Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


III. Privacy topics

Internet and consumer privacy


In 2002, Law No. 365/2002 on Electronic Commerce1 adopted the opt-in principle for unsolicited commercial emails ("spam").2 Law No. 506/2004 also regulates spam, and transposes 2002/58/EC into the Romanian legal system. The law states that the use of electronic mail for the purposes of direct marketing without the prior explicit consent of the user will be sanctioned with a fine between RON5,000 (approx. €1,250) and RON100,000 (approx. €25,000). For companies with a turnover exceeding RON5 million, the fine could amount to as much as 2 percent of revenues. Other provisions regulate the subscribers' right to choose not to be included in printed or electronic directories and to consent to the use of their personal data in the directory. Companies that infringe this right are subject to a fine of between RON30,000 (approx. €7,500) and RON100,000 (approx. €25,000). Law No. 506/2004 further stipulates that the provider of a publicly available electronic communications service must take appropriate measures to safeguard the security of its services, and to inform subscribers and users about any risk of a security breach.3

The ANSPDCP has acted to implement the above-mentioned legislation and succeeded in levying three fines in 2008 for unsolicited commercial messages sent by SMS and email and four fines in 2009 for SMS.4

ANCOM, the communications authority, with competence in the domain until March 2009, applied fines to 13 legal personal and two natural persons for "spam" as well as two fines for private companies that refused to send the requested information regarding the transmission of unsolicited commercial messages. In 2009, the communications authority levied 14 such fines, five for spam and nine for not providing requested data. Starting in March 2009, the competence in the domain was passed on to the Ministry of Communications and Information Society (MCSI).5 Since then, no fines have been issued for this infringement.


In recent years there have been several security breaches involving Romanian websites that resulted in the public disclosure of personal data on the Internet. One of the most notorious related to a major online job-search company that processed the data of over 1.3 million users. Because of a software bug, the data (including users' passwords) of more than 10,000 people were publicly disclosed.6

Law No. 451/2004 concerning time-stamping has been added to the Romanian portfolio of laws regulating electronic signatures.7 A time stamp shows when an electronic document was created or signed. The time stamp registration must be maintained for at least ten years.

Time stamps are usually used to verify an electronic signature, the validity of the electronic signature certificate in the Internet auctions, and authenticate copyright when there is a requirement for a certain date for the copyrighted materials. The law also regulates the liability of time stamp services providers, who are responsible for losses suffered by customers as a result of their failure to comply with the provisions of the law. Providers are required to contract a liability insurance policy or obtain a warranty certificate from a financial institution. The Law entered into force on 5 December 2004.8

Online behavioural marketing and search engine privacy

No specific information has been reported under this section.

Online social networks and virtual communities

No specific information has been reported under this section.

Online youth safety

Only a few online safety programmes for youth are available in Romanian, most of them developed by the project,9 the national contact point for youth awareness on Internet safety that was developed by Save the Children Romania, Focus Romania, and other partners. Similarly, only a few documents on this topic have been issued by electronic communications operators.

Workplace privacy

No specific information has been reported under this section.

Health and genetic privacy

Medical records

No specific information has been reported under this section.

Genetic identification

No specific information has been reported under this section.

Financial privacy

No specific information has been reported under this section.