The judicial investigation of the murder of young liberal Rodrigo Quintana at the headquarters of the Liberal Party exposed the implication of high leaders of the political power. The lawyers for the complaint insist that call logs can be used as evidence to clarify who gave the order to enter the party’s premises in the early hours of April 1.
During the process, the prosecution (in charge of carrying out the investigation into the facts) rejected the request of the complaint to extract the call logs, considering it irrelevant. After the Court of Appeal rejected the denial of the request in the first instance, it was possible to proceed. The resolution of December 2017 mentions article 173 of the Criminal Procedure Code, which reads: “The facts and circumstances related to the object of the procedure may be admitted by any means of proof, except for the exceptions provided by law. A means of proof will be admitted if it refers, directly or indirectly, to the object of the investigation and is useful for the discovery of the truth”. Based on these reasons, the resolution enabled the call crossing request.
The telephone companies Tigo and Personal responded to the judicial request arguing that they no longer possess the phone call records, based on resolution 1350/2002 of CONATEL which establishes a period of 6 months for the preservation of records of incoming and outgoing calls. Therefore, Tigo and Personal are in compliance with the mandatory guardianship. On the other hand, according to a publication on ABC, the company Claro still has the call logs, exceeding the six months of storage provided by the standard. When available, telephone companies are obliged to provide the details of communications to the Public Ministry, even without a court order. These records include detailed information on phone calls, as well as SMS and location data for mobile devices.
Call log limits for the protection of the right to privacy
Although our country recognizes the right to privacy in our National Constitution (Art 33), in practice there are not enough measures to guarantee compliance with this right, as evidenced in the treatment of personal data in public and private databases1.
Call logs are part of our privacy and therefore their treatment must be regulated and supervised by an independent entity, which may act in the event of abuse of data and database treatment by any public or private entity.
Law 1682/2001, which regulates certain aspects of data processing in our country, is far from complying with minimum international standards for the protection of personal data. It does not require that the data treatment be carried out considering the purpose of the collection, it doesn’t establish the data storage time, and it doesn’t take into account the principles of legality, proportionality, data quality, scope, transparency, accountability, among others.
The principle of limiting the conservation period, according to the regulation standards of the European Union (2016/679), establishes that personal data must be kept for the identification of the interested parties for “no longer than necessary for the purposes of the treatment of the personal information”. It could be kept longer only for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, in accordance with article 89, section 1 of the Regulations.
This principle, which includes setting a time limit for the storage of phone call records, is absent in our legislation. In practice, our local entities do not have the protocols, mechanisms or regulations concerning the destruction of such data. It is key to establish the appropriate criteria depending on the nature of each database.
Aptly, the deletion of phone call records carried out by the companies Tigo and Personal is a way of establishing a storage time limit in order to comply with international standards, the protection of personal data and the privacy of their users.
At the regional level, the Inter-American Court of Human Rights ruled on the contentious case in which Brazil was found guilty of illegal use of wiretapping in a criminal proceeding. In this case, the Court noted that the right to privacy protects both the content of electronic communication and other data specific to the technical process of communication. According to the resolution:
“…even though telephone conversations are not expressly mentioned in Article 11 of the Convention, they are a form of communication included within the sphere of the protection of privacy. Article 11 protects conversations using telephone lines installed in private homes or in offices, whether their content is related to the private affairs of the speakers, or to their business or professional activity. Hence, Article 11 applies to telephone conversations irrespective of their content and can even include both the technical operations designed to record this content by taping it and listening to it, or any other element of the communication process; for example, the destination or origin of the calls that are made, the identity of the speakers, the frequency, time and duration of the calls, aspects that can be verified without the need to record the content of the call by taping the conversation. In brief, the protection of privacy is manifested in the right that individuals other than those conversing may not illegally obtain information on the content of the telephone conversations or other aspects inherent in the communication process, such as those mentioned.”
In other words, to request phone call records, the person or entity must comply with article 36 of the National Constitution (“On the inviolability of communications”), and the request must be preceded by a duly justified court order, since these records are part of the communication. Although the murder case did comply with this procedure, according to our investigation “Who defends your data?” (Paraguayan version of the EFF publication “Who Has Your Back”) the procedure is in most cases ignored.
Challenges for the effective protection of the right to privacy of all people
Privacy is a fundamental condition for being a free person, so the challenge is to find the right balance between criminal prosecution and the processing of personal data. To achieve this, there are some issues that we need to discuss:
1) A comprehensive solution becomes extremely necessary and urgent, in order to prevent abuses regarding people’s personal data. This solution must set limits to the treatment of the data in terms of its purpose, time, legality, proportionality, data quality, scope, transparency, accountability, among others. This must be done in accordance with the standards for the protection of human rights and in relation to the nature of governmental institutions and the private sector, to fulfill its purpose in each case. Citizens must pressure their authorities to debate such policies, which are in the public interest, and to avoid creating regulations in a rush or without considering an integral view.
2) Moreover, it will be necessary to create an independent entity to serve as the governing and responsible entity for the control of data processing, to analyze the purpose of the data and to carry out preventive reviews of potential errors or abuses that may occur during the processing of the data. It is necessary to audit those responsible for data processing and to raise the standards of data protection in accordance with Directive 95/46 of the EU. This will assess the relevance of the limitations and the conditions in which our personal data is stored (in this specific case, the call logs).
3) The requirement of judicial authorization to request phone call records must be explicitly established.
- The protection of personal data in public databases in Paraguay. TEDIC – September 2017 [in Spanish]