The Commissioner for Information of Public Importance and Personal Data Protection has sent to the Minister of Foreign and Domestic Trade and Telecommunications a letter regarding the Draft Law on Amendments to the Law on Electronic Communications today. The letter indicates that it is necessary to exclude all formulations from the text of the Bill that could cause a dilemma regarding the grounds for access to the data on citizens' communications and that is necessary to establish the obligation of providers to keep records of the number of accesses to the data.

In this regard the Commissioner, Rodoljub Sabic, has said the following:

''Pursuant to the Constitution, the derogation from the confidentiality of communication, which is guaranteed under the Constitution, shall be allowed only based on the decision of the court and solely for two reasons – to conduct criminal proceedings or to protect the safety of the Republic of Serbia. It is not good that the Draft Law contains formulations such as for example: ''detecting a criminal offence'' or ''public safety'' which include a wider range of actions of the Ministry of Interior, which the Constitutional wording does not. They can give rise to new dilemmas in practice and therefore they should be excluded from the text and only the clear and precise Constitutional wording should be kept.

The formulation regarding the publication of statistics regarding the access to retained data is also not good and not a good idea. It is necessary to establish an obligation for all providers to keep records on the number of accesses to retained data and to forward it to the Commissioner within certain intervals, for example once a year, so that the Commissioner would be able to present them in the annual report submitted to the National Assembly.

I would also like to recall that under the Regulation No. 611/2013 on the measures applicable to the notification of personal data breaches under the Directive 2002/58/ЕC of the European Parliament and of the Council on privacy and electronic communications, the providers are obliged to notify the competent national authorities of personal data breaches, and in certain cases also the individuals concerned.

Should the objections that I have presented at the public discussion be accepted, and the representatives of the proposer have assured me that they would, that would definitively remove the dilemmas regarding the legal grounds for access to retained data, which is certainly good. However, that will not, even remotely, mean that as a state we have mechanisms required to secure and control the exercise of the Constitutional guarantee on the confidentiality of communications.

In this regard, I would like to remind you that the Ombudsman and I proposed a package of ''14 measures'' a year ago (where, among other things, it was proposed to unify both the procedures and the existing parallel resources of ''services'' and the police in one national agency which would, as a provider, provide technical services required for interception to authorized users and indelible recording of the ''trace'' of access to telecommunications, including all the data necessary to perform a subsequent control of the legality of access).

Although the package of ''14 measures'' received strong verbal support at the time when it was proposed, a year and a half later very few of the proposed measures have been implemented."