IP-RS: Novice / News

Information Commissioner published the Annual Report 2009

Sun, 06 Jun 2010 20:06:00 +0200

Information Commissioner published the Annual Report 2009

Ljubljana, June 7 2010

Last week, the Information Commissioner submitted to the National Assembly of the Republic of Slovenia an annual report which, in accordance with the Information Commissioner Act, must be submitted until May 31 for the past year.

In her annual report for the past year, the Commissioner noted that the number of complaints and handled matters in both working areas - the right of access to public information and the right to the protection of personal data - increased. The Commissioner estimates that this is a result of increasing awareness of individuals of the existence and respect of the two constitutional rights. The year 2009 was marked by a new 5-year term of the Commissioner Nataša Pirc Musar, the highest issued fine for illegal exchange of databases between two insurance companies in the amount of 112,000 Euros and increased number of complaints under the Public Media Act due to the so called silence of an authority (a situation where public authorities do not respond within the statutory time limit to applicant request of access to public information). In her report, the Commissioner repeatedly warns of the lack of government response to the Commissioners initiative for adoption of the Act that would regulate privacy in the workplace, which, in practice, brings more or less great difficulties to both employees and employers.

Commissioner also notes that the complaints she receives in both working areas are becoming more demanding and complex. In the area of access to public information, the number of decisions is rapidly increasing - in 2008 the Commissioner issued 129 decisions and in 2009 already 161. The Commissioner upheld or partially upheld most of the complaints. The most widely used exception by the public sector bodies has been protection of personal data, which again confirms the correctness of the legislator for combining together former Inspectorate for Personal Data Protection and Commissioner for Access to Public Information in the same body. It is certainly easier to act professionally if the practice and knowledge in both areas are at the same place. Applicants have mostly appealed against negative decisions of ministries, administrative units and municipalities.

Workload is also growing in the field of protection of personal data. Last year, the Commissioner resolved more than 600 inspection matters, around two-thirds of which were in private sector, and about one hundred inspection procedures were initiated ex officio, meaning that the Commissioner reviews randomly selected data controllers who process a great amount of personal data. Due to breaches of the provisions of the Personal Data Protection Act (ZVOP-1), the Commissioner initiated more than 160 violation procedures and issued almost 60 warnings, slightly less than 70 cautions and 26 fines. One of the latter, as already noted above, was the highest ever issued fine in the amount of 112,000 Euros. The most common violations are illegal processing of personal data, inappropriate protection of personal data, misuse of personal data for direct marketing purposes, and illegal video surveillance. Growing awareness of the right to protection of personal data is also reflected in a number of published opinions and responses, which - in comparison with the previous year - increased by nearly a half. The most frequently asked questions covered areas of official proceedings (judicial, administrative, police) and employment relationships.

Despite a good cooperation with national authorities (Commissioner was involved in several projects that were related to issue of privacy such as establishment of the National Bureau of Investigation, eZdravje, eSociala, eVEM et al.), the Commissioner has pointed out that practically since the beginning of its operation there is a lack of legislation on protection of privacy in the workplace, which would lay down the foundations for questions like control and use of e-mail and mobile phones etc. Due to the lack of such initiative, last year the Commissioner decided to prepare the framework of Privacy in the Workplace Act, but the Ministry of Justice and Ministry of Labour, Family and Social Affairs (still) cannot agree on who will prepare the Act and who will submit it to the legislative process. Ideas and solutions are presented on a paper, but in practice, privacy in the workplace still remains legally unclear.

Last year the Information Commissioner held intensive talks with representatives of the OECD, who were very strict and detailed in evaluating Slovenian legislation on transparency of public administration and protection of personal data. Also thanks to high evaluations and praises in these two fields, Slovenia could sign an agreement with this prestigious organization on June 1 this year. Last year, because of our high professionalism and good legislation, OECD invited representatives of the Information Commissioner to Paris for a conference of countries that would like to become members of the OECD. We were presented by OECD as a country which should be a model on the areas of access to public information and protection of personal data.

Annual Reports are available here: www.ip-rs.si/index.php.http://www.ip-rs.si/

Public trust in Information Commissioner even higher

Thu, 18 Feb 2010 09:50:00 +0100

Public Opinion Research Center conducted a special survey on public trust conferred on Information Commissioner of Republic of Slovenia.

People hold great trust in Information Commissioner and their trust is evidently growing. Among other measured institutions, the only institution that is more trustworthy than Information Commissioner is the official currency – Euro. With a high degree of public trust (53.1 %), the Commissioner left behind all other institutions, such as Military, the President of the Republic, the Ombudsman, Schools, Police etc.

It is also worth mentioning that Information Commissioner enjoys the lowest rate of public distrust among all the institutions included in the survey.

Partial access to the contract on supplying the vaccine for pandemic flu granted by the IC

Wed, 27 Jan 2010 11:12:00 +0100

Information Commissioner has granted partial access to the contract on supplying the vaccine for pandemic flu on January 22, 2010

Information Commissioner has granted the appeal of the journalist Jure Bračko, Pop TV against the decision of Ministry of Health of the Republic of Slovenia by which it denied the journalist’s request to get access to the contract on supplying the vaccine for pandemic flu.

The Commissioner had to establish in his decision making process whether the requested contract represents a business secret or whether the public interest for disclosing parts of the document overrides. Furthermore it was necessary to establish whether the contract includes information which is public by law. Namely every person, entering a contract with the state, needs to be ready to become subjected to a special regime in concluding contracts. Thus, when entering a contract with the sate the suppliers need to be aware that according to statutory provisions, it is impossible to expect total protection of their business secrets.

The Commissioner established that the document was properly marked as business secret in accordance with the Companies Act, however, in this case it was necessary to find out whether the agreement contained the data which could not be treated as business secret according to the Companies Act.

According to the European legislation, the components of the medicinal product, which has received marketing authorisation by the European Medicines Agency and has obtained the European Public Assessment Report (herein after: EPAR) cannot represent a business secret, since the Regulation (EC) No. 726/2004 of the European Parliament and the Council, Art. 13 of March 31, 2004 on the procedures for the authorisation and supervision of medicinal products for human and veterinary use and establishing a European Medicines Agency stipulates that the information must be made public.

Also, exemptions from business secret can not be made for the data on financial conditions, data on time schedule of payments, data on the unit price for the vaccine which the body will cover from public funds, since these are the data on the use of public funds, and are defined as public according to the Slovenia’s Access to Public Information Act. The Commissioner explains that the data on total contractual value alone can not ensure adequate public control, pursued by the institution of transparency, i.e. promotion and ensuring effective and fair competition and cost-effective use of public funds. The latter can be achieved only by allowing the public to access above mentioned information. Only with complete information, it is possible to ensure an efficient control over the use of public funds.

Since the Commissioner established that part of the contract represents business secret, the Commissioner had to assess whether the public interest for disclosing this part of the document is stronger than the interest for which these information has been protected as business secret. Public interest for disclosing information is, for example, very strong in situations which concern obtaining or spending public funds, public security, public health, responsibilities and transparency of decision making which trigger public or parliamentary debates.

In Slovenia, as well as in Europe, the supply of the vaccine against pandemic flu H1N1 triggered numerous concerns and dilemmas. This issue was the subject of debate among professional institutions, the media, as well as among the broader public. Those who have already been vaccinated or are planning to do so, have the right to receive complete information whether the vaccine is safe and what responsibilities for the supply of this vaccine the state will take by this agreement, considering that the state will potentially take financial obligations which consequently means spending taxpayer’s money. The question about the responsibility of the state in such a delicate problem as public health can never be of no public interest, also for the reason that by taking such responsibility further financial consequences for the state budget can be expected, i.e. spending public funds.

Commissioner’s decision is available here.

3rd International Conference Computers, Privacy and Data Protection

Thu, 14 Jan 2010 13:46:00 +0100

The annual Conference Computers, Privacy and Data Protection - CPDP2010 will be hosted on January 29 to 30 this year in Brussels. The aim of the Conference is bridging policymakers, academics, practitioners and activists in the field of data protection.

The objectives of the CPDP are:
1. Identifying and addressing new challenges to be faced by computer privacy and data protection, especially with regards to issues related to profiling and autonomic computing,
2. Bringing together, in a high level expertise conference, most of the academic key specialists in the field, data protection commissioners, computer scientists, practitioners, activists and people from standardization bodies and ICT industries,
3. Addressing recommendations to private and public policy makers in the context of the E.U. Privacy Law and the E.U. Data Protection Directive Review.

This year’s programme comprises 6 panels, including “Forgetfulness and data retention”, “Focus in a EU Agenda: Trust in the information society”, “What was on the law firms agenda in 2009?”, “What was on the US agenda in 2009?”, “What was on the national data protection agenda in 2009?” and “Identity in the information society”.

CPDP2010 will also host 3 parallel sessions on cloud computing, Ambient Intelligence and data protection in Justice and Home Affairs.

Slovenian Information Commissioner Ms Nataša Pirc Musar will be attending the Conference as a speaker.

You can read more about CPDP2010 on the web site available at this address: www.cpdpconferences.org/index.html.

Slovenian DPA hosting Polish Bureau of the Inspector General for Personal Data Protection as a part od mobility project

Wed, 13 Jan 2010 11:30:00 +0100

Polish Bureau of the Inspector General for Personal Data Protection (GIODO Bureau) is participating in the mobility project financed from the resources of the European Union within the framework of the Leonardo da Vinci Project, as a part of the "Lifelong Learning Programm".

The project enables the employees of the GIODO Bureau to exchange the knowledge and experiences in law enforcement in the field of data protection with authorities from partner countries dealing with similar issues.

As a part of this mobility project, the Slovenian Data Protection Commissioner will be hosting Polish delegation from February 1st to 5th 2009. During the visit, the Slovenian DPA will try to illuminate how it is organised, what it’s competencies and tasks are, demonstrate international co-operation and procedures, supervisory activities and major case handling experience. Much of the emphasis of this visit will be given to exchanging experiences between the two DPAs.

Information Commissioner on the social networking site Facebook

Thu, 24 Dec 2009 13:46:00 +0100

Today the Information Commissioner opened its profile on social networking site Facebook. Social networking sites have a wide circle of users and offer many useful tools, but at the same time they can also represent a threat to privacy. On our profile you may therefore find many useful information on data protection. The Commissioner will notify you about upcoming events and important happenings and issues in the field of data protection, especially regarding the use of modern communication information technologies. On our profile you will also find news regarding access to public information.

This way a new channel of communication is being introduced for the wider public to be able to communicate with the Commissioner and to be informed about the Commissioner’s activities.

Individuals still hold great trust in Information Commissioner's work

Fri, 13 Nov 2009 10:14:00 +0100

Individuals still hold great trust in Information Commissioner's work

Public trust in institutions.

Monitoring variation of public trust in institutions serves as an important indication that can be used in the research of public relation to political and other social conditions in space and time.
Measured on a 5 level scale, quality of trust is illustrated in charts No. 18 to 20.
Graphic presentation No. 18 shows measures of present (November 2009) variation of trust in institutions.

Chart No. 18

Portions of trust demonstrated on 1 to 5 level scale show that the highest level of trust (level 4 and 5) is held in the president (61%), police (47%), military (46%), information commissioner (44%), school system (44%), prime minister (40%).
Shares of trust, on the other side of the scale, that show the least amount of trust held in these institutions are: church and clergy (54%), unions (52%), courts (51%), political parties (43%) etc.
A distinctive change is noticed to previous measures. The biggest decline occurred regarding trust held in unions. Chief of police was included in the research for the first time and was placed high on the scale of trust.

Source:
UNIVERSITY OF LJUBLJANA
FACULTY OF SOCIAL SCIENCES- IDV
Public Opinion and Mass Communication Research Center
Kardeljeva ploščad 5, Ljubljana
Politbarometer 11/2009

Commissioner’s opinion on the protection of personal data in on-line street view map applications (such as Google Street View)

Fri, 30 Oct 2009 11:28:00 +0100

Commissioner’s opinion on the protection of personal data in on-line street view map applications (such as Google Street View)

In May 2009 the Information Commissioner received a request for an opinion about on-line street view map application resembling Google Street View, operated by a private Slovenian company. The service works similarly to Google Street View, namely the video material does not result from constant video surveillance of an area, but rather from photographs taken at a certain point of time, which can accidentally include images of people, licence plates, etc.

The Commissioner issued a non-mandatory opinion on the protection of personal data in on-line street view map applications. Some highlights of the Slovene Information Commissioner are as follows:
- The main condition for deploying the Personal Data Protection Act (PDPA) is that the data is part or is intended to be a part of a filing system and that the data is organized in such a manner as to identify or enable identification of an individual;
- In case the individual on the photograph can be identified without disproportionate effort, the photograph may be regarded as personal data.
- The personal data thus collected and published are a part of a filing system. In this case the filing system consists of photographs of individuals without other identifying information such as names and surnames. However, not being tagged with their names and surnames by the data controller does not mean that the individuals won’t be tagged by a third person.
- With regard to all the above the Commissioner believes that it is not possible to generally say that the service does or does not mean processing of personal data. It is only possible to judge case by case whether a certain photograph includes data that make an individual identifiable and thus enjoys protection under PDPA.
- However, if the individual can be identified, the image constitutes personal data and the controller may process this data only if provided so by the law or if the individual has given his consent.
- To avoid potential breaches of the PDPA the Commissioner suggest that the controllers erase or anonymize (blur) personal data in the photographs in a way that the individuals won’t be identifiable anymore. The data should be erased or anonymized promptly (as fast as the technology allows).

Commissioner’s opinion is available here.

Nataša Pirc Musar named vice president of Joint Supervisory Body of Europol

Tue, 13 Oct 2009 15:56:00 +0200

Press release

Ljubljana, 13.10.2009

Nataša Pirc Musar named vice president of Joint Supervisory Body of Europol

Yesterday in the late afternoon the members of the Joint Supervisory Body of Europol voted Slovenian Information Commissioner as vice president of the body. The members of the body are representatives of data protection authorities from all the Europol member states (EU member states). The mission of the body is reviewing Europol's activities to ensure that the rights of the individuals are not violated by the storage, processing and utilisation of data held by Europol. The body also monitors the permissibility of the transmission of data originating from Europol.

Each individual has the right to ask the JSB to ensure that the manner in which his/her personal information has been collected, stored, processed and utilised by Europol is lawful and accurate. The body thus acts as a reliable link between an individual and the Europol.

JSB promotes cooperation in examining questions relating to implementation and interpretation of the Europol Convention and in drawing up harmonised proposals for common solutions to existing problems regarding data protection in the context of Europol.

The vice president of JSB usually runs for president of the body after two years. After the election Nataša Pirc Musar emphasised that as the vice president she will put all her efforts into transferring the Slovenian inspection supervision experience and knowledge to the international body: » Slovenia has enough of experience in this field, that is why I am confident I will be able to proactively and efficiently contribute to the quality of JSB work and protection of the individual's rights«.

Alenka Jerše, General Secretary of the Information Commissioner of the Republic of Slovenia

28 September - THE RIGHT TO KNOW DAY

Mon, 28 Sep 2009 08:53:00 +0200

28 September was chosen to be the world's Right to know day in the year 2002, when different civil society organisations from several countries formed the Freedom of Advocates Network organization (FOIAnet). For the seventh year in a row there are activities being held on this day that tend to emphasize citizens’ right to be informed of matters of general public interest without the need to provide legal interest. The result of an informed public is greater responsibility of the public sector in adopting for the society important decisions.

The European Court for Human Rights (ECHR) precedent was made this year in the case of Hungarian Civil Liberties Union (HCLU) v. Hungary when the court acknowledged the right to access to public information as a fundamental human right. The Constitutional Court of Hungary decided not to grant the HCLU’s request to access the Member of Parliament’s (MP) request to review the constitutionality of the new drug policy law due to protection of the MP’s personal data. After an appeal to the ECHR was made by HCLU the court decided that the Hungarian court’s decision represents a breach of Article 10 of the European Convention on Human Rights. The ECHR stated that denying the right to access to information that is of great importance for public discussion and is in the organ’s keeping, represents a violation of the right of freedom of expression, which also includes freedom of information. Internationally important for the development of this right was also the acceptance of The Council of Europe Convention on Access to Official Documents, which as the first international legal instrument regulates this field by setting minimal standards in exercising the right to access to public information. Slovenia became one of the first countries that ratified this convention in June 2009. By doing so, Slovenia preserved (together with the Scandinavian countries) it’s leading role in this field. The ratification took place during the Slovenian Presidency to the Council of Europe Committee of Ministers and with this act it encouraged other countries to ratify the Convention as well, hoping that it would come into force as soon as possible.

The Information Commissioner assesses that regarding to access to public information Slovenia reaches higher standards than those set in the Council of Europe Convention on Access to Official Documents. This matter is regulated by the Access to Public Information Act, which was endorsed in 2003 and set the legal foundation for extensive legal practice formed by public bodies and by the Information Commissioner.

Based on the actual appeal procedures, the Information Commissioner assesses that the competent authorities exercise good practice. That said the Information Commissioner has noticed some ever recurring deficiencies. On the occasion of The Right to know day the Information Commissioner would like to advise the competent authorities to be active in exercising the rule of transparency and:
1.   to make public information accessible on the internet, by themselves, without formal requests by petitioners. This would decrease the number of petitions as individuals would be able to access public information on the internet.
2.   to respect the principle of helping a law ignorant client and to help the petitioners to form and correct their petitions to access public data. This practice could minimise the number of document being petitioned as the competent authority would help the individual to assess where the wanted information is.
3.   to specify the exemptions by law that allow them not to grant access to public information. Explaining the refusal in detail would minimise the number of appeals as the individual would be able to understand the decision better.
4.   to always use the rule of minimising the cost of access to public information for these expenses relate to performing public duties, and the price cannot be subject to market profit.

This appeal also goes to the public, to act as a watchdog of their rights and to supervise the work of the public sector bodies. Only by doing so, the right to know can have a true value in practice. Transparency namely diminishes the level of corruption and increases the responsibility of the governing authorities.

As the Russian defender of transparency Ivan Pavlov once said:
“Human rights are like muscles, if we don’t use them, they atrophy.”

Information Commissioner
Nataša Pirc Musar