Press Releases - Archive

In connection with the sixth anniversary of adoption of the Personal Data Protection Strategy (which the Serbian Government adopted in August 2010), the Commissioner for Information of Public Importance and Personal Data Protection notes that the way in which implementation of this Strategy is treated by the authorities provides the best – and rather worrying – illustration of the irresponsible handling of this important area of human rights by the state.

The state's activities in this area mostly come down to those undertaken by the Commissioner, which, although increasing in number (with the number of cases handled by the Commissioner in the field of personal data protection increasing from 83 in 2009 to 2430 in 2015), cannot compensate for what the line Ministries, the Government and the National Assembly are supposed to do.

Noting there was a need for a fundamental shift in the attitude of authorities at all levels of government, including in particular the Government of the Republic of Serbia and the line Ministries, commissioner Rodoljub Šabić said:

After reports in the media and on social networks that the mayor of Niš said that city would create a dedicated database of citizens who took legal action against the city and a special working body to analyse the data contained in that database, which caused public outrage, the Commissioner for Information of Public Importance and Personal Data Protection sent a letter to the mayor in which he warned him that the creation of such database and any processing of the data contained therein would constitute inadmissible personal data processing, which is a punishable offence.

 After conducting an inspection of compliance with the Law on Personal Data Protection at the Ministry of Internal Affairs pursuant to a citizen's petition, the Commissioner for Information of Public Importance and Personal Data Protection issued the Ministry with a Warning alerting the Ministry to the fact that its processing of citizens' personal data in the "Daily Bulletins of Events" and their subsequent submission to other authorities or persons without any legal grounds and with clearly stating the purpose of such processing constituted inadmissible processing of personal data.

The Ministry of Internal Affairs has been ordered to notify the Commissioner within 15 days of receipt of the Warning of the measures and activities it has undertaken to remedy the identified irregularities.

The inspection found that, in its data file titled "Daily Events", the Ministry of Internal Affairs processed data on reported criminal offences and misdemeanours, police interventions to restore public order, harm caused to persons and property by natural disasters and a number of other events within the mandate of the police, i.e. events and occurrences relevant for public safety. In addition, this data file also contained citizens' personal data.

This file was then used to create the Daily Bulletins of Events, which was circulated to a broad base of recipients. Thus, in addition to law enforcement officers at the Ministry of Internal Affairs, personal data were disseminated to a relatively large circle of external recipients.

The inspection found that personal data had been provided to the following at the national level: the President of the Republic of Serbia, the Prime Minister, the Spokesperson of the National Assembly, the Deputy Prime Minister, the Supreme Court of Cassation of Serbia, the Committee on Defence and Security, the Republic Public Prosecutor, the Special Prosecutor and the Security Information Agency.

At the level of police administrations, these data were selectively provided to: presidents of courts, prosecutors, heads of districts, mayors, municipal presidents, chairpersons of city and municipal councils, heads of Security Information Agency's centres etc.

Most of these authorities are not authorised to demand or receive the personal data contained in the Daily Bulletins and they do not need those data to perform duties within their respective mandates. Those authorities that need such data or are authorised to demand and receive them should do so through official correspondence, rather than through a Daily Bulletin.

In this context, Commissioner Rodoljub Šabić said:

The Commissioner for Information of Public Importance and Personal Data Protection has issued an Execution Order in which he demanded of the City Institute of Forensic Science in Belgrade under threat of a fine to provide the daily newspaper Danas, as information requester, with information about court cases in which forensic analysis was entrusted to forensic expert M.L.