Press Re: AIP Appealed a Regulation on Data Retention Before the Bulgarian Supreme Court

On March 19, 2008, Access to Information Programme (AIP) filed an appeal to the Bulgarian Supreme Administrative Court regarding the Regulation # 40 as of 2008 issued by the State Agency on Information Technologies and Communication (SAITC) and the Ministry of Interior (MoI), which binds the mobile operators and internet providers to retain data on electronic messages and phone calls.

Regulation # 40 on the categories of data and the procedure under which they would be retained and disclosed by companies providing publicly available electronic communication networks and/or services for the needs of national security and crime investigation was promulgated in the Bulgarian State Gazette on January 29, 2008. The adoption of the regulation triggered a massive wave of criticism and rage among the civil society and business community in the country, as it implies serious intrusion in private life and correspondence.

According to the authors of the Regulation – Ministry of Interior (Mol) and the State Agency on Information Technologies and Communication (SAITC) – it is putting the Bulgarian legislation in conformity with the Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications and amending Directive 2002/58/EC. The Directive states that the providers of publicly available electronic communication networks and services shall retain the data on each mobile call: date and time, location and participants of the communication, as well as on each electronic message itself (via internet).

Under the Regulation, certain operators will have to retain for 12 months data on all mobile phone calls, online calls, e-mails, SMS, even the communications in forums. The data actually does not include the content of the communication or message (though in forums the content is always public), but include information on who spoke or wrote to whom. The retained data will include: name and address of the user or registered user, date and time and duration of the connection. This also includes so-called attempted calls. These data will be accordingly kept and the access will be provided to a directorate within the Ministry of Interior – by default; to the pretrial investigation bodies and to the court – in order to carry out the punitive measures; and to the state security and public order bodies – to ensure national security.

According to AIP, the adoption of this regulation is in violation of the Constitution of the Republic of Bulgaria, the European Convention on Human Rights, and the European Union legislation.

- the adoption of this regulation certainly violates the right of private life and correspondence. As set by Art. 32, para. 2 of the Constitution similar provisions shall be introduced by a law – an act issued by the legislative authority. The Regulation, however, represents a secondary legislation document;

- issues regarding the personal data and their technical processing, including retention and access to such data, are regulated by the Personal Data Protection Act. The Electronic Communication Act which entitles the SAITC and the MoI to adopt the Regulation does not contain provisions regarding the personal data. Consequently, the SAITC and the MoI are not authorized to issue a regulation on retention and access to the personal data;

- it is inacceptable that the regime of access to data qualified as personal, which is regulated by the Personal Data Protection Act, the Penal Procedure Code and the Law on Special Surveillance Devices is being changed by a Regulation. The Regulation provides for a “passive access through a computer terminal” of a directorate of the MoI to all retained data, which is a drastic violation of Art. 8 of the European Convention on Human Rights.

- the Regulation is not in compliance with the provisions set forth by the Directive 95/46/ЕC and the Convention # 108 stipulating the processing of personal data and their protection.

English Version • Last Update: 25.03.2008• © 1999 Copyright by Interia & AIP