Personal data most often targeted by those who should ensure their protection

On the occasion of 28 January – Personal Data Protection Day, the Centre for Civic Education (CCE) points out the citizens’ lack of awareness about the gravity of protecting personal data, but also the insufficient responsibility of those who handle that data.

Unfortunately, Montenegro has still not sufficiently strengthened capacities of the bodies that should take care of the consistent implementation of laws in the field of data protection. First of all, there is a lack of a pro-actiive approach of the Personal Data Protection and Free Access to Information Agency (PDPFAI), as the body responsible for controlling the compliance with the law.  The body such as PDPFAI, apart from executing more frequent controls, should be also more active in informing citizens, state authorities, companies, but also other handlers of personal data, about their rights and obligations.

Therefore, in order to avoid the detrimental practices of the previous composition, for which compensations are still being paid to citizens, the new composition of the PDPFAI Council would  therefore have to reform its approach and demonstrate a greater level of independence, expertise and timeliness in its work.

A large number of citizens in the municipalities where the local elections were held on 23 October had received SMS messages before the electione were held, inviting them to support certain political parties. It is not known how the political parties got the mobile phone numbers of the citizens, whether their privacy was violated by such procedure or whether the citizens’ personal data were misused. There were no reactions from the competent authorities.  First of all, there was no reaction of the PDPFA, which had to initiate monitoring  and determine whether such actions were legal.

CCE reminds that with the upcoming presidential and rather certain extraordinary parliamentary elections looming, which has been traditionally marked by massive abuse of personal data by political entities when collecting signatures of support. During the parliamentary elections in 2020, as well as in the presidential election in 2018, a large number of such cases was discovered, when citizens sent criminal reports to the prosecutor’s office, which did not have an appropriate legal  result.

General Data Protection Regulation (GDPR), the provisions which still have to be integrated in Montenegrin legislatiion, also brings a large number of novelties that will improve the situation in this field by increasing the level of protection and by more thoroughly regulating the issue of liability. However, it already seems that, given the impossibility to ensure the respect of  existing regulations, the implementation of GDRP will be too much of a challenge.

For that reason, CCE expresses the expectation that the issue of personal data protection will deserve  due attention of decision-makers and that in the coming period more efforts will be made  to improve the quality of personal data protection, which is often the target of abuse, even by the decision-makers themselves.

The Convention on the Protection of Individuals in Relation to Automatic Processing of Personal Data is the first document that regulates the obligations of states in relation to the protection of personal data at the European level.  It was opened for signing on 28 January 1981, so that day has been marked as the European Personal Data Protection Day.

Damir Suljević, Programme Associate