While privacy advocates in the United States fume over government practices of spying on confidential data of individual citizens, particularly by the National Security Agency, Romania’s parliament has just approved a bill that would authorize the government to access private networks of businesses containing confidential data of private users.
What is alarming about the bill, awaiting the final signature of the president, is that it allows Romania’s national intelligence agencies to view those pieces of data even without a court order, but merely based on a request that might be motivated by unwarranted evidence.
The legislation can bring about many implications, both commercial and legal. For the IT industry, Romania houses several companies that provide software development services and third-party IT solutions to international clients. A lot of these companies, which include big corporations in the technology sector such as Amazon and Microsoft, surely do not want to have their treasure trove of data be accessible to outsiders as it might have serious impact on their business integrity.
Almost for all that it is, the cybersecurity bill also constitutes violations of existing laws, according to some experts, with which I agree. First, it sits opposite to what the European Union’s Network and Information Security directive requires, which is that only a civilian entity must have the responsibility for national cybersecurity matters and not a law enforcement agency, intelligence group or defense agency, which is what the Romanian bill proposes to enact. There must be an agreement between the bill and the EU’s directive because Romania’s legislators patterned the legislation from the EU’s measure.
Under the proposed new cyber law in Romania, operators of the nation’s critical infrastructure such as energy, transport, and finance will report cyber incidents to the national cybersecurity authorities, which is the equivalent of NSA in the U.S. And the bill is too broad as some non-governmental organizations argue. That is so because it applies not only to commercial or private enterprises but also to all government entities. When the measure gets approved, no information won’t be visible to the government, and it could potentially lead to abuses in privacy.
For sure this bill will open up the issue of the citizens’ constitutional rights to privacy as many private individuals have their data stored and processed in the computer networks of many companies and organizations.
There also seems to be a conflict in how the legislation seeks to delegate the oversight of cyber matters. Under the legislation, the Romanian Intelligence Service will serve as the national authority of cybersecurity. Under the EU directive, an intelligence body must have no control of this area. For sure the privacy organizations will have their eyes focused on this issue for the weeks to come.