The Pivotal Role of DPAs in Digital Privacy Protection
Assessment of the Serbian Protection Mechanism
Abstract
With the widespread use of the Internet in both personal and professional life, data protection has become a critical aspect of privacy protection. The mechanisms developed in administrative law are the main tools for personal data protection in modern societies. Within the European integration process, the Republic of Serbia has established an independent data protection authority (DPA) that supervises and ensures the implementation of data protection rules, conducts inspections, acts on complaints of persons to whom the data relates, and determines whether there has been a violation of the law. This paper commences with an analysis of international legal instruments imposing a duty to establish an independent data protection supervisory authority. It goes on to further analyze the main characteristics of the national data protection system, the personal, territorial, and material scope of its application, as well as specific rights of data subjects. The efficient protection of digital privacy primarily depends on the investigative powers of the independent supervisory authority, which are also analyzed in detail. Given the global character of the Internet, the protection of personal data also depends on efficient cooperation among DPAs, the extraterritorial application of data protection rules, and adequate regulation of international transfer of personal data.
References
Daigle, B., Khan, M. (2020) ‘The EU General Data Protection Regulation: An Analysis of Enforcement Trends by EU Data Protection Authorities’, Journal of International Commerce and Economics, 2020(1), pp. 1–38.
Giurgiu, A., Larsen, T. A. (2016) ‘Roles and Powers of National Data Protection Authorities. Moving from Directive 95/46/EC to the GDPR: Stronger and More ‘European’ DPAs as Guardians of Consistency?’, European Data Protection Law Review, 2(3), pp. 342–352; https://doi.org/10.21552/EDPL/2016/3/9.
Greenleaf, G. (2011) ‘Independence of data privacy authorities: International standards and Asia-Pacific experience’, University of Edinburgh School of Law Working Paper Series, 2011(42), pp. 1–47; https://doi.org/10.2139/ssrn.1971627.
Hoofnagle, C. J., van der Sloot, B., Zuiderveen Borgesius, F. (2019) ‘The European Union general data protection regulation: what it is and what it means’, Information & Communications Technology Law, 28(1), pp. 65–98; https://doi.org/10.1080/13600834.2019.1573501.
Jaeger Junior, A., Copetti Cravo, D. (2021) ‘The extraterritoriality of the right to data portability: Cross-border flow between the European Union and Brazil’ in Cunha Rodrigues, N. (ed.) Extraterritoriality of EU Economic Law. 1st edn. Cham: Springer, pp. 359–370; https://doi.org/10.1007/978-3-030-82291-0_17.
Jóri, A. (2015) ‘Shaping vs applying data protection law: two core functions of data protection authorities’, International Data Privacy Law, 5(2), pp. 133–143; https://doi.org/10.1093/idpl/ipv006.
Mišković, M. (2020) ‘Pravo na zaborav – pravni i računarski aspekti’ [Right to be forgotten – legal and computational aspects] in Popović, D. V. (ed.) Intelektualna svojina i internet: 2020 [Intellectual Property and the Internet: 2020]. 1st edn. Belgrade: Pravni fakultet Univerziteta u Beogradu, pp. 123–143.
Presthus, W., Sønslien, K. F. (2020) ‘An Analysis of Violations and Sanctions Following the GDPR’, International Journal of Information Systems and Project Management, 9(1), pp. 38–53; https://doi.org/10.12821/ijispm090102.
Raab, C., Szekely, I. (2017) ‘Data protection authorities and information technology’, Computer Law & Security Review, 33(4), pp. 421–433; https://doi.org/10.1016/j.clsr.2017.05.002.
Resanović, A. (2019) ‘Zaštita podataka o ličnosti u Srbiji’ [Personal data protection in Serbia] in Ružić, N., Kovačević, R., Pavlović, S., Resanović, A., Zozi Jeković, M. (eds.) Petnaest godina rada Poverenika za informacije od javnog značaja i zaštitu podataka o ličnosti: Zbornik [Fiftheen years of the institution of Commissioner for information of public importance and personal data protection: A monograph]. 1st edn. Belgrade: Commissioner for information of public importance and personal data protection, pp. 39–51.
Stazi, A. (2019) ‘Data circulation and legal safeguards: a European perspective’, Comparative Law Review, 10(1), pp. 89–113.
Wachter, S. (2018) ‘Normative Challenges of Identification in the Internet of Things: Privacy, Profiling, Discrimination, and the GDPR’, Computer Law & Security Review, 34(3), pp. 436–449; https://doi.org/10.1016/j.clsr.2018.02.002.
