USAID

RITI dot-Gov
Romanian Information Technology Initiative

Internews

Ro Romanian Version

Presentation of Romanian IT&C

 

Home

News

Romanian IT&C

Activities

Discussion papers

Links

Contact


Law no. 676 of 21 November 2001 on the Processing of Personal Data and the Protection of Privacy in the Telecommunications Sector


The Romanian Parliament hereby adopts this law:

Scope

Article 1

(1) This law ensures the specific conditions of guaranteeing the right to protection of privacy with regard to the processing of personal data in the telecommunications sector. 

(2) The provisions of this law shall apply to the operators of public telecommunications networks and to the providers of publicly available telecommunications services who, in the context of their activities, carry out processing of personal data. 

(3) The provisions of this law shall be complemented with the legal provisions regarding the protection of individuals in respect of processing of personal data and the free movement of these data.

(4) This law does not apply to the processing of personal data carried out:

a) in the context of the activities in the field of national defence and state security, performed within the limits and with the restrictions established by law;
b) in the context of the activities concerning the prevention, investigation and reprimanding of criminal offences and the keeping of public security, as well as in the context of other activities in the areas of criminal law, performed within the limits and with the restrictions established by law.


Definitions

Article 2

For the purposes of this law, the terms below are defined as follows:

a) telecommunications service – service whose provision is made, in whole or in part, by transmission and conveyance of signals in telecommunications networks, except for radio and television broadcasting;
b) publicly available telecommunications service – any telecommunications service, except for those necessary exclusively to their provider or to a closed users group;
c) provider of publicly available telecommunications services – legal person providing a publicly available telecommunications service;
d) public telecommunications network – transmission systems and, where applicable, switching equipment and other resources which permit the conveyance of signals between defined terminal points, by wire, by radio, by optical fibre or by other electromagnetic means, which are used, in whole or in part, for the provision of publicly available telecommunications services; 
e) operator of the public telecommunications network – the legal person authorized to install or operate a public telecommunications network with a view to offer publicly available telecommunications services;
f) subscriber – any natural or legal person who is party to a contract with the provider of publicly available telecommunications services for the supply of such services;
g) user – any natural person using a publicly available telecommunications service, for private or business purposes, without necessarily having subscribed to this service;
h) personal data – any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
i) processing of personal data – any operation or set of operations performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure to third parties by transmission, dissemination or otherwise, alignment or combination, blocking, erasure or destruction;
j) regulatory authority – the authority referred to in article 5 paragraph (1) of the Law on telecommunications no. 74/1996;
k) supervisory authority – the authority in charge with monitoring and controlling the lawfulness of the operations concerning the processing of personal data subject to the legal provisions that govern the protection of individuals with respect to the processing of personal data and the free movement of these data.
l) directories of subscribers – databases, in electronic or written form, which are available to the public or may be consulted through directory enquiry services or are used by third parties for commercial purposes, and which contain personal data of the subscribers;
m) itemized bill – all the information referring to called or calling lines, or to the data and length of time of every call. 

Security Measures

Article 3

(1) The provider of a publicly available telecommunications service and the operator of a public telecommunications network used for the aforementioned service must take all the appropriate technical and organizational measures in order to guarantee the security of the service and of the network.

(2) These measures shall ensure a level of security proportionate with the risk presented, taking into account the state of the art and costs of their implementation.

(3) Minimum security requirements to be adopted as a preventive measure shall be established by the regulatory authority within six months from the date of the entry into force of this law.

(4) The security requirements established according to the paragraph (3) shall be revised by the regulatory authority, taking into account the state of the art and the experience in this area, within two years after the date of the entry into force of this law, and thereafter at least every two years.

(5) In case of a particular risk of a breach of the security of the network, the provider of a publicly available telecommunications service is obliged to inform the subscribers about such risk. The notification shall also refer to the possible remedies, as well as to the costs of their implementation. 

(6) The information under paragraph (5) shall also be communicated to the competent public authority in the field of the protection of persons with regard to the processing of personal data.

Confidentiality of Communications

Article 4

(1) The confidentiality of communications by means of a public telecommunications network or by publicly available telecommunications services is hereby guaranteed.

(2) Listening, taping, storage or any other form of interception of telecommunications is hereby forbidden, except for the following cases: 

a) such operations are realized by the users participating to that communication;
b) the users participating to that communication have previously given their written consent;
c) such operations are performed in the capacity of public authority, according to the law.

(3) An user or a subscriber, as applicable, shall inform the other user or subscriber if during the conversation equipment permitting other people to listen, tape or store the conversation is used.

Article 5

Telecommunications services and in particular developing telephony services shall be offered in observance of users’ right to privacy, of the secrecy of correspondence, and of the freedom of communication.

Article 6

Any interference of public authorities in the content of a communication, including use of means of interception or supervision of communications, are hereby forbidden, except for the cases where such interferences are provided by law and represent a necessary measure in a democratic society for:

a) the protection of state security, public security, monetary interests of the state, or fighting criminal offences;
b) the protection of the person concerned, upon his request, or of the rights and freedoms of another person.

Article 7

In case of an interference of public authorities in the content of a communication, the authorization law shall provide:
a) the manner in which the person concerned may exercise the right of access and of rectification;
b) the conditions subject to which the competent public authorities are entitled to refuse to give information to the person concerned;
c) the modalities of storing or destructing the personal data.

Article 8

(1) The operators of public telecommunications networks or of telephony services or the providers of publicly available telecommunications services may not communicate data obtained by interfering in the content of a communication to other person but the one designated in the authorization for obtaining such data issued according to the law.

(2) The authorization of the operators of public telecommunications networks to interfere in the content of a communication, including by use of interception or supervision means, as well as the use of technical means for the localisation of the source of unsolicited calls, shall be made only subject to conditions and constitutional guarantees for the exercise of fundamental rights and freedoms granted by law.

Traffic and Billing Data

Article 9

(1) Traffic data related to subscribers and users, processed in order to establish the calls made and stored by the provider of a publicly available telecommunications service or by the operator of a public telecommunications network must be erased or made anonymous upon the termination of the call, without prejudice to the provisions of paragraphs (2) to (4).

(2) Processing of data containing: the number or identification of subscriber’s station, the address of the subscriber and the type of the station, the total number of units that have to be billed for the countering period, the number of the called subscriber, the type, the starting time and the duration of the calls effected or the volume of data transmitted, the date of call or service, other information relating to payments, such as the advance payments, payments for installing, disconnections and reminders, carried out for the purpose of subscriber billing or interconnection payments is permitted only within 3 years from the due date of the payment obligation corresponding to the invoice, respectively, from the due date of the payment obligation corresponding to the interconnection.

(3) The provider of a publicly available telecommunications service may process only the significant data referred to in paragraph (2) for the purpose of marketing or selling its own services, only with the notification of the subscriber and his express consent.

(4) Access to and processing of traffic and billing data must be limited to the persons acting by virtue of a job-related obligation binding them to the provider of publicly available telecommunications services or, respectively, to the operator of the public telecommunications network, who have as tasks handling billing or traffic management, customer enquiries, fraud detection or marketing the provider’s or operator’s own telecommunications services. The processing operations carried out by these persons must be restricted to the data necessary for the purposes of accomplishing these job-related obligations.

(5) The paragraphs (1) to (4) shall not be construed as limiting the access of the competent authorities to traffic or billing data, in accordance with the law, for the purpose of settling disputes, in particular interconnection or billing disputes.

Itemized Billing

Article 10

(1) Subscribers shall receive non-itemized bills.

(2) Itemized bills can be issued only upon request of the subscribers, in observance of the right to privacy of subscribers and users, according to the law.

(3) The categories of information which can be included in the itemized bills shall be established by the regulatory authority.

Presentation and Restriction of Calling and Connected Line Identification

Article 11

(1) Where presentation of calling line identification is offered, the calling user must be offered by the provider of the publicly available telecommunications service or by the operator of the public telecommunications network, free of charge, a simple means to eliminate the presentation of the calling line identification on a per-call basis.

(2) The calling subscriber must be offered by the provider of the publicly available telecommunications service or by the operator of the public telecommunications network, free of charge, a simple means to eliminate the presentation of the calling line identification on a per-line basis, in the case referred to in paragraph (1). 

(3) The called subscriber must be offered by the provider of the publicly available telecommunications service or by the operator of the public telecommunications network, free of charge for a reasonable use of this function, a simple means to eliminate the presentation of the calling line identification of incoming calls, in the case referred to in paragraph (1).

(4) If the calling line identification is presented prior to the call being established, the called subscriber must be offered by the provider of the publicly available telecommunications service or by the operator of the public telecommunications network a simple means to reject incoming calls where the presentation of the calling line identification data has been eliminated by the calling user or subscriber, in the case referred to in paragraph (1).

(5) Where presentation of connected line identification is offered, the called subscriber must be offered by the provider of the publicly available telecommunications service or by the operator of the public telecommunications network, free of charge, a simple means to eliminate the presentation of the connected line identification to the calling user.

(6) The provisions set out in paragraphs (1) and (2) shall also apply with regard to calls to another country originating in the territory of Romania, and the provisions set out in paragraphs (3) to (5) shall also apply with regard to calls to Romania originating in another country’s territory.

(7) If calling or connected line identification is offered, the providers of publicly available telecommunications services must make it public, as well as the rights provided in paragraphs (1) to (6).

Exceptions

Article 12

A provider of a publicly available telecommunications services, or the operator of a public telecommunications network, may override the provisions regarding the presentation of calling line identification, provided the applicable procedures are made public, in the following cases:

a) temporarily, following the request of a subscriber for tracing of malicious or nuisance calls; in this case, identification data shall be recorded and made accessible, in accordance with applicable law;
b) on a per-line basis, for organizations dealing with emergency calls, legally recognized as such, in accordance with applicable law, such as police stations, fire brigades, or ambulance services.

Automatic Call Forwarding

Article 13

Any subscriber must be offered by the provider of a publicly available telecommunications service or by the operator of a public telecommunications network a simple means to stop automatic call forwarding, made by a third party, to the subscriber’s terminal.

Directories of Subscribers

Article 14

(1) The providers of publicly available telecommunications services must include in the directories of subscribers they realise or to make available to the third parties that realise such directories, only personal data that are necessary to identify a certain subscriber, except where the subscriber has given his explicit consent to the publication of additional data.

(2) Any subscriber is entitled, free of charge, to request:
a) to be omitted from a directory of subscribers;
b) to indicate that his personal data may not be used by third parties for direct marketing purposes;
c) to have his address specified only in part;
d) that no mentions on his sex are made, where this is linguistically possible.

Unsolicited Calls

Article 15

Unsolicited calls, for direct marketing purposes, made through automated calling systems without human intervention, by means of facsimile machines, or by any other means are hereby forbidden, except where the called subscriber has given his prior explicit consent.

Liability

Article 16

(1) Violation of the provisions of this law shall be punished by disciplinary, administrative, civil or criminal measures, as applicable.

(2) Providers of publicly available telecommunications services and/ or operators of public telecommunications networks are liable towards users for the effective losses caused by the failure to execute or by the incorrect execution of their obligations as per this law. 

Contraventions and Sanctions

Article 17

(1) The following shall constitute contraventions, if they not committed so as to constitute criminal offences, in accordance with the criminal law:

a) Failure to adopt or incomplete adoption of the minimum security requirements referred to in article 3, paragraphs (3) and (4);
b) Failure to comply with the obligation of information referred to in article 3 paragraphs (5) and (6);
c) Failure to comply with the confidentiality obligation referred to in article 4 paragraphs (2) and (3);
d) Failure of the public authorities, of the providers of publicly available telecommunications or telephony services, or of the operators of public telecommunications networks to comply with the obligations referred to in articles 5, 6, 7, and 8;
e) Failure to comply with the obligations regarding the processing and restriction of access to personal data, referred to in article 9;
f) Violation of the subscribers’ rights referred to in article 10 by or relating to issuing itemized bills;
g) Failure to comply with the obligations regarding the provision of calling or connected line identification, referred to in article 11;
h) Failure to comply with the obligation regarding the provision of automatic call forwarding, referred to in article 13;
i) Failure to comply with the obligations regarding subscribers directories, referred to in article 14;
j) Initiating an unsolicited call, in violation of article 15.

(2) The contraventions referred to in paragraph 1 shall be sanctioned with fine from ROL 10,000,000 to ROL 250,000,000.

(3) The contraventions referred to in paragraph 1 (a) - (d) shall be ascertained by the personnel of the regulatory authority, as well as by authorized representatives of the bodies legally entrusted with supervisory and control tasks.

(4) For the contraventions referred to in paragraph 1 (a) - (d), the regulatory authority may dispose also the suspension or the cancellation of the licence or of the authorization.

(5) The contraventions referred to in paragraph (e) - (j) shall be ascertained by the personnel of the supervisory authority, as well as by authorized representatives of the bodies legally entrusted with supervisory and control tasks.

(6) The provisions of the present law shall be complemented by the provisions of the Government Ordinance no. 2/2001 on the juridical regime of contraventions.

(7) The amount of fines referred to in this law may be updated by Government Decision, taking account of the evolution of the inflation rate.

Final and Transitory Provisions

Article 18

The present law enters into force within 3 months after the date of its publication in the Official Journal of Romania, Part I.





This law has been adopted by the Senate in the meeting of October 22nd 2001, in compliance with the provisions of article 74 paragraph (2) of the Constitution of Romania.

For the President of the Senate,

ALEXANDRU ATHANASIU


This law has been adopted by the Chamber of Deputies in the meeting of October 29th 2001, in compliance with the provisions of article 74 paragraph (2) of the Constitution of Romania.

The President of the Chamber of Deputies

VALER DORNEANU



Published in the Official Journal no. 800 of December 14th 2001.

© 2003 Internews