Personal data and privacy of the citizens were breached a total of 24 times in the period from April to June this year, according to a report written by the Share Foundation, a non-profit organization that promotes human rights and online freedom.
The report authors warn that it is quite worrying that state institutions are not doing enough to protect personal data of citizens.
As oppose to early 2018, when most of the cyber attacks were recorded, in the period from April to June this year, Serbian citizens were exposed to pressure and criticism for expressing their opinions online or for their online activities – the report said.
Want to open a company in Serbia? Click here!
For instance, several workers from the Smederevo-based Kaizen Company were fired after they posted the pictures from their work place on their Facebook profiles. The employer threatened them with criminal charges after the workers posted photos of the strike at the company, the report says.
The report also mentions the example of journalists and employees at the Radio Belgrade 202 station, who received threats from their employer after they posted statement on Facebook asking for public support against the initiative for this radio station to be transformed into solely a music station.
“The lack of accountability on the part of the state authorities was almost the rule of thumb when it comes to violating citizens’ rights to privacy and personal data protection,” the report said, citing examples from the social welfare centers in Nis, Zrenjanin, Pancevo, Kraljevo.
In June, the Public Information Commissioner initiated misdemeanor proceedings against the directors of these centers and the company who made a manual instructing people how to use the software in these centres.
Personal data regarding social welfare users, victims of violence, ethnic affiliation, gender, language, state of health and social assistance were published on the company’s website and were made available to the public without any protection.
After the Glas Pozege shared this information on its website, which the Commissioner had previously determined was delivered at the request of the municipality, the Commissioner filed a criminal complaint for unauthorized collection of personal data against the anonymous employee of the Municipality of Požega – the report states
Bojan Perkov, from the Share Foundation explains that data privacy violations are the biggest problem.
“This is because of the legal framework that is rather outdated and very poorly applied, resulting in a reduced privacy of citizens,” he says.
Serbia has been waiting for the adoption of the new Personal Data Protection Act for six years.
The Commissioner for Information of Public Importance and Personal Data Protection criticized the third version of the Draft of the new law, which the Ministry of Justice recently announced.
“This latest version (of the draft) remains below the required minimum and acceptable level,” the Commissioner said on his website.
How to protect yourself?
Although the Ministry of Justice says that the draft of the new law is in line with the comments of the European Commission and the European Legal Cooperation Office, experts and the Commissioner warn that the new draft does not take into account the suggestions made by IT professionals.
In spite of the inadequate the legal framework, Internet users can protect their personal information by being careful how they use it.
Bojan Perkov explains that a large number of applications are designed to require users to access data that are not necessary for the functioning of the application, such as allowing access to a directory, a camera, or a photo gallery.
Perkov points out that one of the most important things is to find out for what purpose a particular application or site collects data and how are they going to use it.
“You should never leave your data on the websites that do not have a secure HTTPS protocol (recognized by the green padlock icon in the site’s address box), especially not the one of a financial nature, such as a credit card number,” Perkov warned.
In Europe, the General Data Protection Regulation (GDPR), which guarantees a wide array of digital rights, entered into force at the end of May.
One of the most important novelties that the Regulation stipulates is that all organizations and institutions that come into contact with personal data, in terms of collecting or processing them, are obligated to inform the people about using it.
Critics do not believe that the new Law, which is currently being draft, will change much, while the Justice Ministry points out that the law is in line with the GDPR.
(BBC News, 30.07.2018)
This post is also available in: Italiano