concerning their client's solvency. The banks will be able to access the database only after receiving a written consent of the client. In addition, they will be able to access the data about a client's employment or work history, salary as well as any received pensions or one-time payments. Access to the database will be provided for a certain fee at the bank's request.
In 2005, an investigation was started concerning a copy of the Social Insurance Fund's database allegedly sold for LTL 10,000 (about EUR 2,900) to special investigation officers, who pretended to be potential purchasers. The copy contained 20 GB of data on the income of 1.5 million workers and 100,000 companies, names, surnames, workplaces and home addresses.
Lithuania is a member of the Council of Europe (CoE) and in June 2001 ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108). It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms and the CoE Convention on Cybercrime. On May 1, 2004, Lithuania joined the European Union.
Constitution of the Republic of Lithuania (Approved by The Citizens of the
Republic of Lithuania in the Referendum on October 25, 1992 as last amended on
July 13, 2004, No. IX-2343, No. IX-2344), available at
 The Law on
Legal Protection of Personal Data, No. IX-1296 (2003), available at
 European Union Member States Index, available at <http://europa.eu/abc/european_countries/eu_members/lithuania/index_en.htm>.
 Law on Legal Protection of Personal Data, supra.
 State News,
 See Ona Jakstaite, "Regulating Data Security in Lithuania," Baltic IT Review.
 Law on Amending Articles 172(27), 173(14), 187, 263 and 281 of the Code of the Republic of Lithuania of Administrative Offences No X-815, (2006) (State Gazette, 2006, No 102-3937).
 The Law on the Public Registers, No. I-1490 (1996), (State News, 1996, No.86-2043).
of Republic of Lithuania Resolution No.1185 Concerning the Setting up of the
State Data Protection Inspectorate, October 10, 1996 (State news, 1996,
 Recommended form approved by Order No. 1T-28 of 29 January 2004 of the Director of the State Data Protection Inspectorate, "Notification of automated processing," January 29, 2004. See the State Data Protection Inspectorate’s website at <http://www.ada.lt/index.php?action=page&lng=en&id=107>.
Convention, State News, 2004, No. 113-4202 (in Lithuanian), available at
 Convention on the Use of Information Technology for Customs Purposes, State News, 2004, No. 36-1188 (in Lithuanian), available at <http://www3.lrs.lt/cgi-bin/preps2?Condition1=228195&Condition2=>.
Activity Report of the State Data Protection Inspectorate for the year 2006,
 O. Jakstaite v. Prime Minister, April 22, 2005, No. A10 – 459 – 05, Supreme Administrative Court, available at <http://www.lvat.lt/Default.aspx?item=nutart>.
 Annual Activity Report of the State Data Protection Inspectorate, supra.
Resolution No. 290 of March 5, 2003 on Procedures for Control of Harmful
Information and Distribution of Restricted Information in Publicly Accessible
 Constitutional Court of the Republic of Lithuania, Ruling on compliance of Paragraph 2 of Article 27 of the Republic of Lithuania Law on Telecommunications (...), September 19, 2002, available at <http://www.lrkt.lt/dokumentai/2002/r020919.htm>.
 Law on
Electronic Communications, No.IX-2135 (2004), available at
 See Petrauskas Lideika, Update June 2004, Infolex.lt, June 2004, available at <http://www.infolex.lt/portal/ml/start.asp?act=legupd&lang=eng&biulid=87>.
 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, available at <http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:NOT>.
 Law on
Operational Activities, No.IX-965 (2002), (last amended May, 2003), available at
 Id., at art. 3 para. 2.
 “Special services spy on thousands, but trace only tens of suspects,” (in Lithuanian) BNS, June 23, 2006, available at <http://www.bernardinai.lt/index.php?url=articles/49997>.
Gudaviciute, "The Words Hunters Bluster without Limitations," (interview with
the Chairman of the Human Rights Monitoring Institute Steering Committee),
Respublika, March 1, 2005, at 4.
Rights in Lithuania 2004: Overview, 2nd Periodic Report of Human Rights
Monitoring Institute (2005), available
[3285 ]Survey "How
the Society Evaluates the Human Rights Situation in Lithuania," results
presented by the Human Rights Monitoring Institute in the BNS press conference,
Vilnius, January 17, 2005 (in Lithuanian), available at <http://www.hrmi.lt/news.php?strid=1010&id=2208>.
 See <http://www.hrmi.lt/downloads/structure//tyrimo_pristatymas_20050117.pdf>.
 Survey "How the Society Evaluates the Human Rights Situation in Lithuania," supra.
Mockute, "The Man of the Week, Invisible and Inaudible Agent of the Special
Investigation Service, Takes Over the Mission of the Judge," Republika, February
19, 2005, at 4.
of the Seimas of the Republic of
Lithuania on the Guaranteeing of Personal Data Protection in State Institutions
June 26, 2003 (in Lithuanian), available at<http://www3.lrs.lt/cgi-bin/preps2?Condition1=214375&Condition2=>.
 Law on Electronic Communications, No. IX-2135 (2004), available at <http://www.ada.lt/images/cms/File/ERI%20LAW.pdf>, replacing the Law on Telecommunications No. I-1109, (1995).
 Law on Radio Communication, No.I-1086 (1995) available at <http://www.litlex.lt/Litlex/Eng/Frames/Laws/Documents/366.HTM>.
 Law on Statistics, No.I-270 (1993).
 Law on the Population Register, No. I-2237 (1992).
 Law on the Health System, No.I-552 (1994).
 United States Department of State, Country Reports on Human Rights Practices, Lithuania, 2003, supra.
 United Nations Human Rights Committee, Consideration of Reports Submitted by States Parties Under Article 40 of the Covenant, Initial reports of States parties due in 1993, Addendum, Lithuania, 1996, available at <http://www.hri.ca/fortherecord1997/documentation/tbodies/ccpr-c-81-add10.htm>.
Probing 2 Cases Of Ex-KGB Agents Vs. Lithuania," Baltic News Service, February
 Sidabras and Dziautas v. Lithuania, ECHR, Applications Nos. 55480/00 and 59330/00, July 27, 2004, available at
 Rainys and Gasparavicius v. Lithuania, Applications Nos. 70665/01 and 74345/01, April 7, 2005, available at
 “Parliament received a secret SIS document that caused a scandal,” BNS, September 19, 2006, available at <http://www.delfi.lt/news/daily/lithuania/article.php?id=10730616>.
Report of the Inspector of Journalistic Ethics for the Year 2003 – 2004,
April 13, 2004, available at <http://www3.lrs.lt/pls/inter/w3_viewer.ViewTheme?p_int_tv_id=2564&p_kalb_id=1&p_org=0>.
 Valerija lebedeva, “Electronic working place control is not legally regulated,” Vakarų ekspresas, November 13, 2006.
Rights in Lithuania 2004,
 “A Big Brother will openly watch in Vilnius,” Omni, November 21, 2006.
 “Video surveillance system is installed in Kaunas,” lrytas.lt, October 18, 2006; Gina Kubiliūtė, “Secret kameras will protect Klaipėda park from vandals, „Klaipėda,“ April 12, 2006, available at <http://www.delfi.lt/archive/article.php?id=9292911&categoryID=5995&ndate=1144789200>; “People in Pavevėžys have selected places for the installation of video cameras,” Delfi, April 11, 2006, available at <http://www.delfi.lt/archive/article.php?id=9280896>; “This year in Panevėžys will be installed 11 video cameras,” vtv.lt, February 13, 2006, available at <http://www.vtv.lt/content/view/15105/345>.
 “In Vilnius will be extended the network of video surveillance system,” Delfi, December 6, 2006.
 “In Kaunas is installed the video surveillance system,” lrytas.lt, February 7, 2006.
 Available at <http://www3.lrs.lt/pls/inter2/dokpaieska.showdoc_l?p_id=279764>.
 Available at <http://www3.lrs.lt/pls/inter2/dokpaieska.showdoc_l?p_id=277499>.
 Henrikas Mickevičius, “In depth discussion on the planned usage of biometrical data is necessary,” HRMI, January 26, 2006, available at <http://www.hrmi.lt/news.php?strid=1999&id=3455>.
 “Passports are issued with the digital pictures of the owner,” Delfi, August 28, 2006, available at <http://www.delfi.lt/archive/article.php?id=10507177>.
Rights in Lithuania 2004,
 Seminar "Data Processing in the Courts," by Dr. Krause, Vilnius, April 21, 2005.
Gudaviciute, "The Words Hunters Bluster without Limitations," (interview with
the Chairman of the Human Rights Monitoring Institute Steering Committee),
Respublika, March 1, 2005, at 4.
 Activity Report of the Inspector of Journalistic Ethics, supra.
v. Lithuania, ECHR, Application no. 59304/00, February 24, 2005, available at
 Convention for the Protection of Human Rights and Fundamental Freedoms, available at <http://www.echr.coe.int/NR/rdonlyres/D5CC24A7-DC13-4318-B457-5C9014916D7A/0/EnglishAnglais.pdf>.
 Jankauskas v. Lithuania, supra.
 Ciapas v. Lithuania, ECHR, Application no. 4902/02, November 16, 2006, available at <http://cmiskp.echr.coe.int/tkp197/view.asp?item=7&portal=hbkm&action=html&highlight=Lithuania&sessionid=10530019&skin=hudoc-en>.
Varapnickiene-Mazyliene v. Vilnius City Children Rights Defense Service,
November 29, 2004, No 3K-3-600/2004, Supreme Court of the Republic of Lithuania,
Overview of the Supreme Court Cassation Practice for the year 2004, at 13 -
 V. Vizbaras v. I. Dzedulioniene, February 17, 2004, No. 3K-3-56/2004, Supreme Court of the Republic of Lithuania, Overview of the Supreme Court Cassation Practice for the year 2004, at 14.
Kaliacius v. I. Starosaite-Zvaguliene, October 27, 2004, No. 3K-3-579/2004,
Supreme Court of the Republic of Lithuania, Overview of the Supreme Court
Cassation Practice for the year 2004, at
 P. Lasas v.
JSC "VP Market," November 2, 2004, No 3K-3-643/2004, Supreme Court of the
Republic of Lithuania, Overview of the Supreme Court Cassation Practice for the
Year 2004, at
 P. Lasas v. JSC "VP Market," supra, at 67.
Bartasiuniene v. Public Institution "Humana people to people Baltic," May 3,
2004, No. 3K-3-289/2004, Supreme Court of the Republic of Lithuania, Overview of
the Supreme Court Cassation Practice for the Year 2004, at 67 –
 J. Bartasiuniene v. Public Institution "Humana people to people Baltic," supra.
 Law on the Provision of Information to the Public, July 2 1996 No.I-1418 (as amended on July11, 2006 – No.X-752) at art.6.
 "News flow.
Debts,", Lietuvos Rytas, March 4, 2005, at
[3351 ]"The Electronic Internal Waters Vessels Register Created," Respublika, February 23, 2005, at 28.
See Mantas Dubauskas, "The Country
Banks will not Require Any More Piles of Notes," Lietuvos Rytas, February 10,
2005, at 10, and Martynas Zilionis, "Data about Salary – Directly from the
Social Insurance Fund," Respublika, March 12, 2005, at
Vanagas, "Trade in Social Insurance Fund’s data," Lietuvos Zinios, April
February 11, 2000; ratified June 1, 2001; entered into force October 1, 2001,
 Signed May 14, 1993; ratified June 20, 1995; entered into force June 20, 1995, available at <http://conventions.coe.int/treaty/en/Treaties/Html/005.htm>.
 Signed June 23, 2004; ratified March 18, 2004; entered into force July 1, 2004, available at <http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=&CL=ENG>.