Centre for Civic Education (CCE) yesterday sent individual initiatives to the Supreme State Prosecutor’s Office, the Police administration, the Agency for Personal Data Protection and Free Access to Information and the Ombudsman to take ex officio all prescribed actions and measures in order to prevent further use of illegal web application https://www.crnagorakorona.com/home. This application is designed to generate personal data of Montenegrin citizens whose identities (names, surnames and addresses) are published on the website of the Government of Montenegro, and who have been issued mandatory 14-day self-isolation decisions due to COVID-19.
Generating this data leads to criminal responsibility of the developers and administrators of this web application as it directly violates series of international documents and Montenegrin laws, such as the European Convention for the Protection of Human Rights and Fundamental Freedoms, the Law on Ratification of the Convention on Cybercrime, the Criminal Code, the Criminal Procedure Code, the Law on Information Security, the Law on the National Security Agency, the Law on Personal Data Protection, the Health Care Law, as well as the formal statement of the European Data Protection Board from 19 March 2020 on personal data processing in the context of the COVID-19 outbreak.
It should be noted that this web application also contains the activation of geolocation, through which significant number of citizens of Montenegro, due to fear and ignorance caused by the current situation, allow their own monitoring by the persons managing the application through activating geolocation.
The CCE position is that the measure of the National Coordination Body for Infectious Diseases of the Government of Montenegro, related to the disclosure of personal data of persons who have been issued an order of self-isolation, is unconstitutional, illegal, contrary to the right to privacy protected by the European standards and it also represents a form of systemic human rights violation. Unfortunately, it already appears that the disclosure of personal data of self-isolated persons has served individuals for certain misuse of these data, which entails criminal responsibility for both decision-makers and developers and administrators of this application, which was thoroughly substantiated by the CCE in the initiatives addressed to competent authorities.
The CCE once again urges that we fight coronaviruses with solidarity and unity. Therefore, particular obligation of the competent authorities is to reconsider this case and take all actions to protect the citizens of Montenegro, i.e. to prevent further human rights violation, as well as victimization of those whose privacy has been jeopardized.
Tamara Milas, Human Rights Programme Coordinator at the CCE