The Bulgarian Supreme Administrative Court (SAC) repealed a provision of the Data Retention in the Internet Regulation

With a decision as of December 11, 2008 a five-member panel of the Supreme Administrative Court (SAC) repealed a provision of the Bulgarian Regulation # 40 transposing the Data Retention Directive (2006/24/EC) challenged by AIP.

The Regulation was issued by the State Agency on Information Technologies and Communication (SAITC) and the Ministry of Interior (MoI) and promulgated in the State Gazette on January 29, 2008.

AIP challenged the Regulation submitting a complaint to the SAC on March 19, 2008 arguing that its adoption is in violation of the Constitution of the Republic of Bulgaria, the European Convention on Human Rights, and the European Union legislation.

In its decision as of December 11, 2008, a five-member panel of the SAC repealed the decision of the lower instance court and Art. 5 of the challenged Regulation. Article 5 provides for a “passive access through a computer terminal” by the Ministry of Interior, as well as access without court permission by security services and other law enforcement bodies, to all retained data by Internet and mobile communication providers.

The court ruled that the provision did not set any limitations with regard to the data access by a computer terminal and does not provide for any guarantees for the protection of the right to privacy stipulated by Art. 32, Para. 1 of the Bulgarian Constitution. No mechanism was established for the respect of the constitutionally granted right of protection against unlawful interference in his private or family affairs and against encroachments on his honor, dignity and reputation.

The court also found that the text of the Art. 5 of the Regulation, providing that the investigative bodies, prosecutor’s office and the court shall be granted access to retained data “for the needs of the criminal process,” the security services – “for the needs of the national security”, does not provide limits against violations of constitutionally granted rights of the citizens. Reference to specialized laws – such as Penal Procedure Code, Special Surveillance Means Act, Personal Data Protection Act, which specify conditions under which access to personal data shall be granted, was not provided either.

Furthermore, according to the court, Art. 5 of the Regulation contradicts the provision of Art. 8 of the European Convention on Human Rights, according to which everybody has the right to respect for his private and family life, his home and his correspondence and the interference of the state in such matters is unacceptable. The exemptions from that principle are exhaustively listed by Art. 8, Para. 2 of the Convention requiring that they are: “in accordance with the law and necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”

The court emphasizes that national legal norms shall comply with that established principle and shall introduce comprehensible and well formulated grounds for both access to the personal data of citizens and the procedures for their retention. Article 5 of the Regulation lacks clarity in terms of protection of the right of private and family life which contradicts the provision of Art. 8 of the ECHR, the texts of the Directive 2006/24/EC, and Art. 32 and 34 of the Bulgarian Constitution.

AIP will stay alert and try to prevent the adoption of any texts that might violate constitutionally granted rights of Bulgarian citizens.

Information about the litigation can be found here.

English Version • Last Update: 12.12.2008• © 1999 Copyright by Interia & AIP