On the occasion of 28 January – Data Protection Day, the Centre for Civic Education (CCE) warns of the low level of personal data protection, but also the lack of awareness of the authorities in Montenegro about the importance of this issue. The CCE calls on those responsible in the Government to start harmonizing domestic legislation with the European Union General Data Protection Regulation (GDPR), which at the level of the European Union entered into force in 2018.
The Report on the Implementation of the Programme of Accession of Montenegro to the European Union 2021-2023, for 2021, adopted by the Government at its 56th session on 26 January 2021, indicates that the Ministry of the Interior (MIA) did not prepare the planned draft of new laws, i.e. amendments of applicable laws governing this area, which is one of the obligations within Chapter 23. The report states that, apart from the Law on Personal Data Protection, the Law on Personal Data Protection for Bodies Dealing with the Prevention, Investigation and Prosecution of Perpetrators of Criminal Acts and the Execution of Criminal Sanctions, has not been prepared either.
GDPR establishes higher standards of personal data protection, strengthening the role of personal data protection authorities, and it also provides for the possibility of imposing a fine of up to 20 million euros. In accordance with its pre-accession commitments, Montenegro would have to harmonize its legislation with the acquis communautaire, which includes the obligation to integrate the provisions of the GDPR into current legal provisions, primarily the Law on Personal Data Protection, to ensure equal degree of protection of Montenegrin citizens in relation to EU citizens.
In the process of personal data protection, the CCE emphasizes the need for more active and better engagement of the Agency for Personal Data Protection and Free Access to Information (APDP), as the body responsible for monitoring compliance with the law. Unfortunately, this has not been the case so far, bearing in mind that the controversial opinion of the Council of that body in 2020 led to a mass violation of the right to privacy of persons whose personal data were compromised on the basis of such an opinion and the decision of the Government made on the basis of it.
The CCE also reminds the public that the first verdict was recently issued, which determined compensation for violating the rights of one of those persons, whose data were published under the pretext of preventing the spread of the COVID-19 virus. After such a Decision of the Government was revoked by the Constitutional Court, the question of the legitimacy of the APDP to carry out further activities in the direction of data protection was raised. Due to the disputable opinion, the Parliament passed a decision on the dismissal of two members of the APDP Council at the end of the previous year, who made up the majority in making that decision.
The CCE expects that the preparation of the necessary legal solutions will begin in the coming period, but also that solutions for the appointment of the two missing members of the APDP Council will be found as soon as possible, in order to achieve continuity of work of that institution. We express hope that the new members of the Council will be elected according to the criteria of expertise and professional integrity, which was not always the case in relation to the previous compositions.
Damir Suljević, Programme associate