On occasion of the news in the media that for opening new accounts, i.e. provision of new services, banks place before new clients the condition that they must sign a statement of consent for their personal data, i.e. data on changes on the account, to be deliverable to tax authorities of the United States of America, the Commissioner for Information of Public Information and Personal Data Protection instituted a special control procedure and requested the banks to declare the purpose and legal grounds for such personal data processing.

The Commissioner warns that in all cases when data processing is performed on the basis of consent it is not only necessary for the consent to be informed, i.e. the concerned person needs to be fully informed about the grounds, scope, purpose and consequences of data processing, but free as well, i.e. if it is conditioned, extorted, such consent cannot produce any legal effect, and personal data processing on such ''grounds'' would be illegal and contrary to the Law on Personal Data Protection.

In itself potential conditioning of banking services with the signing, i.e. denial of services due to non-signing of such a statement does not fall within the competences of the Commissioner, however I believe that this would also constitute violation of the law which the competent authorities should act upon, especially the NBS.

In this regard the Commissioner, Rodoljub Sabic, has stated the following:

"No one can implement national legislation of another country at the territory of the Republic of Serbia which is contrary to the legislation of the Republic of Serbia. Potential alignment of our legislation with the legislation of other countries or international organizations decisions requires our competent public authorities to adopt certain decisions and conduct certain procedures. This particular case would require an international treaty to be signed between the Republic of Serbia and the United States of America. Such an international treaty would be ratified by the National Assembly and only then would the Law, as the part of our legal system, constitute valid legal grounds for personal data processing.

In addition, given the fact that the United States of America are not party to the Council of Europe's Convention 108, even if the legal grounds were to be established by the passing of the law on ratification, trans-border transfer of personal data would still require the Commissioner's consent, following the procedure in which compliance with all requirements would be ascertained pursuant to Article 53 of the Law on Personal Data Protection."