Key privacy concerns in Romania 2007

By EDRi · January 30, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Privacy and data protection seems not to be a hot topic for the Romanian
society. The media is generally ignoring the topic, unless something related
to an important public figure is making the subject out of the ordinary. The
Romanian Data Protection Authority has failed in becoming a privacy public
supporter and has rather emerged as a data protection controller’s register.
Under these general circumstances, 2007 was rather a calm year, where the
main success of the government in the field of privacy – the non-adoption of
the data retention law – was obtained by mistake only due to bureaucratic
reasons.

a. Data retention

The first draft of the data retention law that needs to implement the EU
directive was presented for public consultations in May 2007 by the Minsitry
of IT&C, but after receiving some comments and organizing a public meeting
to discuss the draft law, the subject seems to have disappeared in the
folders of the ministries, probably also because no one, except the European
Commission, seems to care too much about the law. Therefore, the official
deadline of the implementation of the EU directive passed, without the
draft being adopted by the Government. And suddenly and without any public
notice the project re-appeared in December 2007 on the Ministry of IT&C list
of documents in public consultation. The new draft seems similar to the old
one, but it is clear that the Government is on the verge to adopt the act
through an Emergency Ordinance. That means, in accordance with the previous
year experience and a Balkan style of twisting the meaning of constitutional
wording, that the fact the official EC deadline has passed transforms the
matter into a national emergency that requires the approval of the law
directly by the Government, leaving the parliamentary debates on the subject
on a secondary plan. For now – there are no indications if this will
happened and exactly when.

b. Romanian DPA

The Romanian Data Protection Authority, created only in the late part of
2006, has been trying to get the data protection issues out in the public
debate and, so far, has succeeded in organizing several information
sessions – especially with the public institutions and banking sector. This
has been so far a much more positive approach than we’ve seen in any year
since the adoption of the data protection laws in 2002, but the activity of
the Romanian DPA is far from being satisfactory. Especially if we take into
consideration the lack of a strong public position on any privacy issues,
present in the Romanian state or European activities.

However, the Romanian DPA took two important decisions in reducing its
bureaucratic work and making more interesting for data controllers to
register with them: to eliminate the registration taxes and the fees for
data transfer to other countries, and to allow the electronic registration
of data controllers.

c. CCTV

Many public and private institutions install CCTV systems as a “perfect
way” to increase security of their activities and the regulation of these
systems seems to be non-existent, as the cameras appear everywhere over
night, without any kind of notification to the DPA. The authority has
presented a draft decision on its website to limit CCTV usage and better
explain the rights and obligations, but since 2006 this has been just a
project.

d. Illegal wiretapping

One of the first court decisions in the matter of illegal wiretapping is
also worth mentioning The decision taken in May 2007 by the Bucharest
Tribunal was published only in July and, as far as we know for the first
time in the Romanian history, the court declared the wiretapping made by the
Romanian Secret Service were illegal and awarded moral damages of 50 000 RON
(approx. 14 000 Euros) for privacy infringement. The court, arguing with the
European Court of Human Rights cases of Rotaru vs. Romania and Klass
vs.Germany, notes that in this specific case there was “no subsequent
control of the wiretaping basis by an independent and impartial authority.”

Romanian Data Protection Authority
http://www.dataprotection.ro

Romanian Secret Service illeagal wiretaping (only in Romanian, 11.07.2007)
http://legi-internet.ro/blogs/index.php?title=sri_ul_asculta_ilegal_telefoanele

Draft Romanian DPA decision on CCTV (only in Romanian)
http://www.dataprotection.ro/images/PDF/decizie_videosupraveghere.pdf

EDRi-gram: Romanian Prosecutors want easy access to communication data
(31.01.2007)
http://www.edri.org/edrigram/number5.2/romania-diicot

EDRi-gram: First draft on data retention law in Romania (9.05.2007)
http://www.edri.org/edrigram/number5.9/data-retention-romania

(contribution by Bogdan Manolea – EDRi-member APTI Romania)