Minimum standards in personal data protection still unattainable

Centre for Civic Education (CCE), on the occasion of the International Data Protection Day, highlights that citizens still predominantly do not recognize the importance of personal data protection, but also that the level of responsibility of those who handle personal data has not significantly improved.

Montenegro once again marks this day in an environment characterized by insufficiently strengthened capacities of authorities whose obligation is to ensure the effective implementation of the laws governing the field of data protection. The Agency for the Protection of Personal Data and Free Access to Information (AZLP) is not proactive enough in securing the enforcement and compliance with laws. It also falls short in informing state and economic entities, the most common handlers of personal data, about their obligations, as well as informing citizens about what their rights are and how to protect them.

The proactive role of AZLP was missing both before and after last year’s presidential and parliamentary elections, which traditionally witness widespread misuse of voters’ personal data. After the public was informed about numerous examples of violations of the Law by the presidential candidates during the collection of support signatures, CCE initiated supervision of the candidacy applicants of all seven presidential candidates. These inspections, unfortunately, did not serve AZLP as an opportunity to identify essential problems. Instead, the focus was solely on meeting formal-legal prerequisites. This is confirmed by the fact that AZLP did not see a problem when one of the presidential candidates retained copies of lists with voter support signatures, even though it was duly recorded in the minutes. Furthermore, nearly a year after these elections, supervision of one of the most controversial presidential candidates, Jovan Radulović, better known as Jodžir, has not been conducted.

Also, the public lacks answers regarding how political parties obtain voters’ phone numbers, and whether there has been any abuse of personal data in that case, while reactions from state authorities on this issue are lacking.

CCE warns about potential misuse of personal data during future election cycles in Montenegro, and given the frequent occurrence of such incidents during previous elections that went unpunished. Therefore, we call on decision-makers to recognize the importance of the issue and take concrete steps to ensure privacy is respected. CCE emphasizes the need to strengthen legal mechanisms and capacities of personal data handlers, as well as more frequent supervision, in order to adequately sanction misuse of personal data and ensure appropriate legal consequences in cases of their misuse.

The General Regulation on the Protection of Personal Data (GDPR) offers certain solutions that, if integrated into the legal framework, would contribute to establishing better mechanisms. It is concerning that there is no readiness to implement it in Montenegro, especially considering the current challenges in the consistent enforcement of existing regulations.

CGO once again appeals to all relevant actors to work together to create a secure environment for citizens and their personal data, promptly and effectively sanctioning all incidents.

Nikola Obradović, Programme Assistant