Cristina Arhire, Romanian Cybersecurity legislation will be reviewed

On February 5, 2015, the President urged the Operative Council of Cybersecurity to review the legislation, “in order to find a balance between the respect of individual freedoms and preventing terrorism, cyber crime and combating corruption”.

In a press released on January 21, 2015, “the sole authority of constitutional jurisdiction in Romania”, the Constitutional Court, “upheld the objection of unconstitutionality” (constitutional review before promulgation) and declared Cybersecurity Law, unconstitutional “as a whole”.

The Court’s majority found “deficiencies in terms of the rules of legislative technique, consistency, clarity, predictability” and “the absence” of Supreme Council of National Defense’s notice, required by the legislative procedure.

In “a final and generally binding decision”, the Court also ruled that “constitutional provisions on rule of law, separation of powers and legality principle, provided by article 1 para. (3), (4) and (5); access to justice and the right to a fair trial (article 21 para.1 and 3); privacy and the secrecy of correspondence (article 26 and 28)” were violated due to “lack of safeguards to protect these rights” and “restriction of some rights or freedoms”(article 53)”.

Referring to NIS (Network and Information Security) Directive, in the reasoned opinion Court held that it represents just a draft legislative act of European Union relating to cybersecurity at the time of the judgment, but “a few issues” are considered “relevant to regulatory field”, such as: the Directive “respects” and “must be implemented according to” fundamental rights, and observes the principles, recognized by the Charter of Fundamental Rights of the European Union”(preamble – 41); designation of  “civil bodies that operate entirely on the basis of democratic control and should not be engage in intelligence work” as competent authorities (preamble- 10 and article 6.1 of the NIS Directive); “the proposed Directive does not establish the right to access data stored in computer systems and networks by designated authorities after a reasoned request, as provided in Article 17 of challenged law”and according to article 15 par.6 of NIS, “Member States shall ensure that any obligations imposed on market operators(…) may be subject to judicial review”.