The Commissioner for Information of Public Importance and Personal Data Protection has sent a letter to the Government of Serbia pointing to the pressing need for the Government to ensure the consistent application of its own Rules of Procedure in preparing legislation, warning about negative consequences of non-compliance with the Rules in fields of the Commissioner's competence, especially in the field of personal data protection.

In this regard, the Commissioner stated the following regarding:

"The Government determines, and then submits to the National Assembly of the Republic of Serbia bills (proposed laws) dealing with, among others, personal data processing, in whose preparation relevant ministries, previously, in the phase of draft laws, do not ask (although it is provided under the Government Rules of Procedures and other regulations) an opinion of the Commissioner for Information of Public Importance and Personal Data Protection.

Failure to obtain opinion of the Commissioner results in missed opportunities to be warned by the Commissioner about some long-time recognized errors and omissions in legislative practice and constantly repeating of those errors.

The Serbian Constitution in Article 42 expressly states that the processing of personal data is exclusively governed by law, not by legislation of less legal force. There is also a special decision of the Constitutional Court of Serbia no. 41/2010 of 06/07/2012, passed in a procedure initiated by the Commissioner five years ago, which confirmed that only law, not a bylaw, may regulate the collection, keeping, processing and use of personal data.

And yet, in less than a year, the Government has determined as many as 5 bills that deal with, among others, personal data processing, and the drafters of these laws did not previously seek the Commissioner's opinion, and in four of these five laws, instead of regulating personal data processing by law, it is provided power for the competent ministries to, contrary to the Constitution, regulate this field by bylaws.

Establishing absolutely necessary, significantly better situation regarding the processing and protection of personal data in real life is a common goal, and it is not possible to be achieved by the activities of only one state authority, the Commissioner, especially not if new controversial elements are continually introduced in the "system" through legislative process"