STA, 5 April 2018 - The government adopted on Thursday a bill on personal data privacy which implements the General Data Protection Regulation (GDPR), a key piece of EU legislation about data privacy. The bill has encountered strong opposition from the Information Commissioner.
According to the Government Communication Office (UKOM), the bill transposes the GDPR so as to safeguard the right of people to privacy and protect the interests of companies.
It added that the law will keep the achieved level of personal data privacy in Slovenia to the greatest extent.
UKOM noted that it was important for the new law to enter into force before the GDPR regulation takes effect on 25 May.
The bill systemically regulates the rights and obligations as well as procedures and oversight regarding the handling of personal data.
It for instance strengthens the oversight role of the national Information Commissioner, and bans using data obtained in direct marketing for political purposes.
Information Commissioner Mojca Prelesnik however responded to the bill with strong criticism, arguing a failure to significantly improve it in parliament would "lead to a lowering of already attained standards of information privacy protection".
She spoke of "a worryingly large circle" of those who exercise authority "but are entirely free of information privacy protection constrains".
Arguing the EU directive is in fact not being transposed at all, Prelesnik highlighted the absence of provisions regulating data retention periods and related procedures among the key issues.
The government moreover ignored her recommendations regarding the connecting of different databases, which the commissioner says will "allow the state to create large databases that can present serious risks for individuals and lead to grave interference with privacy".
The government sent the bill to the National Assembly, asking it to fast-track it through parliament.
At a recent debate hosted by AmCham Slovenia, it was said that many Slovenian companies were already preparing for a major change in how they treat personal data.
The stakeholders also stressed the GDPR regulation would be directly applicable even if no national law was passed by 25 May.
