Varuh ДЌlovekovih pravic
Ombudsman
Press
Brochures in foreign languages

Protection of Personal Data Mechanisms in the Republic of Slovenia and Harmonisation with Directive 95/46/ec of the European Parliament and the Council of the European Union

Print:

Personal data protection act of the republic of Slovenia

Theprotection of personal data in the Republic of Slovenia has stood atthe level of constitutionally protected rights since the adoption ofamendments XLIV and LXVII to the 1974 constitution on 27 September1989. Today the protection of personal data is guaranteed at theconstitutional level by a special provision of Article 38 of the 1991constitution of the Republic of Slovenia contained in the chapter onhuman rights and fundamental freedoms. The constitution itself sets outthe principles of lawfulness, the prior determination of the purposesfor which data are collected and used, the right of the data subject tobe informed of the data which has been collected, and the right tolegal remedy with respect to the protection of personal data.

Both the first Protection of Personal Data Act (1990) and the currentact (1999) were enacted on the basis of such principles. These actsalso take into account international standards in this field.

The 1999 Protection of Personal Data Act was significantly amended withregard to the mechanisms of personal data protection by means of anamending act in 2001 (Official Gazette of the Republic of Slovenia, No.57/2001). The Protection of Personal Data Inspectorate acquired anumber of new powers and, in terms of organisation, was established asa special body within the Ministry of Justice. The changes to theProtection of Personal Data Act also introduced a new independentinstitution for the protection of personal data. This function fell toSlovenia's Human Rights Ombudsman, and is directly discharged by one ofthe deputy ombudsmen in conjunction with the technical service of theOmbudsman's Office.

Under the latest amendments to the act, the supervision of theimplementation of the Protection of Personal Data Act must beconsidered in an integrated manner; the competences and role of theProtection of Personal Data Inspectorate and of the Human RightsOmbudsman in his role as an independent supervisory body must be dealtwith together.

Under the amendments to the act, the Protection of Personal DataInspectorate has been strengthened both institutionally and from thepoint of view of its powers. The most important new element is thatunder the new act the Inspectorate is established as a body within thestructure of the justice ministry.

Within the context of its supervisory role, the Inspectorate is charged with the following duties:
- supervision of the lawfulness of the processing of personal data
- supervision of the implementation of procedures and measures relating to the protection of personal data
- supervision of the implementation of the provisions of the act regarding catalogues and the joint catalogue of personal data
- supervision of the implementation of provisions regarding thetransfer of personal data out of the state and the communication ofpersonal data to foreign users.

When carrying out his supervisory activities the inspector is entitledto inspect documentation relating to the processing of personal data,the content of collections of personal data, data catalogues and thejoint catalogue of personal data. The inspector is also entitled toexamine the measures and procedures relating to the protection ofpersonal data and, to this end, to review the acts governingprotection, premises, computer and other equipment and technicaldocumentation relating to the protection of personal data.

When an inspector identifies a violation of the act or other regulationrelating to the protection of personal data during the course of hissupervisory activities he has the right to order the rectification ofthe identified irregularities or deficiencies in the manner and withinthe deadlines which he himself shall specify. He may also prohibit theprocessing of specific data relating to natural and legal persons andprohibit the transfer of personal data to another state or thecommunication of personal data to foreign users. In cases whereviolations are identified the inspector may institute general offenceproceedings or bring criminal charges against the party or partiesconcerned.

Within the context of its supervisory role the Inspectorate may alsosupervise the implementation of the act with regard to legal persons,sole traders or other natural persons. An appeal may be made against anorder issued by an inspector. Such an appeal shall be ruled on by theminister of justice. A dissatisfied party may also avail himself of thepossibility of judicial protection at the administrative court. TheProtection of Personal Data Inspectorate shall report on its work tothe minister and to the Human Rights Ombudsman. In this way theresponsibility of the Inspectorate is established not only in relationto the minister within the structure of whose ministry it operates, butalso in relation to the Ombudsman in the role of independentinstitution.

On the basis of Article 8 of the Act Amending the Protection ofPersonal Data Act, the Human Rights Ombudsman carries out independentsupervision of the protection of personal data (the new Articles 29 to29g). Unless otherwise specified by this act, the provisions of theHuman Rights Ombudsman Act (Official Gazette of the Republic ofSlovenia Nos. 71/93 and 15/94) shall mutatis mutandis apply to theprocedure of independent supervision of the protection of personal data.

In his role as an independent institution for the protection of personal data the Ombudsman shall:
- supervise the respecting of regulations on personal data protection by the data administrators and users of personal data
- advise in all cases relating to the processing of personal data andcooperate in procedures relating to the adopting of regulations in thisfield
- process and investigate petitions relating to the protection of personal data
- monitor the work of the inspectorate and propose measures relating tothe implementation of supervision and the protection of personal data
- on his own initiative monitor the implementation of the personal data act and perform other functions in this field.

As regards the performance of the Ombudsman's tasks in this field, itis important to differentiate between two scenarios: in the case of astate body, local government body or other statutory authority, theOmbudsman may directly employ the powers he holds under the OmbudsmanAct and investigate individual cases directly. In cases involvingorganisations or individuals outside his jurisdiction, i.e. subjects ofcivil law or natural persons, his competences are different. In suchcases he shall invite the Inspectorate to carry out supervision andadopt appropriate measures. The Ombudsman's supervision in such caseswill be indirect. However, even in this case two methods are possible:the Ombudsman may either pass the case to the Inspectorate or requestthe Inspectorate to carry out specific actions on his behalf and reportback to him.

In each case the decision on whether to accept the case for directhandling or pass it on to the Inspectorate rests with the Ombudsman.Ideally, the competent inspector should acquaint himself with the casesfirst and address them in accordance with his powers. The Ombudsman inhis role as independent institution would as a rule only becomeinvolved later, at the proposal of the party concerned (if the party isdissatisfied with the measures taken by the inspector), or at theproposal of the inspector himself should he require the Ombudsman'sopinion on a matter of principle when dealing with a concrete case.

When defining the tasks of the Ombudsman it is important to emphasisehis power to draw attention to inconsistencies in regulations andpropose amendments to them. The Human Rights Ombudsman frequently makesuse of his right of direct access to the legislature, above all bydrawing parliament's attention to the need to amend individualregulations in his annual reports. He also has the possibility ofdrawing attention to necessary changes in specific areas by means ofthe special reports which he submits to parliament or a parliamentaryworking group. The Ombudsman also enjoys direct access to theConstitutional Court by virtue of the fact that he is empowered topropose a review of the constitutionality and legality of individualregulations at the Constitutional Court of the Republic of Slovenia.

In the field of the protection of personal data, conflicts often occurbetween various rights, including constitutionally and statutorilyprotected rights. In such cases it is therefore necessary to decidewhich right takes precedence in the case in question. On the one handthere may be, for example, the right to the protection of personaldata, but this may clash with the right to judicial protection or withthe exercising of some other right or interest. In such cases, in theabsence of special regulations governing the case in question, the dataadministrator must decide which right shall take precedence. We believethat the function of the Ombudsman in the role of independentinstitution for the protection of personal data is particularlyimportant in this area, since by looking at the broader picture andtaking into account various human rights the Ombudsman will be able tomitigate through his intervention the sometimes excessively narrow viewof the implementation of individual rights.

Brussels, February 18, 2002



Jernej Rovsekdeputy ombudsman

Print: