Source: BorbaBy passing the Draft Law on Personal Data Protection, the Serbian Government took a crucial step towards establishing a legal mechanism which Serbia, unfortunately, does not have and which is necessary to a modern democratic society. It should, however, be pointed out that certain arrangements included in the Draft Law can present real threat for thwarting or getting around the guaranteed protection and that in the process of adoption they should be critically reconsidered, amended or eliminated. It is commendable that the Draft Law is for the most part based on the standards which were affirmed for this field a long time ago in the democratic world. However, it must not be ignored that it also contains some provisions which can be the basis for thwarting or even complete getting around of personal data protection in certain cases. This is above all true of the provision of paragraph 2 of the Article 45 of the Draft Law which, among other things, envisages possibility of denying possibility of access to data, collection of data, documentation or even premises to the body competent for personal data protection by security agencies for very laxly defined, bendable reasons. With this kind of limitation, the possibility of personal data protection would actually be excluded.
This is why it is not clear what could be the legal or logical basis for this arrangement. I think it is particularly controversial, since the body competent for the personal data protection should be the Commissioner for Information, that this provision actually opens the possibility for denying the right which was already guaranteed to the Commissioner under the Law on Free Access to Information - unlimited right to access to every medium owned by a government body.
Even if we exclude the possibility of the abuse of the above provisions, which is certainly not possible, it is clear that they are obviously opposite to the basic aim of passing the law - providing effective personal data protection. Besides, such limitations are also obviously opposite to the authorizations and positions which independent bodies competent for personal data protection have and to the Protocol to the Convention on Protection of Persons against automatic personal data processing, which we signed and the ratification of which is also pending for the same reasons for which the passing of the Law was proposed in an expedited procedure.
Providing really effective personal data protection requires exclusion of the above solution and some other controversial solutions from the text of the Draft Law. Since the Commissioner for Information did not get the possibility to propose amendments to laws referring to the field of his competence even after the constitutional changes, I will talk about that to the Ombudsman, who has that right under the Constitution. I am sure that the Ombudsman will submit adequate amendments and I think that it would be very good if some deputies or deputy groups did that as well.