The document discusses personal data protection laws in Macedonia. It defines personal data and outlines several key principles of personal data protection, including that data must be collected lawfully and securely stored. It notes that citizens have rights to access and correct their personal data. The document also discusses specific issues around personal data publication online, noting that privacy policies and consent are required by law.

1. Online personal data protection Marijana Marusic , Director of the Directorate for Personal Data Protection Skopje, November 29, 2007

2. СОДРЖИНА BASIC PRINCIPLES AUTHORIZED ORGANS RIGHTS OF THE PERSONAL DATA SUBJECT PERSONAL DATA 1 RIGHT TO PERSONAL DATA PROTECTION IN THE REPUBLIC OF MACEDONIA 2 3 4 5

3. СОДРЖИНА TECHNICAL AND ORGANIZATIONAL MEASURES FOR PROVIDING PERSONAL DATA PROTECTION 6 IMPLEMENTATION OF THE LAW 7 PRIVACY ON THE INTERNET WEBSITES OF THE STATE ORGANS IN THE REPUBLIC OF MACEDONIA 8 PUBLISHING PERSONAL DATA ON THE INTERNET 9 COMMUNICATION TRAFFIC DATA 10

4. PERSONAL DATA Personal data – any information in relation to an identified person or a person that can be identified . Name and surname ; Address ; Personal Identification Number ; Telephone number ; e-mail ( regardless of whether it is private or business ); IP address ( regardless of whether it is a static or dynamic IP address ); account -и на различни web сервиси и итн. Not all personal data have the same level of protection . There exist “sensitive” personal data that are specially protected : Personal data revealing racial and ethnic origin, political orientation , religion , trade union membership , health condition or sexual life are a special category of personal data . The personal identification number is highly protected as well, since it is a universal identifier of the citizen and can be processed only with the previously obtained consent of the personal data subject or under the terms established by the law.

5. THE RIGHT TO PERSONAL DATA PROTECTION IN THE REPUBLIC OF MACEDONIA The right to personal data protection, as a fundamental human right and citizen right is guaranteed with the Constitution of the Republic of Macedonia (Article 18) which guarantees the safety and privacy of personal data . Law on personal data protection ( Official Gazette of RM 7/05), defines the legal and institutional framework for personal data protection in the Republic of Macedonia . Convention No. 108/81 for protection of the natural persons with reference to the automatic personal data processing , Council of Europe.

6. BASIC PRINCIPLES Personal data to be processed in accordance with the law ; Personal data to be collected for concrete, clear and legally defined goals ; Personal data that are collected , to be appropriate , relevant and not too extensive in regard to the goals for which they are collected and processed ; Personal data should be accurate and updated ; Personal data should not be kept longer than the time necessary for accomplishing the goals for which the data have been collected for further processing .

7. RIGHTS OF THE PERSONAL DATA SUBJECT Right to be informed Right to access Right to correction and removal

8. AUTHORIZED ORGANS Controller ; Directorate ( upon the requests for establishing violation of the right to personal data protection ) - I degree – Commission , II degree – director ; Administrative Court of the Republic of Macedonia ( upon an administrative suit against a final decision of the Directorate ); Principal Courts ( for damages )

9. TECHNICAL AND ORGANIZATIONAL MEASURES FOR PROVIDING PERSONAL DATA PROTECTION The controller must apply appropriate technical and organizational measures for personal data protection, such as : preventing accidental or illegal destruction of the data ; preventing unauthorized : altering , spreading or access to personal data

10. IMPLEMENTING THE LAW CONDUCTING ADMINISTRATIVE SUPERVISION OVER THE LAWFULNESS OF THE ACTIVITIES UNDERTAKEN DURING THE PERSONAL DATA PROCESSING AND THEIR PROTECTION ; ACTING UPON CITIZENS’ REQUESTS ; PROVIDING OPINIONS, ASSESSMENTS AND RECOMMENDATIONS RAISING THE PUBLIC AWARENESS Извор ДЗЛП

11. PRIVACY ON THE INTERNET WEBSITES OF THE STATE ORGANS IN THE REPUBLIC OF MACEDONIA

12. Internet websites are means through which personal data of the users can be collected and their habits can be monitored, thus performing profiling.

13. A review of the websites of all the ministries and part of the local self-government units was performed for the purposes of this presentation

14. There is no Privacy Policy or similar document on the reviewed websites , that would inform the citizens about the processing of their personal data collected when they surf the internet websites (there is a copyright notice) ; Some of the websites have an option for subscribing to an e-newsletter , but there is no option for unsubscribing ; There is no information about what happens with the e-mail of the persons that register/subscribe ; There is a contact form , but there is no information on whether the questions that are being asked are confidential; although name, surname, e-mail address and telephone are required. These are the conclusions from the review of the websites:

15. Personal data of citizens of the Republic of Macedonia are published on some of the internet websites ; It is necessary to establish a balance between the need for transparent work of the state organs and the protection of the right to privacy of the citizens ; The right to privacy on the internet websites must be guaranteed to the citizens, in order that they would use the e-Government services .

16. Personal data publishing on the internet (1) The publishing of personal data on the internet must be in accordance with the Law on personal data protection In most of the cases, prior consent is needed from the personal data subject ; Special consent is needed for the special personal data categories ;

17. Personal data publishing on the internet (2) - It is necessary to guarantee the right to access, correction and removal of personal data. - Information on the controller - Purpose of processing

18. Personal data publishing on the internet (3) The publishing of personal data on the internet represents personal data processing in accordance with the Law on personal data protection ; The publishing of personal data on the internet means transfer of data in third countries ; The freedom of expression cannot always be a justification for publishing personal data on the internet .

19. Communication traffic data The IP address is personal data ; Internet traffic data : Date and time of internet user login ; List of websites visited by the internet user ; If it is no longer needed, the traffic data should be immediately erased or rendered anonymous , Law on electronic communications ( Article 112).

20. Thank you for your attention Marijana Marusic [email_address] Тел : ++ 389 (2) 32 44 760 Факс : ++ 389 (2) 32 44 766