Privacy Law and Policy Reporter
Following Hungary’s example, most Central and Eastern European States are taking measures to protect their citizens’ personal data. The Council of Europe Project Group on Data Protection is providing help.
Hungary was the first country in Eastern Europe to pass data protection legislation, which was in 1992 (Privacy Laws & Business Newsletter, May 1997 at 18). Hungary’s law entered into force in 1993 and the Parliamentary Commission for Data Protection and Freedom of Information was established two years later. In October this year, Hungary ratified the Council of Europe Convention on Data Protection. The ratification became effective on 1 February 1998.
The Czech law on the Protection of Personal Data Contained in Information Systems of 29 April 1992 is currently being reviewed. The law applies to both public and private sectors. So far, the law has not really been effective as the country does not have an independent data protection authority.
Estonia, which adopted its Data Protection Act on 12 June 1996, has since adopted a law on databases, and prepared a draft law on the Register of Criminal Convictions. A data protection supervisory body was established on 1 January 1997 and is under the jurisdiction of the Ministry of Internal Affairs. The main function of the department is the supervision of data processing in Estonia and registration of databases containing sensitive data.
In Lithuania, the law on the Legal Protection of Personal Data was adopted on 11 June 1996. It covers auto- matically processed data in the public sector. The law has a rarely-seen characteristic; it extends the protection of an individual subsequent to his death for 75 years from the date of the last record.
In Poland, data protection is included in the new constitution. A Data Protection Act, adopted on 29 August 1997 will enter into force on 30 April 1998. The law follows closely the provisions of the EU Data Protection Directive.
Some countries expect to publish a data protection bill next year. Romania has already signed the Council of Europe Convention on the Protection of Personal Data, and hopes to complete its bill soon. In Moldovia and the Slovak Republic, draft bills have been considered.
For societies that have experienced a major change in their political systems, data protection is not necessarily at the top of the list of issues that need immediate attention. However, in order to facilitate the preparation of appropriate legal instruments, or the revision of existing instruments, the Council of Europe has established a project group on data protection. The project group also serves as a forum for exchanging views on topical issues, such as the consequences of the latest technological developments for data protection. Members consist of representatives of the Council of Europe member states. In addition, the project group may create working parties open to data protection specialists who are not project group members.
Slovenia is one of the countries which has asked the Council of Europe’s advice on how to ensure conformity with the Council’s Convention 108 on the Protection of Personal Data. A new law which will replace the law of March 1990, is based on the expert opinion of the Council of Europe’s project group on data protection. The new draft is now waiting for a second reading in the Slovenian National Assembly.
Stewart Dresner, Publisher of Privacy Laws & Business Newsletter. Reprinted with permission from Privacy Laws & Business Newsletter, no 41, December 1997. PL&B will include detailed reports on individual countries in future issues.