Ikonka home dla okruszków What we do Cooperation International Central and Eastern Europe States Group Meetings of the Central and Eastern Europe Data Protection Authorities

15th Meeting of the Central and Eastern Europe Data Protection Authorities

On 10-12 April 2013 in Belgrade, the Inspector General for the Protection of Personal Data took part in the 15th Meeting of the Central and Eastern Europe Data Protection Authorities (CEEDPA). This year's event was hosted by the data protection authority of Serbia. Among the participants of the meeting were representatives of 14 data protection authorities from the following countries: Albania, Bosnia and Herzegovina, Bulgaria, Hungary, Republic of Macedonia, Poland, Russia, Slovakia, Slovenia, Serbia, Ukraine, Croatia, Montenegro and the Czech Republic.

The meeting focused on three groups of topics on which representatives of data protection authorities spoke, presenting their national experiences. These were: data security, processing of personal data in the context of employment and the independence of DPAs and the challenges they face.

Wojciech R. Wiewiórowski, PhD, gave a presentation entitled. ‘Privacy impact assessment of cloud computing services in e-Administration’.

The first session on data security dealt with two topics. The first concerned new trends in the processing of personal data in the public sector, particularly in the sphere of electronic processing, and assessing the impact on privacy protection. The second topic, on the other hand, presented examples of data breach on data protection in practice in various countries. Regarding the first topic, the prevailing approach in the discussion was that the proliferation of electronic processing means, especially in the public sector, must take into account the security issues indicated, in a strictly restrictive manner, taking into account relevant EU documents in this area. Regarding the examples of personal data breaches presented, representatives from all CEE countries came to similar conclusions, mainly due to the fact that adequate safeguards had not been implemented. The failure to implement adequate security measures is generally due to inadequate organisational measures and human resources (the so-called human factor) and the failure of data controllers to implement security standards.

In the second session on data processing in the employment context, participants discussed the various methods of employee screening, the impact of the use of ICT on data subjects' rights and, in particular, the aspect of the protection of the employer's legitimate interest and the protection of the right to respect for the employee's dignity. Participants discussed the issue of testing job applicants as part of hiring and recruitment procedures and concluded that the only exception allowed may apply when prior personality or aptitude tests are necessary and the need for such tests can be assessed depending on the area of employment and risks. Participants agreed that the notion of “consent” for the processing of personal data in the employment context is not acceptable in the same way as in other areas, where it is clear that consent is given voluntarily.

The third session focused on the independence of data protection authorities and the challenges they face. During the discussion on the first issue, the independence of the authorities, participants concluded that there were various solutions to ensure independence from an executive as well as legislative point of view, and in some situations initiatives were taken to separate the independent authorities from the executive branch of government. The discussion on the challenges faced by independent bodies focused on the issues of cross-border data transfer, video surveillance of public areas and hate speech, especially in the media. Participants in the discussion noted that the independence of DPAs is not and cannot be unlimited, meaning that DPAs cannot be outside the reach of the law and exempt from scrutiny. On the contrary: their independence means that they should be organisationally and functionally separate from the public administration and other public authorities whose activities they have to control.

During the meeting, it was agreed that the next 16th CEEDPA Meeting will be held in 2014 in Skopje, Republic of Macedonia. In addition, representatives of the Data Protection Authorities of Hungary and Bosnia and Herzegovina expressed their willingness to organise the 17th CEEDPA meeting in 2015, but this would be decided at the next meeting in the Republic of Macedonia.

It was also agreed that the Russian Federation, with observer status in the Central and Eastern Europe Data Protection Authorities, was granted full membership.

The Group of the Central and Eastern Europe Data Protection Authorities was established on the initiative of the Inspector General for the Protection of Personal Data in 2001. The Polish DPA acts as CEEDPA's secretariat.

phone
Infoline (in Polish) UODO 606-950-000 Operates on weekdays from: 10:00-14:00
© UODO 2018 - 2025
Copyright.
Urząd Ochrony Danych Osobowych
map pin ul. Stawki 2, 00-193 Warszawa
envelope kancelaria@uodo.gov.pl
clock Working hours of the office: 8 a.m. – 4 p.m.
© UODO 2018 - 2025
Copyright.