New Personal Data Protection Law must be one of the priorities of the government

On the occasion of 28 January – Data Protection Day, the Centre for Civic Education (CCE) calls for competent institutions to speed up the process of adoption of the new Data Protection Law, which should be fully harmonized with The General Data Protection Regulation that came into force on 25 May 2018.


We remind you that the latest European Commission Non-paper on the state of play regarding Chapters 23 and 24 for Montenegro, issued in November 2019, notes: „On protection of personal data, the level of capacity and awareness of their rights and obligations is generally low among state bodies, citizens and the private sector. Challenges remain with addressing issues related to processes, legislation, internal control mechanisms and awareness raising.” In this document, the EC also assesses that the capacities of the Agency for Personal Data Protection and Free Access to Information (APDTZLP) remain overall limited.

CCE expresses concerns over the fact that Sreten Radonjić, who previously served as director of the Agency for Prevention of Corruption (APC), was appointed as the new President of the Council Agency for Personal Data Protection and Free Access to Information, at the moment of increasing need for improvement of the capacities of the Agency. This is taking into account that relevant international and domestic organizations have unified stance that during Radonjic’s mandate the APC failed to be recognized as the credible, independent and efficient institution. This brings into question dedication of the Government to secure the development of Agency so that it could perform its duties in professional manner.

The CCE draws attention of necessity of adequate education of the personal data filing system controllers in order to have better personal data protection. The GDPR quite clearly prescribes that anyone whose work is based on gathering of personal data will be now in greater risk more than ever. In case that certain omissions in work of legal entities and violations of privacy are identified, as a consequence of theft, losses or irregular data storage, a list of serious sanctions are prescribed. Also, in addition to the education of personal data filing system controllers, it is important to work on the strengthening of citizens’ awareness on the relevance of data protection.

Hence, the CCE believes that the Government should put within its priorities the new Personal Data Protection Law in line with the best practice in implementation of European regulation that in its preamble points out that da personal data protection represents one of the fundamental human rights. This is especially important considering the usual practice of annulling personal data as value and rather low security culture in Montenegro when it comes to personal data protection.

Tamara Milaš, Programme Coordinator for Human Rights