Romania adopts data retention law

By EDRi · November 19, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Following the adoption of the draft law on data retention by the Chamber of
Deputies on 4 November 2008, the Romanian President made the final step
in adopting the law on 17 November.

From now on, it is just a matter of time until the law will be published in
the Official Journal and until its entry into force (60 days from its
publication date). The Internet-related data will be kept only starting with
15 March 2009.

The lack of any relevant debates from both chambers of the Parliament or
its commissions was not surprising. It seems that all the parties involved
in adopting the law did it only because it was based on an EU directive and
the politicians didn’t see any solution to avoid it.

The Commission on Human Rights of the Chamber of Deputies gave a negative
vote to the law, but since its opinion was just consultative on this law, it
really didn’t matter in the end. Also, its report contains just the negative
vote without any explanation on the matter.

The president of the IT Committee in the Chamber of Deputies, Mr. Pambuccian
has presented the draft law to the Chamber plenum as the implementation of
an “excessive directive”, but obligatory according to the European law.

But there weren’t too many changes after the Parliamentary debates in the
text submitted by the Government in February this year. The major change is
the reduction of the retention time from one year to 6 months. The retained
data can be accessed by prosecutors, with a proper judge-approved access
authorization, only in penal cases related to organized crime and terrorism
crimes, that are limited by the express list provided by the definition of
serious crime.

The law does not provide the reimbursement of the expenses incured by the
law enforcement, but a new provision makes it specific that any expense for
electronic communication providers related to this law application is
fiscally deductible.

Article 20 still raises concerns giving the “state institutions with
attributions in the area of national security” access to the retained data
under the conditions established by the “national legislation” in this
domain. Since no express legislation is foreseen, this leaves an open door
for further regulation in “national security” cases.

The final draft still stipulates that an intentional access to the retained
data or its transfer without a proper authorization is a crime punished with
prison from one to 5 years.

Law 298/2008 on data retention (only in Romanian, 18.11.2008)
http://www.cdep.ro/proiecte/2008/400/30/9/pr439_08.pdf

Draft data retention law file at the Chamber of Deputies (only in Romanian)
http://www.cdep.ro/pls/proiecte/upl_pck.proiect?cam=2&idp=9455

6 months for traffic data retention (only in Romanian, 17.11.2008)
http://legi-internet.ro/blogs/index.php?title=6_luni_de_pastrare_a_datelor_de_trafic&more=1&c=1&tb=1&pb=1

EDRi-gram: Romanian Govt adopts Data retention law, but calls it inefficient
(27.02.2008)
http://www.edri.org/edrigram/number6.4/romania-data-retention