It is introduced the obligation for the companies of keeping within six months of data which is generated or processed in the course of their activities and which is necessary for:
1. trace and identify the source of the connection;
2. destination identification of the connection;
3. identify the date, time and duration of the connection;
4. identification of the connection type;
5. identification of the user's final electronic communication device or what is presented as his terminal;
6. establish the identifier of the used cells.
After the expiry of that period and on 5th of the month the companies are required to provide the Commission for Personal Data Protection with Protocol about the destroyed during the previous month data.
The storage of the data aims at ensuring the national security and the prevention, detection and investigation of serious crimes and that is why together with the amendments to the Law on Electronic Communications n. 24 of the State Gazette added also a new art. 159a in the Penal procedure code.
The data which the companies are required to keep
Under p. 1 are:
1. for public telephone service - telephone number of the caller and the identification data of the subscriber or the user;
2. For Internet access, e-mail and Internet telephony - the identifier assigned to each user, user's ID and telephone number set to any communication which entered in the public telephone network, data necessary to identify the subscriber or the user to whom are assigned IP address, user's ID or telephone number at the time of the connection.
Under p. 2 are:
1. for public telephone service - dialed number (called phone number) and in the case of additional services, such redirection or transfer of the call, number or numbers to which the call is routed and data to identify the subscriber or user;
2. For e-mail and internet telephony - user's ID or phone number of the Internet phone call recipient/s, data to identify the subscriber or the user ID and identidier of the recipient to whom the communication is addressed.
Under p. 3 are:
1. for public telephone service - date and time of the beginning and end of the connection;
2. for Internet access, e-mail and internet telephony - date and time of entry and exit to/from the Internet access service, based on a certain time zone, together with the IP address, dynamic or static, set for the connection from the Internet access service provider, and the identifier of the subscriber or the user, date and time of entry and exit to/from the e-mail service through Internet or Internet telephony service based on a certain time zone.
Under p. 4 are:
1. The type of the public telephone service;
2. The Internet service when used the e-mail through Internet or internet telephony.
Under p. 5 are:
1. For fixed telephone service - calling and called telephone number;
2. for public telephone service provided through mobile terrestrial network - for caller and the called telephone number; International mobile subscriber identity of the caller (IMSI); international mobile identity of the called subscriber (IMSI); international mobile station equipment identity of the caller (IMEI); international mobile station equipment identity of the called (IMEI); in the case of prepaid services - date and time of the initial activation of the service and the location label - an identifier of the cell from which the service was been activated and to identify the subscriber or the user;
3. For Internet access, e-mail and internet telephony - calling telephone number for dial-up access, digital subscriber line (DSL) or other end point of the initiator of the connection.
Under p. 6 are administrative addresses of cells of land mobile electronic communications network from which is generated or ended the call.
Data which has to be stored is explicitly listed and its processing and storage must be carried out in accordance with the norms of the Law on the protection of personal data.
The information regarding the above mentioned data could be required only by exhaustively listed authorities in order to fulfill their functions, only by a reasoned written request for receiving it and after the permission of the district court and in case of a request by a competent authority of another country - of the Sofia City Court.
The Court's order must be substantiated and must contain:
1. The data which should be included in the report;
2. The period of time which ia covered by the control;
3. The designated official to whom provide the information;
4. The name, the title and the signature of the judge.
The organizations which provide public electronic communications networks and/or services are required to provide the Commission for Communications Regulation with necessary information and any subsequent changes of it which guarantees the receiving of eventual orders by the court and to ensure 24 hours a day, 7 days a week the order receiving.
In case of receiving an order for data access, within no more than 72 hours, the companies are required to submit it. The law allows the sending of the order and the data report to be made also electronically in compliance with the E-Government Act and the Electronic Document and Electronic Signature.
Data which has already been required could be reserved by the company for an additional period not exceeding three months from the date of the authority's request.
The above mentioned amendments entered into force on 31 March 2015.
1Legal.Net Blog © 2015
Materials published on this blog are copyrighted. No part of them can be copied or used without the express permission of the author.