New GDPR Implementation and Privacy Law in Lithuania

January 25, 2022 | 4 minutes read
New GDPR Implementation and Privacy Law in Lithuania

Lithuania’s Law No XIII-1426 of 30 June 2018 amending Law No I-1374 or Law No XIII-1426 for short is a data protection and personal privacy law that passed in 2018. Law No XIII-1426 was enacted in accordance with a provision within the EU’s General Data Protection Regulation or GDPR that mandates that member states draft their own national legislation for the purposes of implementing the provisions and requirements of the law. As such, Law No XIII-1426 sets forth the legal guidelines that individuals and organizations within Lithuania are charged with following when engaging in data processing activities within the country. Moreover, the law also establishes the various punishments that can be imposed against data controllers and processors that fail to comply with the law.

What is the scope and application of Law No XIII-1426?

In terms of the scope and application of the law, Law No XIII-1426 is applicable when:

What are the primary differences between Law No XIII-1426 and the EU’s GDPR law?

As it relates to the requirements of data controllers and processors, as well as the rights that are provided to Lithuanian citizens, Law No XIII-1426 and the EU’s GDPR law are largely identical. For example, Law No XIII-1426 mandates that data controllers within the country adhere to the same data protection principles that were set forth in the General Data Protection Regulation. Such principles include but are not limited to ensuring that personal data is collected and processed in accordance with the principles of lawfulness, fairness, and transparency, ensuring that personal data is only processed for specific purposes that are outlined to data subjects at the time in which their data is collected, and ensuring that any personal data that is processed is accurate. However, the two laws do vary as it relates to the legal age of consent regarding data processing.

Under the EU’s GDPR law, the legal age of consent in regard to data processing is set at 16 years old. However, provisions of the law allow EU member states to deviate from this set age when implementing the provisions of the law into the legislation of their particular country. As such, Lithuania’s Law No XIII-1426 of 30 June 2018 amending Law No I-1374 places the legal age of consent concerning data processing at 13 years old, with all individuals younger than 13 needing the expressed consent from their parent or guardian to legally submit their data for processing or collection. Conversely, as is the case with many other data protection laws around the world, Lithuania’s Law No XIII-1426 makes certain exceptions as it relates to personal data that is collected and processed in the context of scientific, research, or public safety needs.

What are the punishments for violating Law No XIII-1426?

In terms of penalties that can be imposed against data controllers and processors who fail to comply with the law, Law No XIII-1426 is enforced by Lithuania’s State Data Protection Inspectorate. As such, the State Data Protection Inspectorate has the authority to levy a number of sanctions against individuals and organizations within Lithuania, which includes a fine of up to €10 million or up to 2% of the total global annual turnover for a business’s previous financial year, whichever amount is higher, to a fine of up to €20 million or up to 4% of the total global annual turnover for a business’s previous financial year, whichever amount is higher, in accordance with the EU’s GDPR law. Furthermore, Lithuanian citizens also have the right to file complaints against data controllers and processors who violate their rights under the law.

As personal data can now be shared instantly via the internet via technology that has never been available before in human history, drafting legislation that addresses the potential issues that can arise from this level of data sharing is of the utmost importance. As such, Lithuania’s Law No XIII-1426 of 30 June 2018 amending Law No I-1374 provides Lithuanian citizens with a means to combat the issues that can arise from unauthorized personal data access, as the law enables said citizens to file complaints against data controllers and processors who violate their rights. Moving forward, many countries around the world will continue to pass similar legislation, with the goal of ensuring that the personal data of all individuals around the world is protected at all times.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »