On occasion of the first anniversary of the Law on Personal Data Protection (enacted by the National Assembly of Serbia on 23rd October 2008) the Commissioner for Information of Public Importance and Personal Data Protection, Rodoljub Sabic, has appealed with the Government once again to define and set the strategy on personal data protection. On occasion of the first anniversary of the Law the Commissioner has said:
‘'It is good that the recent EU Commission Report observation has been that we have made certain progress. But that estimate, should be understood more as an incentive than as praise. The real meaning of this estimate should be valued in the light of what has been done and even more in the light of what has not been done.
The new Law on Personal Data Protection was enacted, but even with timely warnings of the Commissioner for Information, which have later been confirmed by EU and CU expert opinions; it contains solutions which are opposed to EU standards. As far as secondary legislation is concerned, the Commissioner has passed two bylaws which were within his competence within a period prescribed by the law. The Government was obliged to pass two decrees. It has passed one within the period prescribed by law, and the other, which is very important, has not been passed yet, as it relates to especially sensitive data.
The then Commissioner for Free Access to Information was set as an independent supervising authority. However, even though the National Assembly enacted an adequate law soon after and created the necessary preconditions for a significant increase in the number of employees, due to the rigid stance of the Government conditioned by oversights of the Ministry of Finance, the Commissioner worked during the whole year with a five times lesser number of associates than envisaged (12 out of 69). He was not in a position to contract one single associate for tasks relating to personal data protection, so he worked on these, i.e. he improvised with his team which was previously in charge of tasks regarding free access to information. Notwithstanding this, the Commissioner's reactions to certain cases have yielded useful results. Good examples, of more general importance, are results achieved in communication with the Ministry of Defense regarding processing data on recruits, the Ministry of Education regarding the data on students, Ratel regarding instructions for ‘'intercepting Internet communications'' and the like.
Work on education of citizens and subject dealing in processing their data practically has not been started, with exception of several activities of the Commissioner such as (in cooperation with EU Commission mission) the preparation and publication of the Guide through the Law on Personal Data Protection, organization of the first regional conference on personal data protection, contacts with associations of bankers and teleoperaters.
We are yet to tackle the huge task of triage of what will undoubtedly be hundreds and hundreds of laws and regulations, the content of which is to be harmonized with EU standards.
In order to prevent the violation of human rights and noncompliance with obligations under SAA it is necessary to define priorities, targets, deadlines, executives and responsibilities. The Commissioner has thus, in cooperation with EU experts, prepared a Draft National Strategy on Personal Data Protection Implementation and forwarded it to the Government of Serbia. Unfortunately, there was no reaction.''