Romania adopts data retention law
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Following the adoption of the draft law on data retention by the Chamber of Deputies on 4 November 2008, the Romanian President made the final step in adopting the law on 17 November.
From now on, it is just a matter of time until the law will be published in the Official Journal and until its entry into force (60 days from its publication date). The Internet-related data will be kept only starting with 15 March 2009.
The lack of any relevant debates from both chambers of the Parliament or its commissions was not surprising. It seems that all the parties involved in adopting the law did it only because it was based on an EU directive and the politicians didn't see any solution to avoid it.
The Commission on Human Rights of the Chamber of Deputies gave a negative vote to the law, but since its opinion was just consultative on this law, it really didn't matter in the end. Also, its report contains just the negative vote without any explanation on the matter.
The president of the IT Committee in the Chamber of Deputies, Mr. Pambuccian has presented the draft law to the Chamber plenum as the implementation of an "excessive directive", but obligatory according to the European law.
But there weren't too many changes after the Parliamentary debates in the text submitted by the Government in February this year. The major change is the reduction of the retention time from one year to 6 months. The retained data can be accessed by prosecutors, with a proper judge-approved access authorization, only in penal cases related to organized crime and terrorism crimes, that are limited by the express list provided by the definition of serious crime.
The law does not provide the reimbursement of the expenses incured by the law enforcement, but a new provision makes it specific that any expense for electronic communication providers related to this law application is fiscally deductible.
Article 20 still raises concerns giving the "state institutions with attributions in the area of national security" access to the retained data under the conditions established by the "national legislation" in this domain. Since no express legislation is foreseen, this leaves an open door for further regulation in "national security" cases.
The final draft still stipulates that an intentional access to the retained data or its transfer without a proper authorization is a crime punished with prison from one to 5 years.
Law 298/2008 on data retention (only in Romanian, 18.11.2008)
Draft data retention law file at the Chamber of Deputies (only in Romanian)
6 months for traffic data retention (only in Romanian, 17.11.2008)
EDRi-gram: Romanian Govt adopts Data retention law, but calls it inefficient