It has been almost a year and a half since we submitted the draft Law on Personal Data Protection to the Ministry of Justice. After being heavily scrutinized and amended, it was harmonized with the GDPR (EU General Data Protection Regulation) and it is high time to be adopted, because the only thing remaining is to be voted in parliament. I hope that the adoption of this Law will not be prevented by factors that now threaten, i.e. the political impediment – Parliament not voting on the law before dissolving because of early elections, said Igor Kuzevski from the Directorate for Personal Data Protection (DPDP) on today’s round table “Legal consistency of GDPR and Police Directive 2016/680 in the national legislation”, held within the 15th International Conference „E-Society.mk – Open Institutions and Accountability“ in Skopje organized by the Metamorphosis Foundation.
He warned that, even if Parliament adopts the Law as soon as possible, there is another, perhaps more serious obstacle – the Directorate still has no director, half a year after the previous resigned, which makes everything much more difficult.
– Regardless of when we will enter the EU, we must comply with the GDPR first and foremost for our own sake. We have seen that no one can be immune to abuse. We experienced this with the case of our Prime Minister and with similar cases such as the ones of the German Chancellor Merkel, the President of Kosovo, etc. The law was reviewed article by article, paragraph by paragraph, until the final provisions and I believe and hope that the hour of its adoption will come sooner, for our own sake. Unless a director is appointed and the law is adopted, we will have a transitional regime in which the DPDP will have to give life to that Law through by-laws. But not having a director would prevent us from doing so, since there would be no one to officially adopt them. It will allow all the controllers to have a justification for not doing anything in terms of checking how personal data is collected and handled – said Kuzevski.
Viktor Dimovski, director of the National Security Agency (NSA), also participated in the round table, and said that as a new body, the Agency is still in the process of drafting the by-laws for its functioning, but they are careful to draft them compliance with the European regulation. Dimovski assured that they would certainly strive to be maximally transparent about their work.
– According to the Law on NSA we have to cooperate with the DPDP, they are our controllers by law. We made the first steps with the competent parliamentary oversight bodies, and in the three months since we started functioning we had a total of 6 meetings with the two parliamentary bodies for supervising the security services, which is more than all the meetings before. It is an illustration of our openness to cooperate with all control bodies, and we will be fully open to cooperation and will enable the control by the DPDP. I hope that they will soon overcome the current problems and be able to fully perform their function – said Dimovski.
Jean Ellermann, a specialist in personal data protection, i.e. Personal Data Protection Officer from Europol, also participated in the roundtable, and warned that misuse of personal data despite well-established legal frameworks such as the GDPR, can occur consistently and in all EU and non-EU states. Ellermann said that the situation between the EU member states, and those outside the EU is not much different in terms of the bad image of the personal data protection officers in the eyes of officials, who perceive them as some sort of “tormentors” and people who constantly try to sabotage them.
– But a good officers perceive their job as a police officer in a police department, and this has to include the trust factor. Officers must find ways to help the organization. However, that is sometimes difficult, as the data protection officer is often asked for advice only after officials have started collecting data – he said.
Dragana Stojkovikj, from the Office of the Commissioner for Information of Public Importance and Personal Data Protection from Serbia, and prof. Trpe Stojanovski PhD, from the Faculty of Security at the “St. Kliment Ohridski” University in Bitola, participated in the debate moderated by Elena Stojanovska from the Metamorphosis Foundation.
According to professor Trpe Stojanovski, as one of the most knowledgeable people involved in the whole process, things are worse nowadays even though there is a higher degree of legislation and much more documents.
– It does not mean that previously, in the past, when there were no such legal frameworks, the police did not take personal data into account. An extremely high level of care was taken with handling this data. We were also very discrete and respected the professional approach in using the data. These were internal guidelines with legal force, but now they must be analyzed from the prism of that social moment. In that time, the system in Macedonia was a one-party or totalitarian system – said Stojanovski.
He mentioned that since 2005 he has been involved in drafting appropriate regulations that would protect the rights of citizens, such as the Law on Police and the Law on Internal Affairs, and although efforts for legislative changes have been made with the best of intent and with consultation and transposition of the European regulation, the implementation in practice shows many weaknesses and measures have to be taken.
He repeated that although the legislation is now well established, its practice is “at a second or third level”.
– The foundations have been laid but must be regulated more firmly and this message must be addressed to the top management in the national institutions. Therefore, “Metamorphosis”, the watch-dog on this issue which has a much greater importance than what the public knows, shows that civil society, which is well-versed in the issue, should be heard by the state and the remarks given by them should be applied – Stojanovski said.