Romanian Govt adopts Data retention law, but calls it inefficient

By EDRi · February 27, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The Romanian Government adopted on 20 February 2008 the draft law on
data retention, but despite the official press release that praises the new
measure, several officials have complained about the lack of reality of the
legal text.

The draft law was adopted by the Government at about one year after the
Ministry of Information Technology and Communication (MCTI) presented the
first draft, with no major changes in the text. This means that the
Government has changed its previous intention to adopt the text as an
Emergency Ordinance.

The data should be retained for one year. The obligation to retain the data
is only for electronic communication operators, thus excluding information
society service providers. The retained data can be accessed by prosecutors
only in the penal cases related to organized crime and terrorism crimes and
with a proper specific judge-approved access authorization. The intentional
access to the data without a proper authorization is a crime punished with
prison from 6 months to 2 years.

Unfortunately, the text of the draft law still preserves the confusion
regarding the access of the security services to the retained data. Thus,
Article 20 foresees that for preventing and fighting against “threats to the
national security”, the data can be accessed by the “state institutions with
attributions in this area” under the conditions established by the “laws on
national security.” This very broad terminology raises significant question
marks on the practical application of the text and possible abuses.

The official press release of the MCTI praises the adoption by Romania of
the “European standards” on data retention. But the optimistic
tone is contradicted by the person in the Ministry in charge with writing
the law, State Secretary Constantin Teodorescu, who declared to the Money
Channel that obtaining the data for emails will not increase the chances of
discovering the crimes: “The EU requests are exaggerated!”.

He also explained that the issue can’t be solved for email addresses hosted
on foreign web servers and confirmed that the text “is a 100% translation of
the European Directive.” He also stated that a possible solution will be to
convince the EU Commissioner Viviane Reading that the draft law will not
work: “The solution should be that the Internet providers come together with
the Ministry and explain to the Commisioner the technical point of view that
these are measures not easy to fullfil and they leave huge gaps.”

The President of the Romanian ISP Association, Mihai Batrineanu, considers
the measure regarding the email as useless: “The request is just infantile.
If someone wants to do a bad thing, he will not send emails from his
personal address” and he also complained about the additional costs
required for ISPs to implement the measures.

According to the draft, the Internet-related data will be kept only starting
with 15 March 2009. The Government adopted text will now be sent to the
Parliament for debates.

Draft Law on data retention (only in Romanian)

Retaining technical data on email – inefficient and redundent measure
(only in Romanian, 22.02.2008)

Romania aligns to European standards for data retention for
fixed and mobile telephony and ISP (only in Romanian, 20.02.2008)

EDRI-gram: First draft on data retention law in Romania (9.04.2007)