Data Protection Laws and Freedom of Expression: Slovakia
Constitutional/Primary Law Background - see also ECHR and EU Charter
The contemporary Slovakia Constitution (1992 as revised 2017) includes a range of provisions there including specifically in relation to data protection. Article 26 prohibits censorship or licenses for the press (although this is allowed under law for radio and television) and guarantees the freedom of expression and right to information including right to express views and to freely seek out, receive and spread ideas and information. Restrictions are allowed which broadly confirm to Article 10(2) of the ECHR. Article 43 separately guarantees freedom of/in scientific research and art. Article 19 establishes the right to protection against misuse (including collection and publication of personal data alongside protection against unauthorised interference in private and family life and rights to preserve human dignity, personal honour, reputation and the protection of good name. Article 21 declares and home inviolable (with limitations similar to Article 8(2) of the ECHR) and prohibits entry without consent (except with legally authorised written judicial order in connection with legal proceedings), whilst article 22 protects the secrecy of written documents including letters (with exceptions to be laid down in law).
The first relevant (quasi-)constitutional provision can found in the freedom of the press and abolition of censorship set out in Hungarian Law 18 of 1848 on the Press. The 1920 Czechoslovak Constitution guaranteed freedom of press and in principle outlawed censorship and also established inviolability of domicile and also of the mail (with details in the latter two cases to be set down in statute) (see articles 113(1), 112 and 116). The current wording and the wider protection of rights can be traced to the Czechoslovak Charter of Fundamental Rights and Basic Freedoms 1991, these rights being incorporated in the Slovakian law when it became autonomous in 1993.
First-Generation Statutory Law
The Act on the Protection of Personal Data in Information Systems was adopted by the Czechoslovak Federal Assembly on 29 April 1992.
Special Expression Derogation
No specific provision was included.
Broad Expression Derogation
No specific provision was included.
Personal Exemption
No specific provision was included.
Knowledge Facilitation Framework
No specific provision was included.
|
Second-Generation Statutory Law
Slovakia Act 428/2002 on the Protection of Personal Data and finally Act 122/2013. Slovenia joined the EU on 1 May 2004.
Special Expression Derogation
The legislation enacted in 1998 did not set out any derogation in favour of special expression.In contrast both the 2002 and 2013 Acts did establish some very limited derogations for the purpose of informing the public by means of mass media and also artistic or literary expression.Both Acts applied data quality principles without restriction to the media. They also did not provide for a derogation from either the proactive direct or retroactive transparency rules. In contrast, they did set out an exemption from the proactive indirect transparency rule (Act 428/2002, s. 10(3)(d); Act 122/2013, s. 15(3)(c)) and also the requirement for consent even as regards sensitive data (Act 428/2002, s. 7(4)(a); Act 122/2013, s. 10(3)(a))).These exemptions were subject to the processing being necessary and conditional of the processing not violating the data subject’s right to the protection of his personal rights and privacy (and in the case of the exclusion of consent this not being excluded by a special Act or international treaty binding on Slovakia).
Broad Expression Derogation
There was no relevant provision.
Personal Exemption
The Data Protection Act exempted personal data ‘processed by natural persons for their own needs within the framework of purely personal or household activities, like keeping a personal directory or correspondence’ (Act 428/2002 and Act 122/2013, s. 2a(a))
Knowledge Facilitation Framework
The processing of personal data for historical, scientific or statistical purposes was not deemed incompatible with the original purpose the respective data were collected for and could be stored for a longer period if (i) the controller guaranteed that such processing was not contrary to the legitimate interests of the data subject and would not infringe the right to protection of the data subject’s personal rights and privacy, and (ii) the personal data was anonymized as soon as possible or deleted once it became useless (Act 428/2002, s. 6(3); Act 122/2013, s. 6(5)). Unlike in Directive 95/46 itself and aside from where the data was already public, the disproportionate effort or impossibility limitation on the proactive transparency rules when data was not collected to the data subject was limited to “historical or scientific research and development, or for the purposes of the State’s statistics” (At 428/2002, s. 10(3)(d); Act 122/2013, s. 15(3)(d)).Under the 2002 Act It was specifically stated that it was incumbent on the controller to prove to the DPA, with regard to all the circumstances and at any time, that the disproportionality or impossibility was made out. No exemption from other core aspects of the regime including the restrictions on sensitive data including criminal-related data.
|
Third-Generation Statutory Law
Slovakia adopted third-generation data protection Act 18/2017 on 29 November 2017.
Special Expression Derogation
Section 78(1) and (2) establish a new regime for established controllers informing the public by means of mass media and also academic, artistic and literary purposes. The provisions are more liberal than the previous law but also of ambiguous meaning. The derogations lift any requirement to process without consent (unless this is excluded by an international treaty binding of Slovakia or a special regulation) so long as processing is necessary and does not violate the data subject’s right to data protection or their right to privacy. This would appear to establish a strict or objective test as regards the provisions to which it directly applies, namely, the rules on processing special data (i.e. non-criminal sensitive data) and the data export rules. Other provisions which set down standards as regards data processing which do not ispo facto mandate consent in any case are at least liberally glossed by this provision. This special expression provision’s wording only ambiguously establishes its priority over the knowledge facilitation framework.
Broad Expression Derogation
There is no specific provision.
Personal Exemption – see GDPR, art. 2(2)(c)
Knowledge Facilitation Framework – see also GPDR, art. 5(1)(b) (compatibility), art. 5(1)(e) (time limits) and art. 89(1) (appropriate safeguards)
The Slovakian Data Protection Act provides for limited derogations from specific data protection rights and duties, spread across various provisions of the Act. The processing of personal data for archiving, scientific, historical research, or statistical purposes is not deemed to be incompatible with the original purpose if (i) it complies with a special regulation, and (ii) if adequate safeguards largely in line with Art. 89 GDPR are in place to protect the rights of the data subject (sec. 7 and sec. 78(8)). Derogation from the minimization principle is subject to the same conditions (sec. 10 and sec. 78(8)). The sensitive data rules can be derogated from (i) is necessary for public interest archiving, scientific or historical research or statistical purposes if the processing under this Act, a special regulation or an international treaty; (ii) is proportionate to the objective pursued; (iii) respects the right to protection of personal data and (iv) is subject to appropriate and specific measures to ensure fundamental rights and interests of data subjects are safeguarded (sec. 16(k)). (This provision does not apply to criminal-related data whose processing must be based on a special regulation or international treaty which provides appropriate safeguards for the rights of the data subject (sec. 17)). Derogations from the right of access, rectification, erasure and objection are subject to the conditions that (i) disclosure would render the sought after purposes impossible or require disproportionate efforts, (ii) safeguards largely in line with Art. 89 GDPR were complied with, and (iii) compliance would prevent or seriously impair the attainment of the objectives (secs. 23(4)(d); 27(5); 78(9)).
|