Armenia’s communications and utilities regulator, the Public Services Regulatory Commission (PSRC), is developing a bill to force internet service providers (ISPs) to collect and store user data that could be accessed by law enforcement agencies.
The data would include users’ browsing history, the platforms they use to access internet services, and the time and addresses of emails being sent and received. ISPs would have to store this data for a two-year period.
According to the Armenian Constitution, law enforcement agencies would have to apply to the courts in order to access this information, however, no legal criteria for the courts to make decisions on such cases currently exists.
The bill has raised concerns over online freedom and privacy, as well as what critics have described as the opaque manner in which the bill has been developed.
On 22 October, seven prominent local NGOs including the Open Society Foundations-Armenia, the Helsinki Citizens’ Assembly Vanadzor Office, and Transparency International’s Armenia office published a joint statement condemning the bill.
They said that the PSRC was attempting to force ISPs to store data that is considered private under Armenia’s Law on Protection of Personal Data.
The law includes any information that would allow for direct or indirect identification of an individual’s identity. According to this law, such data can be processed or stored only when the subject has given their consent or where other laws supersede it.
According to the groups, it is currently illegal for ISPs to store email addresses. They also said that users’ search terms and browsing history were ‘unequivocally’ protected under the Armenian Constitution’s clause on the ‘Inviolability of Private and Family Life, Honour, and Good Reputation’
‘Our main concern is that a body created for solely field-relevant administration has reserved itself the right to develop a bill that violates the rights of citizens. This is illegal’, the statement says.
‘This will create a precedent by which any regulatory body can violate fundamental human rights and freedoms.’
The statement concluded by demanding the bill be dropped as it is ‘illegal’ and ‘anti-constitutional’.
‘Who will watch the watchmen?’
The PSRC has claimed that storing electronic communications is legal, but that there are currently no regulations to organise that process.
Responding to criticism of the bill in a statement on 21 October, they insisted the concerns were baseless, and said that relations between ISPs and law enforcement agencies needed to be better defined.
The PSRC claimed that ISPs would still be prohibited from storing or disclosing the content of online communications and that moreover, the commission was not legally allowed to regulate such content.
In an interview with Azatutyun, PSRC member Seda Shahinyan insisted that the bill would not allow providers to store content and that users need not worry about their correspondences being stored.
In their statement, the PSRC said the draft bill had been sent to 170 ISPs to review and has been discussed with Armenia’s Ministry of High-Tech Industries and the National Security Services.
A revised version of the draft bill will be subject to wider public discussions including being published on e-draft.am, an online platform where draft legal bills are published for the public to see, vote for, and discuss, as well as on the commission’s official website.
During a Q&A with Government members in parliament on 23 October, Minster of High-Tech Industries Arshak Hakobyan did admit that small providers may face issues if the bill comes to pass. According to him, storing two years worth of data would require certain equipment.
‘Small providers in villages and towns will have an issue, which I believe is not in our best interest in terms of developing small and medium enterprises’, Arshakyan said.
The bill is still in the early discussion phase.
Samvel Martirosyan, an information security expert and member of the Internet Governance Council, an advisory board containing both governmental and non-governmental stakeholders, told OC Media that the problem with data collection and storage in Armenia was a lack of transparency.
According to him, there is no public oversight of what ISPs or the National Security Service (NSS) are doing. Despite the Law on the Protection of Personal Data protecting personal data, he said that there was a lack of mechanisms to enforce the law.
‘One of the main aims of data protection is the free use of the internet’, he said. ‘However, we don’t know what kind of mechanisms are being used to supervise what the NSS or other ISPs are doing in terms of data collection.’
He said the bill would make remaining anonymous online difficult. ‘It’s not an innocent tool’, Martirosyan said, adding that oversight of how the new bill was used would be key.
‘Armenia’s main concern should be who will watch the watchmen.’