Advanced Search

Law No. 506 Of 17 November 2004 Concerning The Processing Of Personal Data And Privacy In The Electronic Communications Sector

Original Language Title:  LEGE nr. 506 din 17 noiembrie 2004 privind prelucrarea datelor cu caracter personal şi protecţia vieţii private în sectorul comunicaţiilor electronice

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
LEGE no. 506 506 of 17 November 2004 (* updated *) on the processing of personal data and the protection of privacy in the electronic communications sector ((updated on 17 October 2015 *)
ISSUER PARLIAMENT




---------- The Romanian Parliament adopts this law + Article 1 General provisions (1) The present law establishes the specific conditions for guaranteeing the right to the protection of privacy with regard to the processing of personal data in the electronic communications sector. (2) The provisions of this Law shall apply to the processing of personal data related to the provision of electronic communications services to the public through public electronic communications networks, including public networks of electronic communications involving data collection and identification devices. --------- Alin. ((2) of art. 1 1 has been amended by section 1 1 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. (3) The provisions of this Law shall be supplemented by provisions Law no. 677/2001 for the protection of individuals with regard to the processing of personal data and the free movement of such data. (4) This law does not apply to the processing of personal data carried out: a) within the framework of national defence and national security activities, carried out within the limits and with the restrictions established by law; b) in the framework of activities to combat crimes and maintain public order, as well as in other activities in the field of criminal law, carried out within the limits and with the restrictions established by law. + Article 2 Definitions (1) For the purposes of this Law, the following terms shall be defined as follows: a) user-any natural person benefiting from an electronic communications service intended for the public, without necessarily having the subscriber quality of this service; b) traffic data-any data processed for the purpose of transmitting a communication through an electronic communications network or for the purpose of invoicing the value of this operation; b ^ 1) equipment identification data-technical data of communication service providers intended for the public and of the provider of public electronic communications networks, which allow to identify the site of the equipment communications of these, processed for the purpose of transmitting a communication through an electronic communications network or for the purpose of invoicing the value of this operation; ---------- Lit. b ^ 1) a par. ((1) of art. 2 2 was introduced by section 4.2. 1 1 of art. unique from LAW no. 235 235 of 12 October 2015 published in MONITORUL OFFICIAL no. 767 767 of 14 October 2015. c) location data-any data processed in an electronic communications network or through an electronic communications service, indicating the geographical position of the terminal equipment of the user of a communication service electronic public services; ---------- Letter c) a par. ((1) of art. 2 2 has been amended by section 4.2 2 2 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. d) communication-any information exchanged or transmitted between a number determined by the participants via an electronic communications service intended for the public; this does not include the information transmitted to the public through a network of electronic communications as part of a service of audiovisual programmes, insofar as a link cannot be established between the information in question and the subscriber or identifiable user receiving it; e) repealed; ---------- Letter e) a par. ((1) of art. 2 2 has been repealed by section 6.6. 3 3 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. f) value added service-any service that requires the processing of traffic data or location data, for purposes other than the transmission of communication or billing of the value of this operation; g) electronic mail-the service consisting in the transmission through a public electronic communications network of messages in text, voice, sound or image format, which can be stored on the network or in the terminal equipment of the recipient until receiving by the consignee. h) breach of personal data security-breach of security resulting in accidental or illicit destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed in connection with the provision of publicly available electronic communications services. ---------- Letter h) a par. ((1) of art. 2 2 was introduced by section 4.2. 4 4 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. (2) In the present law are also applicable the definitions provided in art. 3 lit. a), b), c) and i) of Law no. 677/2001 , with subsequent amendments and completions, to art. 1 1 section 1 1 and 8 of Law no. 365/2002 on e-commerce, republished, and in art. 4 4 para. ((1) pt. 3 3, 6, 8, 9, 10 and 36 of Government Emergency Ordinance no. 111/2011 on electronic communications. ----------- Alin. ((2) of art. 2 2 has been amended by section 5 5 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 3 Security of processing of personal data (1) The provider of an electronic communications service for the public has the obligation to take appropriate technical and organizational measures in order to ensure the security of the processing of personal data. If necessary, the provider of the electronic communications service to the public will take these measures together with the provider of the public electronic communications network. (2) Measures adopted according to par. ((1) must ensure a level of security in proportion to the existing risk, given the latest technical possibilities and the costs of implementing these measures. ((3) Without prejudice to the provisions Law no. 677/2001 , with subsequent amendments and completions, the measures adopted according to par. ((1) must comply with at least the following conditions: a) to ensure that personal data can be accessed only by authorized persons, for the purposes authorized by law; b) to protect personal data stored or transmitted against accidental or illicit destruction, against accidental loss or damage and against the storage, processing, access or illicit disclosure; c) ensure the implementation of the security policy developed by the supplier with regard to the processing of personal data. (4) The National Supervisory Authority for Personal Data Processing, hereinafter referred to as ANSPDCP, may audit the measures taken by suppliers in accordance with par. ((1) and may issue recommendations on best practices concerning the level of security to be achieved by these measures. (5) In the event of a risk arising from personal data breach, providers of publicly available electronic communications services are required to inform subscribers of the existence of such risk, and to the possible consequences. If this risk exceeds the scope of the measures that suppliers may take, they are required to inform subscribers about possible remedies, including by indicating the costs involved. (6) In the event of a breach of the security of personal data, providers of electronic communications services intended for the public shall notify ANSPDCP, without delay, of that violation. (7) When the personal data breach could affect the personal data or privacy of a subscriber or other person, the provider shall notify the subscriber without delay or the person concerned. (8) The notification provided in par. (7) It is not necessary if the supplier has demonstrated ANSPDCP, in a way that it considers satisfactory, that it has applied appropriate protective technological measures and that those measures have been applied to the data affected by the breach of security. Such protective technology measures must ensure that data becomes unintelligible to people who are not authorised to access it. (9) Without prejudice to the supplier's obligation to notify the subscribers and persons concerned, if the supplier has not already notified the subscriber or person concerned of the personal data breach, ANSPDCP may, after to consider the possible negative effects of the infringement, to ask them to do so. (10) The notification provided in par. (7) will include at least a description of the nature of the personal data breach and the supplier's contact points where more information can be obtained and will recommend measures to mitigate possible negative effects of this breach. Notification provided in par. (6) will also contain a description of the consequences of the violation of the personal data security, as well as of the measures proposed or adopted by the supplier in order to remedy them. ((11) Subject to any technical implementing measures adopted by the European Commission, ANSPDCP may determine the circumstances in which suppliers are obliged to notify personal data breaches, the format of a such notifications and the arrangements in which the notification will be made. (12) Providers are required to maintain a record of all personal data breaches, which must contain a description of the situation in which the infringement occurred, its effects and remedial measures. undertaken, so that ANSPDCP can verify that the obligations of suppliers according to this Article have been complied with. The evidence will only include the information required for this purpose. ----------- Article 3 has been amended by section 3. 6 6 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 3 ^ 1 Access procedures Suppliers have the obligation to establish internal procedures to respond to requests for accessing personal data of users. Upon request, they provide ANSPDCP with information about the respective procedures, the number of requests received, the legal justification invoked in the request and the response provided to the applicants. ----------- Art. 3 ^ 1 was introduced by item 1. 7 7 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 4 Confidentiality of communications ((1) The confidentiality of communications transmitted through public electronic communications networks and electronic communications services to the public, as well as the confidentiality of related traffic data, shall be guaranteed. ((2) Listening, recording, storage and any other form of interception or surveillance of communications and related traffic data shall be prohibited, except in the following cases: a) shall be carried out by the users participating in that communication; b) the users participating in that communication have given, in advance, their written consent to the performance of these operations; c) is carried out by the competent authorities, under the law. (3) The provisions of par. ((1) and (2) are without prejudice to the possibility of carrying out the necessary technical storage, for the purpose of transmitting the communication, under the conditions of confidentiality. (4) The provisions of par. ((1) and (2) are without prejudice to the possibility of carrying out authorized records, under the law, of communications and related traffic data, when they are carried out in the framework of high-bid professional practices, in order to provide evidence of a commercial act or communication made for commercial purposes. (5) The storage of information or obtaining access to the information stored in the terminal equipment of a subscriber or user is allowed only with the cumulative fulfilment of the following conditions: a) the subscriber or user concerned has expressed his/her consent b) the subscriber or user concerned has been provided, prior to the expression of the agreement, in accordance with the provisions art. 12 12 of Law no. 677/2001 , with subsequent amendments and completions, clear and complete information that: ((i) be exposed in a language that is easy to understand and be easily accessible to the subscriber or user; ((ii) include particulars of the purpose of processing the information stored by the subscriber or user or the information to which it has access. If the supplier allows third parties to store or access information stored in the terminal equipment of the subscriber or to the user, the information in accordance with item (i) and (ii) will include the general purpose of processing this information by third parties and how the subscriber or user can use the settings of the internet browsing application or other similar technologies to delete stored information or to deny access to such information to third parties. ----------- Alin. ((5) of art. 4 4 has been amended by section 8 8 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. (5 ^ 1) The agreement referred to in par. ((5) lit. a) can also be given by using the settings of the internet browsing application or other similar technologies through which the subscriber or user can be considered to have expressed their consent. ----------- Alin. (5 ^ 1) of art. 4 4 has been introduced by section 9 9 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. (6) Provisions of para. ((5) are without prejudice to the possibility of carrying out the storage or technical access to the information stored in the following cases: a) where such operations are carried out exclusively for the purpose of transmitting a communication through an electronic communications network; b) when these operations are strictly necessary in order to provide an information society service, expressly requested by the subscriber or user. ----------- Alin. ((6) of art. 4 4 has been amended by section 10 10 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 5 Traffic data (1) Traffic data relating to subscribers and users, processed and stored by the provider of a public electronic communications network or by the provider of an electronic communications service intended for the public, must be deleted or transformed into anonymous data, when no longer necessary for the transmission of a communication, but no later than 3 years after the date of the communication, except in the situations provided in par. ((2), (3) and (5). ---------- Alin. ((1) of art. 5 5 has been amended by section 2 2 of art. unique from LAW no. 235 235 of 12 October 2015 published in MONITORUL OFFICIAL no. 767 767 of 14 October 2015. (2) The processing of traffic data carried out for the purpose of invoicing subscribers or the establishment of payment obligations for interconnection is only allowed until the fulfillment of a period of 3 years from the due date of the corresponding payment obligation. ((2 ^ 1) The processing of traffic data carried out for the purpose of establishing contractual obligations regarding the subscribers of the payment communication services in advance is allowed until the fulfillment of a period of 3 years from the date of the communication. ---------- Alin. (2 ^ 1) of art. 5 5 has been introduced by section 3 3 of art. unique from LAW no. 235 235 of 12 October 2015 published in MONITORUL OFFICIAL no. 767 767 of 14 October 2015. (3) The provider of an electronic communications service for the public may process the data provided in par. ((1), with a view to marketing its services or providing services with added value, only to the extent and for the duration necessary to the marketing, respectively to the provision of these services, and only with the prior express consent of its subscriber the user to whom that data relates. The subscriber or, as the case may be, the user may withdraw their expressed consent at any time with regard to the processing (4) In the cases provided in par. ((2) and (3), the provider of the electronic communications service for the public is obliged to inform the subscriber or user of the categories of traffic data which are processed and the duration of their processing. In the case provided in par. ((3), this information must take place prior to obtaining the consent of the subscriber or user. (5) Processing of traffic data under the conditions of par. ((1)-(4) may be carried out only by persons acting under the authority of the providers of electronic communications networks or electronic communications services intended for the public, having as their duties the billing or management trafficking, customer relations, fraud detection, the marketing of electronic communications services or the provision of value-added services, and is only permitted to the extent necessary for the performance of these tasks. (6) Provisions of para. ((1)-(3) and (5) shall not affect the possibility of prosecution bodies, courts and state bodies with attributions in the field of national security to have access to traffic data, under the law. ---------- Alin. ((6) of art. 5 5 has been amended by section 1 1 of art. 24 of LAW no. 82 82 of 13 June 2012 published in MONITORUL OFFICIAL no. 406 406 of 18 June 2012. + Article 6 Detailed invoicing (1) Subscribers receive undetailed invoices. (2) The issuance of detailed invoices is made at the request of the subscribers, in compliance with the right to privacy of the calling users and the subscribers called. (3) The minimum information presented in the detailed invoices is set by ANRC. + Article 7 Presentation and restriction of calling line identity and connected line (1) Where the presentation of the identity of the calling line is offered, the provider of the electronic communications service intended for the public shall have the obligation to make available to the user caller for each call, as well as the caller subscriber for each line, through a simple and free means, the possibility to hide the identity of the calling line, regardless of the destination country of the call. ((1 ^ 1) In the case of interconnection, the supplier has the obligation to transmit to the interface between the two networks the identity of the calling line without altering, modifying or deleting. ------------ Alin. ((1 ^ 1) art. 7 7 was introduced by the single article of LAW no. 272 272 of 29 June 2006 , published in MONITORUL OFFICIAL no. 576 576 of 4 July 2006. ((. Where the presentation of the identity of the calling line is offered, the provider of the electronic communications service to the public shall be required to provide the subscriber with a simple means and, within the limits of a reasonable uses, free of charge, the possibility to hide the identity of the calling line for incoming calls, regardless of their country of origin. ((3) Where the presentation of the identity of the calling line is offered, when the presentation of the identity of the calling line is made before the start of the conversation, the provider of the electronic communications service intended for the public has the obligation to put at the disposal of the subscriber called, through a simple means, the possibility to reject incoming calls for which the identity of the calling line was hidden by the user or the caller subscriber, regardless of the country of origin of the calls. ((4) Where the presentation of the identity of the connected line is offered, the provider of the electronic communications service to the public shall have the obligation to make available to the subscriber called, by means of a simple and free means, hide the identity of the line connected to the calling user, regardless of the country of origin of the calls. (5) Where the presentation of the identity of the calling line or the connected line is offered, the providers of electronic communications services intended for the public are required to inform the public thereof, including the availability of means of concealing the identity or rejecting the calls provided in par. ((1)-(4). ((6) Abrogat. ----------- Alin. ((6) of art. 7 7 has been repealed by section 6.6. 12 12 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 8 Location data other than traffic data (1) Processing of location data, other than traffic data, relating to users or subscribers of public electronic communications networks or electronic communications services intended for the public, when possible, is allowed only in one of the following cases: a) the data in question are transformed into anonymous data; b) with the prior express consent of the user or subscriber to whom the respective data refers, to the extent and for the duration necessary to provide a service with added value; c) when the value added service with location function is aimed at the unidirectional and undifferentiated transmission of some information to the users. (2) The provider of the electronic communications service for the public has the obligation to make available to the user or subscriber, prior to obtaining his consent, in accordance with the provisions of par. ((1) lit. b) information on: a) the type of location data, other than traffic data, which will be processed; b) the purposes and the duration of the processing c) the possible transmission of data to a third party, for the purpose of providing the value added service (3) Users or subscribers who give their consent to the processing of data in accordance with the provisions of par. ((1) lit. b) have the right to withdraw their expressed consent at any time with regard to the processing of the data or to temporarily refuse the processing of the data in question for each connection to the network or for each transmission of a communication. The provider of the publicly available electronic communications service shall have the obligation to provide users or subscribers with a simple and free procedure for the exercise of these rights. (4) Processing of location data, other than traffic data, under the conditions of par. ((1)-(3), may be carried out only by persons acting under the authority of the provider of the electronic communications network or electronic communications service intended for the public or third-party service provider with value added and must be limited only to what is necessary for the provision of the value-added service. ((. The provisions of this Article shall be without prejudice to the ability of the competent authorities to access data kept by public communications network providers and providers of publicly available electronic communications services, the law. ------------ Alin. ((5) of art. 8 8 has been introduced by section 2 2 of art. 21, Cap. VI of LAW no. 298 298 of 18 November 2008 , published in MONITORUL OFFICIAL no. 780 780 of 21 November 2008. (6) The provisions of this Article shall be without prejudice to the possibility of prosecution bodies, courts and state bodies with attributions in the field of national security to access the data generated or processed and kept by providers of public communications networks and providers of publicly available electronic communications services under the law. ---------- Alin. ((6) of art. 8 8 has been introduced by section 2 2 of art. 24 of LAW no. 82 82 of 13 June 2012 published in MONITORUL OFFICIAL no. 406 406 of 18 June 2012. + Article 9 Exceptions (1) The provider of a public electronic communications network or of an electronic communications service for the public may derogate from the provisions of art. 7 7 regarding the possibility of concealing the identity of the calling line, as follows: a) temporarily, following the request of a subscriber regarding the detection of the source of abusive calls; in this case the data allowing the identification of the caller subscriber will be kept and made available by the provider of the public electronic communications network or of the electronic communications service intended for the public, under the law; b) for each line, in order to solve by specialized intervention services recognized under the law, such as police, firefighters or ambulance, of the situations that are reported to them by emergency calls. (2) In the case provided in par. ((1) lit. b), the provider of a public electronic communications network or an electronic communications service for the public may also derogate from the provisions of art. 8, regarding obtaining the consent of the subscriber or user regarding the processing of location data. (3) The derogations provided in par. (1) and (2) are allowed under the conditions established by the Ombudsman, with the consultation of ANRC. ((4) Abrogat. --------- Alin. ((4) of art. 9 9 has been repealed by section 6.6. 13 13 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 10 Automatic redirection of call (1) The provider of the public electronic communications network or, as the case may be, of the electronic communications service intended for the public has the obligation to make available to each subscriber a simple and free means to block automatic redirection of to a third party of calls to the terminal equipment of that subscriber. ((2) Abrogat. ---------- Alin. ((2) of art. 10 10 has been repealed by section 6.6. 14 14 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 11 Subscriber registers ((1) Subscribers of electronic communications services for the public are entitled, in compliance with the provisions Law no. 677/2001 , with subsequent amendments and completions, to include their personal data in all public registers of subscribers, in written or electronic form. ((2) Persons who make available to the public registers of subscribers in written or electronic form or who provide subscription information services are required to inform subscribers of the purpose of drawing up such registers in which may be included in their personal data, as well as any subsequent possibilities for the use of such data, based on search functions integrated to the registers in electronic form. The information of the subscribers is free and is carried out before they are included in the respective registers. (3) After the information provided in par. ((2), providers of electronic communications services to the public who assign telephone numbers to subscribers are required to grant them a period of 45 working days in which they may object to the inclusion of the data necessary to identify in all the registers provided in par. ((1). On the expiry of the 45 working days, if the subscribers have not expressed their will to the contrary, the data necessary for their identification are included. ((4) Subscribers whose personal data are not available to the providers referred to in par. ((3) may request, free of charge, the inclusion in all the registers provided in par. ((1). (5) Without prejudice to the provisions of par. ((3) and (4), the persons referred to in par. (2), as well as persons who provide the registers and services provided in par. (1) have the obligation to provide subscribers, free of charge and without delay, the following possibilities: a) to decide whether or not their personal data will be included in these registers; b) to verify, rectify or remove the personal data included in these registers. (6) Registers provided in par. ((1) may be used for another purpose, outside the simple search of the contact details, on the basis of the name and, if necessary, a limited number of other parameters, only with the prior express consent of each subscriber appearing in these registers. (7) The provisions of this Article shall apply, accordingly, to subscribers of legal persons with regard to the data enabling their identification. (8) Without prejudice to the provisions of par. ((1)-(7), persons who provide the registers and services provided in par. ((1) have the obligation to make available to the public clear, easily accessible and free information on the purpose of drawing up the registers they manage, the possibilities for the use of personal data they hold, based on functions search integrated registers in electronic form, or the exercise by subscribers of the rights provided in par. ((5). ---------- Article 11 has been amended by section 1. 15 15 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 12 Unsolicited communications (1) It is forbidden to carry out commercial communications by using automated calling and communication systems that do not require the intervention of a human operator, by fax or by electronic mail or by any other method using the services of electronic communications intended for the public, unless the subscriber or user concerned has previously expressed express consent to receive such communications. ---------- Alin. ((1) of art. 12 12 has been amended by section 16 16 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. (2) Without prejudice to the provisions of par. (1), if a natural or legal person directly obtains the electronic mail address of a customer, on the occasion of the sale to him of a product or service, in accordance with the provisions Law no. 677/2001 , the natural or legal person concerned may use that address, for the purpose of making commercial communications relating to similar products or services which that person sells, provided that he clearly and expressly provides customers the possibility to oppose through a simple and free means of such use, both in obtaining the electronic mail address and on the occasion of each message, if the customer did not initially oppose it. (3) In all cases it is forbidden to carry out by electronic mail of commercial communications in which the real identity of the person in the name and on whose account they are made is hidden, in violation art. 5 5 of Law no. 365/2002 , republished, or in which a valid address is not specified to which the addressee may submit his request for the termination of such communications or in which the recipients are encouraged to visit websites which art. 5 5 of Law no. 365/2002 , republished. ---------- Alin. ((3) of art. 12 12 has been amended by section 17 17 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. (4) The provisions of par. ((1) and (3) shall also apply to subscribers of legal entities. + Article 12 ^ 1 Access to data of the authorities (1) At the request of the courts or at the request of the prosecution bodies or of the state bodies with attributions in the field of national defence and security, with the prior authorization of the judge established according to the law, electronic communications services for the public and providers of public electronic communications networks make available to them, immediately, but not later than 48 hours, traffic data, equipment identification data and data location, in accordance with the data protection provisions with personal character. ((2) The requests for the data referred to in par. (1), formulated by the state bodies with powers in the field of national defence and security, shall be subject to the provisions of art. 14 14, 15 and art. 17 17-23 of Law no. 51/1991 on the national security of Romania, republished. ((3) The requests, namely the answers, if submitted in electronic form, shall be signed with an extended electronic signature based on a qualified certificate issued by an accredited certification service provider. Each person certifying the data under the electronic signature shall, according to the law, answer for the integrity and security of this (4) The requests provided in par. (1) is processed under conditions of confidentiality. (5) Traffic data, equipment identification data and location data requested according to par. ((1) are not subject to deletion or anonymization by suppliers, when the request made pursuant to par. ((1) is accompanied or followed by a notification of the need to maintain them, in order to identify and preserve evidence or thorough indications, in the framework of investigations to combat crimes or in the field of defence and national security, as long as they subsist the reasons behind the request, but not more than 5 years after the date of the request or, as the case may be, until a final judgment of the court of law is delivered. (6) Courts, criminal prosecution bodies or state bodies with powers in the field of defence and national security shall notify the suppliers of the cessation of the reasons behind the request or, where appropriate, the delivery of a decision final court. ---------- Article 12 ^ 1 was introduced by item 1. 4 4 of art. unique from LAW no. 235 235 of 12 October 2015 published in MONITORUL OFFICIAL no. 767 767 of 14 October 2015. + Article 13 Sanctioning regime (1) The following facts are contraventions: a) failure to fulfill the obligation provided for in 3 3 para. (1), under the conditions established according to art. 3 3 para. ((2)-(4); b) failure to fulfill the obligation of information provided in art. 3 3 para. ((5); c) failure to fulfill the obligation of information provided in art. 3 3 para. ((6); d) failure to fulfill the obligation of information provided in art. 3 3 para. ((7); e) non-compliance with 3 3 para. ((10); f) non-compliance with the measures established by ANSPDCP according to 3 3 para. ((11); g) non-compliance with 3 3 para. ((12); h) non-compliance with 4 4 para. ((2) relating to the prohibition of interception and surveillance of communications and related traffic data; i) non-compliance with the conditions provided 4 4 para. ((5); j) non-compliance with 5 5 regarding the processing of traffic data; k) non-compliance with the conditions of issue of invoices, established according to 6 6; l) violation of obligations regarding the availability of means of concealing identity or rejection of calls, as well as to inform the public, provided in art. 7 7; m) non-compliance with 8 8 regarding the processing of location data, other than traffic data; n) non-compliance with 9 regarding the conditions under which it can be derogated from the provisions of art. 7 7 or 8; o) violation of obligations regarding the possibility to block the automatic redirection of calls, provided in art. 10 10; p) failure to fulfill obligations regarding the preparation of subscriber registers, provided in art. 11 11; q) non-compliance with 12 relating to unsolicited communications. (2) Contraventions provided in par. ((1) lit. a)-l), n), o) and q) are sanctioned with a fine of 5,000 lei per 100,000 lei, and for companies with a turnover of over 5,000,000 lei, by way of derogation from the provisions Government Ordinance no. 2/2001 on the legal regime of contraventions, approved with amendments and additions by Law no. 180/2002 , with subsequent amendments and completions, with a fine of up to 2% of the turnover. (3) The contraventia provided in par. ((1) lit. p), as well as the contravention provided in par. ((1) lit. m), committed by non-compliance with the obligation provided for in 8 8 para. ((1) lit. b), is sanctioned with a fine of 30,000 lei per 100,000 lei, and for companies with a turnover of over 5,000,000 lei, by way of derogation from the provisions Government Ordinance no. 2/2001 , approved with amendments and additions by Law no. 180/2002 , as amended, with a fine of up to 2% of the turnover. ((4) The contraventia provided in par. ((1) lit. k) is found by the control personnel empowered for this purpose of the National Authority for Administration and Regulation in Communications, and the sanction shall be applied, by written resolution, by the president of this institution. (5) Finding the contraventions provided in par. ((1) lit. a)-j) and l)-q) and the application of sanctions shall be made by the personnel empowered for this purpose of ANSPDCP. (6) In so far as this law does not provide otherwise, the contraventions provided in par. (1) the provisions apply to them Government Ordinance no. 2/2001 , approved with amendments and additions by Law no. 180/2002 , with subsequent amendments and completions. (7) ANSPDCP may impose periodic fines on the day of delay, in the amount of up to 5,000 lei, also establishing the date from which they are calculated, in order to determine the suppliers to submit to the measures taken according to the provisions of art. 3 3 para. ((9). (8) The application of periodic fines per day of delay under the conditions of par. (7) is made by minutes concluded by the staff empowered for this purpose of ANSPDCP. The minutes will include the mention on the obligation to pay the fine to the institutions empowered to collect it, according to the legislation in force, as well as the payment deadline and constitute enforceable title, without any other formality. ---------- Article 13 has been amended by section 1. 18 18 of art. unique of EMERGENCY ORDINANCE no. 13 13 of 24 April 2012 published in MONITORUL OFFICIAL no. 277 277 of 26 April 2012. + Article 14 Transitional and final provisions (1) The provisions of art. 11 does not apply to the registers of subscribers drawn up or marketed in written form or in electronic form accessible off-line before the entry into force of this law. (2) On the date of entry into force of this Law, the Law no. 676/2001 on the processing of personal data and the protection of privacy in the telecommunications sector, published in the Official Gazette of Romania, Part I, no. 800 800 of 14 December 2001, as amended. + Article 15 Transposition of Community normative acts This law transposes Directive 2002 /58/EC of the European Parliament and of the Council on the processing of personal data and the protection of privacy in the electronic communications sector, published in the Official Journal of the European Communities no. L 201 of 31 July 2002. This law was adopted by the Romanian Parliament, in compliance with the provisions of art. 75 75 and art. 76 76 para. (2) of the Romanian Constitution, republished.
CHAMBER OF DEPUTIES PRESIDENT
VALER DORNEANU
SENATE PRESIDENT
NICOLAE VACAROIU Bucharest, November 17, 2004. No. 506. ------