Romania: After PNR, a proposal for retention of tourist data
On 15 July 2015, the Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament narrowly voted in favour of the EU Passenger Name Record (PNR) Directive proposal (32 in favour, 26 against, no abstentions), a mass surveillance measure to collect and process air traveller data for profiling purposes. This came after the rejection of a previous PNR proposal by the LIBE Committee in 2013 and the subsequent abandonment of that proposal in 2014.
Even so, in a worst case scenario of having the PNR Directive proposal fast-tracked through the legislative procedure, like the Data Retention Directive of 2006, it would still take some six months for the proposal to go through all the steps before becoming European law.
Roughly at the same time, the Romanian Government was having far fewer qualms about PNR than the European Parliament and its Committees. On 13 July 2015, the draft law “Government Statute no. 13” was silently adopted, thus creating a Romanian PNR system. No public debate was conducted, and the impact of the new law on fundamental rights was not assessed.
On 5 August 2015, another proposal for a governmental decision was published, mandating the implementation of a PNR-like system for people staying at any hotel, hostel or guest house in Romania. This means that personal identification data of everyone who is renting a room in Romania is entered by a hotel employee in a centralised computer system called “Integrated Tourist Record Computer System” (SIET). The system would be hosted and run by Special Telecommunications Service (STS), which is a militarised intelligence agency with almost no civilian oversight.
Access to the tourist data gathered and stored within this system raises even more questions. The purpose of the system is, ostensibly, to gather and analyse tourist data to improve the quality of the Romanian tourism industry. However, while the tourism industry is only going to get access to statistical data, various law enforcement organisations of the Internal Affairs Ministry (MAI) will have unrestricted access to all data based simply on an agreement between them and the STS.
The proposal’s authors and supporters justify the measure by explaining that it just brings in a computer system to do what was already being done with pen and paper. Romania is still using a system from the communist times, where all tourists who book a room at a hotel or hotel-like establishment are being asked for identification as a mandatory precondition for their stay. The personal data collected by the hotel is being forwarded on a daily basis to the local police station.
On 26 August, at EDRi member ApTI’s request, the Romanian Economy, Commerce and Tourism Ministry (MECT) organised a public debate about SIET. Unfortunately, any attempt to debate the issues of SIET on the basis of its impact on fundamental rights is futile.
EU PNR document pool (27.07.2015)
Statute no. 13/2015 regarding the use of some data from the passenger name registers for cross-border cooperation in order to prevent and combat terrorism, terrorism-related infractions and infractions against national security, as well as preventing and removing threats to national security (only in Romanian, 13.07.2015)
Governemt Decision for the adoption of the Integrated Tourist Record Computer System and the Norms regarding the access, record keeping and protection of tourists in establishments with accommodation facilities (only in Romanian)
Do you want the Police to know where you go on vacation? Join the public debate about the Integrated Tourist Record Computer System (SIET) (only in Romanian, 20.08.2015)
How we found out that we’ll all have “a chip under our skin” at the public debate about SIET (only in Romanian, 03.09.2015)
(Contribution by Matei Vasile, EDRi member ApTI, Romania)