On 27 November 2014, Parliamentary Minority MP, Pavle Kublashvili, stated: “The thing that is written in the bill (the so-called Beselia-Popkhadze-Sesiashvili bill discussion) is neither the second ‘key’ nor an additional control mechanism. It is nothing new. This means involving the Personal Data Protection Inspector in something which he/she cannot improve. This might even discredit the institution itself.”
FactChecktook interest in the MP’s statement and attempted to verify its accuracy.
On 30 November 2014 the Parliament of Georgia adopted a bill on telecommunications surveillance. A part of the bill was enacted upon its publication whilst the remaining part will be enacted after 31 March 2015.
Changes in telecommunications surveillance procedures were made to the Law on the Protection of Personal Data, the Law on Electronic Communications and the Criminal Procedure Code of Georgia.
The main change was the implementation of a monitoring system. Specifically, a two-level system of covert investigative actions was enacted which combines both technical and software decisions. On a legislative level, this excludes the possibility of an investigative body to start telecommunications surveillance without the electronic consent of the Personal Data Protection Inspector. The so-called “black box” remains with the Ministry of Internal Affairs of Georgia; however, according to the Law, it becomes impossible to use it without the electronic consent of the Personal Data Protection Inspector. It should be noted that the Ministry of Internal Affairs of Georgia was only obligated to obtain a court permit for covert investigative actions before the enactment of the aforementioned bill.
Telecommunications surveillance is carried out by the Operative-Technical Department of the Ministry of Internal Affairs of Georgia. The Personal Data Protection Inspector will monitor the process of telecommunications surveillance and recording by:
a) Using the electronic system of control for checking the lawfulness of the reason for data processing;
b) Giving electronic consent for covert investigative actions using the two-level electronic system;
c) Inspecting the lawfulness of processing the data by the authorised person.In addition, the Ministry of Internal Affairs of Georgia and the Personal Data Protection Inspector will present a report on the control of covert investigative actions to the Human Rights and Civil Integration Committee of the Parliament of Georgia twice a year.
It should be noted that a representative of Transparency International – Georgia told us that including the Personal Data Protection Inspector in the process will not improve the situation. On the contrary, the Inspector becomes a participant of surveillance and the system is left without outside control. In addition, despite the fact that the Personal Data Protection Inspector does have the authority to monitor the internet as well, this authority is very limited. Hence, the Inspector relies upon the truthfulness of the information provided by the Operative-Technical Department of the Ministry of Internal Affairs of Georgia. In addition, this new bill will discredit the institution of the Personal Data Protection Inspector itself which is a very important institution for Georgia.
Non-governmental organisations assess this new Law as a step back and an attempt to delude the public, mainly because:
- The so-called “key” stays with the Ministry of Internal Affairs of Georgia;
- The Law says nothing about using the two “keys” in terms of an emergency. This means that the Ministry can still perform telecommunications surveillance without the Personal Data Protection Inspector;
- The “two-key system” includes only the covert surveillance and recording of telecommunications whilst the identification data (time, place and duration of the call) and internet traffic (including the content of the communication) is available to the Ministry of Internal Affairs without any control or two keys.
Conclusion
The role of the Personal Data Protection Inspector in monitoring the telecommunications surveillance and recording is indeed important as, according to the law, he/she: a) uses the electronic system of control for checking the lawfulness of the reason for data processing, b) gives electronic consent for covert investigative actions using the two-level electronic system and c) inspects the lawfulness of processing the data by the authorised person.
Saying that including the Personal Data Protection Inspector in the control of telecommunications surveillance is not an additional lever for monitoring might not be entirely correct; however, the risk that the Ministry of Internal Affairs will use telecommunications surveillance illegally, without the consent of the Personal Data Protection Inspector, still remains.
Based upon the aforementioned facts, FactCheck refrains from rating the accuracy of Mr Kublashvili’s statement at this stage and leaves it WITHOUT VERDICT.