The Court of Justice of the European Union declared, on the 8th of April 2014, Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks to be invalid as it interferes with the right to respect for private life and the fundamental right to the protection of personal data, enshrined by Article 7 and Article 8 of the Charter of Fundamental Rights of European Union.
Directive 2006/24/EC lays down the obligation of the publicly available electronic communications services or of public communications networks providers to retain, for a period between 6 and 24 months, certain data generated or processed within the activities for the provision of electronic communication services, in order to make them available to the competent authorities for the purpose of the investigation, detection and prosecution of serious crime.
This communitary act was transposed initial by Law no. 298/2008, which was not approved by the National Supervisory Authority for Personal Data Processing and which was declared unconstitutional by Decision no. 1258/2009 of the Constitutional Court as it interferes with the right to the private and family life, the right to the secret of correspondence and the freedom of expression in a manner that does not correspond to Article 53 of the Romanian Constitution (in relation with the conditions for restraining the exercising of certain rights and liberties).
Further, following the infringement procedure initiated by the European Commission, Law no. 82/2012 on the retention of the data generated or processed by providers of electronic communication public networks and by providers of electronic communication services intended for the public, as well as for the amendment and supplementation of Law no. 506/2004 on the personal data processing and protection of private life in the electronic communication sector for the implementation of Directive 2006/24/EC was adopted, which was also not approved by the National Supervisory Authority for Personal Data Processing, bearing in mind the need for privacy protection.
The decision of the Court of Justice of the European Union can be accessed here, in English.
Legal and communication department