No, sharing passwords in Portugal violates the Regulamento Geral sobre a Proteção de Dados (GDPR) and the Lei do Cibercrime (Law No. 109/2009), exposing parties to fines up to €10M or 2% of global turnover. The Autoridade Nacional de Proteção de Dados (ANPD) enforces strict access control mandates under Law No. 58/2019, aligning with 2026 EU ePrivacy Regulation drafts. Unauthorized credential sharing risks civil liability and criminal charges under Article 6 of the Cybercrime Law.
Key Regulations for Sharing Passwords in Portugal
-
GDPR Compliance (Law No. 58/2019): Passwords qualify as personal data under Article 4(1). Sharing them without explicit consent or a lawful basis (e.g., contractual necessity) breaches Article 5(1)(b) and 32 (security of processing). The ANPD views this as a high-risk violation, triggering mandatory breach notifications under Article 33.
-
Cybercrime Prohibitions (Law No. 109/2009): Article 6 criminalizes unauthorized access to computer systems, including password sharing enabling third-party access. Penalties escalate to 3 years imprisonment if the act facilitates fraud or data theft, per Article 7.
-
2026 EU ePrivacy Regulation Draft: Portugal’s transposition (expected 2025) will explicitly prohibit password sharing unless covered by a legitimate interest assessment or consent under Article 10. Businesses must document compliance or face fines up to €20M.