Czech Republic: Data retention - almost back in business
This article is also available in:
Deutsch: Tschechien: Vorratsdatenspeicherung beinahe wieder in Kraft
Nationwide preventive monitoring of electronic communication finds its way back into the Czech legal system. The original act was repealed in 2011 by the Constitutional Court – however, a new one is waiting only for the President's signature. Privacy campaigners fear possible data abuse given the insufficient regulation provided by the current Police Act as well as monitoring of contents of Internet communications which could potentially be made possible by the implementing decree to the new Act.
Not only the Chamber of Deputies, but now also the Senate approved the government draft of the amended Electronic Communication Act, as well as amendments to several other laws reintroducing the obligation of telephone or Internet services providers to monitor the communications of their clients and provide them, upon request, to the police, intelligence services or the Czech National Bank. After the previous legal regulation was repealed by two decisions of the Constitutional Court in March and December 2011, nationwide monitoring of citizens’ communications thus finds its way back into the Czech legal system.
The government proposal of the Act that was passed in the Senate on 18 July 2012, reacts to the Constitutional Court decision and implements the European Directive which prescribes storing of traffic and localization data on electronic communications.
According to EDRi-member Iuridicum Remedium (IuRe), which initiated the March decision of the Constitutional Court and also filed its comments during the preparation phase of the new legal regulation, the new Act is better than the repealed regulation – however it still contains a number of errors that will lead to unconstitutional interference with the privacy of citizens.
The major problem, according to IuRe, is the very existence of the obligation of operators to generally monitor the communications of all citizens without any specific suspicion. Thus, a revision of the European Directive which introduced this obligation, and an assessment of its constitutionality by the European Court of Justice is seen by Iure as the key issues in this respect.
"As for the Czech implementation of the Directive, when submitting comments during the preparatory phase, we tried to push for maximum limits in terms of monitoring of citizens and possible abuse of such data," says Jan Voboril, lawyer at IuRe. "The original proposal introduced by the Ministry of Interior in the summer of last year was from our perspective entirely unacceptable. During the legislative process, we have stepwise prepared comments for the Ministry of Interior, Members of Parliament as well as Senators. We are pleased that during subsequent discussions with representatives of the Ministry of Interior and other key institutions, we managed to get acceptance for stricter rules regarding the use of such data. For example, what we consider important is the introduction of the obligation to inform the respective persons that their data have been requested under the Criminal Code, highlighting the subsidiarity when using such data in criminal investigation, or the necessity of court permission when the data is requested by intelligence services or the Czech National Bank," adds Voboril.
Many crucial issues still remain unresolved, which will, in IuRe´s opinion, lead to further unconstitutional use of such data in the future. "What we consider to be the most serious issue of the new legislation is that it ignores the current situation where the Police Act authorizes the police to use the data outside of criminal proceedings. Under the current Police Act, police officers may require data more or less without any limits, without court supervision and without any clearly defined and controlled processes. It is striking that although the police themselves wanted to define stricter rules for such use of the data during the preparatory phase of the new Act, this was refused by the Ministry of Interior. Not even Deputies or Senators paid attention to this huge gap opening up possibilities for information abuse by individual police officers – and this despite of repeated warnings from our side," explains Voboril.
"We also have our concerns regarding the awaited implementing decree of the Act, which will among other things determine which data will be generally stored. This decree can put the new Act into entirely new light, both in respect of the invasion into citizens´ privacy as well as technical and personnel details necessary - which will be reimbursed by the state. Crucial is the particular question of whether data on the recipient´s side of Internet communication will be stored as well. Such provisions would mean not only de facto monitoring of the content of what we are surfing through on the Internet, but also a tremendous increase in public expenditures related to such monitoring. It is surprising that such a significant issue which can change the entire meaning of the Act and should be provisioned for directly in the Act, has gone entirely unnoticed by," concludes Voboril.
The Act is currently still to be signed by the President. Let´s wait and see whether, during his decision making, Vaclav Klaus will also think of the fact that, apart from dozens of other persons - not excluding the chairman of the Constitutional Court - also some people from his immediate surrounding appeared among the victims of data abuse resulting from the police authorization to require such data.
(Contribution by EDRi-member Iuridicum remedium - Czech Republic)