Log in

Register



News

How things work in Portugal? Despite the fact that Portugal appears in the middle positioned “Followers” level of the Open Data Maturity index, the last legislation developments in this matter seem comprehensive and designed using a practical approach.

 Legislative framework

Law 65/93 of 26 August was the first attempt to regulate the access to administrative documents. It was amended two times before being revoked by Law no. 46/2007 of 24 August, which transposed Directive 2003/98 on the re-use of public sector information.

In the meantime, the Constitution of the Portuguese Republic, dated 1997, in Article 268 established the right to access to administrative archives.

The cost of reproduction of administrative documents requested by citizens in the exercise of their right of access was set by Despacho n. 8617/2002 (2° série) of the Minister of Finance. It is curious to see how the costs were detailed:

These details reveal the practice perspective with which Portuguese regulations are formulated.

The current legislation in force is Law n. 26/2016 of 22 August, which transposes Directive 2003/98/ EC 98 on the re-use of public sector information as amended by Directive 2013/37/EU.

Law 26/2016 in details

Contrary to the regulatory framework of some other European countries, Law n. 26/2016 of 22 August combines in a single text both the rights of access to information and re-use of information. However, this not lead to confusion. The text is clear, detailed and tailored for a practical application.

It defines as a general principle in article 19 that:
The administrative documents to which access may be authorised under this Law may be re-used.

Interestingly, the Law defines an organisational schema for managing the access and re-use requests similar to the one in French (see last part of our article here).

From one side the public sector bodies shall appoint a person who takes care of the obligations on the active disclosure of information and monitors the processing of requests for access and re-use (article 9 – Responsibility for access) and on the other side a Commission for Access to Administrative Documents (Comissão de Acesso aos Documentos Administrativos), also known with the acronym CADA, is foreseen.

 

These two entities are very similar to the PRADA (Personne Responsable de l’Accès aux Documents Administratifs et des questions relatives à la réutilisation des informations publiques) and CADA (Commission d’accès aux documents administratifs) defined in the French legislation.

As for the access and/or re-use requests, Law n. 26/2016 defines a number of obligations on public sector bodies.

- They shall publish on their web site, the e-mail address, place and timetable for face to face consultation, application form or other appropriate means through which requests for access and re-use of the information and documents covered by the law may be sent.

- They shall respond to the requests within 10 days either producing the documents requested, or communicating the reasons for total or partial denial of access to the documents, or forwarding the request to the public sector body, which has the documents and informing the applicant of this fact.

The conditions governing the re-use are described in the eight points forming article 23; in particular, documents made available through Internet are free to re-use; the same with regards to documents made available for educational or research and development purposes. More in general, the feeds that the public sector bodies may charge for re-use shall be limited to the marginal costs.

 The Law also states the right of compliant and the right of access to environmental information. The first defines that the applicant can complain to the CADA in the case of a lack of response, refusal, and partial satisfaction of the request or other decision, which limits access to administrative documents, within 20 days. The latter states that lists with the names of all the bodies and entities which hold environmental information shall be made public available through preferably a single website and that procedures to ensure the standardisation of environmental information shall be put in place.

In practice

The main reference for re-users of Portuguese open data is the “Portal de dados abertos da Administrativa Pùblica”, dados.gov.pt , which contains the datasets published by the public sector bodies. In case the data you want are not included in these datasets, you have to request the data directly to the public sector body owner of the data. Unfortunately there is no a free service that helps you in this task. In the past, there was the site nosqueremossaber.org, but it is no longer running.

What to do then?

The first obstacle is to find the right public sector body to whom address the request. One source is the Portal Nacional, where you can find a list of the public sector bodies and their websites. Another strategy is to look at the list of the decisions concerning complaints on the website of CADA.

Once you have identified the public sector body, which is likely to have the data you want, you have to find on its website the references to e-mail address, application form or other appropriate means to submit a re-use request.

Here below some examples:

Entidade Reguladora da Saúde (ERS)

Direção-Geral da Política de Justiça (DGPJ)

The University Hospital Center of São João (CHUSJ)

Due to the lack of free web services like those in The NetherlandsAustria, Germany etc., there is no way to consult lists of requests made by other re-users. That means that it is not possible to automatically grab the requests and add them to the PSI Monitor repository.

Hence, if you want your request listed also in the PSI Monitor, you have to add it manually. This action would ensure a wider exposure of your request at European level and that might contribute to a successful conclusion of the application.

A new chapter of our series of articles on how to make a request in the EU member states: the situation in the Czech Republic.

Legal framework

At a first look the legislative framework in this country is pretty straightforward.

The right to information was constitutionally guaranteed in the Constitutional Act of 9 January 1991 and the Act on free access to information was published on 1999 (Act no 106/1999).

The Czech FOIA  was then amended twice.

First in 2006 with the Act of 3 February 2006 amended Act no 106/1999: among the amendments, it included the transposition of Directive 2003/98/EC on article 1.

Afterwards in 2015 with the Act 222 of 12 August 2015 amended Act no 106/1999 and transposing Directive 2013/37/EU.

Reading the text of the above mentioned Acts, the  degree of transposition of the PSI Directive seems not fully comprehensive.

 In particular as regards of the re-use of public sector information, they do not say anything. In other words, there is no reference to the right of re-use of information and thus the conditions for the re-use are left to uncertainty or, better, not formalised. The only reference which might be in relation with the conditions for re-use is in section 14a(4) of Act 222 of 12 August 2015:

[…]An obliged entity may provide an exclusive licence only if the exclusive licence is necessary for the further dissemination of information and such a step is in the public interest.[…]

Another aspect to be considered, is the fact that the legislation cites “obliged entities” and other “public institutions” as entities which have to provide free access to information without giving a precise definition for them. The result is that the Czech Constitutional Court is often asked to decide whether or not a certain entity is subject to the obligations of the legislation.

In practice

Despite of this lack implementing legislation, or maybe because of this, in the last years some NGOs have provided guides to help citizens and companies in preparing and submitting information requests. In particular, Otevrě ná spolecň ost, o.p.s. (the “Open Society Non-Governmental Organization”) provides a website, Informace pro všechny, that allows to submit the requests (similar to the well known whatdotheyknow.com that we have already described here) and to browse the requests submitted.

The steps to submit a request are common to other online platforms already described in our older articles.

First, you have to click on the “make a request” (“VCNESTE DOTAZ”) menu item, then you are requested to login or register if you do not have an account. After that, you are invited to choose the public sector body to whom you want to address your request and then you are presented with a form to insert the object (“Předmět”) and the description “Váš dotaz” of the request.

 

As we usually suggest, it is better to describe how you intend re-use the information (although it is not requested by the implementing legislation).

Naturally, if you want that your request appear also in the repository of PSI Monitor, just add the tag #psimonitor at the end of the description; otherwise you will have to add it manually.

As we know, the revision of the PSI Directive is under way. The Commission issued the first proposal on 25 April 2018 and on 7 November 2018 the European Council agreed a compromise text taking into account the key concerns of the Member States.

Meanwhile, on 25 May 2018 a major reform of the European data protection framework, i.e. the General Data Protection Regulation (GDPR), entered into force.

At this stage, where the revision cycle of the new PSI Directive proposal is close to the end, it is interesting to analyse its relationship with the GDPR.


References to the GDPR in the text of the PSI Directive

Taking the text agreed by the European Council as a reference, Article 2, point 3a foresees full compliance to the provisions of the GDPR and the corresponding provisions of the individual Member States:

This Directive is without prejudice to the provisions of Union and national law, on the protection of personal data, in particular those of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council and Directive 2002/58/EC of the European Parliament and of the Council, and corresponding provisions of the Member States.

Since the GDPR is explicitly mentioned, that reinforces the idea that any possible re-use of data must comply with the requirements of the Regulation.

Recital 47 suggests a way to go by introducing the concept of “anonymous information”.

This Directive should not affect the protection of individuals with regard to the processing of personal data under the provisions of Union and national law, particularly under Regulation (EU) 2016/679 of the European Parliament and of the Council and Directive 2002/58/EC of the European Parliament and of the Council including any supplementing provisions of law enacted by the Member States. Anonymous information is information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. Rendering information anonymous is a means to reconcile the interests in making public sector information as re-usable as possible with the obligations under data protection legislation, but comes at a cost. It is appropriate to consider this cost as one of the cost items to be considered as part of the marginal cost of dissemination as defined in Article 6 of this Directive.

Article 6 “Principles governing charging” states that:

Re-use of documents shall be free of charge. However, Member States may provide that the marginal costs incurred for the reproduction, provision, and dissemination of documents, as well as anonymisation of personal data and measures taken to protect commercially confidential information, may be recovered.

Article 6 and Recital 47 establish two key concepts:

  • making information anonymous would solve any possible conflict between data re-use and data protection,
  • the cost of anonymisation can be included in the marginal costs

 Recital 33 foresees the same provision also for libraries, museums and archives. In other words, anonymisation is welcome, but it may increase re-use costs.

 

Anonymisation as a marginal cost. A crutch for the GDPR?

Regulation (EU) 2016/679 in Article 32 Security of processing recommends the adoption of security measures like pseudonymisation and encryption of personal data. Other measures are not excluded but it is clear that if you pseudonymise or encrypt your data, you are compliant with the Article 32.

GDPR defines pseudonymisation in Article 3 as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” The “additional information” must be “kept separately and subject to technical and organisational measures to ensure non-attribution to an identified or identifiable person.”

Pseudonymisation is thus a slight form of anonymisation. The difference is that pseudonymous data still allows the re-identification, while anonymous data cannot be re-identified. It is obvious that if you provide pseudonymous data as open data not including the “additional information”, the data become anonymised data.

What does this mean? It means that public sector bodies, libraries, museums and archives have an extra incentive to pseudonymise/anonymise their data by charging the relative costs to the re-users with the condition that they provide their data as open data.
This all sounds like a win-win strategy: the public sector bodies do not pay for anonymisation and the re-users have more data to re-use.

Evaluation by the Commission

Another sign of impact of the data protection rules on the PSI Directive is mentioned in Article 16  Evaluation, where on point 1 it is stated that the Commission shall carry out an evaluation of the Directive and on point 2 that:

  1. The evaluation shall in particular address the scope and impact of this Directive, including the extent of the increase in re-use of public sector documents to which this Directive applies, the effects of the principles applied to charging and the re-use of official texts of a legislative and administrative nature, the re-use of documents held by other entities than public sector bodies, the interaction between data protection rules and re-use possibilities, as well as further possibilities of improving the proper functioning of the internal market and the development of the European data economy.

The provision of including the interaction between data protection rules and re-use possibilities in the evaluation have already been added by Directive 2013/37/EU, nevertheless on the light of the points above described, now it has a greater importance.

Conclusion

The new PSI Directive has  not been finalized yet, but the last amendments show that the data protection has been taken into account by recommending compliance with the GDPR and encouraging the anonymization of information by including its cost between the marginal costs.

Our investigation to figure out how to make PSI requests this time focuses on Spain.
This country ranks near the top of the maturity index of Member States according to the Open data Maturity Data Report 2018. It is in fact, one of the five European countries qualified as “trend-setters”. Is all that glitter gold?

Legal framework

The fact that tuderechoasaber.es, a website created to facilitate requests for access to public sector information, was closed in 2015 due to the insisted refusal of the institutions to reply to the requests  seems to cast some shadows on this performance. Let’s explore the legal framework which underlies the access and the reuse of information in Spain.

The Constitution of 1978 introduced for the first time the right of access to information in article 105 paragraph (b):

The law shall make provision for:

[…]

The access of citizens to administrative files and records, except to the extent that they may concern the security and defence of the State, the investigation of crimes and the privacy of persons.

However it was not included in the Constitution as a fundamental right as in other countries. This fact had some consequences; it could be regulated not only by provisions coming from the central parliament but also through local legislation produced by the autonomous communities, generating  competition between local and national provisions. The Catalan Law of Transparency (Law 19/2014, of 29 December, on transparency, access to public information and good governance) is the best example.

The first regulation of the right to access to information enshrined in the Constitution is dated 1992. Law 30/1992, of 26 November 1992, on the legal framework of public administrations and common administrative procedure (LRJPAC) implemented in Article 37 the right of citizens to access records and documents held in administrative archives, but the provision was unclear with the result of poor or no practical applicability.

We have to wait until December 2013 to have fully usable and comprehensive transparency law, Act 19/2013 of 9 December on Transparency, Access to Public Information, and Good Governance.

In the meantime other sectoral provisions resulting from EU Directives came into force: such as Act 27/2006, of 18 July 2006 (transposing Directive 2003/4/EC and 2003/35/EC), which regulates the rights to access information, public participation and access to justice in environment matters and Act 37/2007 of 16 November 2007 on the reuse of public sector information (transposing Directive 2003/98/EC), which regulates the private use of documents held by the Administrations and other public sector bodies.

Act 37/2007 was then amended by Act 18/2015 of 8 July 2015 transposing Directive 2013/37/EU.

Let’s focus for a while on Act 19/2013 on transparency. It is applicable to a wide range of public administrations including public Universities, private companies with public stake of more than fifty percent, political parties, trade unions and business associations etc. It foresees the right of access to public information, to which all persons are entitled, and which may be exercised without any need to justify a request. It envisages the creation of a transparency portal as a centralized point where citizens can express the right to access public information; measure that was then concretized with the transparencia.gob.es portal.

The act introduces also the principle of re-use of the public sector information in article 5 and 11.

Chapter II, Active publicity, Article 5 General Principles, paragraph 4 states:

Information subject to transparency obligations shall be published in the corresponding electronic portals or websites, in a manner that is clear, structured and comprehensible for those concerned, and preferably in reusable formats. The appropriate mechanisms shall be established to enable the accessibility, interoperability, quality and reuse of the information published, as well as its identification and location

Article 11 Technical principles, paragraph c) establishes:

Reuse: In accordance with Act 37/2007, of 16 November, on the reuse of public sector information and its implementing regulations, the use of publication formats that permit reuse shall be fostered.


In practice

Since 2015, the “Portal de la Transparencia” is the official reference for exercising the right to access to public information. At this page, there are recommendations to select the most appropriated channel for your request to access to public information whilst at this page you can submit your access request.

 

What about the reuse requests?
Likely, you can use the same channel mentioning the Act on the reuse in the description of the request. 

All the information is clear and exercising the right to access is simple and straightforward. This is not for all. The point is that, in order to make a request, you have to indicate your identity through the Cl@ve authentication system, which provides three specific authorization means for local residents and one for UE citizens.

 

As we write these lines, the “Ciudadanos UE” option results in a “service unavailable” page. Fortunately, at the bottom of the page there is a link to a downloadable form which allows you to overcome the obstacle.

As for public museums, libraries and universities, there is often a form to fill on their website, as in this example of Valladolid University.

Contrary to the web solutions adopted by other Member States, such as in The Netherlands, Austria etc, there is no mean to see the list of requests unless you are authenticated to the system. For this reason PSI Monitor cannot automatically grab the requests that you insert into the transparencia.gob.be portal. You have to add manually your request into PSI Monitor if you want it to be listed there.

Conclusion

The general perception is that everything is in place to ensure a full access and reuse of public sector information at least for citizens of Spain; they can rely on a portal (transparencia.gob.es) which acts as an hub for information on the Open Government (action plans etc), on the right of access (access requests, guides etc) and on the relevant legislation.

In spite of this, it has to be said that EU citizens and companies may encounter some obstacles if they wish reuse data of public sector bodies of this country. As we above reported, the list of requests is not freely consultable without authentication; the same if you want to make a new request. However, the authentication sytem provided does not work at the moment.


This week the series of articles on how to make a PSI request in the EU member states continues by analysing the case of Romania.


Legislative framework

The situation is quite straightforward, Romania is a unitary state and a semi-presidential republic.
Law no. 544/2001 regulates the right to information: free access to information of public interest (a sort of domestic FOIA). The law confers on any person the right to obtain information about the activities of any public authorities or institutions, including other entities using public resources. The law specifies the conditions under which the access to information is provided and guarantees to obtain the requested information. It also imposes an active and transparent behavior of public authorities and institutions by provisions on the obligation to publish certain information of interest on the public notice or on the website.

The country had the obligation to adopt the communitary acquis before entering into the European Union and, thus, in April 2007 adopted Law no. 109/2007 as transposition of Directive 2003/98/EC.

Following some observations by the European Commission, the law was amended in 2008 by Law no. 213/2008.

Law no. 299/2015 amending Law no. 109/2007 on the re-use of information from public institutions transposed Directive 2013/37/EU.

The unique national platform for the publication of data sets produced or held by public authorities or institutions in open format for re-use, data.gov.ro, was launched in October 2013.

In practice

We have seen that the legislative framework in Romania is in line with the last European amendments and that there is also a domestic FOIA law since 2001. Hence from a legislative point of view, they are well positioned.

Nonetheless, the country still struggles to implement the rules due to a combination of limited institutional capacity and a lack of knowledge. However the government is making considerable efforts to improve the situation, as evidenced by the National Plan 2016 - 2018.

In a practical way, it is hard to find a Romanian public sector body that provides guidance (in the shape of a form or a contact email address) on how to make a PSI request for reuse of information. We were able to find just some examples with regard to access to information based on Law no. 544/2001:

Inspectoratul Teritorial De Munca Teleorman

ANAF (Agentia Nationala de Administrare Fiscala)

General Inspectorate for Immigration

Primaria Lipova

What to do then? In this case, it is worth to stay stick to what the Law states about requests of re-use of information. An extract of the English version of the Law no 299/2015 transposing Directive 2013/37/EU is presented below.

Applications to re-use documents shall be submitted in writing, either on paper or electronically. An application shall indicate the following:

  1. the public institution to which it is addressed;
  2. the information requested, so that the public institution can identify the documents;
  3. the applicant's identification and authentication data, and the address to which the reply should be sent;
  4. the purpose for which the requested information is to be used.

So, the first thing to do is to pinpoint the public sector body and look for an email contact on its institutional website. Afterwards, you can send the request directly to the public sector body or

 add it to PSI Monitor and let Psi Monitor send it for you. 


In the latter case the advantage is that the request will be publicly consultable on the PSI Monitor repository and this may induce the public sector body to be more proactive in answering the request.

Another way to go is to leverage nuvasuparati.info, a website that helps you to make a request for access to information similar to the well known  whatdotheyknow.com

 

It is focused on requests based on the FOIA Law no. 544/2001 but it can be worth to try to use it for a re-use request mentioning the Law no. 299/2015 in the description of the request. As we already suggested here, you can add the tag #psimonitor to the description so that we can filter it and add it also to the PSI Monitor repository.

Subcategories

Page 1 of 3

About

A transparent and publicly accessible database of requests for the re-use of public sector information (PSI).

Funded by the European Union

Keep in Touch

 
 

NEWSLETTER

 
© 2018 PSI Monitor

Quick search