CAPPD TAIEX workshop

TAIEX workshops

“Balance between the right of free access to public information and personal data protection in media reporting”

Background
With the Law on Amendments to the Law on the Right of Access to Information adopted by Croatian Parliament on December 22nd 2010, Croatian Personal Data protection Agency gained jurisdiction over the Law on the Right of Access to Public Information.

Among the most important activities of the Agency concerning access to information, are the following:

  • supervision of access to information legislation enforcement,
  • resolving complains regarding right to access to information,
  • training of Information officers in public bodies,
  • collecting and analysis of annual public bodies´ reports on requests for access to information,
  • creating annual report on access to information legislation enforcement.

Agency is now facing new challenges concerning this specific law enforcement reconciling with personal data protection and this kind of workshop would be very useful to the Agency.

Outcomes

  • How to strike the right balance between access to public information and personal data protection – the Slovenian experience;
  • The responsibility of journalists to protect personal data and the right of journalists to have access to public information;
  • How to strike the right balance between access to public information and personal data protection – the German experience;
  • Freedom of Information, Right to Privacy, Freedom of Expression – the right balance

“Data protection at Eurojust”

Background
The Agreement on strengthening judical co-operation between Eurojust and the Republic of Croatia was signed in 2007 and was ratified by Croatian Parliament in 2009. In Article 7. of the Agreement it is stated that Data Protection Officer of Eurojust and the Data Protection Agency of the Republic of Croatia will report to each other at least once a year on the state of implementation of the data protection provisions of the Agreement. Mr Josip Čule was officially appointed by the Croatian government on 22 September 2009 and become new Liaison Prosecutor for Croatia at Eurojust.
In 2013 Republic of Croatia will become full member state of the European Union and Croatian Data Protection Agency has recognized the importance of the Agreement in fight against organised crime and would like to spread the message on personal data protection in Eurojust.

Outcomes

  • Processing of personal data at Eurojust;
  • Legal framework for Eurojust regarding data protection;
  • Eurojust Case Management System;
  • Internal and external data protection supervision;
  • Exchange of personal data with third States and parties.

“Establishment of Data Protection Officers in Republic of Croatia”

Background
The said items to be included in agenda have been proposed because of the recent developments in the Croatian legal framework regulating the field of data protection, namely the figure of the Data Protection Officer (DPO) established by the recently approved Amendments to the Data Protection Act (Official Gazette no. 130/11). According to the amended article 18 a of the said Amendments to the Act (OG 130/11), the powers and duties of DPOs have been defined as well as its relation and registration with the competent authority, namely the Croatian Agency for Protection of Personal Data (CAPPD). In order to indicate the importance of this new figure, here are some of the duties of the DPOs (article 18 OG 130/2011):

  • control the lawfulness of the personal data processing in terms of respecting the provisions of this Amendments to the Data Protection Act and other regulations that regulate the issues of personal data processing.
  • inform all the persons employed in the processing of personal data with their legal obligations in terms of personal data protection.
  • take into account the fulfilment of the obligations from Article 14 and Article 17 of this Law.

Besides, the EU Data Protection framework will change in some aspects probably in 2012, since the EU Commission has announced to present a draft in order to include the former “third pillar” of justice and security authorities´ processing of personal data which shall imply the strengthening of the DPO.
Additionally, according to the said Amendments every company or an institution that has more than 20 employees has the obligation to designate a Data Protection Officer and inscribe him/her in the Data Protection Officer`s register at the Croatian Personal Data Protection Agency. The before mentioned developments to the Croatian data protection legal framework inevitably lead to an increase in the number of Data Protection Officers (from 600 presently registered to the total of 30,000) and require the setting up of additional training and awareness-raising activities directed towards the Data Protection Officers registered both in the public and the private sector.

Outcomes
The Right to the Protection of Personal Data: from Nice to Lisbon;

  • Requests, tasks and responsibilities of Data Protection Officers;
  • Access to public information and personal data protection;
  • Practical overview on responsibilities of Data Protection Officers.

“RH and protection of personal data after joining the EU”

Background
The EU’s 1995 Data Protection Directive set a milestone in the history of personal data protection. Its basic principles, ensuring a functioning internal market and an effective protection of the fundamental right of individuals to data protection, are as valid today as they were 17 years ago. But differences in the way that each EU country implements the law have led to an uneven level of protection for personal data, depending on where an individual lives or buys goods and services.
In 2012, the Commission proposed a major reform of the EU legal framework on the protection of personal data. The new proposals will strengthen individual rights and tackle the challenges of globalisation and new technologies. The current rules were introduced when the Internet was still in its infancy. Rapid technological developments and globalisation have brought new challenges for data protection. With social networking sites, cloud computing, location-based services and smart cards, we leave digital traces with every move we make.
Further to Croatian membership in the EU announced for 2013, it is necessary to prepare all relevant stakeholders, for new rules and obligations that we have to be complying in the field of personal data protection with our entry into the EU.

Outcomes

  • Changes, news and challenges regarding the protection of personal data in the EU accession
  • The protection of personal data in healthcare – news and practical application
  • The protection of personal data in the telecommunications sector – news and practical application

Why do we need an EU data protection reform?
How does the data protection reform strengthen citizens’ rights?
How will the data protection reform affect social networks?
How will the EU’s data protection reform strengthen the internal market?
How will the EU’s data protection reform make international cooperation easier?
How will the EU’s data protection reform simplify the existing rules?
How will the EU’s data protection reform benefit European businesses?
How will the EU’s reform adapt data protection rules to new technological developments?

CAPPD Leonardo da Vinci Mobility

Mobility for Professionals in Vocational Education and Training

Project Background

Study visit to Croatian Agency for Protection of Personal Data (CAPPD) by colleagues from polish data protection agency regarding exchange of experiences and practices in application of the data protection legislation.

Objectives

To support participants in training and further training activities in the acquisition and the use of knowledge, skills and qualifications to facilitate personal development, employability and participation in the European Labour Market.
To support improvements in quality and innovation in vocational education and training systems, institutions and practices.

Outcomes

  • Legislation aspects related to national legal framework
  • EU and Legal Affairs Department Experience and Case Management, Experience with multinational companies, Helpdesk, Study of representative case work
  • Demonstration of the Inspection Procedure and Case Management within two Departments ;Legal and Technical Approach
  • Presentation of a Central Register and notification process
CAPPD Matra-flex

Enhancing capacities of the CAPPD in the field of right of access to information

Project Background

Project’s purpose is to strengthen responsible public institutions in the enforcement of the Law on the Right of Access to Information, trough implementation of the right of access to information, exceptions to the right of access to information, Information Officers’ responsibility, public interest tests and proportionality tests.

Law on the Right of Access to Information was first adopted by Croatian parliament on October 15th 2003 and the role of Information Commissioner was given to the Ministry of Public Administration, but only with the Law on Amendments to the Law on the Right of Access to Information adopted by Croatian Parliament on December 22nd 2010, Croatian Agency for Protection of Personal Data (further in the text CAPPD) gained new legal bound because there was a strong need for an independent institution to monitor this specific law enforcement since it is a very important anti-corruption measure and directly influences transparency of public administration.
CAPPD is now facing new challenges concerning this specific law enforcement. Our main problem is the lack of experience in this field. Since founding, CAPPD as an independent body was working only in the scope of the protection of personal data, CAPPD employees have not been trained to fulfil new legal bound needs, so CAPPD is in the position of starting the creation of a brand new activity. To achieve all defined goals a strong support of the highly experienced experts is needed on this subject: implementation of the right of access to information, exceptions to the right of access to information, Information Officers’ responsibility, public interest tests, proportionality tests and publication of public procurement.
Transparency International Croatia conducted public opinion research in part of Croatia on the subject of public awareness of their right to access information. Results showed that only 20% of questioned subjects used their right of access to information and only 40% of them received full answer. There are two problems that this research shows: public awareness and law enforcement.

Objectives

To strengthen responsible public institutions in the enforcement of the Law on the Right of Access to Information, trough implementation of the right of access to information, exceptions to the right of access to information, Information Officers’ responsibility, public interest tests and proportionality tests.

The results to be achieved

  1. In depth analysis of present conditions.
  • Inventory by CAPPD of current implementation problems as input for further analysis and for the Working Group
  • A discussion paper formulated by the Dutch experts on Dutch experiences and pro’s and con’s concerning the following themes: (1) public interest tests, (2) (de)classification of documents, (3) business secrets and (4) re-use of information. Based on this discussion paper follow up activities can be formulated
  • A comparative analysis of the Croatian act on the right to access of information by University of Leiden
  • Workshop/seminar concerning the Croatian act on the right to access of information with the working Group members, Agentschap NL and possibly Slovenian expert(s)
  1. Guidelines for the enforcement of the specific legislation are developed.
  • The activities under this result will be elaborated (if necessary) at a later stage, when the impact of the changes to the law have become clear
  1. Development of a curriculum for training of information officers and establishment of a network.
  • Investigate possibility of developing a curriculum for information officers in the programmes of the State School of Public Administration
  • Curriculum developed
  • Network for Information Officers developed, using social media
CAPPD Leonardo da Vinci 2012

Raising awareness of the data protection issues among the employees working in the EU

Project Background

Protection of personal data of every person is covered by European standards, of which the following are fundamental: Convention No. 108 of the Council of Europe of January 29th, 1981 for the protection of individuals with regard to automatic processing of personal data and Directive 95/46/EC of the European Parliament and of the Council of October 24th, 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. These acts contain general principles, allowing for the approximation of data protection laws of in the relevant countries. Each EU Member State has its own regulations for the implementation of Directive 95/46/EC, including all partners participating in the project.

One of the main tasks carried out by all data protection authorities in the partner countries is to undertake educational and training activities aimed at direct addressees of the law – individuals and legal entities. Eurobarometer surveys carried out in particular countries indicate, that a major concern in EU Member States is the lack of knowledge of implemented legislation on personal data protection among the public. On the other hand, the Communication from the Commission of February 2nd, 2006 – White Paper on a European Communication Policy (COM (2006) 35 final) – obliges all EU Member States to carry out information and communication activity, ensuring that all EU citizens have the right to obtain information and express their opinion. At the same time it also formulates three key objectives: improving public education, building bonds between citizens and creating relations between citizens and public institutions. Stressing the importance of social education, which should include all persons regardless of age, and involve a variety of forms and educational tools, including the Internet, is particularly relevant in the context of protection of personal data. Therefore, it is necessary to provide as much information as possible and to carry out all meaningful education and training activities designed to raise awareness and inform the public about their rights and obligations arising from the application of this law.

Objectives

The following objectives will be achieved: comparing data protection law application practices in the partner countries, getting acquainted natural persons undertaking employment in the EU states with the information on personal data protection, getting acquainted all recipients of the guidelines, with knowledge about essential activities, rights and obligations related to undertaking employment in the partner countries, enhancing the role of data protection authorities, intensifying cooperation between data protection authorities.

The project is aimed at providing educational materials to natural persons undertaking employment in one of the countries participating in the project. Experience from all project partner countries has shown the lack of comprehensive information on the data protection law application practices in particular areas of daily life. The deficiency of systematised knowledge has been indicated both by the entities representing various sectors of economic and public activity and by employees (natural persons). Therefore it is necessary to undertake any activities aimed at dissemination of knowledge on personal data protection and privacy, addressed to various groups of recipients.

Methods of achieving the planned objectives

  1. cooperation with partner countries to present the review of the applied personal data protection practices; international cooperation on execution of the project will allow to compare different views and present a joint attitude to the problems discussed,
  2. preparation of the guidelines for employees undertaking employment in the partner countries, as an element of educational activities,
  3. dissemination of information
CAPPD Leonardo da Vinci 2010

Perception of the data protection and privacy issues by children and youth

Project Background

Protection of personal data of every person is covered by European standards, among which the fundamental are: Convention No. 108 of the Council of Europe of January 29th, 1981 for the protection of individuals with regard to automatic processing of personal data and Directive 95/46/EC of the European Parliament and of the Council of October 24th, 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. These acts contain general principles, allowing the approximation of laws of different countries on the protection of personal data. Each EU Member State has its own regulations for the implementation of Directive 95/46/EC, including all partners participating in the project.

One of the main tasks carried out by all data protection authorities in the partner countries is to undertake educational and training activities. The special importance is directed to children and youth, who have little knowledge on how to protect their data and privacy, especially while using new technologies (Internet, cellar phones, social networks etc.). Although the raising awareness of this target group, still there are many examples of presenting lack of essential knowledge on how to protect the personal data by children and youth (e.g. examples of committing the suicides by youth while presenting the films in Internet, the exclusions from social groups etc.). Eurobarometer surveys carried out in particular countries indicate, that a major concern in EU Member States is the lack of knowledge of implemented legislation on personal data protection among the public. On the other hand, the Communication from the Commission of February 2nd, 2006 – White Paper on a European Communication Policy (COM (2006) 35 final) – obliges all EU Member States to carry out information and communication activity, ensuring that all EU citizens have the right to obtain information and express their opinion. At the same time it also formulates three key objectives: improving public education, building bonds between citizens and creating relations between citizens and public institutions. Stressing the importance of social education, which should include all persons regardless of age, and involve a variety of forms and educational tools, including the Internet, is particularly relevant in the context of protection of personal data. Therefore, it is necessary to carry out all possible information, education and training activities designed to raise awareness among children and youth about their rights and obligations arising from the application of this law.

Objectives

The basic objective of the project was to analyze the perception of privacy and personal data protection by children and youth. This knowledge is helpful for preparation of better information and communication activities about how to protect the privacy and personal data directed towards this target group.

Execution of the project will allow to achieve the following detailed objectives: detailed analyses of children and youth, identification the level of awareness on privacy and personal data protection in different fields of social activity of children and youth, with the special attention directed towards new technologies, comparison of the level of awareness identified in the partner countries, preparation recommendation based on the analyses, dissemination the information collected as the result of the project to different stakeholders showing an interest in the result of the project, enhancing the role of data protection authorities in particular states participating in the project as regards dissemination of information to particular groups of recipients, intensifying cooperation between data protection authorities in different EU Member States.

Methods of achieving the planned objectives

  1. undertaking cooperation with partner countries in order to prepare analyses; international cooperation on execution of the project will allow to compare different views and present a joint attitude to the problems discussed,
  2. preparing the report combining the actual situation in the partner countries and (informational material),
  3. dissemination of information
CAPPD IPA 2007

Capacity Building of the Croatian Agency for Protection of Personal Data

Project Background

The Act on Personal Data Protection (Official Gazette103/2003, further in the text: the Law) was adopted in 2003. The Law regulates natural persons’ personal data protection, as well as supervision over personal data collection, processing and use in the Republic of Croatia.
For the purpose of carrying out supervision over personal data protection, the Croatian Agency for Protection of Personal Data (CAPPD) was established by law. CAPPD is a legal entity with public powers vested in it. CAPPD is an independent, supervisory and consultative body in the field of personal data protection. Among the most important activities of the Agency are the following: supervision of personal data protection enforcement, keeping of the Central Register, cooperation with the competent State authorities with a view to drafting regulations concerning personal data protection.
Due to the fact that supervision is, indeed, one of the most important activities of CAPPD, we are particularly concerned about the part of the comment referring to the ineffectiveness of supervision. This should, understandably, be conducive to better-quality supervisory activities on our part in the near future, as well as to our working practices related to supervision and control being aligned to the corresponding EU ones; in other words, when supervisory activities are carried out, the technical component of supervision should be emphasized.
Technical component of the project is founded on regulations. Namely, contained in the legal framework of personal data collection in the Republic of Croatia is a Regulation Ordinance on the manner of storing, as well as on special technical protection measures for some particular categories of personal data. The Regulation in question, in its Art.38, directly refers to the ISO standard concerning information security management. Consequently, when carrying out supervision, the Agency should pay heed to the meeting of the criteria as set by the standard concerned in the part relating to personal data.

Objectives

To strengthen consultative and supervisory role of the Croatian Agency for Protection of Personal Data.

Project Purpose

Component I – Harmonization of the Act on Personal Data Protection with the EU Directive 46/95/EC
To harmonize the Act on Personal Data Protection with Directive 95/46/EC as well as awareness – rising concerning a need for personal data protection and the importance of such protection.
Component II – Application of ISO 27001 standard – based information security system
To implement and certificate standard-based ISO 27001 for the information security system along with IT structure technical security policies improvement aimed at meeting the standard, as well as enhancing the effectiveness, reliability and security

Results and measurable indicators

  1. Amendments to the Act on Personal Data Protection
  2. Improving supervisory activities and practise according with the amendments of the Act on Personal Data Protection
  3. Inception of an education network to train data protection officers
  4. Implementation and certification for the system of information security
  5. Technical upgrade of the system in order to follow IT development
  6. Upgrading the IT system

IPA 2007 eng

X
Skip to content