CITY ADMINISTRATION EMPLOYEES' PERSONAL DATA IN 21 CROATIAN CITIES THAT WERE COLLECTED ON THE BASIS OF THE RIGHT TO ACCESS INFORMATION AND USED FOR BUSINESS PURPOSES HAVE BEEN REMOVED
A public sector evaluation system would certainly provide a better service to citizens. However, in that case, that type of system should have a legal basis in accordance with the General Regulation and adequate protection of the personal data of the persons whose activity is being evaluated. Consequently, only in this way, the grading system of officials and employees could be considered as valid, fulfilling the real objectives without any risks related to manipulation.
The company Feralis provided the service of initial compliance with the GDPR to the City of Rijeka, and during that period, we were informed on the fact that the personal data of officials and employees of the city administration were publicly published on the web portal www.ocijenime.hr .
The portal cases were managed by the association Prospectus from Dubrovnik, and the person authorized to represent was the lawyer Viktorija Knežević, who obtained the data about employees on the basis of the right to access information.
It is indisputable that citizens can access such data and that they are publicly available, but their application must be legal, which was not the case on that web portal.
Consequently, the Croatian Center for Personal Data Protection Feralis abbr. Feralis Center filed a complaint with the supervisory body (AZOP) for processing personal data of officials and employees that is contrary to the provisions of the GDPR on the web portal www.ocijenime.hr and filed a criminal complaint against Prospectus and Viktorija Knežević as authorized person for the criminal offense of unauthorized use of personal data.
The Agency for Personal Data Protection (AZOP) ordered that all personal data related to employees in city administrations in Rijeka, Pula, Zagreb, Dubrovnik, Varaždin, Bjelovar, Karlovac, Knin, Koprivnica, Križevci, Makarska should be removed from the web portal www.ocijnime.hr. Osijek, Ploče, Poreč, Požega, Samobor, Sinj, Slavonski Brod, Velika Gorica, Vukovar and Vrgorac, and at the same time the portal itself was removed.
All employees whose personal data have been disclosed and who have sustained damage personally in any way (eg. a published unpleasant comment or anything else that may has caused discomfort to the person or a fact that the person has suffered any other material or non-material damage as a result of such disclosure), pursuant to General Regulation related to damages.
The competent court decides on the damage and the amount of compensation.
In addition to the company Feralis providing services to businesses in the field of personal data protection and external data protection officer, on 03/03/2018. a non-profit association Croatian Center for Personal Data Protection Feralis, Jože Gabrovšeka 8, was founded in Rijeka, reg. no .: 8004472, for the purpose of application of our knowledge and experience regarding data protection for the benefit of the community.
The Feralis Center aims to raise general awareness and promote knowledge about personal data protection in society and its activity is related to regular professional consultations, workshops and professional development of data protection officers.
As an independent and professional subject of civil society, the Center cooperate and has established partnership with the economy and civil services and is thus is recognized by its expert advice and guidelines participated in organizing organizational protection measures in the first "artificial intelligence" (AI) project of the Ministry of Health Andrija Digitalni Assistant against COVID-19.
The Feralis Center is the first center in Croatia that provides advice and assists citizens in submitting complaints to the supervisory body (AZOP) in order to protect their personal data. In addition to individual complaints from citizens, it also submits complaints of public interest to protect the rights and freedoms of citizens with regard to the protection of their personal data, as it successfully did in this case in order to protect personal data of public sector employees.
You can read more about the procedure of personal data violation on the web portal www.ocijenime.hr and about our activities related to the same topic:
Glas Istre NovineNovi ListDubrovački list
