Gruia Dufaut

„BIG BROTHER” LAW - ADDITIONAL GUARANTEES FOR PERSONAL DATA PROTECTION

  • Home
  • News
  • „BIG BROTHER” LAW - ADDITIONAL GUARANTEES FOR PERSONAL DATA PROTECTION
„BIG BROTHER” LAW - ADDITIONAL GUARANTEES FOR PERSONAL DATA PROTECTION

Last updated: 19 November 2015


In order to ensure an additional protection of personal data and the right to private life of phone and Internet service subscribers and users, President Klaus Iohannis has promulgated Law no. 235/2015, amending and supplementing Law no. 506/2004 regarding personal data processing and the protection of private life in the electronic communications sector, also known by the public as the “Big Brother” Law.

Thus, in accordance with the “Big Brother” Law, access to personal data of phone and Internet service subscribers and users can only be achieved within a precisely established framework, by the courts, or only with the prior approval of a judge.


TRAFFIC DATA CAN BE STORED FOR 3 YEARS


The “Big Brother” Law provides a maximum period for the storage of traffic data of phone and Internet service subscribers and users.

More precisely, the new law provides that subscribers’ and users’ traffic data, which is currently being processed and stored by phone and Internet service providers in order to issue invoices and supply such services, will be deleted or anonymized when they will no longer be necessary for communication, but no later than three years from such communication.

Furthermore, the maximum period of three years from the communication will also apply to traffic data processed in order to establish the contractual obligations of communication services subscribers, services which are paid for in advance.


ACCESS TO DATA, ONLY WITH THE PRIOR APPROVAL OF A JUDGE


As regards to the access of the authorities to data stored by phone and Internet operators, “Big Brother” Law expressly provides that such access will only be allowed at the courts’, prosecutors’ and national and security authorities’ request, with the prior approval of a judge.

At their turn, providers of publicly available electronic communication services and providers of public electronic communication networks are obliged to immediately make available to the authorities, no later than 48 hours, traffic data, device identity data and location data, in accordance with the provisions related to personal data protection.

Data requested by the authorities cannot be deleted or anonymized by phone and Internet service operators when such request is accompanied/followed by a notice stating the necessity to preserve such data. Nevertheless, the said data will not be kept longer than 5 years from the date of the request or after the Court renders a final ruling.


On the same subject

LABOR LAW: NEW LEGAL CHANGES

As of June, a series of legal changes related to labor law entered into force and July 1st will mark the increase of the minimum wage to 1,050 Lei, as per Government Decision no. 1091/2014. On the other hand, the Constitutional Court has rendered an impor Read more

25 June 2015

FINANCIAL STATEMENTS FOR 2017: APPROVAL AND FILING

At the beginning of each year, companies draft their accounts for the previous financial year... Is there any profit to distribute, reinvest or losses to cover? In order to have an overall picture, the companies’ accountants must draft the financial accou Read more

15 March 2018

NEW RULES REGARDING OCCASIONAL WORK

The law regulating occasional work was recently changed and new sectors where economic agents can use unskilled work on an occasional, seasonal basis were added. Law no. 86/2018, published in Official Journal no. 313 as from 10 April 2018 amends and suppl Read more

6 June 2018

GDPR AT WORK – YOUR PERSONAL DATA PROCESSING BY YOUR EMPLOYER

The enforcement of the European Regulation on personal Data processing (GDPR) by the employer in the relationship with the employees put emphasis on companies’ liability with respect to collection, processing and storage of personal data. Read more

19 December 2019

CORPORATE SUSTAINABILITY: TIMELINE

The Directive no. 2022/2464 regarding corporate sustainability disclosure, known as ”CSRD” (Corporate Sustainability Reporting Directive), was transposed in the Romanian legislation under the Order no. 85/2024 of the Public Ministry of Finances, published Read more

13 May 2024

Subscribe to our newsletter

Please tick the following box to subscribe to our newsletter

Share this on:

Gruia Dufaut & Partners never communicate through gmail or public email services.

Stay vigilant against phishing:

- Verify the sender's email address carefully before responding or sharing any sensitive information.

- If you receive an email claiming to be from Gruia Dufaut & Partners but originating from a different domain, do not engage and contact us directly.

Close