Danas, Serbian daily newspaper of record has published an article about what changes does the regulation of the European Union – GDPR bring, where author of the article is Miloš Stojković, Technology, Media and Telecommunications Senior Associate and Head of Digital at Živković Samardžić.
In the article, Miloš discusses how General Data Protection Regulation (GDPR) is a regulation of the European Union which is directly applied in all EU member states.
Apart from the fact that this is a document which has for years served and been presented as a sort of a “scarecrow” for companies across the EU, this is also a logical upgrade of the former Directive 95/46 which was adopted way back “when the Internet was still young”, or when only 1 percent of EU citizens used the global network. A lot has changed since then, but the regulation neither anticipated nor reflected drastic technological changes and business migration to the Internet, or the incredible proportions of monetarization of personal data which the users provided to Internet companies as a “compensation” for accessing their services. Therefore, the old framework was ready for “retirement“.
Another significant reason for adopting the regulation was the desire to unify the rules of 28 EU member states, since the previous framework allowed a high degree of freedom to member states to adjust privacy rules to their internal circumstances (by adoption of special laws), which inevitably led to the unequal degree of protection of this important right.
It should not go unnoticed that the reformation of the framework regulating personal data protection is one of the steps the EU is taking to eliminate regulatory obstacles for creation of a single digital market (Digital single market).
Finally, a number of decisions passed by the European Court of Justice shook the very foundations of the personal data protection system which took a significant blow, where some of the most important cases include: Mario CostejaGonsales vs Google Spain (the decision which systematized “the right to be forgotten” from 2014), Max Schrems vs Facebook Ireland (thedecision which caused the fall of the Safe Harbour Agreement EU andUSA from 2015) and Weltimo vs Nemzeti (thedecision which shook the principle of one-stop shop with personal data processing from 2015).It should not go unnoticed that the reformation of the framework regulating personal data protection is one of the steps the EU is taking to eliminate regulatory obstacles for creation of a single digital market (Digital single market).
Regarding most important traits – Serbia and GDPR, the new Law on Personal Data Protection came into force at the end of November, but its application is practically postponed until 21 August 2019. The law has, maybe even too literally, transposed GDPR into the domestic system, which may cause problems and numerous uncertainties in its practical application. Another characteristic is that the law also “entered” the Directive EU 2016/680, related to the personal data processing done by government bodies for prevention, investigation, detection and criminal persecution or execution of criminal sanctions. This transposition of two in themselves large EU documents “turned” the Law on Personal Data Protection into a rather robust law, complicated for understanding, which even the experts sometimes find hard to grasp. One of the striking differences between the Law and GDPR refers to significantly lower monetary sanctions. Namely, the Law anticipates two categories of fines, one pronounced by the court in offence proceedings the maximum amount of which is two million dinars and the fine in the fixed amount administered by the Commissioner, the maximum amount of which is fixed at the amount of 100,000 dinars.It should be noted that the new Law anticipates a significant number of new authorisations for the Commissioner for Information of Public Importance and Personal Data Protection, but at the same time, there are no indications that technical and staffing capacities of this institution would be increased, and the procedure for appointing a new Commissioner has not even begun, so doubt about the readiness for application of the new regulatory framework is justified. On the other hand, panic among the processors shows that not even those affected by the law are fully ready for the new framework.
Full text of the interview is available here.