(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Privacy and data protection seems not to be a hot topic for the Romanian society. The media is generally ignoring the topic, unless something related to an important public figure is making the subject out of the ordinary. The Romanian Data Protection Authority has failed in becoming a privacy public supporter and has rather emerged as a data protection controller's register. Under these general circumstances, 2007 was rather a calm year, where the main success of the government in the field of privacy - the non-adoption of the data retention law - was obtained by mistake only due to bureaucratic reasons.
a. Data retention
The first draft of the data retention law that needs to implement the EU directive was presented for public consultations in May 2007 by the Minsitry of IT&C, but after receiving some comments and organizing a public meeting to discuss the draft law, the subject seems to have disappeared in the folders of the ministries, probably also because no one, except the European Commission, seems to care too much about the law. Therefore, the official deadline of the implementation of the EU directive passed, without the draft being adopted by the Government. And suddenly and without any public notice the project re-appeared in December 2007 on the Ministry of IT&C list of documents in public consultation. The new draft seems similar to the old one, but it is clear that the Government is on the verge to adopt the act through an Emergency Ordinance. That means, in accordance with the previous year experience and a Balkan style of twisting the meaning of constitutional wording, that the fact the official EC deadline has passed transforms the matter into a national emergency that requires the approval of the law directly by the Government, leaving the parliamentary debates on the subject on a secondary plan. For now - there are no indications if this will happened and exactly when.
b. Romanian DPA
The Romanian Data Protection Authority, created only in the late part of 2006, has been trying to get the data protection issues out in the public debate and, so far, has succeeded in organizing several information sessions - especially with the public institutions and banking sector. This has been so far a much more positive approach than we've seen in any year since the adoption of the data protection laws in 2002, but the activity of the Romanian DPA is far from being satisfactory. Especially if we take into consideration the lack of a strong public position on any privacy issues, present in the Romanian state or European activities.
However, the Romanian DPA took two important decisions in reducing its bureaucratic work and making more interesting for data controllers to register with them: to eliminate the registration taxes and the fees for data transfer to other countries, and to allow the electronic registration of data controllers.
c. CCTV
Many public and private institutions install CCTV systems as a "perfect way" to increase security of their activities and the regulation of these systems seems to be non-existent, as the cameras appear everywhere over night, without any kind of notification to the DPA. The authority has presented a draft decision on its website to limit CCTV usage and better explain the rights and obligations, but since 2006 this has been just a project.
d. Illegal wiretapping
One of the first court decisions in the matter of illegal wiretapping is also worth mentioning The decision taken in May 2007 by the Bucharest Tribunal was published only in July and, as far as we know for the first time in the Romanian history, the court declared the wiretapping made by the Romanian Secret Service were illegal and awarded moral damages of 50 000 RON (approx. 14 000 Euros) for privacy infringement. The court, arguing with the European Court of Human Rights cases of Rotaru vs. Romania and Klass vs.Germany, notes that in this specific case there was "no subsequent control of the wiretaping basis by an independent and impartial authority."
Romanian Data Protection Authority
http://www.dataprotection.ro
Romanian Secret Service illeagal wiretaping (only in Romanian, 11.07.2007)
http://legi-internet.ro/blogs/index.php?title=sri_ul_asculta_ilegal_te...
Draft Romanian DPA decision on CCTV (only in Romanian)
http://www.dataprotection.ro/images/PDF/decizie_videosupraveghere.pdf
EDRi-gram: Romanian Prosecutors want easy access to communication data
(31.01.2007)
http://www.edri.org/edrigram/number5.2/romania-diicot
EDRi-gram: First draft on data retention law in Romania (9.05.2007)
http://www.edri.org/edrigram/number5.9/data-retention-romania
(contribution by Bogdan Manolea - EDRi-member APTI Romania)