(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The Romanian Government adopted on 20 February 2008 the draft law on data retention, but despite the official press release that praises the new measure, several officials have complained about the lack of reality of the legal text.

The draft law was adopted by the Government at about one year after the Ministry of Information Technology and Communication (MCTI) presented the first draft, with no major changes in the text. This means that the Government has changed its previous intention to adopt the text as an Emergency Ordinance.

The data should be retained for one year. The obligation to retain the data is only for electronic communication operators, thus excluding information society service providers. The retained data can be accessed by prosecutors only in the penal cases related to organized crime and terrorism crimes and with a proper specific judge-approved access authorization. The intentional access to the data without a proper authorization is a crime punished with prison from 6 months to 2 years.

Unfortunately, the text of the draft law still preserves the confusion regarding the access of the security services to the retained data. Thus, Article 20 foresees that for preventing and fighting against "threats to the national security", the data can be accessed by the "state institutions with attributions in this area" under the conditions established by the "laws on national security." This very broad terminology raises significant question marks on the practical application of the text and possible abuses.

The official press release of the MCTI praises the adoption by Romania of the "European standards" on data retention. But the optimistic tone is contradicted by the person in the Ministry in charge with writing the law, State Secretary Constantin Teodorescu, who declared to the Money Channel that obtaining the data for emails will not increase the chances of discovering the crimes: "The EU requests are exaggerated!".

He also explained that the issue can't be solved for email addresses hosted on foreign web servers and confirmed that the text "is a 100% translation of the European Directive." He also stated that a possible solution will be to convince the EU Commissioner Viviane Reading that the draft law will not work: "The solution should be that the Internet providers come together with the Ministry and explain to the Commisioner the technical point of view that these are measures not easy to fullfil and they leave huge gaps."

The President of the Romanian ISP Association, Mihai Batrineanu, considers the measure regarding the email as useless: "The request is just infantile. If someone wants to do a bad thing, he will not send emails from his personal address" and he also complained about the additional costs required for ISPs to implement the measures.

According to the draft, the Internet-related data will be kept only starting with 15 March 2009. The Government adopted text will now be sent to the Parliament for debates.

Draft Law on data retention (only in Romanian)
http://www.mcti.ro/index.php?id=16&lege=412

Retaining technical data on email - inefficient and redundent measure (only in Romanian, 22.02.2008)
http://www.cotidianul.ro/index.php?id=57&brk=12501&cHash=c940f...

Romania aligns to European standards for data retention for fixed and mobile telephony and ISP (only in Romanian, 20.02.2008)
http://www.mcti.ro/index.php?id=1&art=620&L=0

EDRI-gram: First draft on data retention law in Romania (9.04.2007)
http://www.edri.org/edrigram/number5.9/data-retention-romania