Skip to main content

The Unauthorised Access to Personal Data by the Slovenian Police

|

On July 10, 2020, a press conference was held in the hall of Slovenia’s legislative body by Jožef Horvat, MP, a member of one of the coalition parties which until early this year had spent many years in the opposition. The MP explained that his subject access request (SAR) filed with the Police in May produced evidence of 22 instances of access to his personal data, 13 of which contained no explanation as to the purpose thereof.

According to the MP, the Police was most active in March this year during the talks about the formation of the new government. He added that many of his fellow MPs had filed SARs with the Police and were awaiting responses, and several more were about to follow suit. He had reported the case to the Information Commissioner (Slovenia’s personal data watchdog). No further information was available at the time of the publication of this article. However, some media have already dubbed the case as one of the biggest scandals in the country’s history.

Putting aside the potential political motives or implications, the possibility of peeping toms inside the Police should hardy come as a surprise. Namely, between 2009 and 2019, 101 Police employees were fined by the Information Commissioner alone for unauthorised access to personal data. In the same period, the Police itself identified 44 potential criminal offences related to misuse of personal data within its own ranks (few were convicted though). But this might be just the tip of the iceberg. In question is a whole range of personal data such as residence, vehicle ownership, traffic fines, other misdemeanours and even criminal convictions. More often than not, the reason for looking at the data was plain curiosity, as victims were mainly public figures, neighbours and (ex) partners.

What in my view is a reason for concern is the fact that the Police have had in place a relatively effective system for recording all and any processing of personal data in their databases, including pure access. It is also fair to assume that the (majority of) its employees were aware of it. There are therefore only two possible explanations. There is either a lack of control and supervision within the Police, so the perpetrators feel unlikely to be caught. Or, due to the lack of education and training, the employees are unaware that any processing of personal data should be legally grounded, while at the same time pursuing a legitimate purpose – and spying on people out of curiosity doesn’t fall into this category.

Whatever the outcome of the possible political scandal, the Slovenia’s Police might have a hard case policing its own ranks.

 

Article provided by: Matija Jamnik (JK Group, Slovenia)

 

 

Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}