28 February 2008
The Romanian Government adopted on 20 February 2007 the draft law on data retention, but despite the official press release that praises the new measure, several officials have complained about the lack of reality of the legal text.
The draft law was adopted by the Government at about one year after the Ministry of Information Technology and Communication (MCTI) presented the first draft, with no major changes in the text. This means that the Government has changed its previous intention to adopt the text as an Emergency Ordinance.
The data should be retained for one year. The obligation to retain the data is only for electronic communication operators, thus excluding information society service providers. The retained data can be accessed by prosecutors only in the penal cases related to organized crime and terrorism crimes and with a proper specific judge-approved access authorization. The intentional access to the data without a proper authorization is a crime punished with prison from 6 months to 2 years.
Unfortunately, the text of the draft law still preserves the confusion regarding the access of the security services to the retained data. Thus, Article 20 foresees that for preventing and fighting against “threats to the national security”, the data can be accessed by the “state institutions with attributions in this area” under the conditions established by the “laws on national security.” This very broad terminology raises significant question marks on the practical application of the text and possible abuses.Bogdan