The Constitutional Court (CCR) judges decided yesterday, with a majority of votes, that Romania’s cybernetic security law, nicknamed the Big Brother Law 2, was unconstitutional “in its entirety”.
“The Court took note that the entire legal act suffers of deficiencies under the aspect of fulfilling legislative technical demands, coherency, clarity, predictability, as well as concerning the respect of legislative procedure, due to the lack of approval from behalf of the Supreme Council of National Defence”, the Constitutional judges pointed out.
Moreover, the constitutional judges established that several articles of the law are a violation of the Constitution.
The magistrates’ decision is definitive and generally compulsory.
The Big Brother Law was intended to allow the Romanian Intelligence Service (SRI) the right to access servers without a warrant issued by a judge. This cybernetic security law in Romania, adopted by the Parliament, stipulates among other things that all owners of cybernetic infrastructures (electronic and telephone communication networks) should provide access to registered data on all users of these networks to secret services and authorities responsible of national security. These authorities would no longer need a warrant issued by a court, as it is usually done in these cases, but merely an “approved request” the law fails to give details on. The law is initiated by the Government under the circumstances that, last year, the Constitutional Court has declared as unconstitutional the content of two laws, including the one regarding collecting the data of communication networks users, by suppliers, for six months.
PNL’s challenge: This law is stealthily restricting the rights and liberties of the citizens
On December 23, PNL made an announcement about having notified the CCR to check on the constitutionality of the abovementioned law, which they claimed it broke the principle of legality, a fundamental right for the good functioning of the rule of law state.
The notification shows that the draft in cause violated some of the provisions of the Law 24/2000 regarding the legislative technique norms for drawing up regulatory acts.
According to the PNL, parts of the cyber security law were wrong from a conceptual perspective, especially referring to a series of limiting measures in what concerns the right to privacy in the digital zone, while it also breaks the existing European regulations concerned with the information security issue.
‘This law is stealthily restricting the rights and liberties of the citizens, by banning them access to cybernetic infrastructure, while the authorised institutions would extract the data inside such infrastructures based on a simple motivation written by them, with no other authorisation from the court being required, even if the Criminal Procedure Code dictates otherwise, the same as the CCR through its Decisions 440/2014 and 461/2014. In other words, the law is not harmonised as the CCR ruled that it should be. The Law breaks the article 148, paragraph (2), and the following ones from the Romanian Constitution, by incorrectly transposing community norms in the field,’ the abovementioned notification also said.
Moreover, the PNL MPs believe that it is not clear precisely what data need to be held by the authorised institutions, whereas the framework under which the request for the data is made doesn’t present enough procedural guarantees either.
The Senate on December 19 adopted, in its capacity as the decision-making chamber, the draft law on Romania’s cyber security, which provides for the creation of the National System of Cyber Security (SNSC) to reunite the authorities and public institutions having responsibilities in this field.
According to the abovementioned draft, the authorities and the public institutions, through the SNSC, cooperate with the cyber infrastructure owners, the academic environment, the business milieu, the professional associations and the nongovernmental organisations.
The SNSC activity will be coordinated at a strategic level by the Supreme Council for National Defence (CSAT), while for the seamless coordination of the system activities in charge will be the Operational Council of Cyber Security, made up of representatives of the National Defence Ministry, the Interior Ministry, the Ministry of Foreign Affairs, the Ministry for Information Society, the Romanian Intelligence Service, the Romanian Foreign Intelligence Service (SRI) , the Special Telecommunications Service (STS) , the Protection and Guard Service (SPP), the National Registry Office for Classified Information, (ORNISS) as well as the CSAT Secretary, Agerpres informs.