How familiar are people in Serbia with the importance of protecting their data?
We spoke with Milan Marinović, the Commissioner for Information of Public Importance and Personal Data Protection, about the importance of protecting personal data and other related issues.
On 16th May, the Commissioner’s office launched a campaign to promote the right to personal data protection called “Keep it Personally.” What message do you want to convey with this campaign?
This campaign was launched in cooperation with the OSCE Mission in Serbia and is a reflection of the results of a survey conducted by the OSCE Mission on behalf of the Commissioner in 2020, with the view of examining how familiar are people in Serbia with the importance of protecting their data, and especially whether they know which data is classified as personal, in which ways their data are collected, what are the dangers if their data are carelessly stored, how they can exercise their personal data protection rights and what is the Commissioner’s role in all of this. The survey showed that citizens are insufficiently familiar with their rights and the manner in which they are exercised and that it is necessary to take proper steps in order to raise their awareness of this right. We have chosen communication via television to establish contact with citizens. I am pleased to point out that the REM assessed that the implementation of this campaign and the broadcasting of promotional videos was very significant for the protection of this human right. Each of the video clips, two featured and three animated points to a certain segment of personal data protection. Bearing in mind that twenty-eight TV stations responded positively to the Commissioner’s request to broadcast these videos, both nationally and locally, and that the campaign will last almost two months, it is expected to achieve its goal, namely to invite people to start thinking about protecting their data to a much greater extent.
In which ways can the citizens exercise their rights?
Citizens can protect their personal data in such a way that in case they know or suspect that an entity, whether a government body or a company or bank or a business person or other legal entity, illegally processes their personal data, they first need to address that entity with a request for information about what personal data they have processed, the legal basis for that, the purpose for which data will be used, who specifically handles that data, what measures are taken for its proper storage, whether this data will be transferred to another user, what is the data retention period, how inaccurate and incomplete data can be rectified, how this data can be erased and how the person whose data is processed can realize his data protection rights in a particular case.
“People living outside Belgrade will also more easily exercise the right to protection of their data”
If the data controller does not act upon the request of the person whose data they are processing, as well as in a situation where the person supposes that the processing of their data was performed contrary to the law, that person may file a complaint to the Commissioner or initiate other administrative or judicial proceedings.
Which kinds of mistakes do people most often make?
People most often make mistakes in two ways: firstly, they give their data easily, primarily through social networks, without reading first the privacy policy of the entity to whom they are giving their data, and secondly, they make their data available to the public on their own initiative and without thinking about the consequences of such actions.
What other activities does the Commissioner carry out on citizen education?
The Commissioner constantly holds training courses for individuals, both independently and in cooperation with local governments, higher education institutions, business associations, and other stakeholders. The Commissioner’s initiative to make the protection of personal data an integral part of the curricula in all elementary and high schools in Serbia’s education system is of utmost importance because in that way the youngest population would be educated on the protection of their data.
In the previous period, you talked a lot about the opening of the Commissioner’s offices outside Belgrade. When can we expect that to happen?
For the first time since the institution of Commissioner was founded, the opening of the Commissioner’s offices outside Belgrade has been planned for the coming autumn. I am confident that it will significantly contribute to the fact that people living outside Belgrade will also more easily exercise the right to protection of their data.
Since you are a member of the Working Group for the development of the new 2022-2030 Personal Data Protection Strategy, could you tell us a bit more about that?
Work on the drafting of the 2022-2030 Personal Data Protection Strategy is progressing really well, so much so that the Working Group has already determined the goals of the strategy and is currently working on defining activities and criteria for its implementation. I expect that the Strategy and the Action Plan for its implementation will have been put into practice by the year-end. This strategy aims to regulate the normative framework by adapting the existing Law on Personal Data Protection to citizens’ needs and other population categories and then regulating currently unregulated areas such as biometric data processing and the relation between digitization and the use of AI and data protection.