Skip to main content

The North Macedonia Government violated the Law on PDP publishing personal data of awarded applicants in front of the European Court of Human Rights

|

This resolution includes data for 519 applicants i.e. their names and surnames, personal identification numbers (PIN), bank accounts with data in which bank the bank accounts are maintained

In February 2024 the Government of the Republic of North Macedonia (hereinafter only “The Government”) has adopted a Resolution on the payment of funds from the Budget of the Republic of North Macedonia no. 14-1501/4 dated February 13th, 2024, related to awarded amounts to the applicants on the basis of final decisions of the European Court of Human Rights (hereinafter only “The Resolution”). This resolution includes data for 519 applicants i.e. their names and surnames, personal identification numbers (PIN), bank accounts with data in which bank the bank accounts are maintained. On February 15th 2024 the Government has published the Resolution in the Official Gazette of Republic of North Macedonia no. 39/24 in its original form with all data included. The publication was made as a part of the obligation for the Government to publish its resolutions in accordance with the Law on the Publication of Laws and other Regulations and Acts ("Official Gazette of Republic of North Macedonia" No. 56/99, 43/02 and 21/21).

Immediately after the publication, there was a huge reaction by the public and experts that the Government has made several violation during the process of publication of the Resolution in the Official Gazette. At first, it was obviously that the Government did not take all necessary technical measures in order to protect the personal data, such as anonymization of personal data for the purpose of publishing the resolution, but also the Official Gazette did not pay any attention as well when publishing the resolution. In addition, the Government did not follow the obligation to assure that when processing citizen’s personal identification numbers of citizens the controller is obliged to take care that personal identification number shall not to be unnecessarily visible.

Another problem was that the Official Gazette is distributed in electronic form but also in hard copy, which bring us to the question if the Government takes corrective measures such as withdrawal of the electronic edition as well as the written edition, will those measures will be enough, taking into consideration that the electronic version is already downloaded by many online users and if it is possible to withdraw the written edition if it is already distributed.

Following the massive reaction of the public and concerned individuals, on February 16th 2024, the Agency for the Protection of Personal Data (hereinafter only “The Agency”) carried out an extraordinary supervision conducted ex officio over the legality of the activities undertaken during the processing of personal data and their protection by the Government related to the resolution and its publication. At the end of the supervision, the Agency established that, by publishing the personal identification numbers, bank account numbers and names of the banks of a total of 519 applicants in the Resolution, the Government  acted contrary to the principles of "legality, fairness and transparency", "limitation of objectives", "minimum amount of data" and "integrity and confidentiality", while allowing the personal identification numbers of applicants to be unnecessarily visible, which violated the provisions of Article 9 paragraph (1) paragraphs 1, 2, 3 and 6, Article 10 and Article 83 paragraph (6) of the Law on Personal Data Protection.

In addition, the Agency ordered the Government to amend the Resolution in a manner that the citizen’s personal identification numbers, transaction accounts and bank names of 519 applicants will be deleted, to withdraw the Resolution from the "Official Gazette of the Republic of North Macedonia" 39/24 and to notify the Agency in writing along with a written proof for the corrective measures taken.

 

Article provided by INPLP member: Jasmina Brezovska (Bona Fide, Macedonia)

 

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}