Czech Republic: Data retention – almost back in business

By EDRi · August 1, 2012

This article is also available in:
Deutsch: [Tschechien: Vorratsdatenspeicherung beinahe wieder in Kraft | https://www.unwatched.org/EDRigram_10.15_Tschechien_Vorratsdatenspeicherung_beinahe_wieder_in_Kraft?pk_campaign=twun&pk_kwd=20120801]

Nationwide preventive monitoring of electronic communication finds its
way back into the Czech legal system. The original act was repealed in
2011 by the Constitutional Court – however, a new one is waiting only
for the President’s signature. Privacy campaigners fear possible data
abuse given the insufficient regulation provided by the current Police
Act as well as monitoring of contents of Internet communications which
could potentially be made possible by the implementing decree to the new
Act.

Not only the Chamber of Deputies, but now also the Senate approved the
government draft of the amended Electronic Communication Act, as well as
amendments to several other laws reintroducing the obligation of
telephone or Internet services providers to monitor the communications
of their clients and provide them, upon request, to the police,
intelligence services or the Czech National Bank. After the previous
legal regulation was repealed by two decisions of the Constitutional
Court in March and December 2011, nationwide monitoring of citizens’
communications thus finds its way back into the Czech legal system.

The government proposal of the Act that was passed in the Senate on 18
July 2012, reacts to the Constitutional Court decision and implements
the European Directive which prescribes storing of traffic and
localization data on electronic communications.

According to EDRi-member Iuridicum Remedium (IuRe), which initiated the
March decision of the Constitutional Court and also filed its comments
during the preparation phase of the new legal regulation, the new Act is
better than the repealed regulation – however it still contains a number
of errors that will lead to unconstitutional interference with the
privacy of citizens.

The major problem, according to IuRe, is the very existence of the
obligation of operators to generally monitor the communications of all
citizens without any specific suspicion. Thus, a revision of the
European Directive which introduced this obligation, and an assessment
of its constitutionality by the European Court of Justice is seen by
Iure as the key issues in this respect.

“As for the Czech implementation of the Directive, when submitting
comments during the preparatory phase, we tried to push for maximum
limits in terms of monitoring of citizens and possible abuse of such
data,” says Jan Voboril, lawyer at IuRe. “The original proposal
introduced by the Ministry of Interior in the summer of last year was
from our perspective entirely unacceptable. During the legislative
process, we have stepwise prepared comments for the Ministry
of Interior, Members of Parliament as well as Senators. We are pleased
that during subsequent discussions with representatives of the Ministry
of Interior and other key institutions, we managed to get acceptance for
stricter rules regarding the use of such data. For example, what we
consider important is the introduction of the obligation to inform the
respective persons that their data have been requested under the
Criminal Code, highlighting the subsidiarity when using such data in
criminal investigation, or the necessity of court permission when the
data is requested by intelligence services or the Czech National Bank,”
adds Voboril.

Many crucial issues still remain unresolved, which will, in IuRe´s
opinion, lead to further unconstitutional use of such data in the
future. “What we consider to be the most serious issue of the new
legislation is that it ignores the current situation where the Police
Act authorizes the police to use the data outside of criminal
proceedings. Under the current Police Act, police officers may require
data more or less without any limits, without court supervision and
without any clearly defined and controlled processes. It is striking
that although the police themselves wanted to define stricter rules for
such use of the data during the preparatory phase of the new Act, this
was refused by the Ministry of Interior. Not even Deputies or Senators
paid attention to this huge gap opening up possibilities for information
abuse by individual police officers – and this despite of repeated
warnings from our side,” explains Voboril.

“We also have our concerns regarding the awaited implementing decree of
the Act, which will among other things determine which data will be
generally stored. This decree can put the new Act into entirely new
light, both in respect of the invasion into citizens´ privacy as
well as technical and personnel details necessary – which will be
reimbursed by the state. Crucial is the particular question of whether
data on the recipient´s side of Internet communication will be stored as
well. Such provisions would mean not only de facto monitoring of the
content of what we are surfing through on the Internet, but also a
tremendous increase in public expenditures related to such monitoring.
It is surprising that such a significant issue which can change the
entire meaning of the Act and should be provisioned for directly in the
Act, has gone entirely unnoticed by,” concludes Voboril.

The Act is currently still to be signed by the President. Let´s wait and
see whether, during his decision making, Vaclav Klaus will also think of
the fact that, apart from dozens of other persons – not excluding the
chairman of the Constitutional Court – also some people from his
immediate surrounding appeared among the victims of data abuse resulting
from the police authorization to require such data.

(Contribution by EDRi-member Iuridicum remedium – Czech Republic)