Legality and security

The law on cyber security is unconstitutional, says Romanias Constitutional Court. This is the third law of a so-called “Big Brother package to be ruled as unconstitutional.

Mihai Pelin, 22.01.2015, 13:53

Vehemently criticised by civil society, the law on cyber security passed by Parliament a month ago has been declared unconstitutional. The Constitutional Court issued this ruling following a complaint by a group of Liberal MPs, in opposition, who warned that the respective law violated the right to privacy on the Internet. The Constitutional Court judges have ruled that the law in question runs against a number of constitutional provisions, including free access to justice and fair trial, the right to privacy and the right to secrecy of correspondence, not to mention that it lacks the approval of the country’s Supreme Defence Council.



This is the third law in a so-called “Big Brother package” to be declared unconstitutional following the rejection of two other similar laws last year by the Constitutional Court: one on the obligation of providers of telephone and Internet services to retain their users’ data for a period of 6 months and another on the obligation to request users of pre-pay phone services and Wi-Fi networks to provide personal information.



The opponents of the law on cyber security say it would allow secret services and prosecutors access to data from any information system suspected of being involved in illegal activities without a warrant issued by a court of law and only based on justified request.



On the other hand, the supporters of the law argue the law would not apply to ordinary citizens who own a computer or a network and that the law is necessary amidst the unprecedented rise in cyber threats. In the opinion of the Romanian Intelligence Service, the most fervent supporter of the law, this is essential in the protection of and the compliance with the citizens’ fundamental rights and liberties.



The fears, speculations and accusations related to the law are groundless because the law does not allow state institutions access to personal data without prior approval by a judge, says the Romanian Intelligence Service. Its representatives say that only the owners of cyber structures, and not natural persons, would have the obligation to provide relevant authorities with technical data about the threat which makes the object of the request.



After a preliminary assessment, if deemed necessary to extend investigations to a specific person, access to this person’s computer, tablet or smartphone is carried out based on a warrant approved by a judge. This aspect, however, is not spelled out in the law. The Romanian Intelligence Service has explained that the law on cyber security did not have to include this provision because approval of access to personal data is already regulated by the Code of Criminal Procedure and the national security law. If also introduced into the law on cyber security, it would have caused legislative redundancy, which is contrary to best practice in law, says the Romanian Intelligence Service.