Information Commissioner published the Annual Report 2009

Information Commissioner published the Annual Report 2009

Ljubljana, June 7 2010

Last week, the Information Commissioner submitted to the National Assembly of the Republic of Slovenia an annual report which, in accordance with the Information Commissioner Act, must be submitted until May 31 for the past year.

In her annual report for the past year, the Commissioner noted that the number of complaints and handled matters in both working areas - the right of access to public information and the right to the protection of personal data - increased. The Commissioner estimates that this is a result of increasing awareness of individuals of the existence and respect of the two constitutional rights. The year 2009 was marked by a new 5-year term of the Commissioner Nataša Pirc Musar, the highest issued fine for illegal exchange of databases between two insurance companies in the amount of 112,000 Euros and increased number of complaints under the Public Media Act due to the so called silence of an authority (a situation where public authorities do not respond within the statutory time limit to applicant request of access to public information). In her report, the Commissioner repeatedly warns of the lack of government response to the Commissioners initiative for adoption of the Act that would regulate privacy in the workplace, which, in practice, brings more or less great difficulties to both employees and employers.

Commissioner also notes that the complaints she receives in both working areas are becoming more demanding and complex. In the area of access to public information, the number of decisions is rapidly increasing - in 2008 the Commissioner issued 129 decisions and in 2009 already 161. The Commissioner upheld or partially upheld most of the complaints. The most widely used exception by the public sector bodies has been protection of personal data, which again confirms the correctness of the legislator for combining together former Inspectorate for Personal Data Protection and Commissioner for Access to Public Information in the same body. It is certainly easier to act professionally if the practice and knowledge in both areas are at the same place. Applicants have mostly appealed against negative decisions of ministries, administrative units and municipalities.

Workload is also growing in the field of protection of personal data. Last year, the Commissioner resolved more than 600 inspection matters, around two-thirds of which were in private sector, and about one hundred inspection procedures were initiated ex officio, meaning that the Commissioner reviews randomly selected data controllers who process a great amount of personal data. Due to breaches of the provisions of the Personal Data Protection Act (ZVOP-1), the Commissioner initiated more than 160 violation procedures and issued almost 60 warnings, slightly less than 70 cautions and 26 fines. One of the latter, as already noted above, was the highest ever issued fine in the amount of 112,000 Euros. The most common violations are illegal processing of personal data, inappropriate protection of personal data, misuse of personal data for direct marketing purposes, and illegal video surveillance. Growing awareness of the right to protection of personal data is also reflected in a number of published opinions and responses, which - in comparison with the previous year - increased by nearly a half. The most frequently asked questions covered areas of official proceedings (judicial, administrative, police) and employment relationships.

Despite a good cooperation with national authorities (Commissioner was involved in several projects that were related to issue of privacy such as establishment of the National Bureau of Investigation, eZdravje, eSociala, eVEM et al.), the Commissioner has pointed out that practically since the beginning of its operation there is a lack of legislation on protection of privacy in the workplace, which would lay down the foundations for questions like control and use of e-mail and mobile phones etc. Due to the lack of such initiative, last year the Commissioner decided to prepare the framework of Privacy in the Workplace Act, but the Ministry of Justice and Ministry of Labour, Family and Social Affairs (still) cannot agree on who will prepare the Act and who will submit it to the legislative process. Ideas and solutions are presented on a paper, but in practice, privacy in the workplace still remains legally unclear.

Last year the Information Commissioner held intensive talks with representatives of the OECD, who were very strict and detailed in evaluating Slovenian legislation on transparency of public administration and protection of personal data. Also thanks to high evaluations and praises in these two fields, Slovenia could sign an agreement with this prestigious organization on June 1 this year. Last year, because of our high professionalism and good legislation, OECD invited representatives of the Information Commissioner to Paris for a conference of countries that would like to become members of the OECD. We were presented by OECD as a country which should be a model on the areas of access to public information and protection of personal data.

Annual Reports are available here: www.ip-rs.si/index.php.http://www.ip-rs.si/