In the member states of the European Union, the activity of protecting personal data devolves upon authorities or institutions which are specifically set up for carrying on such competences. In order to harmonize the Romanian legislation to the acquis communitaire, the National Authority for the Supervision of Personal Data Processing was set up through the Law no. 102/2005, come into force at 12th May 2005.
The independent authority status is established right in the first article of this normative act, which stipulates that the National Authority for the Supervision of Personal Data Processing was a public authority, autonomous and independent from any authority of the public administration, as well as from any natural or juridical person from the private area. According to the law, the Authority can’t be subjected to any imperative or representative mandate and can’t be compelled to submit to the instructions and orders of another public authority or private entity.
The Authority has the goal of protecting the fundamental rights and freedoms of the natural persons, especially the right of intimate, family and private life, in connection with the processing of personal data and the free circulation of these data.
The National Authority for the Supervision of Personal Data Processing carries out its’ activity in terms of complete independence and impartiality. The authority supervises and controls the legality of the personal data processing which falls under the Law no. 677/2001. For this purpose, the supervisory authority exerts the following prerogatives:
- receives and examines the notifications on the processing of personal data;
- authorizes the data processing in the situations stipulated by the law;
- can decide, if it ascertains the infringement of this law, the temporary suspension or the cessation of the data processing, the partial or entire erasure of the processed data and can inform the penal bodies or sue;
- informs the natural and/or juridical persons about the necessity of complying with the obligations and carrying out the procedures stipulated by Law no. 677/2001;
- keeps and lays at public disposal the register of recording the personal data processing;
- receives and solves the complaints, intimations or requests of the natural persons and communicates the given solution or, according to each case, the approaches carried out;
- performs preliminary controls, if the data processor processes personal data which are liable of presenting special risks for the persons’ rights and freedoms;
- performs investigations, at self-notification or at the reception of complaints or intimations;
- is consulted when normative acts regarding the protection of persons’ rights and freedoms, concerning the personal data processing, are drafted;
- can make proposals regarding the drafting of normative acts or modifying of normative acts in force, in the field of personal data processing;
- cooperates with the public authorities and public administration bodies, centralizes and examines their annual reports regarding the people’s protection concerning the processing of personal data;
- issues recommendations and approvals on any matter connected to the protection of the fundamental rights and freedoms, concerning the personal data processing, at any person’s request, including public authorities and public administration bodies;
- cooperates with similar authorities from abroad, for mutual assistance, as well as with persons with residence or premises abroad, for the protection of the fundamental rights and freedoms which may be affected by the personal data processing;
- carries out other competences stipulated by law.
The Authority is directed by a president whose position is assimilated to the one of secretary of state.