The Commissioner for Information of Public Importance and Personal Data Protection had discussions today with Thomas Hammarberg, the Commissioner for Human Rights of the Council of Europe (CE). While estimating the meeting as very useful and reminding that the Council of Europe (CE) is an international organization, which has given an outstanding contribution to democratic processes, particularly to the advancement of human rights in countries undergoing transition, thus also in Serbia, Commissioner Rodoljub Šabić said the following:
’’The subject of the discussions included several issues related to the materialization of the right to free access to information of public importance and the right to personal data protection. I am very satisfied with the way the Commissioner for Human Rights of the Council of Europe (CE) evaluates the results in the field of access to information, since he confirms that we have achieved valuable results, regardless of the still obvious numerous problems.
Unfortunately, the situation is significantly worse as regards the issue of personal data protection.
Although our country is an ’’old’’ signatory of fundamental international documents in this field, adopted within the very CE – Convention 108, on the protection of people against automatic processing of personal data and the Supplement Protocol to this Convention, the actual state of the matter indicates an inappropriate attitude towards the obligations from these documents. I believe that it is essential to undertake energetic steps, without delay, to change this.
It is necessary in this respect, to remind of some unavoidable facts.
The government of Serbia adopted a Personal Data Protection Strategy already last summer, upon the initiative of the Commissioner and based on the draft which he had prepared in cooperation with the EU Commission experts, but has still not adopted an Action Plan for its implementation. The three-month timeframe for the adoption, expired seven months ago, but the Action Plan has still not been adopted, thus the Strategy is still just a ’’dead letter’’.
Only the subordinate acts required for the implementation of the Law on Personal Data Protection, which are within the competence of the Commissioner, have been adopted within the set timeframe. The other subordinate acts within the competence of the government and the respective ministries, have either been adopted with great delay or have not been adopted at all.
The more than two year long delay of the government in adopting a decree on the protection of the so-called ’’particularly sensitive data’’, is of particular significance. Due to this, the special protection of these data, as guaranteed by the law, is still just an empty proclamation and at the same time this prevents the execution of obligations undertaken under Convention 108 CE.
Nothing is done with respect to further approximation of the Law on Personal Data Protection to EU Standards. This is particularly hard to understand considering that the Commissioner had prepared an analytical material in cooperation with the EU Commission experts, already back in September last year, which is more than a solid basis for this. Directly related to this, is the fact that some very important fields for personal data protection - video supervision, biometry, private security sector, have still not been defined by any law.
A large majority of unfinished issues should have been and could have been done. The respective proposals would have been prepared in cooperation with EU and the civil sector and submitted, had the Commissioner had, like some other independent institutions, the required authorizations to propose laws. As it is, I can only appeal once again, primarily to the government and other competent authorities to change significantly their attitude towards obligations in this field. This requires a minimum responsible attitude towards undertaken international obligations, requirements for further European integration process and, what is most important, requirements for the advancement of citizens’ rights to personal data protection, as guaranteed by the constitution and law.“
