Portugal’s Data Protection and Cybercrime Laws: Navigating Legal Overlaps and Compliance
Portugal’s Data Protection Act (Law No. 58/2019), published on August 9, 2019, aligns with the EU’s General Data Protection Regulation (GDPR), imposing stricter data handling requirements. While GDPR penalties can reach 20 million euros or 4% of global revenue, the Portuguese law introduced lower minimum fines, starting at €1,000 for individuals and varying for businesses based on their size.
Additionally, Law No. 59/2019 addresses data processing for criminal investigations, based on EU Directive 2016/680. It mandates data security measures, especially for sensitive data, and includes prison sentences of up to two years for unauthorized data access, illegal data usage, and breaches of data confidentiality.
A challenge arises when overlapping cybercrime laws (Law No. 109/2009) apply to the same conduct. For instance, distinguishing between “data falsification” and "data violations" requires careful judicial interpretation to avoid double punishment for similar actions. Courts face the task of clarifying these overlaps to uphold both data protection and cybersecurity.
For further details, the full content, published on August 12, 2019, is available in Portuguese in the Público newspaper.
Conclusion
A challenge arises when overlapping cybercrime laws (Law No. 109/2009) apply to the same conduct. For instance, distinguishing between “data falsification” and "data violations" requires careful judicial interpretation to avoid double punishment for similar actions. Courts face the task of clarifying these overlaps to uphold both data protection and cybersecurity.
For further details, the full content, published on August 12, 2019, is available in Portuguese in the Público newspaper.
JP
Global Director of Governance, Risk & Compliance | PhD Candidate | Internationally Qualified Attorney
