Legal framework and practice of personal data protection should be improved

On the occasion of 28 January – Data Protection Day, Centre for Civic Education (CCE) urges the Agency for Personal Data Protection, and other authorized state bodies, to commit more on informing and educating public on the importance of the personal data protection, but also on the improvement of legal framework in this field in order for it to be in accordance with the best European standards and practices, and as such to be consistently implemented in Montenegro.

Data Protection Day

The Constitution of Montenegro guarantees the protection of personal data to everyone, through the prohibition of the use of personal data outside of the purpose for which those data were collected, and taking all necessary measures to protect those data from unlawful access and misuse when the authority is in possession of them. This constitutional principle also implies that the individual has the right to determine when, how and to what extent the information about them will be available to other persons, and at the same time they have the right to legal protection in case of misuse of their personal data, which is more precisely prescribed by the existing Law on The Personal Data Protection. But in practice, we are facing problems on several levels.

Firstly, there are number of situations where state authorities knowingly and unlawfully hide information, when there is a basis for the data to be available to the relevant entities or competent authorities, or when there is public interest in this, which implies to the abuse of the principle of the personal data protection. This is accompanied by the lack of pro-active competent institutions to ensure the disclosure of information of interest to the public (e.g. data on earnings of public officials and similar).

Secondly, there is often a lack of response by the competent authorities when data on a person are reported by individuals, the media, other state authorities, through inefficient sanctioning and treatment to prevent such practices.

Thirdly, we have recently seen an increasing negative trend in the disclosure of personal data in certain media of those who are subject of their media publications, which represent members of marginalized categories of society. In that direction, additional efforts in media education and regulation of this aspect of media reporting should be made.

Fourthly, since we all live in the age of advanced electronic communications, personal data protection has become especially important because this form of communication has made data on individuals more accessible and they can be easily misused. In Montenegro, there is not yet a sufficiently raised awareness on the dangers of this, but also the mechanisms for sanctioning those who in this way misuse personal information are not developed.

Therefore, the CCE also appeals to the Ministry of Interior to take into account all these problems when drafting the announced Draft Law on the Personal Data Protection and to provide the appropriate legislative response in accordance with European standards and practices.

Convention on the protection of persons with regard to automatic personal data processing, opened for signing on 28 January 1981, presents the initial document which regulates the obligations of states at the European level regarding the personal data protection. This Day is marked in the Council of Europe member states, and Council of Europe and European Commission mark it jointly as the European Data Protection Day.

Tamara Milaš, CCE programme associate