The Unauthorised Access to Personal Data by the Slovenian Police
According to the MP, the Police was most active in March this year during the talks about the formation of the new government. He added that many of his fellow MPs had filed SARs with the Police and were awaiting responses, and several more were about to follow suit. He had reported the case to the Information Commissioner (Slovenia’s personal data watchdog). No further information was available at the time of the publication of this article. However, some media have already dubbed the case as one of the biggest scandals in the country’s history.
Putting aside the potential political motives or implications, the possibility of peeping toms inside the Police should hardy come as a surprise. Namely, between 2009 and 2019, 101 Police employees were fined by the Information Commissioner alone for unauthorised access to personal data. In the same period, the Police itself identified 44 potential criminal offences related to misuse of personal data within its own ranks (few were convicted though). But this might be just the tip of the iceberg. In question is a whole range of personal data such as residence, vehicle ownership, traffic fines, other misdemeanours and even criminal convictions. More often than not, the reason for looking at the data was plain curiosity, as victims were mainly public figures, neighbours and (ex) partners.
What in my view is a reason for concern is the fact that the Police have had in place a relatively effective system for recording all and any processing of personal data in their databases, including pure access. It is also fair to assume that the (majority of) its employees were aware of it. There are therefore only two possible explanations. There is either a lack of control and supervision within the Police, so the perpetrators feel unlikely to be caught. Or, due to the lack of education and training, the employees are unaware that any processing of personal data should be legally grounded, while at the same time pursuing a legitimate purpose – and spying on people out of curiosity doesn’t fall into this category.
Whatever the outcome of the possible political scandal, the Slovenia’s Police might have a hard case policing its own ranks.
Article provided by: Matija Jamnik (JK Group, Slovenia)
Discover more about INPLP, the INPLP-Members and the GDPR-FINE database
Dr. Tobias Höllwarth (Managing Director INPLP)