DRAFT ACT ON PROTECTION OF DATA ON PERSON

Published date: 17.09.2007 14:18 | Author: Naslovna strana

Print

Republic of Montenegro
Ministry of Interior and Public Administration








DRAFT ACT ON PROTECTION
OF DATA ON PERSON






Podgorica August 2007






DRAFT ACT ON PROTECTION ON DATA ON PERSON


I GENERAL PROVISIONS


Article 1

Protection of data on person ( hereinafter: personal data) is regulated under the conditions and the way proscribed by this Act, and according to principles and standards from ratified International Treaties on human rights and fundamental freedoms and generally accepted provisions of the International Law.




Article 2

Personal data shall be processed only according to the law.
Personal data may be processed in the cases determined by the law or for the purpose the data subject (hereinafter: person) has given his/her consent for and shall not be processed in quantities more extensive than necessary for achieving the purpose defined.
Irrespective of the Paragraph 2 of this Article, personal data may be processed for the statistical or scientific-research purpose, if appropriate measures are taken in order not to disclose the identity of a person.


Article 3

Processed personal data shall be under obligation to be accurate, complete and up-to-date.
Personal data which permit identification of data subjects shall be under obligation to be kept no longer than is necessary for the purposes for which they are processed



Article 4

The protection of personal data has been ensured for every natural person irrespective of his/her citizenship or place of residence, and regardless of race, skin color, sex, language, religion, political or other convictions, national or social background, property, birth, education, social standing or other characteristics.


Article 5

According to this Act shall be obliged to proceed all governmental agencies, local self-government authorities, companies and other and other legal persons entrepreneurs and natural persons with seat more exactly residence in the Republic of Montenegro (hereinafter: Montenegro), who determine purpose and means of processing of personal data if purpose and means of processing are not determined by the Act and perform processing of personal data or establish filling system catalogue (hereinafter: data controller).
Personal data controller shall be under obligation to undertake measures in order that his representative office in the other country acts in accordance to this Act.
Regulation of this Act shall be applied also onto personal data controller whose seat respectively residence is not in Montenegro if equipment for processing of personal data is in Montenegro, unless that equipment shall be used for transfer of personal data across the territory of Montenegro.
In the case from Paragraph 3 of this Article, personal data controller shall be under obligation to appoint representative or deputy with seat respectively residence in Montenegro for implementation of provisions of this Act.



Article 6

In the case when the purpose and means of processing of personal data are regulated by the Act, personal data controller shall be appointed by this Act.



Article 7

The provisions of this Act shall not apply to the personal data processing conducted for the scope of defense, national and public security and in the criminal proceedings if such is regulated by separate Act.
The provisions of this Act shall not apply to the personal data processing conducted by natural persons for his/her private purpose.


Article 8

Terms used in this Act shall have next meaning :


1) Personal data means any information relating to an identified natural person or an identifiable natural person ;
2) Processing of personal data - means any operation performed in connection with collection, recording, authorization, storage, alteration, retrieval, use, inspection, disclosure by transmission, communication, or otherwise making available alignment linking, blocking, erasure or destruction likewise performing of other actions on personal data;
3) Personal data filing system means structured set of personal data which are subject of processing and may be available according to regulation.
4) Personal data recipient means a state or local self-management authority, company or other legal person, entrepreneur of natural person whom the personal data may be disclosed to for the purpose of conducting regular activities within the scope of its competence as defined by Act.
5) Personal Data processor - user means a state or local self-management authority, company or other legal person, entrepreneur of natural person whom Personal data controller entrusts certain jobs regarding personal data processing, as defined by this Act.
6) The data subject's consent means any freely given statement, in written or oral form onto record by which the data subject signifies his treaty to personal data relating to him being processed for certain purposes.
7) Special categories of personal data - are personal data on racial, or ethnic origin, political, religious or other beliefs, social origin, trade-union, associations or other membership, likewise data on health status, sexual life or sexual orientation;
8) Biometric data - are such characteristics of the natural person which can be used to his/her identification.

II PROCESSING OF PERSONAL DATA

1. Conditions

Article 9

Personal data may only be processed with the consent of the data subject.
Personal data may be processed without the consent of the data subject:
1) for the exercise of lawful obligations and competences by the Personal data controller;
2) if the processing is necessarily required to protect the life or health of an data subject incapable of giving his/her consent ;
3) in order to undertake actions which precede to the conclusion of a contract, and appropriate for conducting negotiations for the conclusion of a contract or for the fulfilment of a contract, as defined by the Act.
4) if the data subject discloses such data on his/her own

Consent from Paragraph 1 of this Article, for the person deprived of business capability gives trustee and for the minor person parents or those who adopt, respectively trustee.
Consent for data processing of deceased persons give his/her legal hears, defined by the Act on Succession


Article 10

In cases referred to in Paragraph 1, of Article 9 the data subject has the right to revoke his consent.
In the case from Paragraph 1 of this Article, Data Controller shall be obliged to cancel data from Personal data filing system, and within 30 days from revoking of consent.
In the case of processing of personal data for statistical or scientific-research purpose, the data subject can revoke his/her consent, solely if personal data enable identification of the person.

Article 11

Personal data pertaining to underage persons shall be processed in accordance with the law, on the way which is within the best interest of the underage person.


Article 12

Processing of special categories of personal data is prohibited.
Irrespective of the first Paragraph of this Article, personal data can be processed:
1) with the consent of the data subject
2) for the purpose of carrying out legal obligations to which personal data filing system controller is subject within the field of employment and health-care and in other case , within the interest of the person;
3) for the purpose of protecting the life or health of persons, as defined by Act
4) if the data subject discloses such data on his/her own
5) within the activities of associations institutions or other non-profit Authorities with political , religious or other aim, but only if the processing concerns their members or members of other authorities, who gave consent for processing of their personal data.
Special categories of personal data shall be specially marked and protected in order to prevent unlawful access to these data.
The way of marking and protecting of personal data from Paragraph 2 of this Article, establishes Ministry competent for public administration affairs


Article 13

Processing of personal relating criminal proceedings or infraction proceedings is prohibited.
Irrespective of the first Paragraph of this Article personal data may be processed :
1) with the consent of the data subject
2) for the exercise of lawful obligations by the Personal data controller;
3) for the purpose of protecting the life or health of persons, when data subject is incapable of giving his consent.
4) if the data subject discloses such data on his/her own

Article 14

Personal data processing into commercial purpose or public disclosure is allowed solely with data subject’s consent.

2. Contractual Processing

Article 15

Based on a contract, the personal data filing system controller may entrust data subject tasks regarding the processing of personal data within his/her authority to other processing official.
The contract referred to in Paragraph 1 of this Article regulates mutual rights and obligations of the personal data filing system controller and processing official.
Tasks regarding Paragraph 1 of this Article may be entrusted solely to a processing official registered for conducting these activities and who fulfils conditions regarding the realization of appropriate personal data protection measures, as defined by this Act.


3. Providing data to users

Article 16

The personal data filing system controller is authorized to provide personal data to data subject based upon his/her written request.
The personal data can be provided to the user of personal data for performance of his/her duties and authorities according to the Act.
The written request shall state the purpose and legal basis for the personal data use, type and time for use of personal data requested.


Article 17

Personal data may be used only in the term necessary for the fulfillment of the specific purpose, unless a different period has been established by a Separate Act.
Following the expiry of the term referred to in Paragraph 1 of this Article, the user of personal shall data shall be obliged to erase them, unless otherwise established by a special act.
Provisions laid out herein pertaining to provision of personal data for use also apply to the exchange of personal data between state bodies, unless otherwise established by a special act.


Article 18

The personal data filing system controller maintains records on disclosed personal data, personal data recipients containing and purposes of their disclosure.


4. Obligation of informing the data subject on processing ,updating or erasing of personal data

Article 19

The personal data filing system controller or his/her representative, during processing of personal data shall be under obligation to communicate to the data subject the following information:
1) data on the data controller and his possible representative (personal name, title or official name respectively and address or seat respectively),
2) the purpose of the processing of personal data;
3) data recipient or the type of data recipients;
4) obligation to provide personal data;
5) possible consequences of refusing to provide personal data.
The obligation of informing from Paragraph 1 point 4) and 5) of this Article, exists if data are collected directly from the data subject.

Article 20

Prior to supplying of personal data, personal data filing system controller shall be under obligation to communicate to the data subject about this.

Irrespective of Paragraph 1 of this Article, personal data filing system controller is not obliged to communicate to the data subject if data are provided for the statistical and scientific-research purposes or for the purpose of processing of personal data , as provided by the law.

Article 21

The personal data filing system controller shall be under obligation to update data from the personal data collection.
If establishes that personal data are incomplete or incorrect, data filing system controller shall be under obligation to supplement or change them.


Article 22

The personal data filing system controller shall be under obligation to erase personal data if their processing is not lawful.
The personal data filing system controller shall be under obligation to communicate to the data subject and the recipient of personal data on supplementing or erasing of personal data from Article 21 Paragraph 2 of this Act, and erasing of personal data from Paragraph 1 of this Article, not later than eight days since changing, supplementing or erasing.


5. Measures for protecting of personal data in processing

Article 23

The personal data filing system controller and the recipient shall be under obligation to provide technical, personnel and Authorization measures , in order to protect them from loss, destroying, unauthorized accessing, changing, publishing, likewise abusing.
Measures for protecting of personal data referred to Paragraph 1 in this Article must correspond to the nature and character of processed data.

Article 24

Persons employed at the State Agency, local self-management agency, company, other legal person, entrepreneur, natural person likewise persons employed at entrepreneur or natural person who perform processing of personal data, shall be obliged to protect the secrecy of personal data with which they become familiar in performing their, work .

Article 25

6. Filing system catalogue

Data controller shall establish for each filing system he/she establishes a filing system catalogue.
Catalogue from Paragraph 1 of this Article, shall contain:
1) title of the filing system;
2) legal basis for processing personal data;
3) personal name that is official name of data controller, his seat ,temporary or permanent residence and address ;
4) purpose of processing of personal data;
5) category of data subjects to whom the personal data relate;
6) the type of personal data in the filing system;
7) way of collecting and storage of personal data;
8) duration of storage and using of personal data;
9) personal name that is official name of recipient of personal data, , his seat ,temporary or permanent residence and address ;
10) data on transfer of personal data from Montenegro with stipulating of State of transfer or International Authorization or other foreign recipient, purpose of transfer established by ratified International Treaty and Act, or written consent of the data subject;
11) internal rules for processing and protecting of personal data of Data controller.
Form and procedure for holding of catalogue from Paragraph 1 of this Article, shall be prescribed by the Ministry competent for public-administration affairs.

Article 26

Before establishing of Filing system catalogue the Data controller shall be obliged to provide consent of the independent Supervisory Body.
Together with he request for consent, Data controller shall be obliged to deliver data from Article 25, Paragraph 2 of this Act.

Article 27

The Independent Supervisory Body maintains a file on register of personal data ) from Article 25 Paragraph 1 of this Act (hereinafter: Filing system catalogue).
Into Filling system catalogue shall be entered data from Article 25, Paragraph 2 of this Act.
Exceptionally from Paragraph 2 of this Article, into Filing system catalogue, data on Filing system catalogue maintained by competent data filing system controller shall not be entered , if such is requested by the interests of defence, National and Public Security and protection of human life and health.

Article 28

Before amending of data from Article 25 Paragraph 2 of this Act, data controller shall be obliged to provide consent of the independent Supervisory Body.
Regulations from Paragraph 1 of this Article does not apply onto file on register of personal data, when the processing purpose or categories to personal data to be processed, categories of data subjects, the users or user categories to whom such data shall be disclosed to and the time period during which such data shall be disclosed are regulated by separate Act.

Article 29

The public has access to the records in the Central Register according to the regulations on the work of the independent Supervisory Body, according to the Act.


III SPECIAL FORMS OF PERSONAL DATA PROCESSING

Article 30

The properties of a data subject shall be determined or compared through the processing of biometric characteristics so as to identify him or confirm his identity (hereinafter: biometric measures) under the conditions provided by this Act.



Article 31
State bodies, bodies of self-governing local communities, state bodies, bodies of self-governing local communities, other legal persons and entrepreneurs , who are holders of public powers (hereinafter: public sector) may apply biometric measures regarding entry into business respectively official premises and presence of employees at the work if such measures are provided by law.
Measures from Paragraph 1 of this Article, may be prescribed if such is necessary for the security of persons or property and in order to protect classified data or business secrets, if such can not be achieved on different way.
Exceptionally from Paragraph 2 of this Article, biometric measures my be prescribed by Act, in order to:
1) exercise legal obligations from International agreements
2) identify persons crossing the State border.

2. Register of entry and exit from premises

In order to provide personal and property security of official and business premises, State bodies, bodies of self-governing local communities, state bodies, bodies of self-governing local communities, other legal persons and entrepreneurs, may request from the person entering into official or business premises, to
1) announce reason for entering into official or business premises;
2) deliver personal data ;
3) present for inspection ID document, if necessary;
ID document from Paragraph 1 point 3 of this Article, is a document on establishing of identity issued according to the Act.
Personal data from Paragraph 1 point 2 of this Article are: personal name, type and number of personal document, temporary or permanent residence, address and employment.

Article 33

Records on entry and exit from official or business premises shall be maintained. Records from Paragraph 1 of this Article, shall contain : personal data from Article 32 Paragraph 3 of this Act, date, time, reason of entry into official or business premises or facility or exit from them.
Records from Paragraph 1 of this Article shall be regarded as official records if the acquisition of data is required in terms of benefiting a minor or for the implementation of the competences of the police, and intelligence-security activities.
Personal data from records from Paragraph 1 of this Article may be stored for a maximum of one year from their creation, and shall then be erased, unless otherwise provided for by law.






3. Video surveillance

Article 34
State bodies, bodies of self-governing local companies, other legal persons and entrepreneurs may introduce video surveillance of access to their official premises or business premises if necessary for the security of people or property, or where due to the nature of the work there exists a potential threat to employees
The decision on introduction of video surveillance, from Paragraph 1 of this Article, shall be taken by the head of the State bodies, bodies of self-governing local communities and responsible person in the public sector or other legal person or entrepreneur, if introduction of video surveillance is not regulated by law.
The written decision from Paragraph 2 of this Article shall explain the reasons for the introduction of video surveillance.
Video surveillance, from Paragraph 1 of this Article, may only be implemented in a manner that does not show recordings of the interior of residential buildings that do not affect entrance to their official and business premises, or recordings of entrances to apartments.
All employees working in the premises under surveillance must be informed in writing of the implementation of video surveillance.

Article 35

State bodies, bodies of self-governing local communities, companies or other legal persons and entrepreneurs may implement video surveillance of official premises or business premises if necessary for the security of people or property or classified data or business secrets or if that otherwise can not be achieved.
Video surveillance shall be prohibited in work areas outside of the workplace, particularly in changing rooms, lifts and sanitary areas.
The decision on introducing of video surveillance from Paragraph 1 of this Article, if introducing of video surveillance is not regulated by law shall be brought by the head of self-governing local communities or responsible person in companies or other legal persons or entrepreneur.
Prior to the introduction of video surveillance, persons from Paragraph of this Article, shall be obliged to consult the representative of the trade union at the employer or employees.
Employees must be informed in advance in writing prior to the commencement of implementation of video surveillance.
In the area of national defence, national intelligence-security activities and the protection of secret data, the fourth and fifth Paragraphs of this Article, regarding official office premises or business premises, shall not apply




Article 36

On video surveillance from Article 34 Paragraph 1 and Article 35 Paragraph 1 of this Act, records shall be maintained.
Records from Paragraph 1 of this Article, shall contain : individual record (video or sound or video and sound), date and time of recording of entry and exit and if necessary , his/her personal name, temporary or permanent residence and address, employment, type and number of ID document, reason of entry if entered data are collected beside record or by record of video surveillance system.
Personal data from records from Paragraph 1 of this Article may be stored for a maximum of one year from their creation.


Article 37
Video surveillance may be implemented onto entrance and exit interior of residential buildings and joint premises.
The written consent of joint owners shall be required for the introduction of video surveillance in an apartment building.
The consent from Paragraph 2 is given if it is expressed by joint owners with a share of more than 70% of the ownership.
It shall be prohibited to enable or implement current or subsequent examination of recordings of video surveillance systems through internal cable television, public cable television, the Internet or the use of other telecommunications means able to transmit such recordings, irrespective of the moment of their recording or after that.
Entrances to data subject apartments may not be recorded by video surveillance systems.

Article 38
State bodies, bodies of self-governing local communities, other legal persons and entrepreneurs that conducts video surveillance must publish a notice to that effect.
Notice from the Paragraph 2 of this Article must be visible and plainly made public in a manner that enables data subjects to acquaint themselves about its implementation at the latest when the video surveillance of them begins.
The notice from the Paragraph 2 of this Article contain the information on:
1)the title of the person implementing it, and
2) a telephone number to obtain information as to where and for which period recordings from the video surveillance system are stored.
Through notification from the second Paragraph of this Article the data subject shall be deemed to have been informed of the processing of personal data .
The video surveillance system used to conduct video surveillance must be protected against access by unauthorised persons.






Article 39


Regulations from the Article 34 of this Act, shall be implemented onto performing of video surveillance of public areas, unless otherwise provided for by the law.


IV TRANSFER OF PERSONAL DATA FROM MONTENEGRO

Article 40

The transfer of personal data that are processed from Montenegro to a third country or their disclosure to the International Organization shall be permitted provided that the organization to which are disclosed ensures a minimal level of protection of personal data according this Act, based upon previously provided consent of independent supervisory body.


Article 41

The consent from the Paragraph 40 of this Act, shall not be required, if such is requested by the interests of defence, national and public security and protection of human life and health, likewise taking of actions aimed preventing and detecting of criminal act.
In the case of Paragraph 1 of this Article, the transfer of personal data that are processed from Montenegro to a third country or their disclosure to the International Organization which does not ensure an adequate level of protection of personal data shall be permitted :
1) if the data subject to whom the personal data relate gives personal consent;
2) the data controller ensures adequate measures of protection of personal data and of the fundamental rights and freedoms of data subjects, resulting from the
the fundamental rights and freedoms of data subjects, and declares the possibility of their fulfilment or protection, especially in the provisions of the International treaties, and which Independent Supervisory Body considers as appropriate and according to the regulations on protection of personal data









V. RIGHTS OF DATA SUBJECT ONTO PROTECTION OF PERSONAL DATA

Article 42

The personal data filing system controller shall, at the latest not later than 15 days from receiving a written request about it, provide the following to every data subject or his/her legal representative or plenipotentiary:
1) the personal data filing system controller, processor and user (personal name and his/her seat and address);
2) purpose and legal basis for personal data processing;
3) right to access to the personal data relating to the data subject and
4) right to correct such data.
Notification from the 1 Paragraph of this Article, shall be issued in the form of certificate, confirmation, transcript and similar document.


Article 43

On the request in written from the data subject, his/her legal representative or plenipotentiary, not later than 15 days upon submitting the request, the personal data filing system controller shall be under obligation to :

1) complete, alter or personal data if the data is incomplete, inaccurate;
2) delete personal data if their processing is not in accordance with provisions of the law;
3) suspends using of inaccurate or incomplete personal data ;
4) suspends using of personal data, if their using is not in accordance with provisions of the Act;

The personal data filing system controller shall be obliged to inform the person to whom the data relate, his/her legal representative or plenipotentiary and the users of such personal data of any amendments, alterations or deletions of personal data from the Paragraph 1 of this Article, undertaken within 8 days.

Article 44

The rights stipulated by the provisions of Articles 19 and 20 of this Act may be restricted if deemed necessary for the protection of national and public security, detection or persecution of perpetrators of a crime, protection of important economic or financial interests of the state, cultural assets, and for the protection of persons or the rights and freedoms, within the scope necessary for the fulfillment of purposes for which the limitation in question has been determined, unless otherwise provided by a special act.




Article 45

All costs referred to in Articles 42, and 43 of this Act shall be borne by the personal data filing system controller, unless otherwise regulated by a special act.


Article 46

A person who considers that any of his/her rights guaranteed by this Act have been violated may submit a request to establish the violation of rights to the Independent Supervisory Body.
Independent Supervisory Body shall issue a decision regarding the request on the rights violation within 60 days since submitting of request.
Administrative proceedings and deciding on the request from Paragraph 1 of this Article shall be performed in accordance with provisions of the Article 49 to 56 of this Act;
Upon request of a person asking for the protection of his/her rights, Independent Supervisory Body may issue a temporary ruling prohibiting the processing of data in question until the finality of the proceedings, if violation of rights established by this act exists or is likely to be committed.
An appeal against the ruling referred to in Paragraph 2 of this Article can be filed.


Article 47
The personal data filing system controller shall be responsible for any damages suffered by the data subject, in accordance with general regulations regarding the compensation of damages.


VI SUPERVISION

Article 48
Supervision over implementation of this Act, shall be performed by the Independent Supervisory Body, by means of persons employed in that Body, who are authorized for performing of such tasks, pursuant to the act on systematisation the internal organisation (hereinafter : Controller).
Controller may be a person, who beside general conditions provided by Act, also fulfils next conditions:
1) university degree;
2) five years of working experience, of which at least one year has been in work with personal data;
3) have passed the professional examination for work at State bodies;
4) not condemned for the criminal act which makes him/her unsuitable for performing of duty at State bodies;
5) criminal charges are not brought against him/her.
Proceeding of supervision from Paragraph 1 of this Article shall be started ex officio.
Any person may submit a request for starting of the procedure of supervision.

Article 49
Controller is authorized onto access to data contained in the collections of personal data irrespective of the fact if files on such collections are maintained in the Register of collections of personal data likewise the access to other documentation regarding personal data processing and devices for electronic data processing.

Article 50

The personal data filing system controller, user or processor are obliged to allow access to data collections, lists and other documentation, devices for electronic processing and on the request of controller, to deliver requested lists and other documentation.



Article 51

On performed supervision from Article 48 of this act, a record shall be created not later than 15 days after such supervision was conducted.
If supervision, on the request of person, is performed in order to protect rights, controller is under obligation to execute the procedure according request immediately and at the latest within eight days since submitting of request.

The personal data filing system controller, likewise person who submitted the request for protection of right may file an appeal against record from Paragraph 1 of this Article to the Independent Supervisory Body.

Article 52

If the personal data filing system controller, does not deny on founded way assertions from records on irregularities during processing of personal data, Independent Supervisory Body shall pronounce measures against personal data filing system controller according to the regulations of this Act.

Article 53

If controller, on the request of person for protection of rights, during performed supervision establishes no violation of rights, which person points out in the request, a person can file an appeal to the Independent Supervisory Body, at the latest within eight days since receipt.
The Independent Supervisory Body may, based upon record on conducted supervision, if person has not filed an appeal, or like in the case from Article 49, Paragraph 3 of this Act judges that appeal is not founded, reject the request by Decision.
If Independent Competent Body, by acting according to the appeal from the Article 49 Paragraph 3 of this ct , judges that appeal is founded, measures against personal data filing system controller according to the regulations of this Act, shall be pronounced.


Article 54
During supervision , Independent Supervisory Body shall be entitled issue a Decision on
1) ordering that irregularities be eliminated within a certain time period,
2) temporarily prohibiting processing of personal data being processed contradictory
to the legal provisions,
3) ordering erasure of personal data collected without a legal ground,
4) prohibiting that such data can be transferred abroad from Montenegro or to users,
contrary to provisions stipulated by this Act,
5) prohibiting the assignment to collect and process personal data to processing officials if a processing official does not fulfill the requirements prescribed for personal data protection, or where the assigning of these tasks has been conducted contradictory to provisions stipulated in this Act.



Article 55
Against the Independent Supervisory Body decision, administrative proceedings can be initiated.

Article 56

For the conducting of inspection supervision, obligations and authorities of Controller the provisions of the law governing inspection supervision shall apply, unless otherwise provided by this Act.

VII AGENCY FOR PROTECTION OF PERSONAL DATA

Article 57

For the purposes of performing the work of Independent Supervisory Body, Agency for Protection of Personal Data (hereinafter: Agency) shall be established by this Act.
The Agency shall be independent in carrying out its activities, from its legal competence.
The Agency shall be a legal person.
The right of founder on behalf of Montenegro, according to the Act, performs Council of the Agency.
Article 58

The Agency shall conduct the following activities:
1) supervise the implementation of personal data protection, according to provisions stipulated in this Act;
2) resolves requests regarding protection of rights;
3) gives opinion regarding implementation of this Act;
4) gives opinion regarding the creation of new personal data filing system;
5) issue its opinion, when this has not been precisely established, whether a certain group of personal data is considered to be a personal data filing system within the meaning of this Act;
6) monitor the application of organizational and technical measures aimed at data protection, and propose improvements of these measures;
7) issue proposals and recommendations regarding the advancement of personal data protection;
8) issue an opinion as to whether certain ways of personal data processing represent specific risks for the rights and freedoms of data subjects;
9) monitor organization of personal data protection in comparative systems;
10) cooperate with competent bodies authorized for personal data protection in other countries,
11) cooperate with competent state authorities in preparing draft regulations regarding personal data protection;
12) issue proposals regarding evaluation of constitutionality and lawfulness of the act , likewise constitutionality and lawfulness of other regulations and general acts regulating the issues of personal data protection, and
13) conduct other activities as defined by Act.

Article 59
The Agency shall submit an Annual Report on situation regarding protection of personal data to the National Parliament of the Republic of Montenegro ( hereinafter: Parliament), no later than by the 31 May of the actual year, for the previous year.
The Agency shall submit separate Report to the Parliament regarding situation in the area of protection of personal data :
1) on the request of Parliament;
2) if Agency estimate that such is necessary due to specially important reasons.
In the Report from Paragraph 1 of this Article, an assessments regarding situation the area of protection of personal data, proceedings initiated based upon this Act and ordered measures, likewise on the level of protecting of individual rights during personal data processing, shall be advertised.
Reports from Paragraph1 and 2 of this Article must be done accessible to public.


Article 60

The Agency shall have the Statute.
The Agency Statute specifically contains:
1) seat and area of activity of the Agency,
2) internal organization of the Agency;
3) way of work, deciding and competences of Agency bodies,


Article 61

Agency bodies are : Agency Council and Director.

Article 62

Agency Council have two Presidents and two members.
President and members of the Council shall be appointed by the Parliament.
President and members of the Agency Council shall be appointed on proposal of Parliament Working Team competent for the election and appointment .
President and members of the Agency Council shall be appointed for a period of five years with the possibility of reappointment.
President and members of the Agency Council shall be responsible for their work, to the Parliament.




Article 63

As director and member of the Council can be appointed a person who fulfills next conditions:
1) citizen of Montenegro,
2) university degree,
3) work experience in personal data processing

Article 64

As member of Agency Council shall not be appointed a person:
1) Parliament member and Committee member,
2) elected, appointed and placed in the Government,
3) official of political party (president of political party, member of Presidency his/deputy, Member of Main Boards likewise other officials of political parties),
4) if convicted by a final decision of a criminal offence against official duty or if convicted by a final decision of some other criminal offence of penalty of imprisonment lasting longer than six months, during the period of lasting of legal consequences of verdict.
Candidate for the member of Agency Council shall be obliged to deliver a statement in written to the Work Body from Article 62 Paragraph 3 of this Act, of on not existing of obstacles for appointment, as defined by law.





Article 65

The Agency President and Agency Members shall conduct their tasks as part time employees and for their work shall be entitled onto pecuniary reparation.
Reparation from Paragraph 1 of this Article shall be established as for a salary of judge of Superior Court .

Article 66
The Agency President and Agency Member may be subject to early dismissal:
1) upon personal request,
2) if he/she becomes permanently incapable of performing his/her function,
3) if circumstances from Article 64 of this Act arise,
4) if he/she violates the obligation on protecting of personal data.


Article 67
Agency Council shall:
1) adopt the Rules of Agency,
2) adopt statute, act on systematisation the internal organisation and other acts of Agency,
3) prepare annual report and separate reports regarding situation in the area of protection of personal data ,
4) establish annual work plan and annual report on the work of the Agency,
5) establish financial plan and final account,
6) bring decisions upon personal request for protection of rights and in other cases upon conducted supervision,
7) conduct other activities as defined by the Act and statute.
Rules from Paragraph1 point 1 of this Article, shall be advertised in the Official Gazette of the Republic of Montenegro.



Article 68


Agency Council shall work and bring decisions on sessions with presence of at minimum two members of the Council.
Agency Council shall bring decisions by the majority of votes out of total number of the members of Council.
Article 69

Agency Director shall be appointed by Agency Council, based upon public competition, for a period of four years.
As a Agency Director shall not be appointed a person who can not be appointed as Agency member, as defined by this Act

Article 70

Agency Director shall:
1) represent and introduce the Agency,
2) organize and manage the Agency,
3) implement decisions of Agency Council,
4) propose to Agency Council the working plans, reports regarding situation the area of protection of personal data,
5) conduct also other activities as defined by Act and statute.


Article 71

Agency Director, Controller and other employees from professional service of Agency shall be obliged to protect as professional or other kind of secret as defined by the regulations on secrecy , all data they encounter in performing their professional duties.
The obligation from Paragraph 1 of this Article shall also apply after ceasing to perform the Agency Director’s service or ceasing to perform Controller’s service or other employee service from professional service of Agency.


Article 72

Resources for the Agency operation shall be secured from the Budget of the Republic of Montenegro and other resources as defined by law.

Article 73

The Agency shall have its own professional service.
General employment regulations shall apply to the rights, obligations and responsibilities of employees of the Agency’s professional service.


PENAL PROVISIONS

Article 74
A fine from ten times to three hundred times amount of minimal salary in the Republic of Montenegro, shall be imposed for a minor offence on a legal person :

1) if he/she processes personal data without having personal consent of the person to so do (Article 9);
2) if he/she does not delete personal data from the Register of personal data within 3o days since the day of erasing of consent (Article 10),
3) if he/she processes special categories of personal data in contravention of this Act (Article 12),
4) if he/she processes personal data regarding criminal proceedings or minor offence, in contravention of this Act (Article 13),
5) if he processes personal data for a commercial purpose and other forms of placing in public having personal consent of the individual to so do (Article 14),
6) if he entrusts an individual task relating to the processing of personal data to another personal data processing official who is not registered for conducting activities of processing of personal data or implementing of technical, personnel and organizational activities for protection of personal data (Article 15 Paragraph 3),
7) if he fails to keep records on the personal data transferred to personal data recipients and purpose of their transfer (Article 18);
8) if he does not erase personal data, if their processing is in contravention of this Act (Article 22, Paragraph 1),
9) if he fails to ensure adequate technical measures for protection of personal data, in order to protect them from loss, destroying, unauthorized access, changing, publishing likewise abusing (Article 23 Paragraph 1),
10) if he fails to keep records on established Register of Personal Data or fails to update records (Article 25),
11) if he establishes Register of Personal data without having the consent of the independent supervisory b ody (Article 26 Paragraph 1),
12) if he performs video surveillance on a way that interior of apartment buildings which do not have any impact onto entry into housing and business premises is shown or records entrance of apartment building (Article 34)
13) if he fails to inform in written employees working in premises with video surveillance , on performing of video surveillance (Article 34 Paragraph 5),
14) if he performs video surveillance in work areas outside of the workplace (Article 35, paragraph 2),
15) if he fails to inform employees in advance in writing prior to the commencement of implementation of video surveillance (Article 35 Paragraph 5),
16) if he records entrances to individual apartments by video surveillance systems (Article 37 Paragraph 5),
17) if he fails publish a visible and plainly made public notice on implementation of video surveillance (Article 38 Paragraph 1 and 2),
18) if public notice on implementation of video surveillance does not contain prescribed information (Article 38 Paragraph 3),
19) if he fails to protect video surveillance system from the access of unauthorized persons (Article 38 Paragraph 5),
20) if he fails to supply information not later than 15 days since submitting of request (Article 42),
21) if he fails to amend, change, erase or suspend use of personal data, not later than 15 days since submitting of request, (Article 43 Paragraph 1)
22) if within eight days, he fails to inform person, his/her legal representative or plenipotentiary on carried out amending, changing, erasing or suspending of use of personal data;
23) if personal data recipient or processing official fails to act according to order or prohibition of the Independent Supervisory Body (Article 54)..

A fine from one to twenty times amount of minimal salary in the Republic of Montenegro shall be imposed for actions from Paragraph 1 of this Article for a minor offence on a legal person, responsible individual in the state body or other body and natural person designated as personal data filling system controller, personal data processing officer or personal data recipient.

A fine from one to twenty times amount of minimal salary in the Republic of Montenegro for actions from Paragraph 1 of this Article shall be imposed a entrepreneur.

IX FINAL AND TRANSITIONAL PROVISIONS

Article 75
Procedure for election of President and members of Agency Council shall be performed not later than six months since coming into force of this Act. Proposal for appointment of the President and members of Agency Council, Parliamentary Working Body competent for election and appointment, shall submit to the Parliament not later that three months since the date of coming into force of this Act.
Appointment of the Agency Director shall be carried out not later than three months since the date of appointment of the Agency President and members.

Article 76
The Government of Montenegro shall not later than three months since the date of coming into force of this Act provide premises, technical and other conditions for beginning of work of the Agency.





Article 77
The ByActs for implementation of this Act shall be adopted not later than three months since the date of coming into force of this Act and appointing of the President and members of the Agency Council.


Article 78
Personal data Filling System catalogues established until coming into force of this Act, shall be harmonized with the provisions of this Act, not later than six months since the date of beginning of applying of this Act.
Processing officials shall be obliged to establish the records from the Article 25 of this Act and to deliver it to the Agency, not later than nine months since the date of beginning of applying of this Act.
State bodies, bodies of self-governing local communities, companies, other legal persons and entrepreneurs shall be obliged to harmonize records on entrances and exits from premises and performing of video surveillance with regulations of this Act, not later than six months since the date of beginning of applying of this Act.


Article 79
On the day this Act enters into force, Act on Protection of Personal data (Official Gazette of the Republic of FRY, No. 24/98 and 26/98) shall cease to have effect.


Article 80

This Act enters into force eight days after its publishing in the “Official Gazette of the Republic of Montenegro” , and shall be applied following expiry of three months since the date of coming into force.


































E X P L A N A T I O N

I. Constitutional ground for adopting of Act

Constitutional ground for adopting of Act on Protection on data on Individual is contained within the Article 12 indent 1 and 4 of the Constitution of the Republic of Montenegro prescribing that Act, according to the Constitution regulates the way of accomplishing of freedoms and rights if such is necessary for their accomplishment, likewise other issues within the interest for the Republic.


II. Reasons for adopting of Act

According to Article 31 of the Constitution of the Republic of Montenegro, is guaranteed protection of data about person, use of data on person out of purpose for which they are collected is prohibited and gives right to any person to be informed about collected data on person if regarding him, likewise the right onto Court protection in the case of their abuse.

Republic of Montenegro do not have its Act on Protection of Data on person, but according to Article 4 of Decision on Declaration of Independence of the Republic of Montenegro, Act on Protecting of Data on Person (Official Gazette of the Republic of FRY, No. 24/98 and 26/98) is applied. However this Act has some shortages and some solutions are not in accordance with the European legislation and ratified International Conventions.

According to the Article 88 of the Agreement of Stabilization and Association between EC and their eight Member States, which is initiated, is anticipated that upon coming into force of this Agreement, Montenegro shall harmonize its legislation within the field of protection of personal data with the EC Act and other European and International legislation on privacy, and that Montenegro shall establish the Independent Supervisory Body with sufficient financial and human resources in order to implement effective supervision and guarantee implementation of Act in the field of protection of personal data.

Adopting of the Act should be seen within the context of the Act on Free Access to Information (Official Gazette of the Republic of Montenegro, No. 68/05), as one of ways which should provide the publicity of work of State Administration and its bodies and Act on Protection of Classified Data, which is in preparation, according which secrecy of specific information should be reduced to minimal contents level as requested by the open and democratic society.



From up mentioned results the need for adopting of separate Act, which should appropriately and in accordance with International Standards and comparative positive practice, protect the right onto privacy and other human rights and fundamental freedoms in processing data on person.

III. Harmonization with European legislation and ratified International Conventions

Draft of Act on Protection of Data on Person is to the possible level harmonized with the European Convention for Protection of Human rights and Fundamental freedoms, which treats the issue of protection in the Article 8, also with the Directive of EU Parliament and Council on Citizens Protection regarding processing of personal data (95/46 from 10.24.1995), Directive of EU Parliament and Council on processing of personal data in electronic communication area (2002/58 FC dated 07.12/02), Directive of EU Parliament and Council on keeping of produced or processed data in connection with the Regulation on publicity of disposed electronic communication services and public communication network and supplement to Directive 200/58/EC (2006/24)EC dated 03/15/06 and Convention on protection of persons regarding processing of personal data of EC (ETS No 108).


IV Explanation of basic legal institutions

Text of Draft of Act on Protection of Data on Person (hereinafter: Draft of Act) is systemized into nine chapters with next contents :

In Chapter I General Provisions ( Article 1-8 of the Act) is regulated the purpose of this Act, that is protecting of right onto privacy in processing of data on person (hereinafter: personal data) that is recognized in the Article 8 of the European Convention on protection of human rights and fundamental freedoms and general principles contained in the EU Regulations.
Draft of Act, in general provisions, includes important principles which should guide all those who will implement this Act:
1) principle of protecting of data on person at the level of principles and standards included into International documents on human rights and fundamental freedoms ( Article 1 of Draft of Act);
2) principles regarding quality of data in the procedure of their processing which ensure that data : shall be process on lawful way, collected into concrete and legal purpose and not shall be processed on the way which is not according to such purpose, shall be appropriate and not supernumerary compared to purpose, shall be accurate and stored in the form which allows identification of the person within the period not longer then it is necessary for the purpose of their processing ( Article 2 and 3 of Draft of Act).
3) principle of non-discrimination whose respecting should provide protection of personal data to every person irrespective his/her status, features or other characteristics ( Article 4 of Draft of Act).
4) principle of applying of National legislation in the case of transfer of personal data of Montenegro or their transit across the territory of Montenegro ( Article 5 of Draft of Act).
5) principle of obligatory implementation of the Act onto all data processors , with the possibility to regulate by separate Act the protection within the field of defense, national and public security and Court Bodies in applying of Criminal Act (Article 3 Paragraph 1 and 2 of the Draft of Act).
In Article 8 of this Draft Act is given explanation of meaning terms used in this Act (personal data, processing, personal data filing system, Personal data recipient, Data processor, data subject's consent, special categories of personal data an biometric data

In the Chapter II – processing of personal data (Article 9 to 29 of Draft Act), in this segment are regulated conditions for processing of personal data, entrusting of processing of personal data, obligation of informing the person, measures of protecting of personal data and holding of records on Register of personal data .
3) Regarding conditions for personal data processing, the principle of processing of personal data solely upon obtaining of the consent of the person subject to processing of personal data is established, with prescribing of criteria when data processing shall be performed without consent of subject to processing of personal data , so four such cases are defined: in order to exercise legal obligations and competences of Personal data filing system controller; for the purpose of protecting the life or health of persons, when data subject is incapable of giving his consent; for the purpose of taking of actions preceding concluding of agreements and in the procedure of exercise Lawful exercise of obligations arising from agreements and if the data subject discloses such data on his own (Article 9 of Act) , with also established right of the person to withdraw his/her consent.
According to the Act are proscribed exceptions from prohibition to process personal data regarding racial or ethnic background, political or other convictions, social standing membership in trade unions, associations and other organizations, likewise data regarding health status, sexual life or sexual orientation, with particular marking and protection of this category of personal data (Article 12 of Draft Act).
In this Section are also regulated :
- prohibition of Processing of personal relating criminal proceedings or infraction with proscribing exceptions from such prohibition ( Article 13 of the Draft Act)
- prohibition of personal data processing into commercial purpose or public disclosure without data subject’s consent ( Article 14 of Draft Act).
Concerning entrusting data subject tasks regarding the processing of personal data to other processing official, such possibility is provided, under the condition:
- that contract is concluded,
- processing official is registered for conducting these activities
- processing official fulfils conditions regarding the realization of appropriate personal data protection measures (Article 15 of Draft Act).

Based upon Draft Act are regulated conditions and circumstances under which the personal data can be used or disclosed to the third party ( user of personal data). Primary, that is for performance of his duties and authorities according to the Act, solely the for the time and purpose requested. The personal data filing system controller shall be obliged to keep records on disclosed personal data, and purposes of their disclosure.(Article 16-18 of Draft Act).
Within the segment of obligation communicate to the data subject on processing, updating and erasing the obligation of filing system controller to communicate information exists irrespective if data are collected directly from the data subject or not. Thus is brought into balance the principle of protection which establishes obligations to filing system controller towards data quality, technical safety, circumstances of processing and other obligations and right of data subject to be communicated that processing of personal data is conducted, that he/she is entitled onto right to inspect such data, request corrections and supplements and to refusing to provide personal data in certain situations ( Article 19 of the Draft Act). Regarding rights of person the personal data filing system controller shall be under obligation, ex officio, to supplement incomplete or change incorrect data (Article 21 of the Draft Act) likewise regulating of cases when personal data need to be erased (Article 22 of the Draft Act).
Providing of technical, personnel and organizational measures for protection of personal data in order to protect them from loss, destroying, unauthorized accessing, changing, publishing, likewise abusing, likewise the bound to protect the secrecy of personal data are subject to separate section (Article 23 and 24 the Draft Act).
Regarding Filing system catalogue, regulations of the Article 25-29 of the Draft Act, filing system controller shall be under obligation to establish and maintain filing system catalogue for each filing system, prescribe the type of personal data in the filing system and establish Central Register. The public access to the records in the Central Register according to the regulations on the work of the independent Supervisory Body, shall be established.
In the Chapter III- Special forms of processing of personal data processing(Articles 30 to 39 of the Draft Act) for the first time the issue of biometric data of natural person, maintaining of Register for the control of entry and exit from premises and facilities and introducing of video surveillance is regulated by Act.
Based upon regulation from Articles 30 and 31 of Draft Act, is provided that biometric measures can be prescribed under the conditions provided by this Act and solely for public sector if such is necessary for the security of persons or property and in order to protect classified data or business secrets, if such can not be achieved on different way. bearing in mind the fact that applying of biometric measures is more and more established as International obligation, especially for crossing the State border, Exceptionally from of this case, biometric measures my be prescribed by Act, in order to exercise legal obligations from International agreements identify persons crossing the State border.

Aiming harmonization of the practice of registering of entry and exit from facilities and premises is established the right of State bodies, and other bodies, organizations legal persons and entrepreneurs to request from the person entering into official or business premises, to announce reason for entering into such premises, deliver certain personal data, present for inspection ID document, likewise to maintain records on entry and exit from premises and facilities (Articles 32 and 33 of the Draft Act).
Based upon regulation from Articles 34 and 38 of Draft Act the issue of video surveillance of access to official premises or business premises likewise official premises or business premises in residential buildings is regulated.
The decision on introducing of video surveillance shall be preceded by making decision publishing of decision and obligation on informing employees on performing of video surveillance
1. in a manner that does not show recordings of the interior of residential buildings that do not affect entrance to their premises, or recordings of entrances to apartments-business buildings ( Article 34 Paragraph 4 of the Draft Act),
2. Video surveillance shall be prohibited in work areas outside of the workplace, particularly in changing rooms, lifts and sanitary areas. ( Article 35 Paragraph 2 of the Draft Act),
3. Video surveillance may be implemented onto entrance of residential buildings with the consent of Assembly of joint owners with a share of more than 70% of the ownership, on such a way that entrances and exits into joint premises of residential buildings may be recorded but not entrances into apartments (Article 37 of the Draft Act).
In that, the obligation of publish a notice on performing of video surveillance and access to unauthorized persons (Article 38 of the Draft Act) shall be required.

In Chapter IV Transfer of personal data from Montenegro (Articles 40 and 41 of Draft Act) is developed principle of trans-border flow of personal data. Economical and social relations result in higher and higher trans-border flow of personal data for the sake of persons involved in private or public economic and social activities, but there is significant difference in States regarding the level of the protection of rights of freedoms of natural persons, especially the right on privacy regarding processing of personal data. Therefore, principle contained in the Article 27 of the Draft Act provides that personal data shall not be exported to the country with not ensured minimal level of protection of personal data, according this Act, based upon previously provided consent of independent supervisory body. According to the regulations of Article 41 of are regulated cases when consent of independent supervisory body and minimal protection measures, or solely minimal protection measures are not needed.
In the Chapter V Rights of data subject onto protection of personal data personal data filing system controller shall be obliged to a written request of data subject within prescribed term, deliver requested information , disregarding if they are collected from data subject or on other way. Thus is brought into balance the principle of protection which establishes obligations to filing system controller towards data quality, technical safety, circumstances of processing and other obligations and right of data subject to be communicated that processing of personal data is performed, that he is entitled onto right to inspect such data, request corrections and supplements and to refusing to provide personal data in certain situations ( Article 42 and 43 of Draft Act). All costs arising from these proceeding, shall be borne by the personal data filing system controller, unless otherwise regulated by the law. Exemptions and limitations, for certain fields (Defense, National and Public Security and other), my be regulated by special Act, but only to the extent necessary for achieving of the purpose of introduced limitation ( Article 44 of Draft Act).
Regarding the right of data person to file an appeal , the to submit a request to establish the violation of rights at any moment ,is established, if data person considers that any of his rights guaranteed by this Act have been violated. Independent Supervisory Body shall act according the request and bring decision, after completing of proceeding and Court protection is provided because contentious falling within the competence of administrative courts can be introduced.
Regarding the compensation of damages arising due to processing of personal data contrary to the regulations of this Act, data subject data person may file an appeal to the Court with general competences (Article 47 of the Draft Act).
In the Chapter VI Supervision (Articles 48 to 56 of Draft Act) – are proscribed necessary instruments for performing of supervision by Independent Supervisory Body, including authorities for investigating of status, eliminating of irregularities and ordering for consistent implementing of this Act. Implementation of the Act, shall perform Independent Supervisory Body through the Controller, onto whose proceeding and way performing of supervision, the provisions of the statute governing inspection supervision shall apply.
In the Chapter VI Agency for protection of personal data (Articles 57 to 73 of the Draft Act) is organized and established Supervisory Body, defined tasks of that body and provided full independence and fundamental component of protecting of persons regarding processing of personal data.

Agency for protection of personal data shall be an independent Supervisory Body (not a body of the State Administration) performing public authorities, legally separated and independently from the State and other bodies, organizations and other entities performing processing of personal data, it shall be independent in conducting of its tasks and for its work shall be responsible solely to the Parliament of Montenegro. Agency is also financially independent because resources for the Agency operation shall be secured from the Budget of the Republic of Montenegro.
According to the regulations from the Article 58 of Draft Act, is given the authority to the Agency by the measure of providing protection of personal data principles and standards from ratified International Agreements on human rights and fundamental freedoms and generally accepted regulations of the International Law.
Montenegro have no special Act regulating the work of Agency, therefore by this Act are regulated in details all issues regarding the Agency for protection of personal data – Statute (Article 60), Bodies of the Agency-Council and Director (Articles 61-70) and Professional Service of the Agency(Article 71).

In the preparation of Draft Act, one of fundamental issues was status of Independent Supervisory Body. There were three basic options, that:
1. Administrative Body supervised by the Ministry for Human and Minority Rights should be established, in order to conduct tasks of Independent Supervisory Body,
2. special body (board) should be established by the Government, in order to conduct tasks of Independent Supervisory Body,
3. Agency, with the characteristics of legal person should be established according to the Act, in order to conduct tasks of Independent Supervisory Body.

Irrespective the way of organizing, establishing of Supervisory Body requests expanding of the administration and new takings from the budget and it will take certain time until this Body begins to perform its competences with full capacities.

In the Chapter VIII Penal provisions (Articles 74 of Draft Act) penalties and fines for violation each of regulations of this Act, are prescribed.

In the Chapter IX Final and transitional provisions(Articles 75-80 of Draft Act) issues regarding election of the President, members of Council and Director of the Agency (Article 75), providing of conditions for work of the Agency (Article 76), adopting of Bylaws (Article 77), harmonization of Registers of Personal Data established before coming into force of this Act (Article 78).


V Evaluation of financial means for implementation of Act

In order to implement this Act financial means for organizing and functioning of the Agency for Protection of Personal Data amounting 178.500, € per year, are needed.


1. Current expenditures..............................................................158.500,00
1.1 Gross salaries and contributions paid by employers.............. 64.000,00
1.2 Other personal incomes ........................................................ 4.500,00
1.3 Expenditures for materials and services .............................. 30.000,00
1.4 Renting (leasing of premises) ............................................. 60.000,00
2. Procurement of equipment.................................................... 20.000,00

It is realistic to expect that seven persons ( Director, Deputy Director, three Controllers and two other persons) should be employed within the Agency at the beginning and that leasing of business premises should be provided.

VI The way of preparing of Act

Minister of Internal Affairs and Public Administration established the multi-competence Task Group for compiling of the Act on Protecting data on Persons, into which are appointed representatives of Ministry of Interior and Public Administration, Ministry of Culture, Sports and media, Ministry of Education and Science, Ministry of health, Agency for national Security, Secretariat for European Integrations, secretariat for development, Union of Employers of Montenegro, Central bank of Montenegro Republic Fund for Old Age and Disabled Persons Benefits, center for Human Rights of Faculty of Act and Association of Young Journalists. At the invitation at the meetings of the multi-competence Task Group were present the representatives of the Protector of Human Rights (Omdursman ), Police Directorate and Health Care Fund.
Starting from the obligation of the Ministry to consult the NGO Sector on legal and other projects and regulations for regulating the way of accomplishing of freedoms and rights of citizens(Article 80 Point1 of the Act on State Administration) and to provide the opinion of Municipalities in preparation of the Act regulating obligations of local Self-Administration, it is proposed, that the Government, according to the Article 44 of Operating procedure, establish the Draft of Act on Protection of data on person, establish the agenda of public judgment, appoint he Body for its implementation and establish term of 15 days for conducting of the public judgment.