Library of Congress

Law Library of Congress

The Library of Congress > Law Library > News & Events > Global Legal Monitor

Czech Republic: Newly Amended Data Retention Law

(Sept. 7, 2012) It was reported on August 1, 2012, that both chambers of the Czech Parliament had approved an act to amend the 2005 Electronic Communications Act. (Czech Republic Data Retention – Almost Back in Business, EDRI-GRAM NEWSLETTER, No. 10.15 (Aug. 1, 2012); Act 127/2005 [in Czech] (Feb. 22, 2005), PORTAL VEREJNE SPRAVY; 127 Act of February 22, 2005, on Electronic Communications and on Amendment to Certain Related Acts (Electronic Communications Act), Czech Ministry of Interior Archives June 2008 website.)

Act 127/2005 had been repealed by two decisions of the country’s Constitutional Court, issued in March and December 2011. (Czech Republic: Data Retention – Almost Back in Business, supra; see also The English Translation of the Czech Constitutional Court Decision on Data Retention (Apr. 26, 2011); Wendy Zeldin, Czech Republic: Constitutional Court Overturns Parts of Data Retention Law GLOBAL LEGAL MONITOR (Apr. 1, 2011).)

The amending legislation, Act 273 of July 18, 2012, issued on August 12, 2012, and still awaiting presidential approval, will reintroduce “nationwide preventive monitoring of electronic communications” if it enters into force as scheduled on October1, 2012. (Czech Republic: Data Retention – Almost Back in Business, supra; Act 273/2012 [in Czech] (July 18, 2012),SBÍRKAPREDPISU CESKÉ REPUBLIKY [COLLECTED LAWS OF THE CZECH REPUBLIC].)

The amending Act was drafted in response to the Court decisions and implements the European Directive on Data Retention (DDR). According to Iuridicum Remedium (IuRe), a Czech non-governmental, non-profit organization that promotes human rights (About Iuridicum Remedium (last visited Sept. 4, 2012)) and that had launched the challenge to the Act resulting in the Court’s March 2011 decision, the new legislation is better than the former Act but “still contains a number of errors that will lead to unconstitutional interference with the privacy of citizens.” (Czech Republic: Data Retention – Almost Back in Business, supra; Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the Retention of Data Generated or Processed in Connection with the Provision of Publicly Available Electronic Communications Services or of Public Communications Networks and Amending Directive 2002/58/EC, O.J., L. 105/54 (Apr. 13, 2006).)

Some changes in the Act include the introduction of the obligation to inform people whose data have been requested under the Criminal Code and to obtain court permission when such data is requested by intelligence services or the Czech National Bank. (Id.)

According to IuRe, certain key flaws and unresolved issues remain, however. Chief among the remaining flaws in the Act is “the obligation of operators generally to monitor the communications of all citizens without any specific suspicion,” an obligation that is imposed under the DDR. IuRe believes that the DDR itself should be revised in respect to this obligation and that the European Court of Justice should review the constitutionality of the requirement. (Id.)

In the IuRe’s view, the most serious unresolved issue in the Act, one that could result in future unconstitutional use of personal data requested under the Criminal Code, is the Act’s failure to address the fact that the police are authorized under the Police Act to use that data outside of criminal proceedings. As a result, police officers “may require data more or less without any limits, without court supervision and without any clearly defined and controlled processes,” creating a “huge gap” in the law “opening up possibilities for information abuse” by individual officers. (Id.)

Another source of concern for the IuRe is the Act’s awaited implementing decree. It will determine, among other matters, which data will typically be stored. The decree has the potential, in the IuRe’s view, of placing the Act in an “entirely new light” in regard to invasion of citizens’ privacy and state reimbursement for it. (Id.) IuRe maintains that a crucial question is whether the data on recipients of Internet communications will also be subject to retention. Decree provisions of this nature “would mean not only de facto monitoring of the content of what we are surfing through on the Internet, but also a tremendous increase in public expenditures related to such monitoring,” according to Jan Voboril, a lawyer with IuRe. (Id.)