When the COVID-19 pandemic started, several European regulatory authorities took measures aimed at mitigating issues arising from the effects of social distancing and mandatory confinement. After the declaration of the state of emergency in Portugal, for example, we saw a sharp increase in data volume and a significant change in the profile of data transfers, a trend that stabilized during the current month (see data in respect with April and data in respect with May).
For a better understanding the EU regulators’ market intervention, we analyzed data gathered by Cullen International, comprising a sample of 20 countries, including Germany, Austria, Belgium, Croatia, Denmark, Spain, Finland, France, Greece, Ireland, Italy, Luxembourg, Norway, Poland, the Netherlands, Portugal, the Czech Republic, the United Kingdom, Romania and Switzerland. Intervention was grouped in five different areas: (i) data volume management, (ii) portability, (iii) spectrum, (iv) wholesale prices and (v) other.
Our first conclusion is that, in 40% of the counties (of Belgium, Croatia, Finland, Luxembourg, the Netherlands, and Switzerland), regulators intervened in only one area. In 30% of the sample, there was no intervention. In the remaining countries, Denmark intervened in two, Spain, France, Ireland and Italy intervened in three areas, and the Portuguese regulator worked in four areas.
Interestingly enough, it seems there is no correlation between the intensity of regulatory intervention and the impact of the pandemic in each jurisdiction, which leads to the conclusion that, apparently, different risk awareness lead to different predisposition to intervene.
Measures taken by regulators in telecommunications networks ranged from restrictions to streaming services and suspension of functionalities and/or services (if they required the presence of workers on site), to the suspension of the right of cancellation of contracts. At regulator-operators level, measures varied from the suspension of obligations and licensing procedures to the collection of fees. In addition to these, there have also been some cases of interventions in wholesale prices.
Public intervention in Portugal proved to be the most intense, and in addition to the suspension of administrative procedures (see here the situation of the auction 5G), it focused on data volume management, consumer protection and portability, either directly or indirectly through public awareness campaigns in order to avoid overloading the network infrastructure.
Contact tracing has been a priority for app developers over the past few weeks. Local teams, corporations and governments have put efforts into developing apps that trace proximity between smartphones users, which in this case are potential hubs for contagion. The utility of these apps is that once a member of a community is diagnosed with the virus, the chain of transmission may easily be traced back.
These apps pose questions on how data collected is treated (you can read more on this here) and how efficient the technologies used are. The technologies used by tracing apps range from Bluetooth to geolocation, to newer technologies such as DP-3T (Decentralized Privacy-Preserving Proximity Tracing).
All of these technologies have their perks and challenges. Tracing via Bluetooth, for example, will rely on the power of frequencies transmitted from each smartphone to determine proximity: the closer the smartphone is, the higher should be its signal. In theory, that is, because different models and manufacturers build mobile devices that will measure signal strength differently. The measurement is RSSI (Received Signal Strength Indicator). In case different smartphones receive different RSSI measurements, then the measuring accuracy is compromised.
Not only the measurement of signal strength is a weak link, but for measuring to occur, the Bluetooth-running apps must run permanently, which shortens smartphones’ battery life and will most likely be disabled by manufacturers and/or consumers.
Geolocation, also used by some of these apps, shares a certain level of inaccuracy with Bluetooth technology (BLE). As safe distances between people go, people should distance themselves from others at least two meters, but the most common geolocation technologies used are not accurate enough.
On one hand, GPS, which is the most accurate of all (able to determine location of up to five meters, which is still short), will only be able to track people outdoors, will be troubled by weather-related events and is very energy-consuming.
BLE geolocation, on the other, requires infrastructure for the emitting devices nearby to be precisely located by third parties which is an issue that is also shared by Wi-Fi. Network providers could use network triangulation to locate devices, but this technique lacks accuracy as the number of base stations for triangulation varies.
DP-3T, in its turn, is not different technology-wise. Rather, DP-3T is a response to privacy concerns as it is a decentralized alternative to manual tracing of citizens: it is a privacy-by-design type of tracing, rather than a whole different way of locating devices. DP-3T uses Bluetooth and it reverts the process: if a smartphone has stored a record of any of a diagnosed patient’s ephemeral identifier (EphID), then the app knows that the user has been in contact with an infected user.
CP's new collective agreements were published in the “Boletim do Trabalho e Emprego”. These agreements replace the previous ones signed around 20 years ago. There are two agreements, one for general professional categories, and the other for train drivers. The negotiation was directed by the Labor Law team of Macedo Vitorino & Associados.
The new agreements were concluded by CP and the trade unions representing all the professional categories: SMAQ, SFRCI, FECTRANS/SNTSF, ASSIFECO, SNAQ, ASCEF, SINFB, SINFA, SINAFE, SINDEFER, SNEET.
The general collective agreement was published in the Boletim do Trabalho e Emprego of May 9, and SMAQ collective agreement in the Boletim do Trabalho e Emprego of March 29.
In summary, the new collective agreements include:
(i) Increases of the base salaries (€15,00 for all employees);
(ii) Increase of the meal allowance to €7,60;
(iii) Increase of the seniority benefits to €24,00;
(iv) Increase of the stopover allowance to 18,5%;
(v) A driving bonus of €4.91/day paid for 13 months to all operational employees who meet the requirements defined in the respective clause;
(vi) The posting of a map of stopovers and shifts 15 days in advance, which can however be only 10 days in advance;
(vii) Supplementary allowance for medical insurance; and
(viii) Health insurance and pre-school allowance.
The signing of the new collective agreements is part of the principle of collective autonomy and the right to collective bargaining, enshrined among the rights, freedoms and guarantees of employees, specifically in no. 3 of article 56 of the Portuguese Constitution.
Collective bargaining, which includes the signing of Collective Agreements, allows for the adaptation of labor standards, organization of working time, as well as the regulation of a variety of labor issues that have no provision in labor law, ensuring the adaptability of labor legislation to those specified by companies.
In addition to the various measures that have been adopted in the context of the COVID-19 pandemic, new exceptional measures of a social nature have been published, with a view to broadening the protection granted by the laws in force.
The new law provides for:
(i) The extension of extraordinary support measures to members of statutory bodies of legal persons with managerial functions, provided that (1) they have employees at their service, (2) they are exclusively covered by the social security system in that capacity, (3) they operate in a single entity and (4) the entity in question had, in the previous year, a turnover of less than €80,000;
(ii) The extension of extraordinary support measures to self-employed employees not covered either because they have no contribution obligation or because they do not meet the other requirements for access to support;
(iii) The definition of a minimum limit of €219.40 for the supports referred to in (i) and (ii);
(iv) The reduction to 50% of the guarantee periods for cessation of unemployment benefit, with a reduction from 180 to 90 days of work with pay records in the 12 months immediately preceding the date of unemployment and from the current 120 days to 60 days for involuntary unemployment due to the expiry of the fixed-term contract or the termination of the contract at the initiative of the employer during the probation period;
(v) The elimination of excessive bureaucracy in the procedure of allocation of the social income of insertion, no longer being dependent on the signing of an insertion contract;
(vi) The creation of an additional support, in the amount of €219.40, for employees with green receipts, namely for those who in the last 12 months have not made contributions, for Social Security, because they are excluded.
The purpose of extending this support is therefore to cover a greater number of employers and employees who were unprotected until now, which is why, on the one hand, access to unemployment benefit has been made easier and, on the other, managers of small businesses can have their pay financed by the government during the first months of the crisis.
In the current context of the Covid-19 pandemic, companies are now questioning what measures may be implemented to prevent the spread of the virus among their employees with a view to a progressive return to their business activity, including whether it is lawful to collect health data from their employees, namely their body temperature.
The Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – CNPD) has come forward with guidelines on the collection of employees' health data. CNPD considers that the employer may not collect and record the body temperature of employees, except when using health professionals in the field of occupational medicine and upon prior written justification.
Under the General Data Protection Regulation (GDPR), body temperature falls into one of the special categories of data – health data – subject to enhanced legal protection. GDPR prohibits employers from collecting or recording employees' health data except for the purposes of labor law. The Portuguese Labor Code provides that employers may not demand health data from employees, except when specific requirements related to the nature of the activity so justify and the relevant reasons are provided in writing by the employer. Health data must be provided to a medical professional, who may only inform the employer if the employee is able to perform his/her job.
Based on a literal interpretation of the Portuguese Labor Code, CNPD understands that the legislator has not assigned to the employer a role that is exclusive to health authorities, nor have they assigned such role to employers, which is true. However, it is also true that this rule was not drafted to be applied in exceptional situations, but in a so-called "normal" context of the employment relationship. Consequently, the application of this rule is debatable in the current pandemic scenario.
On this matter, the Portuguese Ministry of Labor has already noted that taking employees' body temperature in the workplace may be feasible in certain circumstances. The Portuguese Government should soon clarify this matter by means of a solution that should present itself proportional to the current pandemic situation, and considering that employers have a duty of care, including the duty to ensure the safety of their employees it the workplace.
GDPR (as a regulation, GDPR must be immediately applied, unlike a directive, that must be implemented by each member state into the national law) provides that the processing of health data is lawful, through a health professional (subject to professional secrecy), if processing is necessary for reasons of public interest in the area of public health, including for monitoring epidemics and their spread, which is certainly the case. This is the lawful basis on which employers will be entitled to take employees' body temperatures (obviously, within certain constraints).
In short, very exceptional situations do demand very exceptional measures.
In times where the need for digital literacy and universal access is more apparent than ever, individuals, companies and the public administration will be pillars of the new Action Plan for Digital Transition (the “Action Plan”) just published by the Portuguese government, as part of a medium term digital strategy for Portugal to be implemented from 2020 to 2023.
Individuals’ digital inclusion is a keystone of the Action Plan, given that one quarter of the Portuguese population has never used the internet, which is significantly above the European average (this is having a negative impact on the student availability for online schooling during the Covid-19 crisis). The new Upskill program will requalify professionals in information and technology-related areas and is expected to allocate a number of requalified persons in companies in need of man work.
The Action Plan also aims to provide intensive training to three thousand participants over six months, in order to respond to the scarcity of IT human resources. The plan should bring at least one million adults into the digital economy, and it is also providing low fare tariffs for internet services. Interesting to see how its implementation will be affected by the ongoing Covid-19 lockdown measures.
As regards companies, territory-specific regulatory sandboxes are expected to be created in a number of Portuguese regions in order to promote research and development and testing of innovative products and solutions. Both +CO3SO Digital, a programme to bring digital entrepreneurship to less populated regions, and E-Residency, an Estonian-inspired virtual citizenship project, will target an international and digitally-inclusive outlook for the Portuguese economy.
Startup Visa, Tech Visa, Sign Up for Portugal and Startup Hub are examples of other company-oriented projects and programmes, specifically targeting the creation of a proper entrepreneurial ecosystem. Portugal is set to invest in the digital transition of businesses.
Public administration will be subject to transformative measures in the most used services by citizens, including the use of cloud computing, digital public services, digitally-enabled schools and internationally accessible public services.
To some extent, we can say that this Action Plan is mostly a repackaging or an extension of existing incentive plans, such as +C03SO, or Startup Visa, focusing on digital transition. It comes along with the 5G auction, set to occur in 2020 (you can read more about the 5G Auction here), to the support the digital transition of Portuguese economy to the digital era.
The General Data Protection Regulation (GDPR), which is applicable since 25 May 2018, governs the processing of personal data throughout the European Union (EU). GDPR aims at ensuring a consistent and high level of data protection within the EU without jeopardising the free flow of data within the EU.
The GDPR has replaced Directive 95/46/EC of 24 October 1995 in force since 1995, and it superseded national data protection laws, including Law 67/98, of 26 October 1998. Along with the GDPR, Law 58/2018, of 8 August 2019, which implements some local specifics, is also in force in Portugal (GDPR Local Law).
Public and private entities are taking exceptional measures to prevent and mitigate COVID-19 across the EU, including in Portugal, where it was decreed a situation of state of emergency on 19 March 2020 and extended, at least, until 2 May 2020.
In this context, the Portuguese Data Protection Authority (DPA) has issued four papers:
(a) Resolution number 2020/170 of 16 March 2020, whereby all formal regulatory actions in connection with outstanding information request backlogs are suspended; and
(b) Three guidelines:
(i) Guidelines of 2 April 2020 on the use of video surveillance systems and alarms in the COVID-19 context, where the DPA stresses that private security companies are prohibited from carrying out activities falling into the scope of the exclusive powers of judicial or police authorities, including border control and the prevention and repression of crimes in public places;
(ii) Guidelines of 9 April 2020 on the use of distance learning technologies considering that Portuguese students are taking e-learning classes from their homes; and
(iii) Guidelines of 17 April 2020 on remote control means of employees under a distance work regime issued in response to several questions on the use of software for control of employees’ performance in teleworking, and the imposition on employees of a permanent connection to the video camera. The DPA clarifies that the use of such software tools is disproportionate and infringes data protection principles, and that labour rules prohibiting distance control means of employees’ activity remain applicable.
Apart from these four initiatives, no additional information is available in connection with data protection and COVID-19. Inversely, other EU data supervisory authorities, for instance, in the UK and Germany, have disclosed a set of materials and FAQs at their websites to respond to data protection questions arising from the current situation.
The current situation may involve the processing of different types of personal data, including special categories of personal data, such as health data, namely within an employment context. In a COVID-19 scenario (not only at the current stage of spreading, but also at subsequent stagnation and mitigation stages), the processing of personal data may be necessary for compliance with employers’ statutory obligations, e.g. obligations relating to health and safety at the workplace, or to the public interest, e.g. the control of diseases and other threats to health.
Bearing in mind that several questions may arise within an employment context (but not limited to), we have prepared a list of FAQs to help organizations to be able to respond to such new challenges.
1. May employers collect personal data of employees to prevent the spreading of the COVID-19 virus at the workplace? In affirmative case, what personal data is the employer allowed to process in this context?
Yes, employers may collect personal data of employees in order to prevent the spreading of the virus at the workplace to the extent that it is required to fulfil employers’ statutory duties (e.g. duty of care) and to organise the work in line with the Portuguese legislation, namely Portuguese labour rules.
The criteria should be whether the processing is necessary for a given purpose (e.g. processing that is necessary for the protection of the health of employees and for compliance with statutory reporting obligations), and the implementation of the GDPR’s principle of data minimization.
In principle, the collection of the following data will not raise major issues: name, current contact information, contacts with other persons within the organization, previous or intended stay in a high risk area, previous contacts with allegedly infected persons or whether a person is symptom-free.
Inversely, health data, which is considered a special category of data, is subject to restrictions and that require an adequate interrelation between the GDPR, the GDPR Local Law and the Portuguese labour rules, as detailed below.
2. In these circumstances, what requirements must employers comply when they carry out processing of employees’ personal data?
Employers may collect and process personal data of employees, including health information, to determine whether (i) they are infected or have been in contact with an infected person, or (ii) they were in a high-risk area during the relevant period.
Employers should inform employees about COVID-19 cases and take protective measures, but they must not disclose more information than it is required.
Employers must keep employees informed about cases in their organisation, but they must not name individuals. The disclosure of personal data of infected persons (confirmed and suspected) to inform colleagues or externals is only lawful on condition that it is strictly necessary under exceptional circumstances to know the identity of that person, in order to mitigate the spread of the COVID-19 and allow employees to take relevant safeguards. In these very exceptional cases (where it is necessary to reveal the name of the employees who contracted the virus, e.g. in a preventive context), the concerned employees shall be informed in advance and their dignity and integrity shall be protected.
3. What is the relevant lawful basis for such data processing by employers?
As regards employees, the relevant lawful basis is the GDPR’s legitimate interests (Article 6/1(f) GDPR).
Where health data is processed, the relevant legal basis should be the GDPR’s employment and social protection legal basis, i.e., processing that is necessary for the purpose of carrying out the obligations and exercising specific rights of the employer or of the employees in the field of employment and social security and social protection law (Article 9/2(b) GDPR).
As regards local law, namely the labour law and the GDPR Local Law, we should stress the following rules:
(a) Article 28/1 of the GDPR Local Law states that the employer may process employees’ personal data for the purposes and within the limits set out in the Portuguese Labour Code;
(b) Article 17/1 (b) of the Portuguese Labour Code states that the employer may not ask for the employee to disclose health data, save as when exceptional circumstances related to the professional activity may justify such disclosure and relevant grounds are provided in writing by the employer. Health data are provided to a medical doctor, who may only inform the employer on whether the employee is or not able to performance their job functions; and
(c) Article 29/2 of the GDPR Local Law states that special categories of data, namely health data, may be processed for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health, and that suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy, must be adopted.
This means that the employer’s legitimate interests’ legal basis and, for health data, the employment and social protection legal basis, result from the general duty of care of the employer toward their employees. Health date must be processed by the employer, through a medical doctor subject to professional secrecy, which means that health data may not, in principle, be disclosed to other employees, unless in exceptional circumstances and insofar it reveals necessary to avoid the spreading of the COVID-19 at the workplace.
Under the duty of care, the employer must ensure the protection of the health of all employees. This also includes carrying out an appropriate response to the dissemination of the COVID-19, for prevention and traceability purposes (i.e., subsequent prevention toward contact persons).
It should be also noted that the GDPR includes derogations to the prohibition of processing of certain special categories of personal data, such as health data, where it is necessary for reasons of substantial public interest in the public health area (Article 9/2(i) GDPR), on the basis of EU or local law, or where there is the need to protect the vital interests of the individuals (Article 9/2(c) GDPR). As recital 46 GDPR states some types of processing may serve both important grounds of public interest and the vital interests of the individuals as for instance when data processing is necessary for monitoring epidemics and their spread.
In turn, employees’ consent cannot be considered as a lawful basis, as, in an employment relationship, there is a clear imbalance between employees (data subjects) and the employer (controller). It is unlikely that employees’ consent is freely given in the context of an employment relationship.
4. May employers process personal data of workplace visitors for COVID-19 related purposes?
Yes, employers may process personal data of workplace visitors for COVID-19 related purposes to determine whether (i) they are infected or have been in contact with an infected person, or (ii) they were in a high-risk area during the relevant period, and to the extent that the measures to be adopted are proportionate.
As regards visitors, measures against third parties that require the processing of health data can be justified based on the GDPR’s lawful basis regarding processing that is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health (Article 9/2(i) GDPR).
The consent of visitors (data subjects) can only be considered as a lawful basis for COVID-19 measures if they comply with all consent requirements, including if visitors are informed about the data processing and can provide consent about the measures voluntarily. This means that visitors should be aware at least of the identity of the data controller (the organization) and the purposes of the processing for which the personal data are intended in the context of COVID-19.
5. Are private mobile phone numbers and email addresses of employees allowed to be collected?
During the pandemic, employees may work from home more frequently than usual and they can use their own device or communications equipment. The collection of private mobile phone numbers and email addresses of employees may be necessary and hence lawful if they are to be used to ensure their "ongoing availability" during the current COVID-19 crisis, namely if employees are working through a distance work regime.
It may be also necessary if, for instance, an overload of the organization's IT infrastructure makes it necessary to communicate within the employer and/or other employees. In this case, care must be taken to ensure that no sensitive data is disclosed by means of "unsafe" communication means, namely email services, where there is a risk of unauthorized access to data by third parties.
Employers and employees need to consider the same kinds of security measures for homeworking that they use in normal circumstances, for instance, hardware and software encryption, a two/three-level password authentication system, keeping access log files. The data may only be used for the intended purpose and must be deleted immediately after the processing purpose has ceased to apply.
6. May employers use technological solutions for remote control of their employees’ performance through a distance work regime? May videoconference calls between employees or between the employer and employees be recorded?
According to recent guidelines issued by the DPA, the general rule prohibiting the use of means of remote surveillance to monitor employees’ performance is fully applicable in a distance work context. The same conclusion would always be reached by applying the principles of proportionality and minimization of personal data, since the use of such means implies an unnecessary and excessive restriction of employees’ private life.
For this reason, technological solutions for remote control of the employee's performance are not allowed. Examples of this are software that, in addition to tracking working time and inactivity, records the Internet pages visited, the location of the terminal in real time, the uses of peripheral devices (mousse and keyboards), capture images of the working environment, observe and record when the access to an application is initiated, control the document in which the employee is working and record the respective time spent on each task (e.g., TimeDoctor, Hubstaff, Timing, Manic Time, TimeCamp, Toggl, Harvest ). This type of tools manifestly collects excessive personal data from employees, promoting the work control at a higher level than that which can legitimately be carried out at the employer’s premises. The fact that the work is being carried out from home does not justify a further restriction towards employees. To that extent, the collection and subsequent processing of such data violates the principle of minimisation of personal data.
Similarly, it is not allowed to require the employee to keep the video camera on a permanent basis, nor, it is, in principle, allowed to record videoconferences between the employer and employees.
Despite the prohibition of the use of such tools, the employer keeps the power to control the activity of the employee, which it may do, namely, by setting objectives, creating reporting obligations as often as it deems necessary, scheduling meetings by videoconference.
7. May employees’ files be processed in an employee’s home office (e.g. in the home office of the Human Resources staff)?
The processing of employees’ files in an employee’s home office can only take place in exceptional circumstances if it is strictly necessary and to the extent that technical and organizational measures are taken to protect personal data, including, for instance, hardware and software encryption, a two/three-level password authentication system, keeping access log files, not printing in the home office.
If you need any further clarifications or assistance in any questions on data protection matters, please do not hesitate to contact us.
The European Commission has recently issued guidelines for the development of contact tracing and warning applications in the fight against COVID-19, which can have a significant impact in the control of the disease and play an important role as part of containment measures.
Contents. These applications may include: (i) accurate information about the COVID-19 pandemic for users; (ii) self-diagnostic questionnaires and guidance for users (symptom control feature); (iii) alert notification to persons who have been in close contact with an infected person for testing or be isolated (contact tracing and warning features); and/or (iv) a communication forum between patients and physicians, including providing further diagnosis and treatment advice (e-treatment advice).
Applicable regulations and supervision. Given the extremely sensitive nature of the data (in particular health data) and the purpose of the applications, they must comply with the General Data Protection Regulation (GDPR) and the Electronic Privacy Directive. They must also be implemented in close coordination with and under the supervision of the relevant public health authorities and national data protection authorities.
User control and consent. Users must keep full control over personal data and hence they must give their prior consent (complying with GDPR requirements) and separately for each application’s features.
In case of use of location data, this data must be stored on the user's device and only be shared with their prior consent; users must be able to exercise their rights under the GDPR and, among others, they have to be entitled to, at any time, withdraw their consent.
Principle of data minimization and data accuracy. Applications must comply with the principle of data minimization and it may be only processed personal data required for the purpose at stake. For example, for the purpose of tracing contacts, the European Commission considers that the processing of location data is not necessary and thus it does not advise its use.
EU rules require that processed personal data are accurate. Therefore, the Commission considers that technologies such as Bluetooth should be used to more accurately assess contact between different users. The data must be stored on the user's device and encrypted and must only be kept for the necessary period, in medical terms, and for the duration of the containment measures.
For the success of these applications, the confidence of citizens and those who feel safe with their use is essential, which must be ensured under strict compliance with EU rules on personal data protection.
Following the extension of the state of emergency in Portugal until 17 April 2020, the Portuguese Parliament enacted new legislation with a view to mitigate the impact of coronavirus pandemic in lease agreements.
Law no. 4-C/2020 of 6 April 2020 is applicable to housing and commercial leases, as well as to other forms of exploring real estate assets, and to the rents falling due between 1 April 2020 and the first month after the expiry of the state of emergency.
In housing lease agreements, tenants whose households have suffered a significant income reduction (to be determined pursuant to the new legislation) may delay payment of the above-mentioned rents. Provided that the amount of the delayed rents is paid during the subsequent 12-month period - in monthly instalments of not less than 1/12 of the total amount and together with the relevant rents - landlords will be prevented from terminating lease agreements. Tenants in these circumstances may, alternatively, file an application with the Portuguese Institute for Housing and Urban Rehabilitation (Instituto da Habitação e da Reabilitação Urbana - IRHU) to obtain an interest-free loan to cover payment of rent.
In case tenants wish to make use of these rules, they must inform the landlord in writing at least 5 days before the relevant rent falls due or until 27 April 2020 for the rent falling due in April.
Landlords suffering a significant income reduction arising of the suspension of payment of rents by tenants now permitted, may also apply for an interest-free loan with IRHU to cover income they stop receiving.
As to commercial lease agreements, tenants with businesses under lockdown or activity restrictions due to mitigation and containment measures (such as, for example, restaurants, which are only allowed to sell for take-away or home delivery), may defer payment of the above-mentioned rents to the subsequent 12-month period, where the deferred amount should be paid in monthly instalments of not less than 1/12 of the total amount together with the relevant rents. No penalties for delay may be claimed to tenants.
Other measures already in place with a view to mitigate impact of the coronavirus pandemic in lease agreements include suspension of early termination of lease agreements by landlords, suspension of expiry of lease agreements at the end of the relevant term (unless accepted by tenants) and prohibition of terminating commercial lease agreements with grounds on business lockdown or activity restrictions.
Following the most recent extension of the state of emergency (up to 17 April), the Portuguese Parliament enacted new legislation ending the suspension of the procedural time limits in urgent proceedings as from today.
Law 4-A/2020, of 6 April 2020, amending previous measures on the functioning of the courts’ activity during the emergency period, came into force today and ceases the suspension of procedural time limits for the performance of procedural acts and diligences before courts in urgent proceedings, namely, insolvency proceedings and precautionary measures.
The end of the suspension does not however affect the suspension period already elapsed in accordance with Law 1-A/2020 (now amended), that is, between 9 March and 6 April 2020.
In order to discourage companies from going into insolvency and to safeguard directors from any legal consequences that might result from failure to comply with this statutory duty during the emergency period, the legal deadline for filing for insolvency is suspended, even though pending insolvencies remain in progress. Acts performed within the scope of enforcement proceedings, namely the sale of assets and other acts of attachment of the debtor's assets, are also suspended to the extent that they do not cause serious damage to the creditor's survival.
In short:
- In cases of urgent proceedings, the procedural time limits are no longer on standby from 7 April 2020, but the suspension period between 9 March and 6 April 2020 is not counted for time limits purposes;
- In cases of non-urgent proceedings, the procedural time limits are suspended from 9 March 2020 and they will continue suspended until the end of the state of emergency.
Notwithstanding the suspension of time limits in non-urgent proceedings, the law clarifies that the current situation of state of emergency does not, however, hinder the carrying out of the proceedings and the performance of their relevant acts either face-to-face acts or using distance means when all the parties consider that they have the conditions to ensure their performance through online platforms. In non-urgent proceedings, courts may also render a final decision in cases in which they understand not to be required the performance of further actions.
On the same subject, you may also view our previous newsletter, available here.