The Commissioner for Information of Public Importance and Personal Data Protection, due to the interest of a large number of the media in whether and how he will react to the publicly-used personal data from the official documentation of the Ministry of Defense and the Ministry of Internal Affairs in the yesterday's parliamentary debate, states that he has ordered supervision over the implementation of the Personal Data Protection Law in both ministries.
The type of personal data and the manner in which they were used indicate that officials in the Ministry of Defense for sure, and in the Ministry of Internal Affairs very likely, violated the provisions of the Personal Data Protection Law and thus committed punishable misdemeanors, by making the personal data disposed by them for statutory purposes available to the third, unauthorized person.
However, all the circumstances indicate that these actions constitute a much more serious violation of the law than a misdemeanor, i.e. that a criminal offense has been committed.
The Commissioner on this occasion also reminds that Article 146, paragraph 3 of the Criminal Code foresees that an official who obtains, communicates to another or otherwise uses the information collected, processed and used in accordance with the law, for purposes other than those for which they are intended, shall be imposed a term of imprisonment up to three years.
Therefore, it would not only be normal and logical, but also necessary that such events to attract the attention Public Prosecutor's Office, much before the Commissioner’s, and give raise to adequate response. It is very worrying that, in numerous situations where serious violations of personal data protection rights have been committed this has not given raise to, to say the least, the suspicion that a criminal offense has been committed, and that the prosecutor’s office has not seen it fit to react at least adequately, often failing to react at all.
Public authorities are to protect citizens' personal data not compromise and misuse them. Any misuse of these data should attract the attention of all those responsible and give raise to the appropriate sanction. This is particularly true in the case of public authorities who are openly and publicly making available the data from official records to supporters of all political options so that they could use them in political conflicts.
This is not the first time that we have encountered misuse of personal data from official records by public authorities for political conflicts, and if this continues, the danger is that it will become a rule. The Commissioner will always act in accordance with his competences and powers; however, he can neither, nor should, do the work of public authorities that is their raison d’etre. If they, as a rule, fail to react both in this and similar situations all constitutional and legal guarantees of privacy protection, i.e. personal data protection, which are otherwise often unacceptably endangered, are on the road to becoming empty phrases.