Tuesday, 28 July 2015 08:19
Version in Serbian only

Повереник за информације од јавног значаја и заштиту података о личности оцењује као добру и корисну реакцију Фонда за пензијско и инвалидско осигурање на Упозорење које му је Повереник упутио због неправилности које је Фонд чинио приликом обраде личних података осигураника.

Фонд ПИО је на захтев осигураника за издавање уверења које им је потребно приликом уписа деце у предшколске установе, уместо уверења издавао копију комплетног М4 обрасца, за шта није постојао правни основ, а што је додатно и непотребно личне податке осигураника излагало ризику злоупотребе, с обзиром да М4 образац садржи много више личних података него што је сврсисходно и потребно.

Фонд ПИО, у року који му је Упозорењем остављен, је обавестио Повереника да је одмах након пријема Упозорења престао са досадашњом праксом и да ће убудуће издавати искључиво уверења са траженим, потребним подацима.

Фонд ПИО је обавестио Повереника и да ће Фонд иницирати хитно одржавање састанка са представницима града Београда који је оснивач предшколских установа, као и са другим субјектима који захтевају уверења са подацима из матичне евиденције, како би се њихови захтеви у погледу врсте и обима неопходних података јасно прецизирали и довели у склад са фундаменталним начелима Закона о заштити података о личности, као што су сврсисходност и сразмерност.


Monday, 13 July 2015 10:03

The Commissioner for Information of Public Importance and Personal Data Protection sent a warning to the Pension and Disability Insurance Fund because of irregularities in the processing of insured persons' personal data by this Fund.

When insured persons request issuing of certificates they need to enroll they children in preschool institutions, the Pension and Disability Insurance Fund issues them a copy of the complete M4 form instead of issuing certificates, without any legal grounds. In addition, the complete M4 form contains much more personal data than necessary and required for the intended purpose (on years of service of insured persons, salaries, compensations...).

This not only contravenes the fundamental principle of the Law on Personal Data Protection, which provides the legal basis for data processing, as well as the principles of purposefulness and proportionality; it also unnecessarily exposes personal data of insured persons to the risk of abuse, which cannot and must not be justified by "simpler" and "more expedient" acting of the competent authorities. More generally, the ubiquitous and long-standing practice of employees ignoring and underestimating their duties regarding personal data because it is "easier" or "more convenient" for them to do so must be eliminated as soon as possible.

The Commissioner ordered to the Pension and Disability Insurance Fund to inform him within 8 days about the measures it would take to rectify the irregularities identified by the Commissioner.


Tuesday, 07 July 2015 09:01

As announced earlier, acting on the facts found during the supervision of implementation of and compliance with the Law on Personal Data Protection by electronic communication operators providing internet services, which show that the situation is a matter of grave concern and improvements are needed, the Commissioner for Information of Public Importance and Personal Data Protection submitted to the Serbian Government the Draft Recommendations for improvement of the situation in this field.

Thursday, 02 July 2015 09:06

The Commissioner for Information of Public Importance and Personal Data Protection held a press conference today in which he presented his Report on Supervision of Implementation of and Compliance with the Law on Personal Data Protection by Electronic Communications Operators providing Internet Access and Online Services.

This has been the first supervision activity of this type and on this scale in Serbia. Given the limited human resources available to the Commissioner and the huge workload of this institution in other areas (in 2014 it closed more than 2200 cases in the field of personal data protection alone), this process has proven to be a difficult, complex and time-consuming task, lasting from the end of 2013 to June 2015. During the initial stage it had covered all active internet operators (184). After the initial stage, which involved written supervision, 26 operators were selected for further supervision based on the criteria of market share, type and number of services, geographic coverage and the quality of their replies to the questionnaire.

This supervision exercise has only confirmed what the Commissioner had already known and publicly stated, namely that the situation with regard to personal data protection in the field of electronic communications, including in particular internet services, was far from satisfactory and a matter of grave concern. The main culprit for the underlying causes of this state of affairs (lack of legislative provisions and appropriate measures) is the government. With a view to remedying the situation and eliminating the identified shortcomings, the Commissioner intends to send proposals of recommendations for improvements (some of which have already been given), which will include:

1. Adoption of a new Personal Data Protection Strategy and an Action Plan on its implementation;

2. Passing of a new Law on Personal Data Protection;

3. Passing of a new Law on Electronic Communications or amendment of the existing one;

4. Putting in place an effective inspection system to enforce the Law on Electronic Communications;

5. Relevant amendments to legislative provisions in order to put in place a system for interception of electronic communications and access to retained data through the formation of a single national register to which all competent government authorities authorised to lawfully intercept and access retain data would submit their requests for interception of communications or access to retained data in real time, based on court orders. This national centre would integrate the existing parallel technical functionalities of different agencies and the police into a single national agency that would act as a provider of sorts of all those services that are necessary to intercept communications and other signals and access retained data to all authorised users.


Wednesday, 01 July 2015 09:14

The Commissioner for Information of Public Importance and Personal Data Protection has passed a Decision ordering the Serbian Ministry of Economy to provide the organization Transparency Serbia without delay, and in any case not later than three days of service of the Decision, a copy of the Management and Consulting Services Agreement entered into on 21 March 2015 between the Republic of Serbia, the company "Zelezara Smederevo"d.o.o. (Smederevo Ironworks Ltd) of Belgrade and HPK ENGINEERING B.V. of Amsterdam, the Netherlands.

The Commissioner is of the opinion that the delegation of management duties relating to publicly-owned resources, especially if the resource concerned is of such value and importance as the Smederevo Ironworks, is a transaction that has quite understandably garnered much public interest and maintains that the public has a legitimate interest in accessing all pertinent information.




  • Monthly Statistical Report in the field of Access to Information and Personal Data Protection


    PENDING: 4.081

    DONE: 35.303





Address book of the highest national authorities and selected non-governmental NGOs.

Commissioner for Information of Public Importance and Personal Data Protection

15, Bulevar kralja Aleksandra str, Belgrade 11000
Tel: +381 11 3408 900    Fax: +381 11 3343 379
Email: оffice@poverenik.rs