Recent Data Privacy Evolutions

ECHR’s new perspective in Barbulescu v. Romania case

Under the ECHR’s decision in Case Barbulescu v. Romania as of 12nd January 2016 ECHR ruled (though a dissenting opinion was expressed by a judge from the panel) that monitoring the private use by employees of Yahoo Messenger, including the content of such, may be legitimised by the need of the employer to ensure that employees observe the internal regulations of the organization, provided that private use of internet was specifically forbidden by way of such internal regulations and the employees were informed about the potential monitoring on how the employees comply with such internal rules.

On 5 September 2017, the Judgement of the Grand Chamber in case Barbulescu v. Romania, reinstated the balance, by ascertaining that the mere employer’s need to ensure that the employees do not access the internet for private purposes at work cannot overtake in principle the right to private life of the employees. In the view of the Court, though not forbidden per se, monitoring of internet use by the employees should rely on adequate and sufficient safeguards, not met in the case at hand. Furthermore, the Court upheld that two key aspects should be considered when analysing such measures, namely whether the monitoring is proportional to the aim pursued and whether the concerned employees would be protected against arbitrariness.

Law Project repealing Law No. 677/2001

On 5 September 2017, the law project repealing Law No. 677/2001 (the current main enactment in data privacy field) was published on the Internal Affairs Minister’s website. Such law project mainly addresses (a) the supervisory competencies of The National Authority for Supervision and Protection of Personal Data (ANSPDCP), as well as (b) the administrative sanctions that may be applied by ANSPDCP, in line with the provisions of EU General Data Protection Regulation (GDPR).