First draft on data retention law in Romania

By EDRi · May 9, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

A first draft law for the implementation of the data retention directive was
presented at the end of April 2007 by the Romanian Ministry of
Communications and Information Technology for public consultation. The
ministry also organized on 26 April a public debate on the draft law.

The first draft was achieved in cooperation with a number of public bodies
including the Ministry of Justice, Ministry of Internal Affairs or the
Romanian Data Protection Authority.

The text proposing a 12-month period of traffic data retention, without any
explanatory reports, has received criticism from ISPs and other telecom
operators that believe it puts a high financial burden on them. The draft
clearly specifies that the content of the communications cannot be retained
by the operators, considering the retention of the content as well as any
retained data transfer without a proper judicial authorization as crimes.
The retained data should be deleted at the end of the 12 month period.

Only the electronic communication providers that have notified the
Regulatory Authority are subject to data retention obligations and there are
no provisions for the hosting or other online service providers.

The retained data can be accessed by prosecutors only in the penal cases
related to organized crime and terrorism crimes and with a proper specific
judged-approved access authorization. The prosecutor can ask, through a
specific ordinance, for access to the data as a provisional measure, if this
is necessary due to specific circumstances that could otherwise put in
danger the penal investigation. But in this case, the prosecutor’s decision
together with the data needs to be confirmed by a judge in 48 hours. If a
judge does not confirm the prosecutor’s ordinance, all the accessed data
will be destroyed.

The very detailed procedure regarding access by prosecutors to the retained
data is in opposition with Article 16 of the draft text that allows, “in
case of a threat to the national security”, the request of the retained data
by “the specific bodies, as explained in the laws on national security”.
The vagueness of this article was criticized in the public debate, the
participants considering that this could leave room for discriminatory
access by the Romanian secret services.

As regards the type of data retained, the Romanian draft is only a
translation of the European Directive on data retention. The public
consultation will end on 10 May 2007 and the text could be approved by the
Government and then sent to the Parliament for consideration.

Draft law on data retention by public electronic communication providers
(only in Romanian, 04.2007)

MCIT Publicly Debates the Retention of Data Generated or Processed in
Connection with the Provision of Publicly available electronic communications services or of public communications networks (26.04.2007)

EDRI – Member APTI – Romania – Opinion of the draft data retention law (only
in Romanian, 9.05.2007)