On 25 November 2020, the European Commission (EC) published a proposal for Regulation on European Data Governance (the Data Governance Act), which will set out a new legal framework to promote the development of common European data spaces: a Single Market for data.

The Data Governance Act is the first set of measures announced in the 2020 European Strategy for Data, and that it was followed by a public consultation carried out between February and May this year. EC also released a Questions & Answers document and a Factsheet on European data governance, alongside the Data Governance Act.

The Data Governance Act is the cornerstone of the EC’s Data Strategy, which targets a set of changes on digital regulatory and antitrust matters, including: (i) the EC’s white paper on artificial intelligence and consultations on the Digital Services Act package; (ii) a ‘New Competition Tool’ (NCT) to allow the EC to examine and make changes in market structure; and (iii) the EC notice on market definition.

Following the Data Governance Act, reviewed in Part One of this article, EC published two important legislative proposals on 15 December 2020: the Digital Services Act (DSA) and the Digital Markets Act (DMA), which are reviewed in Part Two.

Additional legislative proposals, particularly changes to the EC’s enforcement of European Union (EU) competition rules, are also expected in early 2021, and they will be addressed in due course.

Part One – Proposal for a Regulation on European data governance

The Data Governance Act proposes to establish nine common European data spaces for data sharing and pooling in strategic and critical domains, including health, environment, energy, agriculture, mobility, finance, manufacturing, public administration and skills.

For this purpose, the Act establishes three main goals:

  • Sharing of public sector data: establishing a mechanism to promote the sharing and re-use of certain categories of data held by public sector bodies in EU;
  • Data sharing service providers: creating a new notification and supervisory framework for the provision of data sharing services; and
  • ‘Data altruism’: ‘data altruism’ means individuals or businesses voluntarily consenting to the use of data (personal and non-personal) for altruistic purposes (e.g., for scientific research or improving public service). A new framework will enable entities that collect, and process data made available for altruistic purposes to be qualified for voluntary registration upon fulfilment of some requirements and be recognized as ‘Data Altruism Organizations’.

A new formal expert group is also to be created, the European Data Innovation Board, composed by EC, the European Data Protection Board, and relevant local authorities, with powers to ensure a consistent application of the Data Governance Act across all Member States, including cooperation between local relevant authorities.

Sharing of public sector data

The Data Governance Act establishes a set of common basic conditions for sharing and re-using certain categories of protected public sector data, namely personal data, data covered by intellectual property rights or confidentiality and that hence fall outside the scope of the 2019 Open Data Directive.

The Data Governance Act does not intend to create a right to re-use such data, but instead sets out the conditions under which public bodies (not including State-owned businesses or ‘public undertakings’) must comply when dealing with re-use of data.

These conditions, which must be non-discriminatory, proportionate and objectively justified, may include: (i) to re-use anonymized or pseudonymized data only; (ii) that the data only be disclosed under the EU General Data Protection Regulation (GDPR); or (iii) to delete commercially confidential information, including trade secrets. Exclusive agreements for re-using data must be avoided, except when necessary for the provision of a service of general interest and must be awarded under EU public procurement and State aid rules and for periods up to three years.

EC may impose further conditions on the re-use of highly sensitive non-personal data (that is, data that is not covered by GDPR), and on data transfer to third countries.

Data sharing service providers

The Data Governance Act creates new rules addressed to intermediaries between data ‘holders’ (data subjects) and data users – the so-called ‘data sharing service providers.’

Data sharing service providers will be obliged to submit a prior notification to the relevant local authority (to be appointed by each Member State and empowered to monitor compliance with new rules, including cooperate with other sectoral authorities).  

The provision of data sharing services will have to fulfil specific requirements: (i) the collected data cannot be used for other purposes, and any metadata can be only used for the provision of that service; (ii) data sharing services must be provided by a separate legal entity from other services; (iii) data interoperability; (iv) services providers must act under a fiduciary duty towards data subjects; (v) adequate security safeguards must be in place; and (vi) service providers, which are not established within EU, must have to appoint a legal representative in one of the Member States.

‘Data altruism’

The Data Governance Act provides a legal framework for voluntary registration of entities that collect, and process data (personal and non-personal data) made available for altruistic purposes. In order to qualify for registration, a data altruism organization must fulfil certain criteria, including being a non-profit organization. Data altruism organizations that are not established in EU must appoint a legal representative in EU. Each Member State must appoint one or more local authorities to keep the register of data altruism organizations and monitor compliance with the requirements applicable to data altruism organizations.

Part Two – the Digital Services Act and the Digital Markets Act

As part of the European Digital Strategy, Shaping Europe’s Digital Future, DSA and DMA will address new challenges that have surfaced with digital developments. At the same time, these Acts will ensure users, consumers and businesses to continue to benefit from digital developments. DSA and DMA have two main goals:

  • To create a safer digital space in which the fundamental rights of all users of digital services are protected (DSA’s goal); and
  • To establish a level playing field to foster innovation, growth, and competitiveness, both in the European Single Market and globally (DMA’s goal).
Digital Services Act (DSA)

DSA establishes a set of new, harmonized EU-wide obligations for digital services that connect consumers to goods, services, or content, ranging from simple websites to internet infrastructure services and online platforms.

The DSA’s rules mainly concern online intermediaries and platforms, such as online marketplaces, social networks, content-sharing platforms, app stores as well as online travel and accommodation platforms.

The new obligations are addressed according to services’ size and impact. Platforms that reach more than 10% of the EU’s population (45 million users) are considered systemic in nature and will be subject to a new control framework and specific obligations to control their own risks.

In a nutshell, DSA includes:

  • Rules for the removal of illegal goods, services or content online and safeguards for users whose content has been erroneously deleted by platforms;
  • New obligations for very large platforms to take risk-based action to prevent abuses;
  • Wide-ranging transparency measures, including on online advertising and on the algorithms used to recommend content to users;
  • New powers to examine how platforms work, including upon facilitating access by researchers to key platform data; and
  • New rules on traceability of business users in online marketplaces, to help track down sellers of illegal goods or services.

This new accountability framework will be followed by an innovative cooperation network of public authorities – board of national ‘Digital Services Coordinators’ – with special powers in supervising very large platforms including the power to sanction them directly.

Digital Markets Act (DMA)

DMA is addressed to gatekeepers of ‘core platform services’, e.g., social networking, video-sharing platforms, communication services, operating systems, clouds, and advertising, with (i) a systemic role in the internal market and that (ii) function as bottlenecks between businesses and consumers. These criteria will be met if a company has:

  • A strong economic position, significant impact on the internal market and is active in multiple EU countries – presumed so if the annual turnover equals or exceeds €6.5 billion or the market capitalization equals or exceeds €65 billion;
  • A strong intermediation position, meaning that it controls an important gateway for business users towards final consumers – presumed so whenever their services count with more than 45 million monthly active users and 10,000 yearly active users in the previous year; and
  • An entrenched and durable position in the market, meaning that it is stable over time – presumed so if the two criteria above have lasted the past three years.

Despite these presumptions are rebuttable, service providers must, in any case, notify the EC if they meet the thresholds above. If defined as a “gatekeeper”, companies will have to comply with a clearly defined set of obligations and prohibitions, including:

  • Prevent to treat services/products offered by the gatekeeper itself more favorably in ranking than similar services/products offered by third parties on the gatekeeper's platform;
  • Ensure interoperability with the gatekeeper’s platform to third parties;
  • Share, in compliance with privacy rules, data that is provided or generated through business users' and their customers' interactions on the gatekeepers' platform;
  • Provide companies advertising on their platform with the tools and information necessary for advertisers/publishers to carry out their own independent verification of their advertisements hosted by the gatekeeper;
  • Allow their business users to promote their offer and conclude contracts with their customers outside the gatekeeper’s platform;
  • Prevent consumers from un-installing any pre-installed software or app if they wish so.

In case of infringement of the DMA’s rules, gatekeepers may be subject to fines up to 10% of the company’s total worldwide annual turnover, and periodic penalty payments up to 5% of the average daily turnover. In case of systematic infringements, additional remedies may be imposed, including, non-financial remedies, e.g., the divestiture of (parts of) a business.

Next steps

The Data Governance Act, DSA and DMA will be discussed and passed by the European Parliament and the Council of Ministers in the ordinary legislative procedure. Once approved, which should occur until at least the third quarter of 2021, they will be directly applicable across the EU.

The far-reaching nature and characteristics of DSA and DMA suggest that these statutes may set the benchmark for digital services globally, similarly to what GDPR meant to privacy laws worldwide.


Macedo Vitorino launched a new edition of its 2020 edition of its «Why Portugal Report» today.

2020 has been a year of difficult challenges, lock downs and remote working. Families and businesses had to adapt to live in the midst of a prolonged pandemic. Covid-19 was responsible for the loss of many lives, jobs, the collapse of businesses and many changes the way we work and interact. This is also a reason to ask the question: Why invest in Portugal?

«Why Portugal 2020 – Doing Business in Portugal» answers this question by providing key information for business people who consider investing in Portugal: how to start and organize a company, what are the rules of employment, the tax system, intellectual property, real estate and solving legal disputes.

"We are pleased to present a new release of our investor guide. The 2020 edition of the WhyPortugal report marks Macedo Vitorino’s capability, like so many other law firms and businesses, of working in adverse conditions," said António Vitorino, the partner in charge of the WhyPortugal project since its start in 2013.

"Despite the pandemic or because of it we must double our efforts in promoting investment " added António Vitorino. "These are difficult times for all, but we know that in exceptional circumstances people with long term views can thrive. We must look ahead and do our business."

This guide reviews the main aspects to be considered by foreign investors looking at Portugal as a place to invest, such as how to set up  a business,government incentives,employment,tax system,intellectual property protection andjudicial system.

Visit us at«Why Portugal 2020 – Doing Business in Portugal»

The Portuguese Competition Authority (Autoridade da Concorrência – ‘AdC’) issued a statement of objection against three major supermarket chains, Modelo Continente, Pingo Doce and Auchan, and the supplier of cosmetics and personal care products, Beiersdorf, for a potential ‘hub-and-spoke’ arrangement.

‘Hub-and-spoke’ arrangements are horizontal restrictions on the supplier or retailer level (the ‘spokes’), which are carried out through vertically related players that serve as a common ‘hub’ (e.g., a common retailer or service provider). The hub enables the coordination of competition between the spokes without direct contacts between the spokes.

In this case, AdC considered that Modelo Continente, Pingo Doce and Auchan (the spokes) used the commercial relationship with the supplier (the hub) Beiersdorf – which markets, among others, the Nivea, Harmony, Hansaplast and Labello brands – to align the retail prices of most cosmetics and personal care products, to the detriment of consumers.

‘Hub-and-spoke’ arrangements differ from traditional horizontal cartels in the lack of direct communication between the horizontal competitors, even though the adverse market effects may be similar – both may result in a hard-core price-fixing cartel to detriment of consumers. Unlike in horizontal cartels, the strategic nature of information exchanged between suppliers and retailers (which could be a necessary pro-competitive practice) cannot be the ultimate criterion for an unlawful ‘hub-and-spoke’ arrangement.

In fact, it can be challenging to set boundaries between legitimate exchanges and indirect horizontal collusion and be required to go as far as exchanges about forward-looking pricing information and find evidence of the players’ purpose of undertaking an indirect horizontal collusion. The following potential issues could arise: (i) the ‘hub-and-spoke’ evidence (e.g., retail price setting/alignment, control and monitoring of retail prices, retail price deviation corrections); (ii) the legal framework of the arrangement, depending on either it is an horizontal or vertical arrangement; (iii) the means used to carry out the anticompetitive practice, e.g. Resale Price Maintenance agreements (RPM); and (iv) the purpose and awareness of the involved players.

The current case is not the first ‘hub-and-spoke’ case investigated by AdC. In the large retail chains sector, this recent case adds up to six other cases in place and for which statements of objection were also issued in March 2019, and June and July 2020. In the large retail chains sector, which is a key-sector, AdC is pursuing above ten investigations, some of which are still under legal secrecy and that should see further developments next year.

In addition, considering an increased use of pricing related tools, e.g. online platforms, third-party algorithms, online price monitoring and adjustment tools, which can enable ‘hub-and-spoke’ arrangements, it is likely that the current legal framework and enforcement means will need improvement to address these risks in a near future.

The Portuguese Competition Authority (AdC) imposed their highest sanction ever applied on a single company for violation of competition rules. MEO, the Altice group incumbent telecom company in Portugal, was sentenced to pay a €84 million fine for engaging in pricing strategies and market sharing with Nowo regarding mobile and fixed communication services. In addition to the fine, and as an ancillary penalty, AdC also publish an excerpt from the condemnatory decision.

AdC reported that MEO and Nowo made an anti-competitive arrangement after entering into a MVNO (Mobile Virtual Network Operator) contract. Through this arrangement, Nowo “committed itself not to launch mobile services outside the geographical areas where it provided fixed services, in order to not compete with MEO in Lisbon and Oporto", causing an increase in prices and a decrease in the service quality provided, as well as restrictions on the geographical availability of services, which affected Portuguese consumers negatively.

Nowo also agreed not to provide mobile services at €5 or less or at prices lower than the ones charged for similar market offers. In return, MEO would provide better conditions in the MVNO contract with Nowo, especially in regard to its prices, infrastructure use and solving of operational problems.

This agreement prevailed at least from the beginning of January until the end of November 2018, when Nowo reported the situation and AdC carried out a search and seizure procedure at both companies’ facilities. As a consequence, Nowo was waived from the payment of any fine thanks to the leniency application it filed. Portuguese leniency rules allow a waiver or reduction of fines in cartel cases, with the first company to report a cartel in which it has participated becomes eligible for a waiver, and the next reporting ones may benefit from a reduction of the fine.

It is likely that MEO will appeal from this decision. AdC's decisions are appealable to the Competition, Regulation and Supervision Court.

The Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – “CNPD”) has recently issued guidelines on the processing of health data following the new (partial) lockdown. CNPD identifies some potential inconsistencies on Decree 8/2020, 8 November 2020, ruling the new lockdown, with the General Data Protection Regulation (GDPR), regarding body temperature control, SARS-CoV-2 diagnosis tests and other measures to strengthen the disease tracing.

Currently, to access workplaces, public transports, public institutions, prisons, etc., body temperature control is allowed only if non-invasive means are used. CNPD clarifies that digital devices controlling the body temperature carry out electronic processing of personal data – body temperature – are subject to GDPR. Although it is forbidden to record body temperature by identifying the person involved, the fact is that such person may be identifiable and hence this processing is not excluded from the application of GDPR.

Health data is a special category of personal data. To be lawful, the processing of health data must be used in preventive or occupational medicine, to access the working capacity of employees, medical diagnosis by a professional under professional secrecy duty or another person subject to a confidentiality duty.

When stating that the temperature control may be carried out by an employee, the lockdown regulation does not safeguard individuals’ rights, since the employee involved is not subject to a confidentiality duty, says CNPD.

As to the diagnosis tests, CNPD says the test must be carried out by a health professional under professional secrecy. Regarding test results, the privacy of the individuals must also be shielded to avoid stigma and discrimination against  who tested positive. It will be crucial to define the procedures following a positive test.

Regarding disease tracing measures, which are reinforced, if the tracing is not carried out by a health professional, CNPD points out the need to bind this person to a specific duty of confidentiality. Otherwise, individuals from whom health data is collected will be treated in a different way, depending on whether the person collecting their data is under a secrecy duty.

The above measures must be implemented in compliance with GDPR, which continues to apply, even if the current situation is exceptional. Otherwise, heavy fines may be applied by the supervisory authority. The only exceptions allowed should be those set out in GDPR.

ANACOM, the Portuguese telecoms regulator, released yesterday the rules of the auction procedure for 5G spectrum and other relevant bands (700 MHz, 900 MHz, 1800 MHz, 2.1 GHz, 2.6 GHz and 3.6 GHz) (5G Regulation). It also announced that the auction will be launched this month of November.

The 5G Regulation lays down the conditions for access to the spectrum that will be made available to the market, the procedural rules for the auction and the conditions that will be associated with the use of the spectrum that will be awarded to operators.

Although there are some differences, these conditions do not differ substantially from those in the draft regulation released in March this year that raised strong negative reactions from three mobile operators in Portugal. NOS has already announced that they will take the case to court and to the European Commission to stop the 5G Regulation from becoming effective.

Yesterday, the 5G Regulation was published in the official gazette. The Portuguese Government approved the 5G Regulation as released by ANACOM, which means that if NOS does not succeed in their intentions, the auction will be closed in January and the first commercial 5G offers may be in the market in the beginning of 2021.

We will publish in the coming days an in-depth analysis on the 5G Regulation. In the meantime you can read here our review of the ANACOM draft regulation published in February.

Following the declaration of public calamity in Portugal due to Covid-19 pandemic, he Portuguese Government adopted new measures, including the return of mandatory telework, along with  new rules regarding the organization of working time.

The new rules are the following:

Municipalities with great epidemiological focus
  • Obligation to adopt remote work, whenever the job in question allows it.
Other municipalities
  • Possibility of adopting remote work, under the Terms of the Portuguese Labor Code, by agreement between the parties;
  • Obligation to adopt remote work if the employee requests it, in the following scenarios:

a) If the employee is immunosuppressed and chronically ill, provided that such condition is proven by a doctor;

b) If the employee is a disabled person or has a debilitated in 60%, or more, of their capacity;

c) If the employee is a parent of children or other dependents under 12 years old, or, regardless of age, with a disability or chronic illness, who are unable to attend classes and other educational activities in person;

d) If the employer does not comply with the guidelines of the Portuguese Health Agency (“Direção Geral de Saúde”) and the Portuguese Labor Agency (“Autoridade para as Condições do Trabalho”) in the workplace (e.g. physical distance between workers).

If it is not possible to adopt remote work under the terms of the Portuguese labor law, specific work organization measures may be implemented, among them:

  • Staff rotation between remote work and workplace attendance, which may be daily or weekly;
  • Different working schedules regarding employees ‘entry and exit, breaks and meals.

The new rules come into force on November 4th and last until the November 19th.

Following the set of measures enacted under the COVID-19 pandemic, a proposal to amend the Extraordinary Support for Progressive Resumption was approved by the Council of Ministers, aiming at reinforcing the aid to the companies affected by the pandemic crisis.

The main changes proposed to improve the measures already adopted through the Decree-Law nº. 46-A/2020 of 30 July are the following:

(i) New percentages of reduction of the normal working period

Different from the regime currently in force that only allows a maximum reduction of the normal working (NWP) period up to 60% for companies with a break in invoicing equal or superior to 60%, the new proposal establishes the possibility for companies with a break in invoicing equal or superior to 75% to reduce the NWP up to 100%. The worker is always guaranteed the minimum of 88% of the retribution, assuring the Social Security the payment of 100% of the compensation. For companies that record a drop in invoicing equal to or greater than 75%, a partial exemption of 50% of the employer's contribution to Social Security is also provided.

(ii) New concept of “business crisis”

The regime now includes companies with the following breaks in invoicing in relation to the same month of the previous year or in relation to the monthly average of the two previous months:

  • Break in invoicing ≥ to 25%: reduction of NWP up to 33%;
  • Break in invoicing ≥ to 40%: reduction of NWP up to 40%;
  • Break in invoicing ≥ to 60%: reduction of NWP up to 60%;
  • Break in invoicing ≥ to 75%: reduction of NWP up to 100%;

(iii) Increased support for training

The proposed amendment to the law also establishes an increase in the value of the training program. On the one hand, the amount currently foreseen for the employer is increased from €66.00 to €132.00. On the other hand, as far as the employee is concerned, the amount is increased from €66.00 to €176.00.

In short: the new proposal of law is aimed at increasing support to sectors in greatest difficulty, expanding access to more employers, reinforcing incentives for training, and providing complementary support for employers.

The Portuguese Supreme Administrative Court recently ruled on the concept of tax residence when applied to taxable persons whose activity, employment and income are not connected to the Portuguese territory, in Case no. 3/2020 of 6 October 2020.

Until now, Portuguese Tax Authorities and some Courts considered that it would be sufficient that one of the members responsible for the household had his/her residence in Portugal for all the other members to be considered tax residents in Portugal, even if they did not have any other link with this territory.

The criteria for the definition of residence was discussed based on two theories: the prevalence of the principle of “residence by dependency”, implying the residence of the taxable person when the family members resided in Portugal or the prevalence of the criteria defined by the international treaties entered into by Portugal.

The Supreme Administrative Court has ruled that conventional rules of international law should prevail over domestic law, by virtue of the supremacy of international law, in accordance with the Portuguese Constitution and the Portuguese General Tax Law.

The Court also considered that the meaning conferred to the concept of "residence by dependence" in the Portuguese Personal Income Tax could not override the concept of residence resulting from conventional provisions which follow Article 4 of the OECD Model Convention, given the supremacy of international law over domestic law.

Although article 4 refers the definition of the concept of residence to the internal legislation of the contracting States, the Supreme Administrative Court considers that this should not be done unconditionally, since it assumes that the question of residence is examined individually, on a person by person basis, without reference to the family situation of the taxable person.

Thus, the concept of residence for the purpose of applying domestic law will only apply in situations where there are only elements of connection with the Portuguese legal system or in situations where, if there are connections with other legal systems, there is no convention entered into between Portugal and the State with which that connection occurs.

Now that this dispute has been resolved, there is no doubt that the conventional concept of residence in the Conventions for the Avoidance of Double Taxation entered into by Portugal takes precedence over the rules of domestic law, with the result that tax residence cannot be determined exclusively by the taxpayer's family situation.

The Portuguese Government approved Decree-Law 78-A/2020, which extends the public moratorium from 31 March 2021 to 30 September 2021 and amends Decree-Law 10-J/2020 for the fourth time.

The new extension has different rules regarding principal and interest payments.

From 1 April 2021, as a rule, only the principal payments will be suspended, which means the beneficiaries will have to pay interest accrued from that day onwards.

However, the following credits may continue to benefit from the suspension of both principal and interest payments:

  • Mortgage credit, as well as residential property leasing;
  • Consumer credit granted under Decree-Law 133/2009, as currently drafted, for education, including for academic and professional education; and
  • Credits granted to companies in sectors that were most affected by the pandemic and whose main activity is covered by the CAE code listed in the Annex to Decree-Law 78-A/2020.

Companies whose main activity is included in the CAE code list also benefit from a 12-month maturity extension, in addition to the extension already contemplated in the moratorium regime.

However, this maturity extension will cease immediately in the case of (i) default by the beneficiary entity of any payment obligation towards any institution or (ii) in the event of judicial enforcement requested by a third party of any payment obligation of the beneficiary entity or in the event of seizure or any act of judicial apprehension of the assets of said entity. In these cases, the original reimbursement profile plus the extension originally granted shall be resumed.

As of 1 October 2021, the moratorium will cease to apply and from that date the principal and interest must be repaid.

Although the additional extension will automatically apply to persons or entities already covered by the moratorium, those who do not wish to benefit from the moratorium must notify their intention to the banking institution at least 30 days before the date on which they intend to end the moratorium effects.

If the beneficiary entity distributes profits, reimburses credits to its shareholders or acquires its own shares or quotas it will cease to be eligible to the moratorium.

Notwithstanding the extension of the moratorium, the deadline for the application (30 September 2020) remained unchanged.