Privacy and Human Rights 2003 : Romania
Bogdan Manolea with assistance from Cedric Laurant
parte a studiului privind Dreptul la Viata privata si Drepturile Omului - Privacy and Human Rights 2003 by Electronic Privacy Information Center and Privacy International
The Romanian Constitution adopted in 1991 recognizes under Title II (Fundamental Rights, Freedoms and Duties) the rights of privacy, inviolability of domicile, freedom of conscience and expression. Article 26 states, "(1) Public authorities shall respect and protect intimacy, family and private life. (2) Any natural person has the right to freely dispose of himself unless by this he causes an infringement upon the rights and freedoms of others, on public order or morals." Article 27 of the Constitution states, "(1) The domicile and the residence are inviolable. No one may enter or remain in the domicile or residence of a person without consent. (2) Derogation from provisions under paragraph (1) is permissible by law, in the following circumstances: for carrying into execution a warrant for arrest or a court sentence; to remove any danger against the life, physical integrity or assets of a person; to defend national security or public order; to prevent the spread of an epidemic. (3) Searches may be ordered only by a magistrate and carried out exclusively under observance of the legal procedure.
(4) Searches at night time shall be prohibited, except in cases of flagrante delicto." Article 28 states, "Secrecy of the letters, telegrams and other postal communications, of telephone conversations and of any other legal means of communication is inviolable." According to Article 30, "(6) Freedom of expression shall not be prejudicial to the dignity, honour, privacy of person, and the right to one's own image."
In November 2001, the Parliament enacted Law No. 676/2001 on the Processing of Personal Data and the Protection of Privacy in the Telecommunications Sector and Law No. 677/2001 for the Protection of Persons concerning the Processing of Personal Data and the Free Circulation of Such Data. These laws follow very closely the European Union Telecommunications Privacy and Data Protection Directives respectively.
Law No. 676/2001 provides for specific conditions under which privacy is protected with respect to the processing of personal data in the telecommunications sector. The law applies to the operators of public telecommunications networks and the providers of publicly available telecommunications services who, in the context of their activities, carry out processing of personal data. The regulatory authority established by Law No. 676/2001 was originally the Ministry of Communication and Information Technology, but it was changed by the Government Emergency Ordinance No. 79/2002 for the National Regulatory Authority for Communication (NRAC). No specific department was created to take care of the application of Law 676/2001.
Law No. 677/2001 applies to the processing of personal data, made, totally or partially, through automatic means, as well as to the processing through means other than automatic, which are part of, or destined to, an evidence system.
The supervisory authority for Law No. 677/2001 is the Ombudsman (also called "The People's Advocate"). The Organizational and Functional Regulations of the Ombudsman were changed in order to provide the creation of a special Private Information Protection Office (PIPO), concerned with the protection of individuals in relation to private data processing. The Ombudsman adopted several orders in 2002 in order to apply Law No. 677/2001.
In 2003, the Ombudsman issued Order No. 6 of January 29, 2003 that establishes standard contractual clauses for the transfer of personal data to third countriesthat do not provide an adequate level of protection.
According to the 2002 Ombudsman Report, the Ombudsman received 211 notifications of processing of personal data, 145 of which were complete while 66 lacked some information. At the same time, 303 operators reported, out of which 11 declared transfers of personal data abroad. One of them only managed to receive an authorization, where the others did not meet the necessary conditions. The small number of operators registered is due to the fact that many data controllers have not yet declared that they process personal data, despite the publicity measures taken by the Ombudsman. Data protection legislation is very recent in Romania, which explains why assessing the Ombudsman's competence as a data protection supervisory authority is still faced with several hurdles.
In 2001, Law No. 682/2001 was enacted to ratify the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention No. 108).
In 2002, Law No. 365/2002 on Electronic Commerce adopted the opt-in principle for unsolicited commercial e-mails ("spam") In 2002, the National Audiovisual Council issued regulations regarding privacy and television and radio programs in Decision No. 80 of August 13, 2002 Regarding the Protection of Human Dignity and the Right to Protect One's Own Image established a few privacy principles:. Article 6 states, "(1) Any person has a right to privacy, privacy of his family, his residence and correspondence. (2) The broadcasting of news, debates, inquiries or audio-visual reports on a person's private and family life is prohibited without that person's approval." According to Article 7, " It is forbidden to broadcast images of a person in his or her own home or any other private places without that person's approval; (2) It is forbidden to broadcast images of a private property, filmed from the inside, without its owner's approval."
The interception of telephone calls, the opening of correspondence and other similar actions are regulated by Law No. 51/1991 on National Security in Romania and Law No. 26/1994 on Police Organization. Article 13 of Law No. 51/1991 allows the interception of calls in case of crimes against the state, only as a result of a mandate issued by the General Prosecutor of the Office related to the Supreme Court. The mandate has a duration of maximum six months with the possibility of being extended by up to three months by the General Prosecutor. According to Article 16 of the same law, the means to obtain information may not infringe citizens' fundamental rights and freedoms, i.e., their private life, honor or reputation, or to subject those rights and freedoms to legal restrictions. The citizens who consider that their rights have been infringed, can appeal to the Commissions of Human Rights of the 2 Chambers of the Parliament. According to Article 17 of Law No. 26/1994 that aims at preventing organized crime and serious infringements in the interest of a criminal investigation, the police can require the Prosecutor's Office to intercept calls and open correspondence pursuant to Law No. 51/1991.
In 1996 the Criminal Code was modified by Law No. 41/1996 that introduced a new section on the use of audio and video recordings for interception purposes. The section establishes the conditions under which video and audio recordings may be carried out, including the interception of telephone calls. Therefore, according to Article 91 of the Criminal Code, the recordings on magnetic tape can be used as evidence if the following conditions are complied with: there are reasons to believe that a crime has been, or is about to be, committed; the criminal deed related to which the recording is made is a crime investigated ex-officio; the use and efficiency in finding out the truth; the authority that carries out the wiretap has been properly authorized to do so. The authority competent to issue such an authorization is the prosecutor designated by the General Prosecutor of the Office related to the Court of Appeals. The authorization to wiretap is given for a period of up to thirty days. The authorization can only be extended for very substantiated reasons, and no longer than days.
The law also compels law enforcement authorities to report specific information about their wiretapping: the authorization given by the prosecutor, the number of the telephones between which the calls take place, the names of the people carrying out the conversations, and, if known, the date and time at which each communication took place, and the item number of the roll or tape on which the recording is made.
Similar provisions related to the recording of traffic data were introduced by the Law on Anti-Corruption No. 161/2003 in order to prevent and combat cyber-crime. Romanian law does not provide for the retention of traffic data by Internet service providers (ISPs). The law provides that, only in emergency and properly motivated cases, law enforcement can expeditiously obtain the preservation of computer or traffic data if they could be destroyed or altered, and if there are good reasons to believe that a criminal offense by means of computer systems is being, or is about to be, committed, and for the purpose of gathering evidence or identifying the wrongdoers. During the criminal investigation, the preservation is undertaken by the prosecutor, pursuant to an appropriate ordinance and at the request of the investigative body or ex-officio, and during trial, by a court settlement. This ordinance is valid only for no longer than ninety days, and can be exceeded only once by a period not longer than thirty days.
Most of the cases involving invasion of privacy concerned the illegal interception of telephone calls. Several complaints were filed, especially by Opposition's members. The president of the Senate Human Rights Commission recently declared that a hearing of those people who complained on these kind of issues should take place in the Commission. The Foundation Horia Rusu organized a public debate on those issues on 14 April 2003. Two Opposition deputies presented a draft law that would establish the conditions pursuant to which telephone calls could be intercepted so as to limit the intrusion into people's privacy. The draft provides that the warrant authorizing interception could be issued only by a judge and that, later on, the person wiretapped would have to be informed about the reasons of wiretapping. Other cases involved the invasion of privacy of several Romanian TV stars.
Romania signed the Council of Europe Cyber-Crime Convention on November 23, 2001. Many provisions of this Convention, especially the definitions of the crimes, were incorporated into Title III (on Preventing and Fighting Cyber-Crime) of the Anti-Corruption Law No. 161/2003.
Additional laws deal with privacy issues, such as the Patient's Rights Law or the Law on Combating and Preventing the Traffic of Human Beings.
The Law Regarding Free Access to Information of Public Interest was approved in October 2001, The law allows any person to ask for information from public authorities and state companies. The authorities must respond in maximum 30 days. There are exemptions for national security, public safety and public order, deliberations of authorities, personal data. Those whose requests have been denied can appeal to the agency concerned or to a court.
The 1999 Law on the Access to the Personal File and the Disclosure of the Securitate as a Political Police allows Romanian citizens to access their Securitate (secret police) files. It also allows public access to the files of those aspiring for public office. The law sets up the National Council for the Search of Security Archives (CNSAS)  to administer the Securitate archives.
The Law on Protecting Classified Information was enacted in April 2002 at the behest of North Atlantic Treaty Organization. Its drafters used an expansive view of classification that will limit access to records under the access to information law. The law was strongly criticized by the Opposition and the civil society.
An extensive presentation on the limits of access to information in Romanian legislation was made by the Association for the Defense of Human Rights in Romania, The Helsinki Committee.
In the draft of the new Penal Code, a new article provides that the infringement of a person's right to privacy by using remote intercepting means of data, information, images or sounds from home or other similar private property without its owner's consent or by breaking the law, is punished with an imprisonment of two to five years. It is also prohibited to disseminate data, information, images or sounds obtained in one of the ways set out in Paragraph 1.
 Ombudsman Order No. 52 (April 18, 2002) for the approval of the minimum security measures for data processing laying at the basis of the operators adopting technical and organizational measures to guarantee a proper legal security level of data processing, Official Monitor, June 5, 2002; Ombudsman Order No. 53 (April 18, 2002) for the approval of standardized notification forms, Official Monitor, June 5, 2002; Ombudsman Order No. 54 (April 18, 2002) for the determination of situations requiring the notification of data processing that falls under Law No. 677/2001, Official Monitor, June 5, 2002; Ombudsman Order No. 75 (June 4, 2002) to establish specific measures and procedures to provide a satisfactory level of protection for data subjects, Official Monitor, June 26, 2002.
 Official Monitor No. 151, March 10, 2003.
 Available at http://www.legi-internet.ro/en/e-commerce.htm
 Art. 6 (1) provides that "commercial communications through electronic mail are forbidden, except where the recipient has expressly consented to receive such communications."
 Homepage http://www.cna.ro
 Nicolae Volonciu, Penal Procedure Treatise, 509-514 (Ed. Padeia 1999).
 Official Monitor No. 279, April 21, 2003, available at http://www.legi-internet.ro/en/cybercrime.htm
 Such as Dan Carlan, vice-president of the Liberal Party; Iasi Count, Dorin Marian, ex-counsellor of the former President Emil Constantinescu.
 Roxana Ristache, "Interception of Telephone Calls from Iasi in Attention of the Senate," Cotidianul, April 16, 2003.
 Ovidiu Banches, "The Citizen Threatened by National Safety," Ziua, April 15, 2003.
 Draft law No. 207/2002 amending Law No. 51/1991 on the National Security of Romania.
 "Extensions of Free Speech against Privacy?" Cotidianul, April 19, 2002, available at http://www.cotidianul.ro/anterioare/2002/reportaj/rep1521apr.htm
 Official Monitor No. 279, April 21, 2003, available at http://www.legi-internet.ro/en/cybercrime.htm
 Law No. 46/2003, Chapter IV.
 Law No. 678/2001, Art. 26, Parag. 2.
 Law No. 187/1999 available at http://www.cnsas.ro/legeeng.html
 Homepage http://www.cnsas.ro/indexeng.html
 Law No. 182/2002, Official Monitor, April 12, 2002, available at http://www.crji.go.ro/legeainfclas.htm (in Romanian).
 Available at http://www.apador.org/limits.htm
 Available at http://www.just.ro/bin/proiecte/cod_penal.htm (in Romanian).
 Art. 204(1) of Draft Penal Code