Data Protection

Uroš Popović

Publisher: Bojović Drašković Popović & Partners

The New Law on Personal Data Protection

The New Law on Personal Data Protection

On 9 November 2018 the National Assembly of Serbia has adopted the long awaited new Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti, Official Gazette of the Republic of Serbia, no. 87/2018) (hereinafter: the Law).

The main reason behind the adoption of this new piece of legislation is harmonization with the European Union rules, i.e. ensuring the same level of protection of personal data as in the European Union member states. The introduction of the Law is part of Serbia’s obligations in process of the accession to the European Union. Further, the Law was adopted with the aim of facilitating the conducting of business of companies, having in mind the current level of application of modern information technology and social networks. Namely, the general assessment of the previous law on personal data protection is that it was already outdated at the time of its adoption, and therefore its application in practice was often marred by significant difficulties. 

The Commissioner for Information of Public Importance and Personal Data Protection (hereinafter: the Commissioner)'s stand regarding the text of the Law is that it represents a literal translation of the General Data Protection Regulation (hereinafter: the GDPR), and therefore exhibits a high level of formal compliance with the respective regulation of the European Union, but the practical application in Serbia is highly questionable. 

Further, despite the Commissioner’s numerous complaints and suggestions, the Law does not regulate video surveillance, which remains in the gray area. The Commissioner has also found Article 40 of the Law to be quite controversial as it allows the limitation of certain fundamental rights and obligations envisaged by the Law, in a rather imprecise manner and without reference to the law as a legal ground for such limitation. Therefore, there is a potential threat that authorities or companies that handle personal data may restrict citizens' rights without explicit legal authority and at their own discretion.

To read more please follow the link.

To read what Uroš Popović quoted for Data Guidance about the new Law on Personal Data Protection please follow this link.