Art. 1. – This Law sets forth the general rules and terms of operation in the field of informatics in the Republic of Moldova, including rights and duties exercised by the state, legal entities and individuals when creating, managing, using and maintaining information systems, as well as principles and means for ensuring freedom, protection of data in information systems and right to access information services.
Art. 2. – For the purpose of this Law:
Unauthorized access means access to information by disturbing operating conditions;
Databank means all databases and software for managing these databases;
Database means data organized based on a certain conceptual structure describing the features of this data and relationship between its components designed for one or more fields of application;
Data means facts, notions, phenomena, events, features, indicators, instructions, etc., represented under adequate form for communication, interpretation and manual or automatic processing;
Public data means data with unlimited public access;
Personal data means data allowing under any form, directly or indirectly, to identify any individual which it is referred to;
Nominative data – all data which can help to identify a person, though parts of this data not being recognized as identifier;
Electronic document means information product which shows or suggest a fact, confirms a right, recognizes an obligation, identifies a legal entity or an individual, etc.;
Hardware means facilities used in computer systems;
Informatics means processing and transmitting data with the help of automated computer systems and telecommunications equipment;
Informatization means actions aimed to design, implement, maintain and improve automated computer and data transmission systems in the process of collecting, storing, processing and distributing information;
Data flow means transmission of data between constants or files as a result of executing certain instructions, procedures, program modules or programs;
Information operator means legal entity able to render a wide range of qualitative and secure information services, meeting the international requirements;
Informational product means data and programs received from using certain programs or software packagers;
Software means all or some of programs, procedures, rules and documents associated with a data processing system;
Program (computer program) means sequence of declarations and instructions of a programming language launched in an operational computer environment in order to carry out certain functions or solve certain problems;
Data protection means all organizational-technical procedures and legal acts used to avoid any harm to the interests of owners of data, informational systems and users of information;
Information resource means any element of an information system necessary to execute the requested operations;
Information network (computer network) means all data processing nodes interconnected with each other for data transmission purposes;
Public data network means information network used for public purposes;
Data security - notion which defines the security of data in relation to events which could affect data integrity.
Information services means services offered on the market for maintaining software, equipment and information systems;
Public information services means information services rendered through public data network;
Informatics system means programs and equipment which ensures automatic processing of data;
Information system means information processing system together with associated organizational resources, such as human and technical resources which supply and distribute information;
Information technologies means technologies specific for informatics and part of communications related to the traffic of information through information networks;
Information traffic means circulation of data and programs between two or more users.
Art. 3. – (1) Access of any legal entity and individual to public information services and information contained in information systems shall be ensured in accordance with Constitution, this law and other legal acts.
(2) Information systems and networks, as well as information resources may be privately or publicly owned by legal entities and individuals.
Art. 4. – (1) Protection of data in information systems and networks shall be ensured in accordance with the respective provisions of Constitution, this Law and other legal acts.
(2) Persons working with information systems and networks shall ensure data protection.
(3) No unauthorized access and connection to information systems and networks shall be allowed.
(4) Nondiscriminatory use of information facilities shall be guaranteed on the whole territory of Moldova.
Art. 5. – (1) The Ministry of Transport and Communications shall be responsible for the fulfillment of the Government policy and development of the strategy in the field of informatics.
(2) The National Regulatory Agency in Telecommunications and Informatics shall be responsible for regulation and implementation of the development strategy in the field of informatics.
Art. 6. – (1) Relationships in the field of informatics which are not stipulated by this law shall be regulated by other legal acts.
(2) In case of the Republic of Moldova, the international relations in the field of informatics shall be regulated based on international conventions and agreements to which it is part of. If international conventions and agreements contain other norms then stipulated by Moldovan legislation in informatics, the provisions of international conventions and agreements should prevail.
PUBLIC ADMINISTRATION IN INFORMATICS
Art. 7. – The state considers as primary strategic objective the informatization of the society under the provisions of Constitution, this Law, other legal acts, as well as generally accepted principles, including international documents to which Moldova is part of.
Art. 8. – (1) The central public administration authority in informatics is exercised by the Ministry of Transport and Communications, representing the Government in international organizations and coordinating the activities of legal entities and individuals from the Republic of Moldova in the field of informatics.
(2) The Ministry of Transport and Communications shall have the following functions:
a) draft the development strategy in the field of informatics, organize discussions on the subject of development strategy and submit it to the Government for approval;
b) study international trends and update the national development strategy in informatics;
c) coordinate the implementation of this strategy and submit a progress report to the Government on an annual basis;
d) ensure coherent development of public administration information systems pursuant to the development strategy in informatics;
e) coordinate the implementation of information systems through national projects stipulated by the development strategy;
f) encourage through adequate policies the development of private sector in the field of information technologies which is an indicator of competition;
g) initiate and approve the development of national standards in accordance with the international standards in the field of information technologies, create necessary conditions for their implementation in the informational systems of public authorities;
h) approve from the stand point of the development strategy in the field of information technologies, the projects and task orders for the purchase of IT products and services to be used by public authorities and if necessary, appoint representatives in tender commissions;
i) coordinate the creation of public data networks in compliance with the norms recommended by European Community;
j) assign and manage the address space within global information networks which are operating on the territory of the Republic of Moldova;
k) follow the correlation of national fundamental and applied scientific research programs, as well as technology development programs in the field of information technologies financed by international programs with the implementation of public information strategy;
l) carry out and support cooperation activities in the field of information technologies on international level through participation in regional, European and world programs;
m) cooperate with central public administration authorities in the field of education in order to conform the educational programs in pre-university and university institutions as well as on going training programs for specialists and users of information with the needs related to the information of the public;
n) coordinate the creation of sector information systems of national interest;
o) draft and approve legal acts with an impact on informatics;
p) oversee the implementation of regulations and technical norms in the field of information technologies;
q) carry out the quality certification of IP products and services for public use, ensuring their inspection and control;
Art. 9. – (1) The National Regulatory Agency in Telecommunications and Informatics, hereinafter referred to as the Agency, instituted in accordance with Law No. 842-XIV of February 25, 2000, On changes and amendments to Telecom Law, is a public administration authority with a status of a legal entity, independent from IT operators and manufacturers.
(2) The rights and duties of the Agency, as well as principles of its administration, budget and interface with other public administration authorities shall be stipulated by the law mentioned under item (1) of this Article.
Art. 10. – (1) Planning, designing, using and maintaining of information networks shall be authorized under a license issued by the Agency to legal entities from the Republic of Moldova. Based on a contract signed with its client the license holder shall ensure:
a) unconditional access of users of public information services if they are located in the area covered by the license holder;
b) good quality of services offered;
c) interconnection with other public information networks in accordance with the license terms.
(2) Designing and producing software and respective equipment to be exported shall be authorized based on a license issued by the Agency to the legal entities from the Republic of Moldova.
Art. 11. – (1) Software and equipment for public information networks shall be imported, supplied and sold based on certificate of conformity issued by appropriate body entitled to certify products in the field of telecommunications and informatics.
(2) Use of uncertified software for rendering public information services shall not be allowed.
(3) Use of uncertified and unmarked equipment, as well as its connection to public information networks shall not be allowed.
Art. 12. – (1) The implementation of the development strategy in the field of informatics shall be financed from the account of off-budget fund created in accordance with Art. 9, paragraph (1), sub-paragraph (o) of Law No. 842-XIV of February 25, 2000, On changes and amendments to Telecom Law.
(2) The development and maintenance of informatization infrastructure and ensuring access of public institutions to global information networks shall be financed from the sources of the above mentioned fund.
(3) The off-budget fund in informatics shall be managed by the Agency.
(4) The Agency shall attract to off-budget fund financial resources resulted from international cooperation, including local and private funds.
ACCESS TO INFORMATION AND INFORMATION SERVICES
Art. 13. – (1) Data circulation on the territory of Moldova is free for all the participants in the informational market.
(2) Across-border flow of data, subject to automated processing, or those, collected with the purpose of such processing, are allowed on condition that they do not infringe upon the private rights, freedom and citizens’ obligations, do not affect the secrecy and confidentiality of the information, required by the legal regulations within the State and Society.
Art. 14. – (1) Persons, who create and provide informatics products are obliged:
a) to ensure and guarantee, to the users of products and services, that these do not affect human rights;
b) to provide, in the product or service, for the modality of consumer protection and individual freedom;
c) to repair damages, caused to persons through non-observance of the requirements of points a) and b), complete or partial repair, as the case may be;
(2) For non-observance of the provisions, mentioned in paragraph (1), points a) and b), holders of data and information networks are responsible, in accordance with the legislation.
Art. 15 - (1) The following information is considered as being of a special category and cannot be subject to possession and data base processing: data of a personal character, concerning racial or ethnic origin, political views, religion or other convictions, information, regarding health and sexual life, as well as criminal records. Such data can be processed and kept by specially constituted authorities, that are obliged to take respective steps in order to guarantee protection and confidentiality.
(2) Data of a secret or confidential character, belonging to other holders, who determined their character as such, except the data, which are authorized or obligatory to be kept according to the legislation, are excluded from being kept and processed.
(3) Data of a public interest, except the ones mentioned in paragraph (1) and (2), can be processed and kept freely, without restrictions and moral or material obligations from the part of data holders, within the framework of their activity.
Art. 16. - (1) Any person has the right to keep programs and equipment, as well as to process data and programs, resulting in informatics products for his own use, if this does not run counter to the provisions of the present law.
(2) In case, if the activities, mentioned in paragraph (1) overstep the limits of activities, admitted through access to other holders’ data bases, they, obligatorily, must be brought in accordance with the provisions regulating data flow.
Art. 17 – Personal data transfer to users in other countries cannot take place, unless these users guarantee an adequate level of data protection, in accordance with the legislation and regulations in force.
Art. 18 – Data in traffic through any technical means and/or material support enjoy, from the juridical point of view, similar protection with the one, guaranteed according to the legislation regarding secrecy of correspondence and telephone calls.
Art. 19 – (1) For data processing, the objectives are set, in advance or in the moment of data collection.
(2) Any data processing and their further use must be done exclusively with the purposes set and compatible with them.
(3) The provisions of paragraphs (1) and (2) are not applicable to data of statistical character, general or local, as well as to those, legally recognized as public.
Art. 20 – Legal and physical persons have the right to obtain from the data base holder, directly or through other ways of access, confirmation, whether these possess or do not possess data referring to the respective person.
(2) The right, stipulated in paragraph (1) does not apply to legal informatics activities of confidential or secret character, as well as to the data, resulted from these activities.
Art. 21 – Physical persons have the right to obtain personal information, regarding themselves, contained in the data bases. The data holder must reply to these applications in legal terms, in an intelligible form and with no material claims.
(2) Persons, whose rights have been infringed by introduction of their personal information into a data base, can contest and, if their contest is well-grounded, the data holder is obliged to delete, modify, complete or correct them.
(3) Physical persons have the right to be informed about the reasons, for which their applications, submitted according to the provisions of paragraph (1) and (2), have been rejected, as well as the right to contest the reasons for rejections.
Art. 22 – Legal and physical persons have the right of access to public information, as well as to the methodology of defining the indicators, used in collecting and processing the public information, of classifiers and nomenclatures used.
Art. 23 – (1) State protected data, with limited access, as well as the mode of access to them, their utilization, accumulation and protection, and the list of the persons who have access to these data are regulated by the legislation, regarding the State secret.
(2) There cannot be limitations to the following data:
a) data, establishing the legal position of the legal persons, rights and obligations of physical persons and the procedures of their realization;
b) data regarding ecological, meteorological, sanitary-epidemiological states of emergency and other information, necessary for the functionality of industrial enterprises;
c) data, representing knowledge resources, accumulated in informatics systems of education, health protection, science, culture and jurisprudence.
DATA PROTECTION AND SAFETY
Art. 24. – Public administration authorities, that collected the information are obliged to provide it, upon request, to other public administration authorities, in accordance with the legislation.
Art. 25. – Data bases are organized according to the criterion of quality and safety of the data contained, regardless of the fact, whether they are kept for internal consultation or for providing informatics products, transmitted to a third party, inclusively through non-informatics ways.
Art. 26. – (1) On enforcement of Article 25, responsible people are designated for public data processing.
(2) Data holders, that do not belong to the public sector, but who stock, process or use data, that can be included into the category of personal, or of nominative data, must appoint responsible people for data processing
Art. 27. – Data base holder protects, by adequate actions, the collected data, equipment and program products, utilized for their management, guaranteeing the data safety against risks of loss, destruction, as well as against unauthorized utilization or disclosure.
Art. 28 – (1) Persons, that are engaged in informatics systems and networks are obliged to ensure data protection and confidentiality, except those, defined as public.
(2) With the purpose of data protection and offence prevention in the field of Informatics, it is forbidden:
a) creation and installation, in informatics networks, of program products, that can modify, harm, destroy data program products and equipment;
b) unauthorized access to public or private informatics systems and networks in order to capture, memorize, process or broadcast data and programs, or in order to modify, harm, destroy data, programs and equipment;
c) data embezzlement, program perturbation, message falsification or erroneous data transmission with the purpose of disturbing the data flow or creating a state of distrust among the participants to the informational circuit;
d) unauthorized and deliberate access to public or private informatics systems and networks, even if not followed by listening, registering or utilizing the data for personal interests or for others’ interests, as well as for obtaining another gain;
(3) with the purpose of ensuring the national security, the authorities in charge have the right of access to informational resources from public or private informatics systems. In legal proceedings, the mentioned authorities can, on basis of a warrant, issued by the public prosecutor, intercept informational networks, using the technical equipment of the owner of the system.
OWNERSHIP OF INFORMATICS PRODUCTS
Art. 29. – (1) The following can be ownership objects in Informatics:
a) informational resources and data, such as: data banks, data bases, textual, graphical and audio-visual files, as well as independent parts of these;
b) informatics systems.
(2) Owners in Informatics sector can be: the State, through public administration authorities, as well as juridical and physical persons.
(3) The objects of ownership in Informatics, created as a result of state budget financing, are considered public assets. The public asset can be transmitted and utilized on basis of the agreement with authority assigned by the Government.
(4) The owner of Informatics products has the right to authorize persons to possess, utilize and/or manage these products, being permitted to carry out any legal operation with these and concerning these.
Art. 30 – (1) The ownership of the Informatics product can be obtained by:
a) the creator – as a result of creating the product on his own and at his expense;
b) The person, who ordered the product and financed all the all the work in connection with this on base of the agreement made with the creator of the informatics product;
c) The legal or physical person, who intends to use the given program or data base according to the agreement made with the creator of the informatics product;
d) Heirs and other successors of the owner, according to legislation.
(2) Ownership of new data, obtained in the processing within the informatics system, is stipulated in the agreement between the owner of informational resources and data and owner of the informatics system. If this stipulation is missing in the contract between the parties, then the right to ownership of the data belongs to the owner of the informatics system.
(3) Ownership of informatics products is protected by the legislation regarding ownership.
Art. 31 - (1) Data editing, storage, processing, selecting and broadcasting is carried out by means, specific for information technologies, called electronic documents, which are completed with obligations assumed by the parties, as well as ways to prove these obligations, stipulated by legislation.
(2) The following is considered a material test or an electronic document: any reproduction by automatic facilities of numerical data, texts, diagrams, sound or voice recordings, if their completion has been made with technical facilities, that exclude unauthorized access and permit their storing in the established conditions.
Art. 32 – Electronic documents must be presented in a form, that permits their automatic reading and processing by the interested persons. In order to be legally recognized, electronic documents must meet structural requirements, stipulated by legislation.
Art. 33 – Electronic documents shall be completed with electronic signature, taking into account informatic code, which allows the identification of the author, stating of the contents authenticity, integrity of the stocked and transmitted data, as well as with the date. Cryptographic methods can be applied to the electronic signature.
Art. 34 – The electronic document with electronic signature is equal to the document, containing handwritten signature. If the data of the electronic and handwritten documents do not coincide, the data, contained in the handwritten document are considered authentic.
Art. 35 – Data obtaining, stocking, keeping, processing, selecting and broadcasting must be done with regard to conservation rules, in order to ensure:
a) concordance with the original information;
b) data protection against destruction or unauthorized replacement;
c) private or public character, including secrecy or confidentiality, if they refer to such categories.
Art. 36 – The parties participating in the informational circuit as informatics operators, persons responsible for data and their processing, as well as the users shall co-operate, co-ordinate their actions and take into account the information received in order to establish an atmosphere of responsibility in the functionality of informational structures and connected data bases, in keeping and utilizing data and electronic documents, in irreproachable constituting and using of computer networks and office facilities, as well as ensuring data security by physical, technical, and moral protection.
Art. 37 – Persons who infringe upon the stipulations of this law, bear managerial, material or criminal responsibility as the case may be, in accordance with the legislation.
Art. 38 – The Government, within 3 months, shall bring all its standard acts in accordance with the present law.
Chairman of the Parliament Eugenia Ostapciuc
Chisinau, June 22, 2000, No.1069-XIV