Today, 8 January 2015, the Ministry for Information Society called an inter-institutional working group to urgently analyze CJUE data retention decision’s impact on national law. Using the terrorist attacks in France as pretext, Romanian authorities are pushing for the urgent adoption of a package of mass surveillance measures which violate fundamental rights.
This comes in the context of the Parliament's unanimous vote on the Law on cybersecurity which states that 'owners of a cyber infrastructure' (basically every legal person with a computer) needs to allow access to data at the simple demand of 9 different Romanian security and intelligence agencies. The cybersecurity law was sent to the Constitutional Court on the 23rd of December 2014.
So far, the Romanian Constitutional Court declared the data retention law unconstitutional two times. The last decision was on the 8th of July 2015 (see some remarks in English here and in Romanian here). At the same time, the Court also declared unconstitutional the law for registering pre-pay SIM cards and Wi-Fi users by Decision no. 461 of 16 September 2014 (available here in Romanian). This was the 4th attempt to introduce this kind of law in the last 3 years.
Civil society and private parties are left out of any discussion.
The Romanian Secret Service (SRI) is granted European funding in order to acquire software and hardware for “increasing eGovernment system usage”. However, as the technical specifications of the project show, one of its declared purposes is to design a Big Brother system that will, among others, intercept Internet traffic from instant messaging apps or other similar electronic communications programmes.
Entitled SII Analytics, the project aims at aggregating data sets from all major public institutions and at allowing advanced search in order to permit inquiring any type of information about any citizen or resident. Moreover, the project includes a chapter on behaviour analysis, which will allow to correlate information from databases as well as other public information (such as Facebook account information) and create individual profiles. Additionally, the system will have facial recognition features and it will include a database of approximately 50-60 million images (passport or identity card photos) to which SRI will have unlimited access.
As the project flagrantly violates Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, namely the rights to privacy and to personal data protection, several NGOs sent a letter to Romanian and European officials urging for the public procurement to be annulled.