FIC online conference on Data Protection Law was held on June 30 to discuss the issues after the two years of application of the Law. FIC representative Ivan Milosevic, Partner at Jankovic, Popovic & Mitic Law Office and author of the White Book text on the Personal Data Protection discussed with Assistant Secretary General in the Office of the Commissioner for Data Protection Zlatko Petrovic and Head of Group for Supervision over Data Protection in the Justice Ministry Zlatko Petrovic. Conference was moderated by FIC Regulatory Officer Jelena Lazarevic, based on the questions submitted by members prior to the event.
Opening the event FIC Representative Ivan Milosevic said that data protection is a very important area, and that there are many issues persisting after two years of Law implementation. Main conclusion from the event is that the changes of the Law are needed to clarify rules and overcome the problems in practice. Zlatko Petrovic from the Justice Ministry said that the Ministry’s -plan is to make significant changes, and for that purpose a working group gathering relevant representatives will be formed. He recognized the need to improve the awareness of citizens related to the data protection rules and said that some additional campaigns are planned.
Ivan Milosevic asked about the plans for harmonization of other laws with Data Protection Law, as the deadline prescribed in Data Protection Law was missed. Zlatko Petrovic from the Commissioner’s Office said that the harmonization requires a coordinated approach on the level of the executive, and that the working group was created for drafting a new Data Protection Strategy. The idea is to set the new deadline, and to draft a new detailed action plan envisaging the analysis of all the sectoral regulations dealing with personal data and their alignment with the Data Protection Law. That would enable the complementary legislation system, he said. Zlatko Petrovic from the Justice Ministry said that the working group includes among others the Government, Commissioner, ministries and business chambers, and that its meeting was to take place on July 1st.
FIC asked whether the legal basis for data protection can be defined by the by-law. After some discussion on that issue, Zlatko Petrovic from the Commissioner’s Office expressed the view that the State should invest efforts in guaranteeing that the basis and the purpose of data processing is always prescribed by the Law, while in cases of public interest the balancing of interests should be regulated. Basis for data profiling, such as for the marketing purposes was also discussed.
Ivan Milosevic from FIC said that one of the key issues is that the organisational and technical measures to be taken for reducing risks when dealing with personal data are not defined. The rules should be clear to avoid the situation when the Law is applied only by those who care about it, while all the others are not obliged. Zlatko Petrovic from the Commissioner’s Office confirmed that Law doesn’t prescribe the methodology or standard of risk assessment.
Zlatko Petrovic from the Justice Ministry said that one of the changes that might be incorporated in the new law concerns the mandate to the Commissioner’s Office to pass the standard contractual clauses to regulate the various relations between entities involved in handling personal data. He also announced that the new list of countries, territories and organisations with adequate data protection will be adopted very soon.
Many other issues were discussed at the event, including: right to object to data processing; rules for transfer of data to the other data handler; status of technical services having access to the systems dealing with data; obligation to do the impact assessment on the safety of personal data; control of application of codex of conduct; regulation of cookies on websites; data transfer between entities abroad; responsibility for the problems that may arise if the software used in data handling is inadequate; limitation of rights in the cases of data processing for the purpose of scientific or historical research; obligations of data processors that are not on the territory of Serbia. FIC members had opportunity to participate in discussion, and they raised the issue of archiving of data from the video meetings use
Concluding the meeting, FIC Regulatory Officer Jelena Lazarevic said that it was an example of good discussion. Zlatko Petrovic from the Justice Ministry said that the event provided elements for wide amendments of the Law, while Zlatko Petrovic from the Commissioner’s Office outlined the need for the proper harmonization of the laws in other sectors such as education, health, trade and banking.