Source: Danas

Once again on the Bill on Protection of Personal Information

The turmoil initiated by public criticism directed by the Trustee for information of public importance against the Bill on Protection of Public Information, and which continued in the Parliament over the amendment submitted by the Ombudsman, will obviously end up in a compromise. These outcomes are not bad, unless they are of those, so-called, rotten compromises. In this very case everything is leading to the conclusion that it is truly one of those.  

When the Government settled and sent to the National Assembly the Bill on Protection of Personal Information for adoption, I thought it was my duty to draw attention to the fact that the provision of Article 45, Paragraph 2 is very bad, and moreover dangerous. It is about the provision which is stipulates that the authority of the supervisory body (trustee) to have the insight into data, data directories and premises, the authority which is normally necessary for regular performance, “can be limited for reasons of state and public security … as long as these reasons are in place.”

The provision was articulated in the way that it made certain only that the authority of the supervisory body “can be limited” and it made unclear who and according to which procedures can put the limits. Thus very broad possibilities are left to non-defined and vast number of subjects for unauthorized tapping, recording, internet interception, and all other illegal ways of personal data processing, and without any risqué, because any attempt of the authorities to prevent it can be avoided through mere inventing of the reasons from paragraph 2 Article 45. Those who should be monitored according to law are left the possibility to choose whether they will let the supervisory subject do the job. I warned the Government that such solutions did not exist anywhere in the comparative law, that the solution was in contradiction with the obligations taken over by signing the Additional Protocol to the Convention for the Protection of Individuals with regard to automatic processing of personal data, and that it was beyond the level of authorized protectors of right regulated by the existing law which was passed in 1998.

International documents, of course, give possibility to deny the citizens the protection, but whether the legal conditions for such denial are in place is decided by the supervisory body (in our case Trustee) who also denies the right and information at the same time, and not those in relation to whom the protection is granted. Otherwise there is no protection. That is why the solution from paragraph 2, Article 45 is in a rough and incomprehensible contradiction with the position and authorities envisaged for the supervisory bodies in Article 28 of the directive 95/46 EC or Article 1 of the Additional Protocol to the Convention for the Protection of Individuals with regard to automatic processing of personal data.

I did not succeed in persuading the Government to change their stand. Neither did the Ombudsman, who used their authorities and formally filed the amendment requesting the deletion of the Paragraph 2 of the Bill. However, towards the finalization of the parliamentary discussion on the Bill, a compromise, I mentioned at the beginning, appeared in the shape of an amendment proposed by the Legislative Board and accepted by the Government.

The amendment approved by the Board is actually a possibility for limiting the authorities of the supervisory body (Trustee), but the introduction of two new paragraphs included the Supreme Court of Cassation in the whole matter by envisaging the limiting to be possible only after getting the opinion of the President of such court.

It is good that the Government quitted the solution which gave the repressive bodies free hands and that for the whole matter at least the opinion of another body is necessary now - the opinion of the President of the Supreme court.

However, it is not good that the Government again seized for the original solution which is questionable from the main legal postulates point of view. For example the solution is based on the body which is not a body, because the court is but the president of the court is not a body, as well as on the obligation which is not obligatory, since no opinion in law is obligatory. However, more interesting than these sophisticated objections is the fact that the implementation of the solution could jeopardize, not protect the security interests the Government wants to protect

And most probably it is about a wish to make as small as possible the circle of those who know that a specific data processing is going on, i.e. that somebody is, by a court decision, under the measures of the bodies of security, for justifiable reasons only, such as a suspicion of criminal al activity.

However, it is forgotten that the supervisory body (Trustee) has formally obligations towards everyone addressing them. They have to proceed according to the request, to answer it. Elsewhere in the world, the supervisory body is always let on such occasions make sure that legal data processing is underway. And this fact, clearly, implies their obligation and obligation of their associates, to keep all information on processing in secrecy. And in order to insure that the supervisory body does not, even indirectly, reveal the secret, the law envisages suitable procedures for removing possible mistrust of the requester. This can be for example done by informing that the authorized persons of the supervisory body have done the control and discovered that no date processing is underway. And what can the supervisory body which is denied the possibility to check whether it is legal or illegal processing do? In the best case scenario it can keep silent regarding both requests and demands.

Taking into account everything afore said, I am persuaded that the compromising solution should be replaced by a less original one, the one that exists in at least some other countries

The author is the Trustee for information.