Commissioner for Information of Public Importance, Rodoljub Sabic, has in the letter sent to the Prime Minister of the Government of Serbia, Mirko Cvetkovic, suggested to the Government to change certain solutions by amendments to the text of Proposal of the Personal Data Protection Act, that the Government has recently determined and delivered to the National Assembly.

In relation to that, Commissioner Rodoljub Sabic, stated the following:

„I have considered it my duty to point out to the Proposal, the passing of which I support in general, which contains certain number of solutions that could and should be made more clear and precise by amendments, but also solutions that should be deleted.

It is primarily, Article 45 paragraph 2 of the Law Proposal, enabling the security authorities to deny to the body that should protect personal data, due to reasons of "state and public safety" for as long "until those reasons exist", insight into relevant data, collections of data, even access to the premises.

Such expandable and fluid basis for limiting human rights' protection should be the thing of the past. They leave an opportunity for abuses and significantly handicap the possibilities for effective personal data protection, regardless of what authority should be entrusted with that protection. In the specific case the thing is additionally complicated and made controversial by the fact that as the body in charge of protecting personal data is envisaged an already existing state authority - Commissioner for Information. And that authority, according to the Law on Free Access to Information, has explicit right of insight, without limitations into every information carrier owned by the authorities in power.

Possibility for discretionary, extremely important narrowing of authorizations of the authority in charge in the procedure of control and protection of rights is contravening not only the existing authorizations of the Commissioner for Information, but also standards determined in international documents we have signed. Provisions of the Convention on Protection of Persons in Relation to Automatic Data Processing and Additional Protocol to the Convention, regulating the position of the supervising bodies, and which amongst else also envisage authorizations to meddle without limitations into all legal procedures and to point out to infringements of the law, including the authorizations to start investigation independently, drastically differ from the solution from Article 45 paragraph 2. Therefore it appears almost ironical that such a solution is proposed to the Assembly simultaneously with Protocol ratification.

Therefore, Article 45 paragraph 2 should be deleted from Law Proposal text body. In relation to that, I turned to Ombudsman, who shall in order to preventively act in human rights protection submit adequate amendments, but I think that it would be very good if the Government would do the same.

I have also underlined to the Government the fact that the envisaged deadline for enacting the Law is completely unrealistic. It is a fact that the Government and its respective services in charge haven't even after three and a half years from the beginning of law implementation, secured conditions even for executing jobs from the existing scope of the work of the Commissioner. Therefore the Commissioner's service, besides huge inflow of cases, works with only 7, instead of the envisaged 21 worker. It would be irresponsible self-deception to believe in the possibility of that service, with such support, in those circumstances and in such a short deadline should take over multiple, incomparably bigger obligations in personal data protection field.“