COMMISSIONER
FOR INFORMATION OF PUBLIC IMPORTANCE
AND PERSONAL DATA PROTECTION

logo novi


COMMISSIONER
FOR INFORMATION OF PUBLIC IMPORTANCE
AND PERSONAL DATA PROTECTION



logo novi

COMMISSIONER
FOR INFORMATION OF PUBLIC IMPORTANCE AND PERSONAL DATA PROTECTION

03.12.2008.Estimating the Draft Law on Confideltiality of Information, drawn by the Serbian Government and forwarded to the National Assembly for adoption, as unsatisfactory from the conceptual, legal and technical aspect,  the Commisioner for Information of Public Importance and Personal Data Protection addressed a letter of the following content to the Prime Minister Mirko Cvetkovic:

Dear Mr. President,

I am hereby addressing you and the Government of the Republic of Serbia regarding the Draft Law on Confideltiality of Information adopted by the Government of the Republic of Serbia and forwarded to the National Assembly for adoption.

Having in mind previous experiences with the Government's attitude towards the suggestions of the Commisioner for Information of Public Importance and Personal Data Protection, in all sincerety, I do not expect this letter to have the desired effects, but I think that my position bids me to address it to you in any case. 

In my opinion, and from the legal, technical and conceptual aspect, the abovementioned Draft Law, mildly speaking, gives rise to numerous dilemmas. The Draft was prepared, without any public discussion and posibillity for the public, public experts before all,  to make a contribution which is doubtlessly a prerequisite for such a Draft. As I do not want to waste neither your nor my time, I will just highlight several burning issues. 

Pursuant to the Law on Free Access to Information of Public Importance (Official Gazette of RS Nos. 120/04 and  54/07) the Commisioner for Information of Public Importance is entitled to have unlimited access to any document or media.  These powers of the Commissioner which are implicit for his position, being crucial for his work, are based on the Law and are not subject to anyone's consent or approval.  In the previous practice - which is now years long -  no one has ever questioned these powers.

The Draft Law on Confidentiality of Information changes the position of the Commissioner for Information qualitatively. Pursuant to the Draft there will be no ex lege right of access to any document labeled confidential. Instead of this, he ‘'has the right to authorization'' (whatever this means) which can be denied in some cases. Having in mind all of the above, the provision that an authorization is issued to the Commissioner for Information without prior ‘'security check'' sounds really ironic. 

At least two issues are raised in relation to such a solution.

The first relates to the fact that the Commissioner's job, one of his roles, is to order declassification, removing secrecy labels from certain information, regardless to the degree of secrecy. Deciding whether this is justified is not only the Commissioner's right but also his obligation in any particular case whenever he receives such a request.  How can this kind of work be done, if the Commissioner can be denied access to investigate the content of the ‘'disputable'' document?

Regarding that, the issue of relation of such a solution towards Article 20 Section 2 of the Constitution of the Republic of Serbia, which guarantees that the level of human rights cannot be decreased, is raised.

Commissioner's powers set out in the Law on Free Access to Information of Public Importance, are not personal powers, those are powers of a public organ established to protect human rights. Is the obvious drastic limitation of these powers in line with the abovementioned provision of the Constitution?

As of 1st January 2009 the powers of the public body Commissioner for Information of Public Importance were extended to personal data protection, and the body was renamed the Commissioner for Information of Public Importance and Personal Data Protection.

Thus, the Commissioner, in order to implement obligations of Serbia from the the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data in relation to supervisory authorities and transborder data traffic and Additional Protocol to this Convention, and especially Art. 81 of the Stabilization and Association Agreement between Serbia and the European Union received an obligation to provide implementation of existing standards in the field of personal data protection. 

The powers of supervisory authorities in the field of personal data protection determined by the abovementioned documents, and especially by the Directive 95/46 EC have a very wide range, and clear definitions.  Art. 28 Sect. 3 of the Directive 95/46 EC stipulates that the supervisory authority has - ‘' investigative powers, such as powers of access to data forming the subject-matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties ; - effective powers of intervention, such as, for example, that of delivering opinions before processing operations are carried out, in accordance with Article 20, and ensuring appropriate publication of such opinions, of ordering the blocking, erasure or destruction of data, of imposing a temporary or definitive ban on processing, of warning or admonishing the controller, or that of referring the matter to national parliaments or other political Institutions the power to engage in legal proceedings where the national provisions adopted pursuant to this Directive have been violated or to bring these violations to the attention of the judicial authorities"

The powers of supervisory authorities are unlimited.  Therefore the limitations suggested are unprecedented. To illustrate, in laws on personal data protection of the neighboring countries, the powers of the supervisory authority are not questioned, and they are especially highlighted by appropriate formulations. The right to access is governed by the following formulations- Art. 32 of the Personal Data Protection Act - ‘'regardless to the degree of confidentiality'', Art. 53 of the Slovenian law - "regardless to confidentiality or secrecy...", in Art. 22 of the law of Bosnia and Herzegovina - "state or official secret shall not be an impediment..." and Art. 66 of the law in Montenegro - "regardless to the degree of secrecy..."

Even during adoption of the Law on Personal Data Protection I warned that the solution in Art. 45 of the Law envisaging limitations of powers of the supervisory authority, i.e. the Commissioner, opposes the abovementioned international documents and widely accepted international standards. This has been confirmed both in international practice and by the attitudes of relevant representatives of international community presented in the meantime.

I do not know if this is the reason why now, the Draft Law on Confidentiality of Information envisages removal of Art. 45 Sect. 2 from the Law on Personal Data, but I know for sure that its transfer or transfer of a worse version into the Law on the Confidentiality of Information is not a solution. Once again I would like to warn that, if the Law on Confidentiality is adopted as suggested, it will have a negative effect on exercising and protection of human rights and also on estimates of EU monitors regarding harmonization of our laws with EU standards.

Limitation of Commissioner's powers, accompanied by limitation of Ombudsman's powers is even more worrying as the Draft Law also does not offer introduction of a specialized mechanism which would control and provide enforcement of democratic standards in the field of confidentiality.   „Control" defined in the Draft Law on Confidentiality of Information is only declarative. 

Namely, it is quite obvious that a public authority such as the National Safety Council Office cannot provide real control due to its type and rank (this is not even a government body but a service) thus the lack of supervisory i.e. inspection powers

Finally, it is difficult to understand that the Draft Law on Confidentiality of Information once again avoids a very important issue which has been highlighted on several occasions lately. I am referring to the need for protecting people who have defied formal rules of confidentiality because of public interests, the so called insiders or whistleblowers. Protecting these people is a matter of necessity, righteousness and a matter of international legal obligations that we have taken on. Therefore it is a great pity that another chance to adopt some already defined solutions, especially the quality one offered by the Ombudsman in his Draft Law on Amendment to the Law on Free Access to Information of Public Importance, has been missed.   

Monthly Statistical Report
on 30/11/2024
IN PROCEDURE: 16.897
PROCESSED: 167.498

Read more