On the occasion of 28 January – Data Protection Day, Centre for Civic Education (CCE) calls to the authorities, especially to the Agency for Personal Data Protection and Free Acess to Information (APDP), to undertake proper measures and confidentiality policies which will guarantee the non-disclosure of personal data to the unauthorized sides.
The year behind us was, in many ways, challenging and has shown the capacities of institutions who were leading the key struggle with a vicious virus, but also of those that need to ensure, in these circumstances as well, the respect of human rights and freedoms. Undoubtedly, the most controversial activity was the publishment of lists of persons in self-isolation, according to a positive view of the Council of the APDP, headed by Sreten Radonjić. This was against the international standards and Montenegrin legal framework. So far, none of the Council’s members undertook responsibility despite the decision of the Constitutional Court of Montenegro about the repeal of the decision of NKT about publishment of the names of persons in self-isolation. The APDP demonstrated ignorance of terms for which it has the exclusive right for interpretation, but it also belated in public interest issues at a given time, as illustrated by the case of performed supervision at the wrong address, in company CodePixel, although the CCE’s initiative was referring to the other company. On the other side, APDP was acting very proactive in other cases, as in the case with the application of coalition “For the future of Montenegro“, against which the misdemeanor procedure was initiated for violation of the law, by which APDP has demonstrated selectivity and inconsistency in its work.
All of this indicates that there is neither developed awareness nor knowledge about the importance of personal data protection in Montenegro. Furthermore, there is a question: how many citizens are supervised and who else were possess the personal data, which could become the subject of serious abuses in the future?
It is undeniable that with unconstitutional and illegal opinion exactly APDP initiated the chain of violations of privacy rights, which had a further reflection in numerous announced complaints by citizens of Montenegro. That, unfortunately, did not bring to the establishment of responsibility in the APDP. Hence, the CCE urges the new parliamentary majority to dismiss the current APDP Council and to choose one that will be composed of independent and professional persons. CCE also expects that the decision-makers of so far APDP all numerous illegal decisions finally take responsibility for such acts.
CCE calls to the new ruling majority to make the effort so that citizens finally enjoy the level of personal data protection as in democratic societies. This includes, among the other, consistent respect of international documents and practice in the field of personal data protection, but also establishing conditions for the upcoming implementation of the EU General Data Protection Regulation (GDPR) which preamble points out to that the protection of personal data is one of the fundamental human rights.
The Convention for the protection of individuals about automatic processing of personal data is the first document that regulates obligations of the states in relation to personal data protection on the European level, and it was oper for signing on 28 January 1981, hence that day is marked as a European day of personal data protection.
Tamara Milaš, Human rights Programme coordinator