The Agency for the Protection of Personal Data (AZLP) has started a procedure for the implementation of supervision over the legality of the activities undertaken in the processing of personal data and their protection by the State Election Commission (SEC), and related to the recent security incidents in connection with the held extraordinary parliamentary elections 2020.
As is known to the public, on the evening after the holding of the extraordinary parliamentary elections 2020, on July 15, 2020, an incident occurred where the web pages, i.e. web services of the SEC, were not available for a certain period. The SEC processes a large number of personal data according to its scope and categories that are related to the electoral process, of which certain categories of personal data are also available electronically.
The AZLP will ex officio investigate and check whether there has been a violation of the security of personal data processed by the SEC, i.e. whether the processing of personal data is in accordance with the rules of the Law on the Protection of Personal Data “Official Gazette of the Republic of North Macedonia” 42/20)
According to Article 37 paragraph (1) of the Law on the Protection of Personal Data “in case of violation of the security of personal data, the controller (in the specific case SEC) immediately and no later than 72 hours after learning about the same, is obliged to notify the Agency for the violation of the security of personal data, unless there is a probability that the violation of the security of personal data creates a risk for the rights and freedoms of natural persons. When the notification to the Agency is not submitted within 72 hours, together with the notification, an explanation for the reasons for the delay should be submitted.” Until the moment of opening the supervision procedure, the SEC has not submitted a notification about the breach of personal data security.
Hence, in accordance with the current legislation, this factual situation in the specific case provides a basis for assuming that either there is no violation of the security of personal data that could create a risk for the rights and freedoms of natural persons, or that the SEC did not submit a notification to the AZLP in the legally determined period of 72 hours from the moment of learning about the breach of personal data security.
Depending on the outcome of the procedure, AZLP has the authority to impose appropriate measures in accordance with the Law on Personal Data Protection. We expect full cooperation from the SEC during the supervision.
The rules for the protection of personal data, which were adopted by the Assembly of the Republic of North Macedonia in February 2020, are crucial for democracy and for building trust, especially in the digital age. They help to strengthen trust in our institutions and the democratic process, by promoting the responsible use of personal data and respect for the rights of individuals.
Hence, AZLP expects all institutions, authorities, bodies, agencies, companies to be an example and guarantee to all citizens in the Republic of North Macedonia that they are protected when they process their personal data. For this purpose, greater cooperation is needed between AZLP and all institutions that are subject to supervision.
The Agency for the Protection of Personal Data (AZLP), actively […]
Friday, May 7, 2021 The twinning project “Support in the […]
Tuesday, May 4, 2021 The General Secretary of the Agency […]
