Based on request of Beta Agency to, in the context of Serbia's accession to the „white Schengen list", evaluate the status in the field of personal data protection, the Commissioner for Information of Public Importance and Personal Data Protection, Rodoljub Sabic gave the following statement:
„Independently from my wish that the optimistic forecasts regarding the „white Schengen" should become true, I think that responsible relationship towards achieving the objective like visa regime liberalization and what is even more important, regarding guaranteed human rights, requires much quicker and energetic change of the status quo. Relationship of many authorities, but also of the private law subjects towards personal data processing and protection is significantly below the standards stipulated in the Constitution, Personal Data Protection Act and in relevant international documents.
Serbian Constitution stipulates that processing, that is, collection, keeping and use of personal data should be regulated by the law. In relation to that, the Personal Data Protection Act stipulates that data processing can be performed only based on the law, only for purposes stipulated by the law and only in the measure necessary for achieving that purpose. Based on Criminal Code unauthorized processing of personal data has been determined as a criminal act. Besides that, by the Stabilization and Accession Agreement with EU, Serbia has been obliged to harmonize its legislation in the field of personal data protection with EU standards, and Serbia also would, in order to supervise and secure those standards' implementation, form one or more independent supervisory bodies with sufficient financial and human resources.
However, in practice, things are significantly different. Very serious indications point out to a large number of cases where data protection is performed on very problematic basis or without any legal ground whatsoever, or in a way and in a measure that are obviously disproportionate to the processing purpose, or without adequate data protection. Simultaneously, not elementary conditions for performing supervisory function have been secured by the Personal Data Protection Act, and also not even for execution of related, assumed international obligations.
By undertaking necessary normative, staff, organizational, educational and other measures, primarily by the Government of Serbia, but also from others, change for the better in such a state of affairs must at least be initiated. Otherwise, optimism regarding the „white Schengen" might appear as unrealistic. And even, if it shows that there is political readiness of the EU to neglect our inadequate relationship towards certain assumed obligations, we would surely face extremely serious problems on the plan of exercising and protection of the basic human right to have privacy, that is, personal data protection."