The Office for Personal Data Protection, Slovak Republic
- Legal framework of personal data protection
- Legal position of the office
- Powers of the Office
- Limitations of the Office
1. Legal framework of personal data protection in the Slovak republic
Personal data protection in the legal system of the Slovak republic is an indivisible part of the protection of human rights. In this sense the above mentioned area is included in the Constitution of the Slovak republic of 1 September 1992 in the Second head - Basic human rights and freedoms, article 19 and 22.
The area of personal data protection is regulated in the Slovak republic, in the line with the Directive of European parliament and the Council 95/46/EC, by Act No. 428/2002 Coll. on personal data protection that replaced the former Act No. 52/1998 Coll. on personal data protection in information systems. The act No. 428/2002 Coll. was passed by the Parliament of the Slovak republic 3 July 2002 and entered into effect 1September 2002. This act includes experience and knowledge from practice gained during three years of supervising personal data protection and also some more precisely formulated provisions of the Directive.
Except before mentioned law as a generally binding rule is the personal data protection regulated by further legal rules, for example by the Civil code (act no. 40/1964), Sections 11 to 16. Handling with personal data is also contained in the Criminal Code in Section 178 Unauthorized Disposal of Personal Data and in section 257a Damaging or Misusing Data Carrier Record.
Section 178 of Criminal Code (Act No. 140/1961 Coll., the Criminal Code, as amended)
Unauthorized Disposal of Personal Data
|(1)||Whoever, even through negligence, communicates or allows access to data gathered in connnection with the performance of public administration shall be punished by imprisonment for a term of up to one year, or to prohibition of a specific activity or a pecuniary penalty.
|(2)||A person who acquires data on another person in connection with his profession, employment or office and who, even through negligence, communicates the data to another person, or allows access to such data by another person, thus breaching a duty of confidentiality stipulated by law, shall be liable to a sentence under subsection (1).
|(3)||An offender shall be punished by imprisonment for a term of two years, or to prohibition of specific activity or a pecuniary penalty, if:
|(a)||by his act under subsection (1) or (2) he causes a serious detriment to the rights and justified interests of the person to whom such data relates;
|(b)||he commits an act under subsection (1) or (2) through the press, radio, film or TV broadcasting or in another similarly effective manner;
|(c)||he commits an act under subsection (1) by breaching duties arising from his profession, employment or office.
Damaging or Misusing Data Carrier Record
|(1)||A person, who with intent to cause damage or some other detriment to another or obtain unjust benefit for himself or another person, gains access to a data carrier and:
| ||(a)||uses such data without authorization;
| ||(b)||destroys, damages or renders useless the data on such carrier; or
| ||(c)||interferes with the hardware or software of a particular computer, shall be punished by a term of imprisonment of from six months to three years, by prohibition of a specific activity, by a pecuniary penalty or forfeiture of a specific thing.
|(2)||An offender shall be sentenced to a term of imprisonment of from one year to five years if:
| ||(a)||he commits an act under subsection (1) as a member of an organized group, or
| ||(b)||by such act he causes substantial damage or acquires substantial benefit for himself or another person.
|(3)||An offender shall be sentenced to a term or imprisonment of from two years to eight years if, by an act under subsection (1), he causes large-scale damage or acquires a large-scale benefit for himself or another person.
Except domestic legislation also international documents are valid in this area which are binding for the Slovak republic. This preference of international treaties or legal binding documents of european communities and european union follows from article 7, paragraph 5 of the Constitution.
The Slovak republic in the recent period (during years 2001 and 2002) ratified in the area of personal data protection two important international documents
- Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108), it entered into effect 1 January 2001,
- Additional Protocol to the Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108) regarding supervisory authorities and transborder data flows.
2. Legal Position of the Office
In the line with the European law the supervision over the protection of personal data in the Slovak republic has been performed since 1 March 1998. From the year 1998 till 1 September 2002 was state supervision carried out by the Commisioner for personal data protection. On 1 September 2002 the Office for personal data protection was established by the act no. 428/2002 Coll. on the personal data protection. The Office is a body of the state administration with the nationwide competence, its site is in Bratislava.
Personnel of the office is formed by the president, vice-president, chief-inspector and inspectors, other employees of the office.
the office is headed by the vice-president. the parliament of the slovak republic elects and recall the president of the office. The term of the office of the president is five years and the president may be elected for not more than two consecutive terms. Only a citizen who could be elected member of the parliament, who is a person of integrity, who has university education, at least 10 years practice in information sciences or law and is at least 35 years of age can be elected president of the office. The president of the office can neither be a member of a political party nor of a political movement.
The President of the office shall be accountable for his activity to the Parliament of the Slovak Republic. The Parliament of the Slovak Republic may lift the confidentiality obligation of the President of the Office for a concrete case. During his term the President of the Office is entitled to learn classified information under separate regulation.
The Vice-president of the office deputizes for the President of the Office during his absence. The Government of the Slovak Republic appoints and recalls the Vice-president of the Office upon a proposal by the President of the Office. The President of the Office may lift the confidentiality obligation of the Vice-president of the Office for a concrete case.
Chief inspector manages the activities of inspectors. Inspectors carry out inspection tasks and they shall have substantive competence to fulfil the tasks of the Office.
The Government of the Slovak Republic appoints and recalls the inspectors upon a proposal by the President of the Office. Only a citizen who could be elected member of the Parliament of the Slovak Republic, who is a person of integrity, who has university education, at least 3 years of practice in information sciences or law and is at least 30 years of age can be appointed inspector. The Government of the Slovak Republic appoints and recalls the chief inspector from the ranks of inspectors who have a professional experience of at least five years and the age of at least 35 years upon a proposal by the President of the Office.
The term of the office of the chief inspector is five years and he may be repeatedly appointed.
3. Powers of the Office
The office as a state administration body has a stake in the protection of fundamental rights and freedoms of natural persons as to processing their personal data. It carries out its tasks and obligations in accordance with the law.
The Office especially performs these tasks:
The chief inspector and other inspectors as well as the President of the Office and Vice-president of the Office are entitled to
- in case of doubts the Office issues a binding opinion,
- it continuously monitors the situation in personal data protection, information systems registration and keeping records on information systems,
- recommends the controllers of information systems measures for the protection of personal data in information systems,
- in case of doubts whether the extent, content and manner of processing or use of processed personal data are in compliance with the purpose of their processing, compatible with the purpose of processing or whether they are obsolete with respect to time and substance of this purpose,
- in case of doubts on transborder flow of personal data,
- in case of doubts on the registration of the information system,
- receives and handles complaints concerning violations of personal data protection,
- inspects processing of personal data in information systems
- imposes sanctions when detecting violations of duties specified in this Act,
- informs criminal justice agencies of suspicion of crime,
- registers information systems and assuring access to registration situation,
- participates in the drafting of generally binding regulations in the area of personal data protection,
- issues generally binding regulations in the scope of its competence,
- presents opinions on draft laws and drafts of other generally binding regulations that regulate processing of personal data,
- enter controller's and processor's premises, buildings or rooms of operations and facilities,
- require that the controller, processor and their employees submit, within a given deadline, documents, other written materials, statements and information, data processed on memory media including technical data carriers, statements and software source codes, when they own these materials and also other materials needed for inspection, originals and/or and in justified cases to enable taking of copies also outside the premises of the controlled person,
- require full and true oral and written information, statements and explanations to inspected and related facts and linked deficiencies from the controlled person within a reasonable time limit,
- require concurrence of the controlled person.
4. Limits of the Office
If personal data are processed by intelligence services, supervision over the protection of personal data is carried out by the Parliament.
The Office for Personal Data Protection
Odborrske nm 3
Bratislava 817 60