Back to the digital cage
Romania joined the European Union (EU) in 2007 – an important step towards integrating its policies into the EU framework, but with several gaps when it comes to information and communications technologies (ICTs).
While the European Court of Justice (ECJ) has rejected the EU Data Retention Directive 1 as invalid, 2 Romanian legislators were preparing two laws which, if adopted, would throw the country into a “digital cage”: Draft Law 263/2014 on cyber security, and Draft Law 277/2014 on the registration of prepaid mobile SIM cards and public Wi-Fi users. 3 Back in 2011, Romania was at the forefront of rejecting the EU Data Retention Directive, 4 risking sanction from the European authorities. In this context, adopting laws that violate users’ right to privacy in 2014 would be a step back for the ICT policy-making standards in the country.
“Romania is currently undergoing rapid and major technological development, but we have to make sure the new technology respects users' rights. Under Ceausescu, 5 Romanians were forced to register all typewriters with the Militia. Today, the government wants all Romanians to register all prepaid SIM cards and record all traffic going through free public Wi-Fi hotspots,” states an online petition launched on 8 June 2014. 6 This report focuses on two civil society protests against data retention laws in Romania that occurred in June and July 2014.
Policy and political background: Romania in the European context
The process of ICT policy alignment started during Romania’s accession to the EU (2001-2004). Milestones of regulatory changes contributing to an ICT-enabled environment included the liberalisation of the telecommunication market (2003), and legislation dealing with universal access, e‑commerce and online security, as detailed in the Romania country report in GISWatch 2007. 7
While the EU regulatory framework acted as a pulling force, ICT businesses have also pushed Romanian governmental agencies to keep up with regional and global communication trends. Infrastructural development has enabled access to mobile telephony and internet across the country, with narrowing gaps between urban and rural areas, the young and the elderly, the rich and the poor. The mobile broadband penetration rate rose significantly between 2011 and 2013, with 47.6% of the population connected to the internet via mobile devices in December 2013, compared to 21% in December 2011. 8
Digital literacy gap: Low or no skills
According to the Digital Agenda Scoreboard 2014 for Romania, 9 which assesses the country’s digital performance based on data available for 2013, the widest gap between Romania and the EU average scores concerns rural fixed-broadband coverage (78% vs 90%), mobile broadband take-up (41% vs 62%), and 4G mobile broadband coverage (27% vs 59%). Partly due to this infrastructural gap, 10 42% of the Romanian population has never used the internet, compared to the 20% EU average, and only 45% is using the internet on a weekly basis, while the EU average is 72%. Meanwhile, individuals with low or no digital skills represent 85% of the population, significantly higher than the 47% EU average. 11 An alarming ratio of 94% of “disadvantaged” people – individuals who are aged 55-74, have low levels of education and/or are unemployed, retired or inactive – have low or no digital skills, compared to the 64% EU average. Online safety and privacy issues are among the most critical digital skills gaps of Romanian internet users.
A report on EU digital skills issued in May 2014 12 placed Romania at the lowest end of the performance scale for every indicator: general ICT skills, safety, content creation and problem solving online. Even the so-called connected generation Z in Romania lags behind the digital literacy of youth in other countries, as shown in the EU Kids Online project findings, 13 and the Net Children Go Mobile report. 14 These alarming results show the heightened responsibility for policy makers and society at large, including businesses and civil society organisations, to protect the digital rights of a vulnerable, unskilled population.
Stop surveillance activities in Romania! A civil society campaign
ICT policy experts from Romania 15 have warned of the threats to privacy if data retention laws 16 are adopted. After draft laws were published in April 2014, civil society organisations have closely monitored the legislative process and informed the public, taking positions against both the content and the policy-making process.
“Invading people’s privacy is like rape”
When commenting on the draft laws on data retention, the head of the ICT committee for the Romanian Chamber of Deputies put it bluntly: intruding into people’s computers without their consent is like rape. 17
Civil society and its partners 18 began to mobilise in June 2014 at the Coliberator conference, 19 organised by the Ceata Foundation. On 7-8 June 2014, a digital rights conference called Coliberator took place in Bucharest,, featuring topics like “Reimagining the Digital Revolution after Snowden”, “A Free Digital Society”, and “Surveillance, capabilities, social consequences and responses”. Conference participants published an online petition, asking the Romanian authorities to withdraw the draft laws on data retention. The petition, called “Stop surveillance activities in Romania!”,received 1786 signatures 20 from people with various backgrounds: digital rights activists like Richard Stallman (the president of the Free Software Foundation), Jillian York (director at Electronic Frontier Foundation), Bardhyl Jashari (Metamorphosis Foundation), 21 mainstream media representatives, bloggers, software developers and students.
Online petition appeal launched at the Coliberator conference on 8 June 2014
Romania is currently undergoing rapid and major technological development, but we have to make sure the new technology respects users' rights. Under Ceaușescu, Romanians were forced to register all typrewriters to the Militia. Today, the government wants all Romanians to register all pre-paid SIM cards and record all traffic going through free public WiFi hotspots.
Just one month after the ECJ decision declaring the Data Retention Directive invalid, the Romanian Government made three decisions to continue and even extend mass surveillance by:
- ignoring the ECJ decision and keeping the law 82/2012 regarding the data retention to be enforced anyway.
- adopting, without any kind of public consultation, a law requiring registration of all prepaied sim card users (including forcing the current 12 million users to submit their personal data during the next 6 months or face disconnection). This is all the more egregious given that this is the 4th such attempt since 2011.
- planning to require providers of free public WiFi hotspots to identify their users.
- adopting, without any kind of public consultation, a new law giving agents of the state the power to examine data in any computer system whatsoever without a court order, including your computer, in order to "have access to the data being held".
The signatories, participants of Fundația Ceata's Coliberator conference, as well as other people and organizations supporting this protest, are demanding the Romanian government and the Romanian public institutions to respect the citizens' privacy rights.
Thus, the signatories:
- Remind that privacy is a fundamental human right, and that it is central to the existence and survival of democratic societies. It is essential to human dignity and it reinforces other rights, such as freedom of expression and information, and freedom of association, and is recognised under international human rights law. Activities that restrict the right to privacy, including communications surveillance, can only be justified when they are prescribed by law, when they are necessary to achieve a legitimate aim, and when they are proportionate to the aim pursued. ( International Principles on the Application of Human Rights to Communications Surveillance)
- Demand the immediate rejection by Parliament and withdrawal by the Government of the above mentioned draft laws that are infringing the right of privacy of the Romanian citizens.
- Ask for an rapid annulment of the data retention law in order to respect the ECJ decision.
- Underscore that any future action of the government that could affect the right of privacy or any other fundamental rights must be drafted and adopted only after meeting the transparency requirements made by Law 52/2003, with a full human rights impact assessment and with a mandatory opinion from the Romanian Data Protection Authority.
Note: English translation by the petition organisers. Source: http://coliberator.ro/petition/
Targeted protests against the “Big brother law”
At the same time, the Association for Technology and Internet, the Association for Defence of Human Rights in Romania, the Helsinki Committee, ActiveWatch, the Centre for Independent Journalism, the Romanian Centre for Investigative Journalism, Geo‑spatial.org and the Ceata Foundation launched a joint statement 22 expressing their strong disapproval of Law 277/2014 on registering prepaid SIM cards and monitoring public Wi‑Fi users. This law was passed in the Romanian Senate on 2 June 2014, with only one day allowed for amendments and comments. The signatory organisations highlighted the disproportionate and unclear character of the law:
- All free Wi-Fi users will need to be identified.
- All prepaid mobile phone users will have to be registered within six months after the law comes into force, otherwise their services will be deactivated.
- Users’ registration will be done under uncertain conditions, with no clear provisions on who will be accessing their personal data.
On 2 July 2014, the law was rushed through parliament by the Chamber of Deputies. It was the fourth attempt to adopt a “Big Brother Law” in three years, all opposed by civil society organisations and industry – three times successfully. 23 On 3 July 2014, civil society organisations issued a statement highlighting the lack of real consultation during the legislative process, and asking that the Romanian Constitutional Court take note of the unconstitutional character of the law. 24 On 7 July 2014, nine Romanian civil society organisations issued a request to the presidency, asking it to notify the Constitutional Court on the unconstitutional character of the surveillance law. 25
Steady technological development has connected many Romanians to the global digital culture, but when it comes to skills, awareness and participation, there is a long way to go: 85% of the population has low or no digital skills, and 45% has never used the internet. Governmental machineries and interests are still dominating the public arena, but civil society organisations have strong capacity to channel energies and to protect vulnerable users’ right to privacy. Romanian organisations were able to mobilise, and in one month 1786 signatures were gathered protesting against an abusive surveillance law.
Two draft laws were issued in April 2014: one on cyber security, with a pending status in July 2014, and the other on monitoring prepaid SIM card holders and public Wi-Fi users – the latter was pushed through the legislative apparatus in one month, from 2 June to 2 July 2014. The future remains uncertain: it is more likely that a top-down authoritative voice from the EU would be able to prevent Romanian authorities from invading citizens’ privacy.
Ironically, while the ECJ has rejected the EU surveillance directive, Romanian authorities still adopted an abusive law that throws the country into a “digital cage”.
- A multi-stakeholder approach to ICT issues, including digital rights, should be promoted and implemented at a national level in Romania. Civil society organisations should act as barometers of freedom and watchdogs of democracy by:Building stronger coalitions with local and international digital rights activists.
- Developing common platforms and strategies with businesses and international governmental organisations, such as EU organs.
- Initiating and implementing ICT educational programmes in order to raise the level of digital literacy in Romania.
2- O’Brien, D. (2014, April 8). Data Retention Directive invalid, says EU’s highest court. Electronic Frontier Foundation. https://www.eff.org/deeplinks/2014/04/data-retention-violates-human-rights-says-eus-highest-court
8- Autoritatea Nationala pentru Administrare si Reglementare in Comunicatii (ANCOM). (2014). Piata serviciilor de comunicatii electronice din Romania. Raport de date statistice pentru perioada 1 iulie – 31 decembrie 2013, p. 39.
12- European Commission. (2014). Measuring Digital Skills across the EU: EU wide indicators of Digital Competence. ec.europa.eu/digital-agenda/en/news/measuring-digital-skills-across-eu-eu-wide-indicators-digital-competence