Lithuania's Constitution is the legal base for individuals' data protection. Article 22 mandates that "the private life of an individual shall be inviolable." Further, it states that intercommunications such as personal correspondence, telegraph messages, telephone conversations, etc., shall be inviolable. National laws protect individuals from arbitrary and unlawful interference in their private matters, and from encroachment upon their honor and dignity. The same Constitutional article authorizes collection of individuals' private information only "upon a justified court order" and following legal procedures. In the legal hierarchy, and below this Constitutional mandate, data protection rules are found in (1) national domestic laws, some of them incorporating EU data protection Directives; (2) government resolutions; and (3) orders from the Data Protection Inspectorate.
Six basic national domestic laws incorporate rules on data protection in Lithuania. First, Law on Legal Protection of Personal Data, No. I-1374 (1996), entered into force in 2003. The purpose of this law is to protect individual's privacy in regards to the processing of personal data. This law establishes the principles regulating the processing of personal data, including collection, storage, and disclosure; the rights of the data subject; the technical measures required to secure personal data; the rules for data controllers; the transfer of data to recipients in third countries; the rules on monitoring the collection of personal data; and the liabilities incurred by data collectors. Second, Law on the Electronic Communications, No. IX-2135 (2004). This law regulates social relations regarding electronic communication services and networks, the use of electronic communication resources, and "social relations pertaining radio equipment, terminal equipment and electromagnetic compatibility." This is definitely the law applicable to social networks, e-mail services, and blogs. Third, Law on the Public Registers, No. VIII-1701 (1996, amended in 2000). This law regulates the collection and processing of private data by public entities.
Fourth, Law on the Ratification of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, No. No. IX-189 (2001. As its name suggests, this law ratified the EU convention on automatic processing of personal data of January 1981. The purpose of this convention is to assure that each EU Member State affords privacy rights to individuals, no matter their nationality, on the processing of personal data. To this end, signatory states committed to implement domestic legislation that incorporates basic principles on data protection. Fifth, Law on the Ratification of Additional Protocol to Convention 108 Regarding Supervisory Authorities and Transborder Data Flows, No. No. IX-1922 (2003). This EU law deals with the transfer of personal data among EU and non-EU states and its implications on individuals' privacy rights. To protect individual privacy and personal data, this convention requires states to implement a national supervisory authority responsible of compliance with the EU regulations on data privacy and transborder flow; and sets the rules for the transfer of personal data to third countries. Sixth, the Law on the Supplement and Amendment to Code on Violations of Administrative Law is applicable to data protection in Lithuania but this law is more related to processing of private information by public institutions and their liabilities for violations.
The Government of Lithuania has issued three major Resolutions pertaining to data protection. One is the Structural Reform of the State Data Protection Inspectorate (DPI), No. 1156 (2001). This Resolution establishes the DPI authority and responsibilities. Other is the Reorganization of the State Register of Personal Data Controllers, No. 262 (2002), which includes additional rules for the data controllers, especially those employing automatic processes. Government Resolution 918 was the latest resolution issued on September 2008. It is called "Draft Law amending Law on Property Declaration No. XP-2152(2), and Draft Law on Supplement to and Amendment of Articles 15 and 29 of Law on Public Service, No. XP-2153(2).
Lastly, orders for the State Data Protection Inspectorate are the lower rules in the data protection law's hierarchy. These orders may have a limited-time application or relate to administrative compliance rules for data collectors.
It is evident that EU countries, including Eastern countries, have promptly updated their data protection laws to compete not only in a regional, but an international market.
http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=2160
