Romania

[RO] New Data Retention Law Rejected by the Senate

IRIS 2012-2:1/33

Eugen Cojocariu

Radio Romania International

On 21 December 2011, the Senate (upper Chamber of the Romanian Parliament) unanimously rejected the new draft Law on the retention of data generated or processed by providers of public electronic communications networks and by electronic communication services providers directed at the public, issued in November 2011.

The new Draft was intended to implement the EU Data Retention Directive 2006/24/EC, after the Curtea Constituţională a României (Romanian Constitutional Court) decided on 7 October 2009, that the transposing Law 298/2008 was unconstitutional due to a breach of Art. 28 of the Romanian Constitution, with regard to the secrecy of correspondence and of Art. 25, 26 and 30 (freedom of movement, privacy and expression). The Court also declared an infringement of the ECHR and that data retention as proposed by Law 298/2008 would be a disproportionate intrusion into private life which is open to abuse. The new Draft, coming after a series of drafts in the matter, was severely criticised by several Romanian human and civil rights NGOs, which claimed the text to be still unconstitutional and encroaching on the right to privacy.

The European Commission started an infringement procedure against Romania on 16 June 2011 for not having implemented the Directive. The second phase of the procedure was initiated on 27 October 2011 requesting Romania to ensure conformity with EU legislation within two months. The Romanian Government abstained from issuing an official point of view on the Draft, stating that because of the conflict between the obligation to transpose Directive 2006/24/EC and the necessity to observe the demands of the Constitutional Court, the Parliament is the only institution able to decide on the adoption of the legislative initiative.

The Draft has four chapters (General provisions, Data retention, Sanctions, Final provisions) and 21 articles. Art. 1 states that the retained data shall be used for the prevention, investigation, finding and suit of severe crimes (such as terrorism, transnational crime, infanticide, organised crime, paedophilia, rape, theft, crimes against the EU economic interests, fiscal evasion, electronic payments frauds). According to Art. 3 providers are asked to retain the data necessary for: following and identification of the source, destination and date of communication; determination of its time and duration; identification of the type of communication, the user’s communication equipment or the devices use and identification of mobile communication’s device location. Data shall be retained for 6 months after the communication. According to Arts. 4-8 the draft refers to data from mobile and fixed telephone use, Internet access, electronic mail and voice over Internet. According to Art. 12 it is forbidden under threat of punishment to intercept and retain the content of communication or of information accessed during the use of an electronic communications network. After the retention period data have to be irreversibly destroyed by the service providers, except such used by the authorised institutions, in the meantime. According to Art. 13 the retained data have to be of the same quality and equally protected and secured as data used through electronic communications providers networks. According to Art. 18 offences are subject to fines of Lei 2,500-500,000 (EUR 575-115,200).

The draft has to be discussed by the Camera Deputatilor (lower Chamber), now, which will have the final decision on it. But usually a draft rejected by the Chamber that debated on it (Senate or Deputies Assembly) firstly is rejected by the second Chamber, too. There is no term for the second Chamber to discuss the draft.