Social

Moldova aligns criminal justice data rules with EU standards

Moldova's Parliament has approved a new legal framework governing personal data in criminal justice during its first reading on July 9.

The legislation regulates how law enforcement agencies process personal data when investigating crimes, prosecuting cases, and enforcing criminal penalties. Violations can trigger fines of up to €101,500 (approx. 2 million MDL).

Aligning national law with European standards

State Secretary of the Ministry of Justice, Lilian Apostol, stated that this draft complements a broader data protection law adopted in 2024. That legislation transposes European Union standards into national law and enters into force on August 23.

Apostol emphasized that the new rules aim to maintain a fair balance between effective crime prevention and the safeguard of civil liberties.

Under the proposed rules, any restrictions on a citizen's right to information must remain strictly necessary and proportionate to the investigation's scope.

Independent oversight and citizen rights

Citizens who suspect unlawful processing of their personal data will be able to seek remedies through the National Center for Personal Data Protection (NCPDP).

This independent watchdog will hold authority to conduct inspections, review public complaints, apply corrective measures, and issue fines up to EUR 2 million.

During parliamentary debates, Opposition MP Alexandr Berlinschii raised concerns over potential abuses. He questioned whether adequate checks exist when data controllers refuse information access on grounds of public order and national security.

In response, Apostol clarified that data controllers must explicitly justify any refusal directly to the individual affected, subject to independent oversight by the NCPDP.

Gradual enforcement and institutional liability

Opposition MP Liliana Iaconi expressed skepticism regarding heavy fines, questioning whether penalties alone would foster accountability or if public institutions might struggle with the financial burden.

Justice Ministry officials confirmed that sanctions will be phased in gradually, mirroring mechanisms used across European Union member states.

Individual data operators and public institutions will share liability, particularly in cases where inadequate cybersecurity measures result in massive data leaks.

The bill requires a second reading to pass into law. Once finalized, it will enter into force alongside the primary data protection framework on August 23.

Translation by Iurie Tataru

Elena Munteanu

Elena Munteanu

Author

Read more