The Commissioner for Information of Public Importance and Personal Data Protection held a press conference today in which he presented his Report on Supervision of Implementation of and Compliance with the Law on Personal Data Protection by Electronic Communications Operators providing Internet Access and Online Services.
This has been the first supervision activity of this type and on this scale in Serbia. Given the limited human resources available to the Commissioner and the huge workload of this institution in other areas (in 2014 it closed more than 2200 cases in the field of personal data protection alone), this process has proven to be a difficult, complex and time-consuming task, lasting from the end of 2013 to June 2015. During the initial stage it had covered all active internet operators (184). After the initial stage, which involved written supervision, 26 operators were selected for further supervision based on the criteria of market share, type and number of services, geographic coverage and the quality of their replies to the questionnaire.
This supervision exercise has only confirmed what the Commissioner had already known and publicly stated, namely that the situation with regard to personal data protection in the field of electronic communications, including in particular internet services, was far from satisfactory and a matter of grave concern. The main culprit for the underlying causes of this state of affairs (lack of legislative provisions and appropriate measures) is the government. With a view to remedying the situation and eliminating the identified shortcomings, the Commissioner intends to send proposals of recommendations for improvements (some of which have already been given), which will include:
1. Adoption of a new Personal Data Protection Strategy and an Action Plan on its implementation;
2. Passing of a new Law on Personal Data Protection;
3. Passing of a new Law on Electronic Communications or amendment of the existing one;
4. Putting in place an effective inspection system to enforce the Law on Electronic Communications;
5. Relevant amendments to legislative provisions in order to put in place a system for interception of electronic communications and access to retained data through the formation of a single national register to which all competent government authorities authorised to lawfully intercept and access retain data would submit their requests for interception of communications or access to retained data in real time, based on court orders. This national centre would integrate the existing parallel technical functionalities of different agencies and the police into a single national agency that would act as a provider of sorts of all those services that are necessary to intercept communications and other signals and access retained data to all authorised users.