Source: "Blic"
Huge Importance of Law on Personal Data Protection
Personal data processing, use and collecting will be possible in the future only with citizens' consent
Several dozens of public authorities are violating the Law on Personal Data Protection. While officials deny information on the amount of their monthly salaries, at the same time they have illegally concluded agreements with credit bureaus of banks under which they submit data on clients' outstanding debt and on unpaid water and electricity bills. This is just one of the examples of violation of the Law on Personal Data Protection Rodoljub Sabic, Commissioner for Information of Public Importance and Personal Data Protection, faced.
Is somebody stealing your identity? Is information from your medical record being abused? Who has information about where you live, on which address, what is your social and family status, what are your affiliations or political orientation, do you pay utility bills regularly? There are hundreds of thousands of data collections on citizens. Until the Law has been passed, there were no regulations specifying who can form data collections and under which conditions they must be kept and processed.
Serbia has not had supervision of personal data collection for decades. It has yet to be introduced. The Law on Personal Data Protection should introduce control in this field and that duty is entrusted to Commissioner for Information of Public Importance and Personal Data Protection under the Law.
He warned that there were serious indications of mass abuses and advised the following:
- If you have any doubt that anyone is tampering with any of your personal data from library to medical records and pension fund without your authorization or written trail evidencing that it is done in accordance with the Law, i.e. pursuant to Government orders, if you doubt that data collection on you is being formed without your consent, complain to the Commissioner - Mr. Sabic insisted.
He said that citizens faced various violations of privacy, starting from "trivial", such as annoyance by direct marketing, economic or political, to cases of much more serious violation of privacy, such as identity borrowing or theft and on the other hand, they were unaware of their rights.
He confirmed that there were extremely robust violations, such as uncontrolled removal of a number of medical records from medical institutions, submission of personal records of all judges from the Commercial Court of Serbia to the media, posting dozens of thousand of unique personal identification numbers (JMBG) on the Internet by the Privatization Agency.
Abuse is most often done by employees in institutions which have the right to form databases, but they do not have the right to use it illegally.
Mr. Sabic warned the citizens that it was important to understand that personal data were their most valuable asset and right and invited them to "be careful about giving their data in various poll lists". The Commissioner reminded that global-scale identity theft had been one of the largest security risks for years.
It is hard for laymen to understand what citizens' rights are from the complex material formulated into the Law. In order to facilitate the use of the vast number of legal instruments and to help citizen to learn what their rights are as regards personal data protection, the Commissioner's Office published the guide through that Law. The guide clearly explains that citizens should know the new Law introduces the principle according to which processing, use, collecting, keeping of and access to personal data is allowed only with citizens' consent or on the basis of express legal provisions. The citizens have the right to be informed about whether somebody is processing data relating to them and who and where and how he/she keeps those data. They have the right to know the content of those data, to require correction of false and incorrect data and deletion of data collected illegally.
The citizens can quickly and easily inform themselves about their rights in the guide which is distributed free of charge to users and the text is posted on Commissioner's official website www.poverenik.org.rs, in the "Documents" heading under the title „Guides".
Interfile: Abuses
- Assuming false identity
- Obtaining loans under an assumed name
- Medical treatment under an assumed name
- Communication under an assumed name
- Abuse of another person's status in any way
- Blackmails on the basis of confidential information
The Law envisages the following:
1. Processing, use, collecting, keeping and access to personal data is allowed only with citizens' consent or on the basis of express legal provisions 2. Who, how and why can have access to data on citizens 3. Citizens' right to be informed about whether somebody is processing data relating to them and who and where and how he/she keeps the data 4. Citizens' right to know the content of that data, to require correction of false and incorrect data, deletion of data collected illegally 5. In case of a need to protect their right, the citizens should contact the Commissioner for Information of Public Importance and Personal Data Protection.
Entire Supervision Mechanism necessary
Serbia has about 107 tourist inspectors, but no inspectors for personal data protection. All these duties are delegated to the Commissioner for Information and Personal Data Protection who has 12 associates. In order for the Commissioner's Office to be able to react to abuses, a supervision mechanism should be organized. In England, the Information Commissioner has about fifty employees for freedom of information and more than 200 for personal data protection. In Romania, the Commissioner has about sixty employees for that purposes, in Slovenia about thirty and agencies of Macedonia, Croatia and Bosnia and Herzegovina have more than 20.
- In spite of everything, we will do all we can and achieve some results, but, to be fair, it is an improvisation which must not last for a long period of time - Mr. Sabic warned.
