The new Law on Detective Activity (Zakon o Detektivskoj Delatnosti, Official Gazette of the Republic of Serbia no. 104/2013) (the Law) applies as of 26 November 2013.The Law was enacted in order to regulate the detective activity, which has been on the rise in the past years – there are between 1,200 and 1,500 unregulated detective companies in Serbia. The Law regulates the activity of legal entities, entrepreneurs and individuals performing detective work, license conditions, task performance and overseeing. All training preceding license approval is regulated by the Ministry of Interior, which also regulates monitoring, data protection after collection, and the required examination, i.e. the overall implementation of the Law.
Authorized detectives must be listed and hold a valid license, which must be renewed every five years. License for individuals is issued if six requirements are met, including the possession of citizenship, university degree, passed security check, medical certificate of mental and physical fitness, and completion of required training programs and certification exams. The Law precisely regulates the use of weapons by detectives, in accordance with the Law on Guns and Ammunition, and sets out the procedure following such use, including notifying or reporting to the relevant authorities. In addition, it defines prohibited activities, and sets out penalties in the form of fines and prohibition of performance of the relevant activity for a limited time period.
One of the main issues with the Law is that it seems to clash with certain provisions of the Law on Protection of Personal Data. The Law on Protection of Personal Data provides very few exceptions to the collection and processing of personal data in cases where such collection and processing is not grounded in the law or in the consent received from the relevant data subjects. Further, data subjects must be properly notified if their personal data is collected or processed. Although the Law forces detectives to present their ID and authorization if required by the person they are collecting evidence from, this may exclude the subject to an investigation whose movement patterns, relevant addresses, phone numbers, and other personal data is being collected or monitored without their knowledge. It also allows for unauthorized picture publication of persons of interest, which is another potential violation of privacy. The Law does however allow for institutions, such as banks or health centers, to decline providing detectives confidential information about their clients according to regulations on data confidentiality.
The Law allows data processing in six categories of situations, including missing persons, persons who have caused harm, persons acting in breach of law, lost or stolen items, businesses success rate and intellectual property protection. The Law is vague in defining missing persons, as it may include persons hiding from individuals rather than hiding from the law. Although detectives cannot inquire in cases where the police are involved, there are many unreported cases of victims in hiding. In addition, determining ownership is not required when enquiring for lost or stolen items. The definition of non-eligible persons for detective work should be more clearly defined as the Law currently allows for persons with mental illness or criminal history to be licensed if required tests are passed. Overall, it may be argued that the Law lacks clear definition of certain terms and that it certainly needs modification so as to be compatible with the relevant provisions of the Law on Protection of Personal Data.