The amendment to the Act on Electronic Communications came into force on 1 October 2012. The amendment responds to the recent repeal of Sections 2 and 3 of the Act by the Constitutional Court.  These Sections governed retention of data about communication with mobile operators; however, according to the court’s opinion the provisions were quite vaguely worded and lacked sufficiently safe rules for securing stored data. Such provisions were thus unable to ensure sufficient protection of personal data by data storage, nor were they able to ensure protection of data transferred to authorized entities. More particularly, it was not clear which entities were deemed to be authorized entities.  

The repealed provisions of the Act were criticized for the absence of a list of authorities who were authorized to request operational and localization data, and also for the absence of a set list of purposes for which such data may be required.  The Act failed to provide clear and detailed rules for data storage security. Furthermore, the Act did not clearly apportion responsibility to meet the obligations stipulated in the Act, or define the possible sanctions for failing to meet these obligations.

In response to the opinion of the Constitutional Court, the amendment contains a list of authorized entities, namely the Police of the Czech Republic, Prosecuting Attorney’s Office, Security Information Service (BIS), Military Intelligence Service and Czech National Bank. The said entities are authorized to request information from mobile operators and mobile operators are obliged to provide such information to such entities free of charge.

Mobile operators are obliged to store data on their client’s communications for a period of six months (the “retention period“). Operators will not be authorized to store and provide the content of their clients’ communications, but only data about the call duration, the location from which the call has been made, the recipient of the call or IP address.

Details concerning the scope of stored operational and localization data, the form and manner by which such data is transferred from an operator to authorized entities, and the method of destruction of operational and localization data shall be set out by an implementing decree.