The legislative process that should reintroduce the Data Retention Directive to Czech law to replace the old law that was struck down by the Constitutional Court is ongoing.
On 27 February, the government proposed an act amending the Act No. 127/2005 Coll., the Electronic Communications Act and some other acts. The proposal has already passed two readings in the Chamber of Deputies.
After the third reading in the Chamber of Deputies, which will likely take place at the end of June or during July, the proposal has to be either passed or rejected. If passed, the proposal would still have to be approved by the Senate, which can propose modifications, and signed by the president.
The proposal contains the following new rules for data retention:
- More explicit rules for technical and organisational measures for retained data protection and their control. Persons providing a public communications network or providing publicly available electronic communications services (operators) are obliged to secure that retained traffic and location data are of the same quality and subject to the same security and protection against unauthorised access, alternation, destruction, loss or theft or other unauthorised processing or utilisation as data in the provision of electronic communications services. In order to secure the protection of retained traffic and location data, operators are primarily obliged to prepare an internal technical and organisational regulation and secure data protection with respect to the existing technical capabilities and the costs needed to provide protection at a level adequate to the risks of compromising the protection. The failure to fulfil any of these obligations classifies as an administrative offence.
- Obligation to retain traffic and location data. Prior to the Constitutional Court's judgement from 22 March 2011, operators were obliged to retain traffic and location data for the minimum period of six months and maximum period of 12 months. The proposal limits the period to six months only.
- Obligation to provide the retained data to authorised bodies. The proposal newly enumerates bodies that are authorised to request the retained traffic and location data from the operator in a strictly exhaustive way.
- New definition of traffic and location data. Traffic and location data are particularly data leading to detecting and identification of the source and the addressee of the communication and further data leading to determination of the date, time, manner and duration of the communication.
- New administrative offence. If the operator in connection with its obligation to retain traffic and location data does not secure that the content of the messages is not stored together with such data or further transferred if stored in such a way, it classifies as an administrative offence, which can be sanctioned by fine up to CZK 20mio, approximately €800,000.
