English Translation of the Letter from the Romanian Data Protection Authority to RISE Project

Dear Sirs,

We inform you that, since May 25th 2018, Romania enforces the UE Regulation 2016/679 of the European Parliament and Council from April 27th 2016 regarding the protection of natural people from the processing of personal data and the free circulation of this data and the abrogation of the EU Directive 95/46/CE (General Data Protection Regulation - from here on called „GDPR”).

According to information published in the mass-media, on your Facebook account https://www.facebook.com/notes/rise-project/teleormanleaks/1937024593056150, were published personal data (documents, images - photos, video) of certain people (natural people).

Regarding those stated above, in the basis of Art. 57 and 58 of GDPR and Art. 14 and the following from the Law 102/2005, with the ulterior changes and addition, we request that you supply us with information concerning:

  • The purpose and legal basis of publishing on the Internet (Facebook) of personal data, at the adress https://www.facebook.com/notes/rise-project/teleormanleaks/1937024593056150;
  • The date/period of time when the said personal data was published on your Facebook account;
  • The source from where the personal data published on Facebook was obtained;
  • The support (electronic and/or physical) where you stored the documents/images published on Facebook;
  • If the mobile storage devices (tablet, HDD, memory stick) were/are password protected or encrypted;
  • If you have other information/documents containing personal data of the said people;
  • If the personal data or documents that contain personal data of the said people were revealed in other circumstances - with the specification of these circumstances;
  • The way in which you informed the said people, in conformity with Art. 13-14 of GDPR.

You will send us a complete answer within 10 days from this communication, accompanied by certified copies of proof documents.

We inform you that, in conformity with Art. 14 paragraph 2 of the Law no. 102/2005, with its ulterior changes and addition, „In case of non-compliance to the stated measures or in case of a tacit or direct refusal to provide all the information and documents requested during the investigation or in case of a refusal to submit to an investigation, the National Supervision Authority may impose, through a decision, a fine of up to 3.000 lei (approx. 644 Euro) for each day of delay, calculated since the date stated by the decision.”

Also, in conformity with Art. 83 paragraph (5) letter e) of GDPR, ”the failure to comply to an order or a temporary or definitive limitation of the processing, or the suspension of the data flux, issued by the Supervision Authority in conformity with Art. 58 paragraph 2, or not granting access, in violation of Article 58, paragraph 2” can be fined by up to 20.000.000 Euro.

The full text of the GDPR and also other useful information regarding its enforcement are available on the National Authority for the Supervision of Personal Data Processing website www.dataprotection.ro, under the section dedicated to the “New Regulation”.

Thank you.

George Bălăiți,

Chief Operators’ Control Service

Read original letter here.