Data Protection in Portugal

Online privacy in Portugal

Cookie compliance

As determined by Law 41/2004, of 18 August, storage of data and the possibility of accessing data stored in a subscriber or user terminal is only allowed if the subscriber or user has provided prior consent. Such consent must be based on clear and comprehensive information.

This does not prevent technical storage or access for the sole purpose transmitting communications over an electronic communication network, if strictly necessary for the provision of a service expressly requested by the subscriber or user.

Traffic Data

Traffic data must be erased or anonymized when no longer needed for the transmission of communications. Processing of traffic data requires prior express consent and the user or subscriber shall be given the possibility to remove it at any time. Such processing may only be carried out to the extent and for the time strictly necessary for the sale of electronic communications services or the provision of other value-added services.

Processing of traffic data is admissible when required for billing and payment and only until the end of the period during which the bill may lawfully be challenged or payment pursued.

Complete and accurate information on the type of data being processed must be provided, as well as the processing purposes and duration and the possibility of disclosure to third parties for the provision of value added services. Processing should be limited to workers or employees in charge of billing or traffic management, customer inquiries, fraud detection, sale of electronic communications services accessible to the public, or the provision of value added services, as well as to the strictly necessary information for the purposes of carrying out such activities.

Location Data

Processing of location data is allowed only if such data is anonymized or to the extent and for the time necessary for the provision of value added services, provided that prior express consent was obtained. Prior information to the data subjects must also be provided.

Companies must ensure there is an option to withdraw consent at any time, or to temporarily refuse the processing of such data for each connection to the network or for each transmission of a communication, in a simple manner and free of charge.

Non-compliance with these opt-in rules is considered an administrative offence, punishable with fines ranging from EUR 5,000 to EUR 5,000,000.

Continue reading

  • no results

Previous topic
Back to top