The Commissioner for Information of Public Importance and Personal Data Protection initiated the procedure of supervision over the implementation of the Law on Personal Data Protection by the Ministry of Interior ex officio.
The Police Union of Serbia addressed the Commissioner, pointing out that the Ministry of Interior was in the course of collecting and processing data on employees in order to make dismissal lists and sought an opinion on the legality of such processing of personal data by the Ministry of Interior.
The Commissioner, of course, fully supports all efforts on the necessary reform of The Ministry of Interior and on improving its capacities. At the same time, however, the Commissioner is of the opinion that the data processing to be carried out for this purpose must be entirely in accordance with the provisions of the Constitution and the law.
In this regard, the Ministry of Interior, in accordance with Article 110 paragraph 1 of the Police Act (PCA) has express statutory authority to process personal data provided by law with a clear purpose of deciding on the employment status of the employee.
However, the processing of some personal data in the process of security checks, i.e. activities of the Ministry of Interior, is not adequately prescribed by law, and the types of data to be processed in the present proceedings, names of the persons processing these data, the manner of their collection and storage, retention and use periods etc. are not clearly and unambiguously defined. The Commissioner has otherwise repeatedly informed the public on this issue in recent years, urging the authorities to regulate security checks by law.
Article 111, paragraph 4 of the JMC provides that the procedure of security checks and content of forms as part of the operational procedure be regulated by the decree of the Minister. However, bearing in mind the provisions of Article 42 of the Constitution of the Republic of Serbia, as well as the unequivocal and consequential decision of the Constitutional Court, rendered in the proceedings initiated by the Commissioner (IUz-41/2010 dated 30.5.2012.), it is contrary to the Constitution as bylaws cannot edit the processing of personal data. And in this particular case it is possible to process an amount of heterogeneous personal data of employees (security checks, data on pending criminal proceedings, information on completion of the criminal proceedings, data on household members, their affinities, etc.), by applying the Rules of Procedure of Security Checks and Content of the Questionnaire I.E on the basis of a bylaw.
Given that this kind of processing of personal data may constitute a specific and considerable risk of endangering the right to protection of personal data of employees in the Ministry of Interior, the Commissioner initiated a supervisory procedure ex officio, and he will inform the public of the results after this procedure.
