PORTUGAL Law and Practice Contributed by: Jorge Silva Martins, João Carminho and Inês Coré, CS’Associados
• Self-driving cars: The Portuguese Highway Code (approved by Decree-Law No 114/94) has not been updated to address autono - mous vehicles. However, pilot projects and tests for self-driving cars fall under EU regula - tions, particularly the Vehicle General Safety Regulation (Regulation (EU) 2019/2144), which establishes safety and liability stand - ards. • Commercial drones and drone delivery servic - es: Drone operations in Portugal are governed by Regulation (EU) 2018/1139, and the EU Drone Regulation (Regulations 2019/945 and 2019/947). These have been implemented nationally through Decree-Law No 87/2021, with ANAC (the National Civil Aviation Author - ity) responsible for enforcement. 4. Internet of Things 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection Machine-to-Machine Communications Portugal does not yet have specific legislation governing IoT. However, as a EU member state, it is subject to the EU regulatory initiatives that shape the legal framework for IoT. Since IoT relies heavily on data processing to enable Machine-to-Machine Communications, its regulation falls under the broader EU data governance framework, including: • the GDPR (Regulation (EU) 2016/679); • the Data Act (Regulation (EU) 2023/2854); and • the Data Governance Act (Regulation (EU) 2022/868). IoT technologies pose significant data protection risks, as smart devices (eg, wearables) frequently
collect personal data, including special catego - ries of data, such as health information (Article 9 of the GDPR). The ability to collect, process and combine datasets enables smart objects to enhance performance and user experience. However, this also raises concerns about data security and potential personal data breaches (Article 4(12) of the GDPR) due to unauthorised access or cybersecurity threats. The Data Act regulates data generated by user- connected products on public electronic com - munications networks. It aims to harmonise rules on fair data access and usage, clarifying who can create value from data and under what conditions – a crucial aspect for IoT, as smart devices rely extensively on user-generated data. The Data Governance Act focuses on data-shar - ing frameworks, regulating processes and struc - tures to facilitate such exchange of information. The EU Cyber Resilience Act (Regulation 2024/2847) is also critical for IoT as it estab - lishes essential cybersecurity requirements for connected devices, ensuring stronger protection against cybersecurity threats. With billions of interconnected IoT devices – from smart home systems to industrial sensors – the risk of cyber - attacks that could compromise data privacy, disrupt critical services, or endanger safety is significantly increased. The Cyber Resilience Act enforces security by design, requiring manufac - turers to implement robust cybersecurity meas - ures throughout a product’s lifecycle, including regular updates and vulnerability management. Communications Secrecy Communications secrecy in the context of IoT technologies is governed by broader regulations on data protection, cybersecurity, and consumer rights.
386 CHAMBERS.COM
Powered by FlippingBook