Authors
New data retention rules came into force on 20 January 2009 for fixed and mobile telecoms providers; and on 15 March 2009 for internet service providers.
The data to be retained does not relate to the content of the communication (or internet pages accessed) but is merely to enable identification of the type, source, destination, date, time and duration of the communication and the equipment used (or purportedly used).
The data can only be accessed by:
- prosecutors acting with proper judicial authority in relation to organized crime, terrorism crimes and crimes affecting the security of the state
- state institutions concerned with protecting national security (further regulations are required detailing the access conditions)
The rules will require the telecoms/internet service providers to retain an electronic database of all telephone/email/internet/VoIP and other communications carried on their network for up to 6 months (from when the communication took place). All data which has not been accessed (and marked for preservation) would then be destroyed.
All the database set-up and administration expenses incurred by the service provider will be tax deductible.
Non-compliance with the rules (including both failure to retain data and failure to destroy it as required) is punishable by a fine of RON 2,500–RON 500,000 (c €585–€117,000). However, deliberately accessing or transferring data without authority or intentionally obstructing access by the authorities is punishable by up to five years’ imprisonment.
Law: Law no. 298 adopted on 18 November 2008 implementing the EU Data Retention Directive (2006/24/EC)
