Home | Databases | WorldLII | Search | Feedback Maltese Laws

Telecommunications (Regulation) Act (Cap. 399) Telecommunications (Personal Data And Protection Of Privacy) Regulations, 2003 (L.N. 19 Of 2003 )

TELECOMMUNICATIONS (REGULATION) ACT (CAP. 399)
Telecommunications (Personal Data and Protection of Privacy) Regulations, 2003
IN exercise of the powers conferred by article 38 of the Telecommunications (Regulation) Act, the Minister for Transport and Communications, after consultation with the Malta Communications Authority, has made the following regulations>-
1. The title of these regulations is the Telecommunications
(Personal Data and Protection of Privacy) Regulations, 2003.
2. These regulations shall come into force as the Minister may by order in the Gazette determine and different dates may be appointed in respect of different regulations.
3. (1) Unless otherwise stated in these Regulations, the definitions in the Telecommunications (Regulation) Act and the Data Protection Act shall apply.

Citation.

Commencement.

Definitions.

requires>
(2) In these Regulations, unless the context otherwise
“Act” unless otherwise stated in these regulations, means the
Telecommunications (Regulation) Act<
“Authority” means the Malta Communications Authority< “call” means a connection established by means of a publicly
available telephone service allowing a two-way communication in real time<
“Commissioner” means the Data Protection Commissioner< “communication” means any information exchanged or
transmitted between a finite number of parties by means of a
publicly available telecommunications service. This does not include any information conveyed as part of a broadcasting service to the public over a telecommunications system except to the extent that the information can be related to the identifiable subscriber or user receiving the information<

Cap. 399.

B 238

Cap. 440.

“consent” means consent by a user or subscriber and corresponds to the consent given by a data subject in accordance with article 2 of the Data Protection Act<
“emergency access numbers” means such numbers as are established in accordance with the Telecommunications (Regulation) Act or any regulations made thereunder to ensure the access of all users to emergency services<
“location data” means any data processed in a telecommunications system , indicating the geographic position of the terminal equipment of a user of a publicly available telecommunications service<
“Minister” unless otherwise stated in these Regulations means the Minister responsible for telecommunications<
“personal data” means any information relating to an identified or identifiable person< an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to that person’s physical, physiological, mental, economic, cultural or social identity<
“processing” and “processing of personal data” mean any operation or set of operations which is taken in regard to personal data, whether or not it occurs by automatic means, and includes the collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, disclosure by transmission, dissemination or otherwise making information available , alignment or combination, blocking, erasure or destruction of such data<
“public telecommunications system” means transmission systems and, where applicable, switching equipment and other resources which permit the conveyance of signals between defined termination points by wire, by radio, by optical or by other electromagnetic means, which are used, in whole or in part , for the provision of publicly available telecommunications services<
“service provider” means any person who holds a valid licence or permit to provide a public telecommunications service under the Act, or is registered under the Act as a person authorised as aforesaid (whether or not he is also a telecommunications system provider)<
“system provider” means any person who holds a valid licence or permit to operate a public telecommunications system under the Act, or is registered under the Act as a person authorised as aforesaid (whether or not he is also a telecommunications service provider)< and
“user” means any natural person using a publicly available telecommunications service, for private or business purposes, without necessarily having subscribed to such service.
4. (1) These Regulations shall apply to the processing of personal data in connection with the provision of publicly available telecommunications services in public telecommunications systems in Malta and any other country as the Minister may after consultation with the Minister responsible for data protection, designate by notice in the Gazette.
(2) Regulations 9, 10 and 11 shall apply to subscriber lines connected to digital exchanges, and where technically possible and if it does not require a disproportionate economic effort, to subscriber lines connected to analogue exchanges.
5. (1) The service provider shall take appropriate technical and organisational measures to safeguard the security of the services it provides.
(2) If necessary, the measures required by paragraph (1) of this regulation shall be taken in conjunction with the system provider who shall comply with any reasonable requests made by the service provider for the purposes hereof.
(3) For the purposes of this regulation, measures shall only be taken to be appropriate if, having regard to<
(a) the state of technological development< and
(b) the cost of implementing the measures<
they are proportionate to the risks against which they would afford safeguards.
(4) Where, notwithstanding the taking of the measures required hereby, there is a significant risk of a breach of the security of the system, the service provider shall inform the subscribers concerned of -
B 239

Application.

Security.

B 240

Obligation to inform.

Itemised billing.

Itemised billing and privacy.

Presentation and restriction of calling and connected line identification.

(a) that risk<
(b) any remedies appropriate to afford safeguards against that risk which the subscribers themselves might take< and
(c) the costs involved in relation to such remedies.
6. The service provider shall inform subscribers and, if possible, users about the existence of any situations allowing the contents of communications to be unintentionally made known to persons who are not party to them.
7. If a subscriber requests a service provider to submit to him bills that are not itemised, that service provider shall comply with such a request.
8. The Authority in exercising any function in respect of data protection in telecommunications shall have regard to the need to reconcile the rights of subscribers receiving itemised bills with the right of privacy of calling users and called subscribers.
9. (1) Where presentation of calling-line identification is offered, the service provider shall ensure that the calling user shall have the possibility, using a simple means and free of charge, of preventing the presentation of the calling-line identification on a per call basis. The service provider shall ensure that the calling subscriber shall have this possibility on a per line basis.
(2) Where presentation of calling-line identification is offered, the service provider shall ensure that the called subscriber shall have the possibility, using a simple means and free of charge for reasonable use of this function, of preventing the presentation of the calling line identification of incoming calls.
(3) Where presentation of calling line identification is offered and where the calling line identification is presented prior to the call being established, the service provider shall ensure that the called subscriber shall have the possibility, using a simple means, of rejecting incoming calls where the presentation of the calling line identification has been prevented by the calling user or subscriber.
(4) Where presentation of connected line identification is offered, the service provider shall ensure that the called subscriber shall have the possibility, using a simple means and free of charge, of preventing the presentation of the connected line identification to the calling user.
(5) The provisions of paragraph (1) of this regulation shall also apply with regard to calls to other countries, whereas the provisions of paragraphs (2), (3) and (4) of this regulation shall apply to incoming calls originating in other countries.
(6) Where the presentation of calling or connected line identification is available, the service provider or the system provider shall inform subscribers and users of the existence of such services as well as of the possibilities referred in paragraphs (1), (2), (3) and (4) of this regulation.
10. (1) Any subscriber receiving malicious or nuisance calls may request the service provider to override the elimination of the calling line identification on a temporary basis. The data containing the identification of the calling subscriber shall be stored and shall be made available by the service provider in accordance with the relevant legislation and any directives that may, from time to time, be issued by the Authority.
(2) The overriding of the elimination of the calling line identification in accordance with paragraph (1) of this regulation may only be provided for the duration of the period during which the malicious or nuisance calls take place.
(3) A request under this regulation shall be made in writing and shall include such information as may be necessary for the processing of the request. In cases of urgency a verbal request may be made provided a written request is sent within twenty-four hours of the request made verbally.
(4) A service provider shall override the elimination of the presentation of calling line identification and the temporary denial or absence of consent of a subscriber or user for the processing of location data, on a per-line basis for calls made to emergency access numbers for the purpose of responding to such calls.
11. (1) Where calls originally directed to another line are being automatically forwarded to the line of a subscriber because of action taken by a third party and the subscriber requests the service provider to terminate such calls, that provider shall ensure, without charge, that such forwarding ceases without any delay.
(2) Any other service provider shall comply with any reasonable requests made by the service provider of the subscriber for the purposes of this regulation.
B 241

Exceptions.

Termination of unwanted automatic call forwarding.

B 242

Non-applicability of certain regulations.

Compensation for failure to comply with Regulations

Enforcement.

Administrative fines and sanctions.

Appeals from decisions of the Authority.

12. The provisions of paragraphs (1) to (5) of regulation 9 shall not apply when a law specifically provides for the provision of information as a necessary measure in the interest of>
(a) national security< (b) defence<
(c) public security<
(d) the prevention, investigation, detection and prosecution of criminal or administrative offences, or of breaches of ethics for regulated professions<
(e) an important economic or financial interest including monetary, budgetary and taxation matters<
(f) a monitoring, inspection or regulatory function connected, even occasionally, with the exercise of official authority referred to in paragraphs (c), (d) and (e) of this regulation< or
(g) the protection of the subscriber or user or of the rights and freedoms of others.
13. (1) A person who suffers any loss or damage because of any contravention of these regulations by any other person shall be entitled to take action before the competent court seeking compensation from that other person for that loss or damage.
(2) The period of limitation provided for in subarticle (2) of article 46 of the Data Protection Act shall apply to an action under paragraph (1) of this regulation.
14. The Authority shall be responsible to ensure compliance with the provisions of these regulations.
15. The Authority may impose a fine in accordance with the
Telecommunications (Administrative Fines and Sanctions) Regulations,
2002 upon an authorised provider who fails to comply with any of the provisions of these regulations or with any directive that the Authority may issue under these regulations.
16. Any person aggrieved by a decision taken by the Authority in accordance with these regulations and having a legal interest to contest such a decision may appeal to the Telecommunications Appeals Board.
17. The Authority may request the advice of and where appropriate shall consult with the Commissioner in the exercise of any of its functions under these regulations.

Advice.

B 243
18. Where it is alleged that any of these regulations have been contravened, the Commissioner or any aggrieved person may request the Authority to exercise its enforcement functions in respect of that contravention>
Provided that nothing in this regulation shall be interpreted as a limitation on the discretionary powers of the Authority.

Request that the Authority exercises its enforcement functions

Ippubblikat mid-Dipartiment ta’ l-Informazzjoni – 3, Pjazza Kastilja – Published by the Department of Information – 3, Castille Place

Mitbug[ fl-Istamperija tal-Gvern – Printed at the Government Printing Press

Prezz 16c – Price 16c