The right to privacy, as one of the essential postulates of a democratic society, requires regulation both in the legislative, i.e. in the normative sense, as well as in practice, since often the general public is not even aware of the fact that their right to privacy is threatened, or in the worst case, violated.
All information related to a natural person whose identity has been determined or can be determined is considered personal data.
In the light of the latest developments related to political events in Montenegro, I think it is necessary to draw attention to the protection against violations of the right to privacy, both by the handler of personal data and by third parties, who use such personal data without authorization.
Namely, we have witnessed that certain political entities, in order to achieve better results in the elections, decided to inform the users of telephone services, i.e. the owners of certain telephone numbers, about their "events" through SMS messages, as well as to encourage the same persons to vote for a certain actor in the election. .
Since the phone number, which was needed by political subjects in order to send SMS messages, can be considered personal data, primarily because it can be used to determine the identity of the natural person who owns it, I believe that this kind of behavior is the most gross violation of everyone's right to privacy to whom the messages were sent by SMS.
This is due to the fact that mobile operate, which in this case is the personal data handler, was obliged to keep them and not give them to third parties for use without the prior consent of the person whose data is being handled, and in this case the owner of mobile phone numbers.
The Law on the Protection of Personal Data, more precisely Article 10 paragraph 1 stipulates that the processing of personal data can be carried out with the previously obtained consent of the person whose personal data is being processed, which can be revoked at any time.
Furthermore, the cases when consent is not required are specified and exhaustively enumerated, and they are:
v1) performance of the legally prescribed obligations of the operator of the collection of personal data;
v 2) protection of life and other vital interests of a person who is unable to give consent in person;
v 3) execution of the contract if the person is a party to the contract or for taking actions at the request of the person before concluding the contract;
v 4) performing tasks of public interest or in the exercise of public powers that are within the scope of work, that is, the competence of the controller of the collection of personal data or a third party, that is, the user of personal data;
v 5) realization of the legally based interest of the operator of the collection of personal data or of a third party, i.e. the user of personal data, unless such interests should be limited in order to realize and protect the rights and freedoms of individuals.
It is clear that in accordance with the Law on the Protection of Personal Data, both the operator and the third party had to obtain the consent of the person whose data is being processed in order to be able to use the same, which, in my opinion, did not happen in a large number of cases, and it is the right privacy violated.
Certainly, a person whose right to privacy has been violated has the right to fair compensation, which would correspond to satisfaction, but never to the acquisition of illegal property benefits, since the abuse of rights cannot be justified in any case.
I emphasize that it is the duty of personal data handlers, in the specific case of mobile operators, to provide citizens with access to information on whether third parties have been able to determine their identity, based on the request of each natural person addressed to the relevant authority for the provision of said information. Furthermore, if the operator refuses to act in accordance with the request, or simply does not act on the request, it can be submitted to the Agency for the Protection of Personal Data, which has the authority to access collections of personal data and means of electronic processing of personal data.
I remind you of the situation in 2020, when the right to privacy was violated for citizens whose names were published in a list by the decision of the National Coordination Body at the time, and which list only concerned persons who are in self-isolation, due to the consequences caused by the CODIV-19 virus.
The decision of the Constitutional Court U-II number 22/20 established a violation of the right to privacy of natural persons whose names were on the disputed list, which is why the state paid 300 EUR to the citizens as compensation for the violation of the right to privacy, as an amount sufficient for just satisfaction.
Law & Consulting 
Leave a comment