Last month, the European Court of Justice declared illegal all transfers of personal data from European Union (EU) countries to the United States of America (US) under the “Privacy Shield” mechanism, which is also in force in Serbia, and thus opened number of questions on data protection on the Internet, but also whether this verdict could affect the control of data sent to China and the Russian Federation, writes Radio Free Europe.
In Serbia, the Law on Personal Data Protection is harmonized with the General Regulation on Data Protection (GDPR) of the European Union, and the recently disputed mechanism “Privacy Shield” is one of the bases for taking data out of the country.
“This means that if a Serbian company wants to exchange data with a US company that is part of this mechanism, it could do so without the special permission of our Commissioner for Information of Public Importance and Personal Data Protection or without signing an additional contract on data exchange. Now that is no longer possible and companies must rely on some other basis for presenting data,” explains Ana Toskic Cvetinovic, executive director of the Belgrade organization Partners for Democratic Change.
On August 11, the Commissioner for Information of Public Importance and Personal Data Protection asked the authorities in Serbia to find other mechanisms for data transfer to the United States prescribed by the Personal Data Protection Act.
According to the Commissioner, among the offered alternatives are a legally binding act made between the authorities, standard contractual clauses prepared by the Commissioner in accordance with the Law on Data Protection, which regulate the legal relationship between controller and processor, as well as binding business rules by this law.
The alternative, the Commissioner adds, is for the data to be presented “by an approved code of conduct in accordance with that law, together with the binding and enforceable application of appropriate protection measures, including the protection of the data subject’s rights, by the controller or processor in another country “or an international organization”.
According to Ana Toskic Cvetinovic, the fact that the decision of the Government by which the “Privacy Shield” mechanism is considered a valid basis for presenting data is still in force in Serbia, creates a problem for both citizens and companies.
“It is important for the Government of Serbia to change this basis as soon as possible, because now our citizens and companies are in a kind of gap, given that one rule applies to those at the level of the European Union, our legislator refers to EU rules and the decision of the Government says something that is now contrary to reality,” explains Toskic Cvetinovic.
When asked by RSE to which all countries from Serbia transfer personal data, the Commissioner’s office answered that since the beginning of the application of the Law on Personal Data Protection in August 2019, the Commissioner has not issued any approval for data transfer to other countries.
The question is, can the ruling of the European Court of Justice be applied to the transfer of data to other countries such as China and Russia, through social networks such as TikTok, Yandex applications or technologies of the Chinese company Huawei?
China has significant technological influence in Serbia, which it sees as part of its Belt and Road initiative.
Along with the Belt and Road, Serbia also cooperated with the Chinese IT company Huawei, which in 2017 signed several agreements with Serbian ministries based on the Agreement on Economic and Technical Cooperation in the Field of Infrastructure previously signed by the governments of Serbia and China.
The agreement between Huawei and Serbia also includes the installation of a thousand cameras with the technique of face recognition.
Another joint project is the city’s “Data Center” in Kragujevac. Representatives of the Government of Serbia, Chinese Ambassador to Serbia Chen Bo and representatives of Huawei attended the opening of that center, which stores data of the city, city administrations, public companies and institutions and enables connection with national databases in March this year.
However, that center, with the equipment of the Chinese company and computers with citizens’ data, is located in the yard of the Security Information Agency in Kragujevac.
Another Chinese platform, increasingly popular in Serbia, which stores and potentially transmits users’ personal data to China, is the social network TikTok.
It is still not clear how much data is transferred from Serbia to other countries and how secure that data is, Nova Ekonomija reports.
