The Romanian Constitutional Court has declared the second data retention law to be unconstitutional on 7 July 2014. The decision will be published in the Official Monitor soon. This is the second data retention law to be declared that it breaches the right to privacy, as stipulated in the Romanian Constitution.
On 16 September 2014, the Romanian Constitutional Court declared the law on registering prepay sim card users and public Wi-Fi users unconstitutional. After being adopted in an emergency procedure, several NGOs put pressure on decision makers (including in a letter addressed to the President) to declare this law unconstitutional signaling the serious infringements on private life. The law was brought to the Constitutional Court by the Ombudsman and ApTI together with AADOR-CH intervened via an amicus curiae. in the last 3 years, this law is the 4th attempt to adopt such legislation in Romania.
The Romanian Constitutional Court (CCR) ruled on 16 September 2014 that a law that required the mandatory registration of all prepaid SIM cards and free WiFi users, is unconstitutional, as a whole. The Court reviewed the law as a result of the Romanian Ombudsman’s objection concerning its possible unconstitutionality. Several human rights NGOs asked the Ombudsman in July 2014 to notify the CCR regarding the law which had been recently adopted, and to ask the Court to rule on the law’s constitutionality before its promulgation by the President.
As previously reported in the EDRi-gram, the Romanian Constitutional Court (CCR) ruled in its decision no. 440 on 8 July 2014 that the second Romanian data retention law (no. 82/2012) was not constitutional. The full reasoning for this was published in the Official Journal on 4 September 2014 in Romanian. EDRi-member ApTI is working on the translation of the text, and an English version will follow soon.
Today, 8 January 2015, the Ministry for Information Society called an inter-institutional working group to urgently analyze CJUE data retention decision’s impact on national law. Using the terrorist attacks in France as pretext, Romanian authorities are pushing for the urgent adoption of a package of mass surveillance measures which violate fundamental rights.
This comes in the context of the Parliament's unanimous vote on the Law on cybersecurity which states that 'owners of a cyber infrastructure' (basically every legal person with a computer) needs to allow access to data at the simple demand of 9 different Romanian security and intelligence agencies. The cybersecurity law was sent to the Constitutional Court on the 23rd of December 2014.
So far, the Romanian Constitutional Court declared the data retention law unconstitutional two times. The last decision was on the 8th of July 2015 (see some remarks in English here and in Romanian here). At the same time, the Court also declared unconstitutional the law for registering pre-pay SIM cards and Wi-Fi users by Decision no. 461 of 16 September 2014 (available here in Romanian). This was the 4th attempt to introduce this kind of law in the last 3 years.
Civil society and private parties are left out of any discussion.
A new law on cybersecurity, previously reported in the EDRi-gram, was adopted by the Romanian Parliament at the end of 2014. The law gives the Romanian Intelligence Agency (SRI) access to any computer data owned by private companies, without a court order. The law was sent to the Constitutional Court for analysis and it will be judged on 21 January 2015.
Moreover, the situation regarding surveillance practices in Romania seems to have recently become even blurrier. Even as the events in France were unfolding, a special inter-institutional group formed by several ministries and SRI had already met a couple of times to decide about a revival of the surveillance laws declared unconstitutional in 2014 – the data retention law and the mandatory registration of telephony prepaid cards.