The head of Moldova’s protection of privacy association says the country does not understand European privacy rules – despite having a law on the matter – and often misuses them to keep data secret.
Sergiu Bozianu, president of the Association for the Protection of Privacy in Moldova, told BIRN in an interview that respect for privacy remains a problem in Moldova, especially when it comes to the so-called force institutions.
The lawyer says the authorities should follow the European pattern and create a unique register of all intercepted ways of communication, surveillance or special investigative measures.
“Special investigative measures are of a secretive nature. Nobody must know them, or we won’t catch thieves anymore. But every special investigative measure should be recorded somewhere,” he says.
He also says that, after a time, if the prosecutors do not find anything about the person who was the target of the special measures, that person should be notified about the procedures.
When it comes to the General Data Protection Regulation, GDPR, Moldova, despite having adopted this European law, has implemented it in an ambiguous way, reflecting the fact that parliamentarians do not seem eager to take a strong stand on the matter.
In June 2019, in the last days of Pavel Filip’s Democratic Party government, an journalistic investigation done by media outlet RISE Moldova revealed that the Interior Minister had authorized special surveillance actions on 52 members of the pro-European opposition, civil society members and journalists.
The 52 were psychically monitored, their phones tapped and cameras and microphones were even installed in their apartments. These major violations of their private lives were justified by alleged suspicions that they were planning a coup.
“From what I know from the media – because there have been no official reactions – some criminal cases have started [on these cases of illegal surveillance],” Bozianu said.
“But given the level of public interest in this activity, the bodies concerned should come up with statements on the subject – to clearly state what was done, and what the results were,” he added.
Bozianu mentioned another big problem in Moldova on privacy, besides the questionable actions of the authorities.
“We are talking here about private security agencies and the detectives who confuse their security activity in the private sector with police interception,” he said.
Bozianu said members of private security agencies often do exactly what the police do, even though they are not allowed to, by law. “Usually, these are former police officers or secret service employees, and they do the same activities in the private sector after they leave the official system,” he explained.
Confusion about what law really says:
Moldova first adopted a law on the protection of personal data in 2007-2008, after it ratified Convention 108 of the Council of Europe’s 1981 treaty for the protection of individuals regarding the automated processing of personal data. This was replaced by the current law, Law 133, for the protection of personal data, that remains in force until now.
The Moldovan lawyer, Sergiu Bozianu, speaking at a conference about the rights to a private life in Chisinau, Moldova, September 18, 2019. Photo: Sergiu Bozianu`s Facebook account
But Bozianu said it was problematic that communication officers of state institutions in Moldova now often refuse to reply to media requests for information by misinterpreting the protection of personal data law.
“Lately, it has become fashionable to invoke the regime of personal data. But this does not mean that [information] should not be published and revealed, if the grounds are that it is of public interest or concerns public money and public offices. It must be published,” he added.
He also criticised the “selective justice” in the past years by which some TV channels seemed to have preferential access to the personal data of important politicians – usually political adversaries of the authorities, like the former jailed prime minister Vlad Filat, the archenemy of the oligarch Vlad Plahotniuc, who still owns the biggest media empire in Moldova.
The lawyer also argues that the present law has flaws, with high corruption trials mostly kept secret. “When it comes to the divorce of two spouses, everything is published, about how they cheated, with whom, if they got hit and so on,” he complained.
“Today, we have a major problem with the publication of court rulings. We publish data when it is not needed – and do not publish data when it is needed. Corruption cases are all anonymised,” he said.
For those who break the privacy law, there are five types of penalty, with a maximum fine of 15,000 lei [750 euros] applicable. Theoretically, prison is also possible, stipulated in Article 177 of the penal code on the inviolability of personal life.
However, while this article is taken from Russian legislation, the law on the protection of personal data was transposed from EU law, namely from Directive 9546.
“We have tried to make a hybrid that does not work,” he suggests. “We have introduced something with national specific [judiciary provisions], and from a predictable European act, have made an unpredictable law that is outdated and inapplicable,” he adds.
Moves to improve law stuck in parliament:
The General Data Protection Regulation came into force in Moldova on May 25, 2018. Bozianu has been fighting for amendments since then, but a bill with these amendments has now been in the parliament since 2018 – although it was won a positive vote at the first reading.
Moldovan deputies taking a vote in the Parliament. Photo: EPA/Doru Dumitru
“This bill is a very important one for us, because it comes with a new regulation in the field of data protection, and from a European perspective,” Bozianu said.
The lawyer said it was imperative for Moldova to better implement all European law requirements, especially from the perspective of trade with EU markets.
“We need to have a law that would give us fair competition in relation to other economic agents,” he says. “If a Moldovan company wants to enter the European market or provide services there, it must comply with European requirements regarding GDPR,” he stresses.
Bozianu says Moldova must comply with European GDPR regarding social media accounts as well. He argues that if Moldovan citizens do certain actions on Facebook, they now risk being sanctioned under European GDPR.
“European GPDR applies in many situations in Moldova … when we store in the cloud on Facebook’s server, we actually store in the EU,” he notes. “All the information about Facebook users is in the EU – and that is where the GDPR applies,” he concludes.